PRIVACY POLICY
Your privacy is important to Stevenage Leisure Ltd (SLL). This statement explains the personal information SLL processes, how it processes and why.
Young people (under 18s) might like to start with Privacy for Young People. This explains information that might be useful for them.
If you are employed by SLL or are a volunteer and want to know how we use your information then please ask to see SLL’s HR Privacy Policy.
If you visit Gordon Craig or the Grove Theatre or are on their mailing lists and want to know how we use your information then please ask to see SLL’s Theatre Privacy Policy.
Here is a shorter summary of this policy.
Your privacy is important to us
Your privacy is important. When you use SLL’s products and services, visit our sites, supply us with products or services, we collect and use certain information about you. This information, like your name and email address, is called personal data. We want you to know what personal data we have about you and how we use it. We also want you to know that you have rights over that data.
We protect your data and we will never sell it. We make sure we comply with data protection laws like the UK General Data Protection Regulation 2018 (UK GDPR) and the Data Protection Act 2018 (DPA).
Sometimes we will update this policy to make it clearer or to keep up with changes. Changes might be a new service, a different way of using your personal data or a change in the law. The policy was last updated June 2024.
If you have any questions please speak to a member of staff or contact our Data Protection Officer:
dpo@sll.co.uk
07785 462 593
Data Protection Officer,
Stevenage Leisure Ltd,
The Venue
Elstree Way
Borehamwood WD6 1JY
This statement applies to:
- leisure centre users (both past and present).
- anyone who takes part in any other activities or services provided by SLL.
- anyone who has expressed a strong interest in joining one of our centres or using one of our services.
- anyone who visits one of our sites.
- anyone who supplies us with products or services.
For details about how we handle your personal information if you are a prospective, current, or former employee of SLL, please ask to see our Employee Privacy Policy.
Stevenage Leisure Limited (SLL) is a registered charity (no. 1144638), one of the UK’s leading ‘leisure trusts’, and a community-based and focused Non-Profit Distributing Organisation (NPDO). We manage various leisure centres across Hertfordshire and Rutland.
We are registered with the Information Commissioner's Office. Our number is Z5188017.
Our head office is:
Stevenage Leisure Ltd,
The Venue
Elstree Way
Borehamwood WD6 1JY
The company is registered in England under company number 3446357.
Which information we collect and why
If you express a strong interest in attending one of our centres or using our services and activities:
Name, contact details. (If your interest has been in a child’s activity, we will also collect your child’s name and date of birth). We use this to contact you to give you more information about the service/activity you are interested in.
When you book or pay for an activity:
Your name, contact details and payment details. We do not store payment details on our web servers. We might also collect your date of birth, ethnicity, gender, health and fitness goals, interests, any relevant medical information, emergency contact details, your photograph.
If you book an activity for your child: your child’s name, date of birth, gender, address, medical information, emergency contact details, description of children's likes, strengths, areas to be developed, dietary requirements & food intolerances, disability/special educational needs, distinguishing marks, injury details, languages spoken, details of person who is collecting them from the activity, safeguarding information. As well as the parent/carer’s name, contact details and bank details.
We also collect information about your use of our facilities, and when you visited and what you did, as well as fitness information. If you have a corporate account paid by your employer, we may share information about when you visited and what you did with them. We will never share health and fitness related data with them without your consent unless the law says we must.
If you book an activity online, we will also collect your email address, online account password and IP address.
We need your details to set up and manage your account. We may use your date of birth to make sure we charge you the right price for your activity. We use them to create tailor made programmes for you and to allow you to track your workout progress. We use them to provide you with information that may be of interest to you and to let you know of any service changes. We also use your information to develop and improve services for your benefit. We use your photograph so we can identify you and make sure your membership is not being misused.
We use your information to take payments for goods/activities/services purchased and to get information from credit reference agencies and fraud prevention agencies where necessary.
Parent/carer details are used to verify and manage children’s accounts/activity on their behalf. Emergency contact details and medical information is collected so staff can respond to the best of their ability in case of emergency.
We will send you marketing information if you have opted-in to receive it. You will have the option to opt-in to these when you initially provide information to us or when we collect information from you, and you can opt out/update your preferences at any time by contacting a member of reception staff or by contacting dpo@sll.co.uk.
We have to provide information for our local authority funders (you cannot be identified in these reports). You can opt out of being included in this by contacting dpo@sll.co.uk.
If we provide swimming lessons to your child through their school:
Your child’s name is used to record attendance and progress. Relevant medical information is collected so staff can respond to the best of their ability in case of an emergency.
If you opt-in to our Physical Activity Referral Service:
Your disability and health details are used to check with your GP that it is safe for you to exercise and to put together a personalised programme for you.
If you hire one of our venues:
We take copies of qualifications, Disclosure and Disbarring Service information (if relevant). We need your details to manage your hire and to process payments from you. We also have a duty to make sure you have the right qualifications to run your club or do your activity and to ensure we keep any children and vulnerable people safe.
