The Small Print
Membership & Visitors Rules
Club Rules: In place for your benefit
The club has a number of rules which apply to all members and visitors regarding Health & Safety:
• All members and visitors must sign in due to Health & Safety and Fire Procedures. This can be done at reception.
• All members and visitors taking part in exercise must complete a Screening From.
• All members and visitors taking part in classes or using the gym equipment do so entirely at their own risk. The club and management will not be held responsible for any damages to property or yourselves.
• The car park is in front of the cricket pitch and vehicles are parked at owners own risk at all times.
• Smoking is NOT permitted in the club or the car park; this also includes all e-cigarettes.
• Alcohol and Drugs are NOT permitted on the club premises or in the car park. If you are under the influence of alcohol or drugs, members of staff will refuse entry.
• We ask that all machinery or equipment used by yourself should be cleaned with the hygiene spray provided in the gym, spin room, studio 1, studio 2 and sunbeds.
• All members and visitors must put away all equipment after use. This includes free weights in the weight areas and equipment used within the studios.
• Visitors should be dressed appropriately within the gym and exercise classes. Tops should be worn at all times. Footwear should be suitable for indoor use, as no outdoor sports shoes are allowed.
• When in the Sauna & Steam Room we ask you to wear suitable swimwear.
• Please, no cups, tins, cartons or glass bottles in the gym and studios.
• Please report any problems with any equipment to a member of staff.
• The club reserves the right to change opening times of the facilities, including Holidays and Bank Holidays. Members will be informed of any changes in advance.
• The club reserves the right to change the class timetable. This is due to numbers in attendance and can be seen by members at reception, monitored by the Traffic Light System.
• Please respect other gym members, visitors and members of staff and take phone calls outside the gym, weight area, or studios to prevent disruption.
• The club will design personal exercise plans suitable for member’s requirements. For your safety, all plans must be followed to prevent injury.
• The club cannot accept the responsibility of lost personal items. There are lockers within both male and female changing rooms at no extra charge.
• The club does not allow you to store personal belongings overnight.
• Members are encouraged to bring a guest and they must also comply with these rules.
• If a member is to fall ill for a period of time, then the club will review their membership options upon receipt of a medical letter.
• If a member moves away, a proof of address will need to be sent to the club as evidence.
• A member is signed into a minimum number of months as stated on their contract provided by the finance company, Ryburn. Members that pay annually are none refundable, membership can be cancelled by the club if any rules are not followed.
• Clitheroe Leisure is not responsible for the collection of Direct Debits, this done by the Finance Company, Ryburn.
• The club will not accept any misconduct on the premises. This includes foul and abusive language which will not be tolerated. If this occurs, membership will be suspended, followed by a hearing with owner and management of the club. A suspended member is not entitled to a refund and will not be allowed to re-join the club in the future.
• Abuse towards any members of staff will not be tolerated. This could result in suspension.
​
COVID-19 Memberships
-
Memberships will be extended for annual payment, or those that are in a contract period.
-
No payment was taken throughout lockdown, when the club was closed.
-
Please follow our new guidelines for social distancing and hand sanitising.
Privacy Policy & Terms
Introduction
Clitheroe Leisure needs to gather and use certain information about individuals as a member or visitor at the facilities.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relation with or may need to contact.
This policy describes how the personal data must be collected, handled and sorted to meet the company’s professional standards and comply with the law.
Why this policy exists
This data protection policy:
-
Complies with data protection law and follows good practice
-
Protects the rights of staff, customers and partners
-
Is open about how it stores and processes individuals data
-
Protects the organisation from the risks of a data breach
Data protection law
The Data Protection Regulation 2018 describes how the organisation must collect, handle and store personal information.
These rules apply regardless of whether the data is stored electronically, on paper or on other materials.
To comply with the law personal information must be collected and used fairly, stored safely and not be disclosed unlawfully.
The Regulation is underpinned by eight important principles. These state that personal data must:
-
Be processed fairly and lawfully
-
Be obtained only for specific, lawful purposes
-
Be adequate, relevant and not excessive
-
Be accurate and kept up to date
-
Not be held for any longer than necessary
-
Be processed in accordance with the rights of data subjects
-
Be protected in appropriate ways
-
Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection
People, risks and responsibilities
Policy scope
This policy applies to:
-
The Offices at Clitheroe Leisure
-
All staff, contractors, customers, suppliers and other people working on behalf of Clitheroe Leisure.
The policy applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside the Data Protection Regulation 2018. This can include:
-
Names of individuals
-
Postal addresses
-
Email addresses
-
Telephone numbers
-
Date of Birth
-
Emergency contact number & name
Data protection risks
This policy helps to protect from some very real data security risks including:
-
Breaches of confidentiality, for instance information being given out inappropriately.
-
Failing to offer choice, for instance all individuals should be free to choose how the company uses data relating to them.
-
Reputational damage, for instance, the company suffering if hackers successfully gained access to sensitive data.
