1. Introduction
At Aarons Gym, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
By using our services or entering our premises, you agree to the practices described in this policy.
2. Who We Are (Data Controller)
Aarons Gym
Address: 2 Molesworth Road
Email: info@aaronsgym.co.uk
Phone:07790109398
Data Protection Contact: Aaron McGonigle
3. Personal Data We Collect
We may collect and process the following types of personal data:
3.1 Information you provide directly
-
Name
-
Date of birth
-
Address
-
Email address
-
Phone number
-
Emergency contact details
-
Payment information (handled securely by our payment provider)
-
Health information and PAR-Q responses (for safety and fitness assessment)
-
CCTV footage (for safety and security)
3.2 Information collected automatically
-
Membership check-in data
-
Website usage (via cookies, if applicable)
4. How We Use Your Data
We use your personal information for:
-
Managing your membership and account
-
Processing payments
-
Ensuring health and safety during exercise
-
Providing classes, programmes, and personal training
-
Communicating updates, renewals, and service information
-
Security, crime prevention, and safeguarding (CCTV)
-
Legal and regulatory compliance
We only process your health data with your explicit consent and to ensure we can provide a safe fitness environment.
5. Legal Bases for Processing
We rely on the following lawful bases under the UK GDPR:
-
Contractual necessity – to provide membership and fitness services
-
Legal obligation – for tax, safety, and regulatory compliance
-
Consent – for health data and marketing communications
-
Legitimate interests – for CCTV security and improving our services
6. How We Store and Protect Your Data
We take appropriate technical and organisational measures to protect your information, including:
-
Secure IT systems and encrypted storage
-
Access restricted to authorised staff only
-
Regular security audits and staff training
-
Secure payment processing via approved third-party providers
We do not store your full payment card details.
7. Sharing Your Data
We may share your data with:
-
Payment processors
-
IT and system providers
-
Insurance providers
-
Professional advisers (legal, accounting, etc.)
-
Law enforcement, only when required by law
We never sell your personal data.
8. CCTV
We operate CCTV for security and crime prevention. Footage may be shared with law enforcement when legally required. CCTV is stored securely and retained for a limited time (typically 30 days, unless required for investigation).
9. International Transfers
If any third-party providers transfer your data outside the UK, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).
10. Data Retention
We keep your data only for as long as necessary:
-
Membership records: up to 6 years after membership ends
-
Health information: 12 months after final visit or as legally required
-
CCTV footage: usually 30 days
-
Financial records: 6 years (legal requirement)
11. Your Rights
Under UK GDPR, you have the right to:
-
Access your data
-
Rectify inaccurate data
-
Erase your data (“right to be forgotten”)
-
Restrict processing
-
Object to processing
-
Data portability
-
Withdraw consent at any time
-
Lodge a complaint with the Information Commissioner’s Office (ICO)
ICO website: www.ico.org.uk
12. Marketing Communications
We will only send marketing messages if you have opted in, and you may unsubscribe at any time.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available on our website or at reception.
14. Contact Us
If you have questions about this Privacy Policy or your data, please contact:
Aaron McGonigle
Email: info@aaronsgym.co.uk
Phone: 07790109398