Inner Athlete Gym

Privacy Policy

This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal information when you interact with our gym, website, booking apps, and other forms of communication such as email and WhatsApp. By using our services, you agree to the terms outlined in this policy.

1. Information We Collect:

1.1 Personal Information:

  • Name: To personalise your experience.
  • Contact Information: Including email address and phone number for communication purposes.
  • Address: For membership purposes and billing, if applicable.
  • Date of Birth: To verify age for gym membership eligibility.

1.2 Payment Information:

  • Credit/Debit Card and Bank Details: If applicable for membership payments, handled via one of our third-party partners such as Zettle by PayPal, PayPal and GoCardless. You can view their privacy policies on their respective websites.

1.3 Health Information:

  • Health and Fitness Data: Provided voluntarily for personalised training programs. Never shared with third parties unless with your direct permission.

1.4 Website and App Usage Information:

  • Cookies and Usage Data: Collected for analytics to improve our services.

2. How We Use Your Information:

2.1 Membership and Services:

  • To manage your gym membership.
  • To provide and personalise our services.

2.2 Communication:

  • To send important gym notices, updates, and very, very occasional marketing materials.

2.3 Legal Requirements:

  • To comply with legal obligations.

3. How We Share Your Information:

3.1 Third-Party Service Providers:

  • With third-party providers for services like payment processing. Usually, you would have signed up to this yourself when starting a membership with us.

3.2 Legal Requirements:

  • In response to lawful requests by public authorities.

4. Your Choices:

4.1 Opting Out:

  • You can opt out of marketing communications at any time by hitting the Unsubscribe button on our correspondence.

4.2 Access and Correction:

  • You can access and update your personal information through your account settings with your Booking app Acuity.

5. Security:

  • We employ industry-standard security measures to protect your personal information.

6. Children’s Privacy:

  • We employ industry-standard security measures to protect all personal information.

7. Changes to This Privacy Policy:

  • We may update this policy, and any changes will be posted on our website.

8. Contact Us:

If you have any questions about this Privacy Policy, please contact us using the Contact Us tab on our website.

By using our services, you consent to the terms of this Privacy Policy.

Data Retention Policy

  1. Purpose
    This Data Retention Policy sets out how Inner Athlete Gym manages and retains personal data in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and industry-specific best practices. The aim is to ensure that personal data is kept only as long as necessary and is securely deleted when no longer required.

  1. Scope
    This policy applies to all personal data collected and processed by Inner Athlete Gym relating to:
    • Members
    • Staff
    • Contractors
    • Children and young people
    • Personal training clients
    • Class participants
    • Trial users and prospects

  1. Retention Periods

Data Type Retention Period:
Adult member records (inc. PAR-Qs, consent, membership forms, progress notes) 3 years from the date of leaving the gym or membership cancellation.

Child member records (under 18): Retained until the individual turns 21 (i.e., 3 years after turning 18)

Personal training records: 3 years from last session or cancellation of services

Health and fitness assessments: 3 years from the date of assessment or last update

Incident or accident reports: 3 years for adults / 3 years after the child turns 18

CCTV footage: Maximum of 30 days, unless required for investigation

Financial/payment records: 6 years (for accounting and HMRC compliance)

Staff records (e.g. contracts, DBS checks): 6 years after employment ends

Marketing/photo consent records: Until consent is withdrawn or 2 years after last engagement

Emails and general correspondence: 1 year (unless deleted sooner or unless legally required to be kept longer)

  1. Secure Storage & Disposal
    • All personal data is stored securely, whether electronically (e.g. encrypted files, secure servers) or physically (e.g. locked filing cabinets).
    • Data no longer required will be securely deleted or shredded.
    • Electronic records are wiped using industry-standard deletion processes.

  1. Your Rights and Access to Information
    Individuals have the right to request access to their data, request rectification, or request erasure, as per the UK GDPR. These requests will be actioned within 30 days.

  1. Review and Updates
    This policy will be reviewed annually or sooner if legal or operational requirements change.

Contact
If you have questions about this policy or how we handle personal data, please contact:
Jessica Rush via the Contact Us tab.