Responsibilities
Everyone who works for or with the organisation has some responsibility for ensuring data is collected and handled properly and appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
The people who have key areas of responsibility are:
-
The board of directors who are ultimately responsible for ensuring that they meet the legal obligations.
Clitheroe Leisure is responsible for:
-
Awareness
-
Making sure decision makers and key people in Clitheroe Leisure are aware that the law has changed regarding GDPR
-
Appreciating the impact GDPR is likely to have and identify areas that could cause compliance problems under the GDPR.
-
Ensuring Clitheroe Leisure’s risk register is kept up to date. Implementing GDPR could have significant resource implications.
Clitheroe Leisure is responsible for:
-
Information held
-
Documenting any personal data held, being aware of where it came from and who it is shared with.
-
Organising an audit across the club. GDPR requires you to maintain records of your processing activities. It updates rights for a networked world, for example; if you have inaccurate personal data and have shared this with another organisation, you will have to tell the other organisation about the inaccuracy so they can update their records. This should be documented. This process will help you to comply with the GDPR accountability principle, which requires organisations to be able to show how they comply with the data protection principles- this gives an effective policy and procedure structure.
Clitheroe Leisure is responsible for:
-
Communicating privacy information
-
Reviewing current privacy notices and putting a plan in place for making any necessary changes to GDPR implementation, for instance giving people certain information ie; the identity and how you intend to use their information. This is usually done through the privacy notice of a client.
-
Explaining your lawful basis for processing the data, your data retention periods and that an individual has a right to complain to the ICO if they find a problem with the way you handle their data.
-
Ensuring information is provided in a clear and concise language which is easy to understand.
-
The ICO’s privacy notices code of practice reflects the new requirements of the GDPR.
Clitheroe Leisure is responsible for:
-
Individual Rights
-
Checking procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
GDPR includes the following rights for individuals;
-
The right to be informed
-
The right of access
-
The right to rectification
-
The right to erasure
-
The right to restrict processing
-
The right to data portability
-
The right to object
-
The right not to be subject to automated decision-making including profiling.
-
On the whole, the rights individuals will enjoy under the GDPR are the same as those under the DPA but with some significant enhancements. If you are geared up to give individuals the rights now, then the transition to GDPR should be easy.
-
Clitheroe Leisure is responsible for checking procedures and for working out how you would react if someone asked to have their data deleted, for example; Would our system help to locate and delete data? Who makes decisions to delete data? Who will help you to locate and delete data?
-
The right to data portability is new. It only applies to the personal data an individual has provided to a controller
-
GDPR applies where the processing is based on the individuals consent or for the performance of a contract and when processing is carried out by automated means.
-
Clitheroe Leisure should consider whether you need to revise the procedures and make any changes. Providing data in a structured and common way is essential and in a machine readable form and provide the information free of charge.
-
Subject access requests
Clitheroe Leisure is responsible for updating procedures and should plan how to handle requests, and to take account of new rules;
-
In most cases you won’t be able to charge for complying with a request.
-
You have a month to comply, rather than the current 40 days.
-
You can refuse to charge for requests that are manifestly unfounded or excessive.
-
If you refuse a request, you must tell the individual why and that they have the right to complain to the supervisory authority and to a judicial remedy. This should be done without undue delay and at the latest, within one month.
-
Clitheroe leisure should consider the logistical implications of having to deal with the requests more quickly. It is important to consider whether it is feasible or desirable to develop systems that allow individuals to access their information easily online.
-
Lawful basis for processing personal data
Clitheroe Leisure is responsible for:
Identifying the lawful basis for the processing activity in GDPR, document it and update the privacy notice to explain it.
Many organisations will not have thought about their lawful basis for processing personal data. Under the current law this does not have many practical implications.
However, this will be different under the GDPR because some individuals’ rights will be modified depending on your lawful basis for processing their personal data.
The most obvious example is that people will have a stronger right to have their data deleted where you use consent as your lawful basis for processing. You will have to explain your lawful basis for processing personal data in your privacy notice and when you answer a subject access request.
The lawful bases in the GDPR are broadly the same as the conditions for processing the DPA. It should be possible to review the types of processing activities you carry out and to identify your lawful basis for doing so.
You should document your lawful basis in order to help you comply with the GDPR’s accountability requirements.
-
Consent
-
Clitheroe leisure should review how to seek, record and manage consent and whether you need to make any changes.
-
You should read the detailed guidance the ICO has published on consent under the GDPR, and to use consent checklist to review our practices.
-
Consent must be freely given, specific, informed and unambiguous. There must be a positive opt-in-consent which cannot be inferred from silence, pre-ticked boxes or inactivity.
-
Consent must be separate from other terms and conditions, and you will need to have simple ways for people to withdraw consent.
-
Public authorities and employers will need to take particular care. Consent has to be verifiable and individuals generally have more rights where you rely on consent to process their data.
-
Clitheroe Leisure is not required to automatically ‘reaper’ or refresh.