If you contact us or provide feedback or interact with our social media:
Your contact information, enquiry and/or feedback. We use your contact information so we can contact you if you have given us permission to discuss anything you have raised. We use your feedback to evaluate and improve our services.
When you participate in competitions or sponsor someone:
Your contact details so we can get in touch if we need to about the competition or event.
If you nominate a member of the team for a WOW Award:
Your name and contact details. We need this to contact you about your nomination. If you have given permission, your name may be used on a certificate, online and in WOW’s communications.
When you visit any of our sites:
CCTV images (for the prevention, identification and reduction of crime, anti-social behaviour, health and safety of service users, employees, and members of the public). For more details of how we record, use and store images on CCTV please ask to see our CCTV Code of Practice.
If you access our CCTV images:
Name, telephone number and email address, date of access and time in and out of CCTV display/storage room. We collect this information to comply with UK GDPR 2018 and DPA 2018 and our CCTV Code of Practice.
If we are obliged by law to share your information:
Personal information requested. We will share your information to protect you, your family or anyone working with you if we think there is a serious risk of harm. If the HMRC or other authority has asked for your information we have to share it.
If you ask for any of your rights under the DPA 2018 or UK GDPR 2018:
Name, contact details, personal information required for ID. We collect this information to comply with UK GDPR 2018 and DPA 2018 and our CCTV Code of Practice.
When you use our services, we may ask you for some personal health information. We do this:
- To make sure we offer you the right services.
- So your progress can be tracked (both by us and yourself).
- So we can recommend the right exercise programmes or other services
- Or, with your permission, check with your GP that it is safe for you to exercise.
We keep a copy of your photograph on our customer database so we can check your ID when you enter our centre. We do not share your photo with anyone else and they are only seen by staff working on reception.
We may also get information about you from these places:
We use this information so you can benefit the most from using our facilities and so we can ensure provide the best service possible for all customers:
Credit reference agencies and debt collectors:
Financial information.
Your employer (if you have a corporate account):
Employment start and end dates.
Your GP or other health providers:
Health information if you are part our exercise referral scheme.
Fitness apps:
Health information, workout information, usage of facilities.
Employee awards scheme provider
We are provided with your contact information, information about why you are nominating a member of staff for a reward.
Your child’s school:
Medical information if relevant if your child is having swimming lessons organised through their school or attending other activities such as holiday camps
We might share your personal information with these companies:
Customer database provider –specialist software to manage customer accounts:
Information needed to set up and run your account: contact details, payment details, emergency contacts, marketing preferences etc.
Credit card payment providers and banks:
Credit card and payment details to take payments for services.
Credit reference agencies and debt collection agencies:
Account details and information regarding any outstanding debt.
Employers (for Corporate accounts):
Usage information (but not health or other personal information without your consent).
Your child’s school if they attend swimming lessons through their school:
Progress made in swimming lessons.
If you are part of our exercise referral scheme, the NHS and the health professional who referred you:
Contact details, health information you have told us about, your fitness goals and your progress.
Health and safety consultants and accident database, insurers:
Details of any accidents you may have had or have witnessed.
Car park management company:
Car registration and membership number.
Organisations that provide SLL with funding:
Reports contain information that cannot identify you. If you do not want your personal information to be included in this reporting, please contact dpo@sll.co.uk.
Organisations that we have to share your information with by law:
We will only share information if requested if we have to do so by law.
Marketing services:
Contact details if you have given permission for us to do so. You can opt-out at any time by ‘unsubscribing’ which is included in all our texts and emails to you.
People who ask for personal information under UK GDPR 2018:
We will only share your personal information if we receive a valid request to do so (please see below).
SLL works in partnership with these organisations to provide leisure services:
Bedfordshire East Multi-Academy Trust
Best House, Shefford Rd, Clifton Shefford SG17 5QS
Knights Templar School
Park St, Baldock SG7 6DZ
Silsoe Community Trust
72 Newbury Lane, Silsoe, Bedford, MK45 4EX
These organisations are the data controllers for your personal information.
Children's personal information
Our services are used by people of all ages. Children aged under 16 years must have a parent or guardian’s consent before providing personal information to us. We will not collect any personal information without this consent.
Our legal basis for using your information
We have to have a lawful reason to use your personal information. These are:
Contract (between you and SLL)
When you book an activity for yourself or a member of your family, we collect and store personal information to provide you with services.
When you pay by debit or credit card we have to collect and use your card details to complete the transaction.
When you hire one of our venues or facilities we collect and store personal information to provide you with the service you have requested.
When you provide us with goods or services, we collect and store your personal information to make sure we receive what we have ordered.
Legitimate Interest (when using your personal information benefits SLL, you or someone else):
If you are interested in joining one of our centres we will collect your personal information so we can contact you about it.
When you join one of our centres we collect personal information so we can provide you with information that you might be interested in.
When you join one of our centres or if you hire our facilities, we will contact you about any operational issues that might affect your use of our services (these are service messages).
If you have nominated a member of staff for an award, we might contact you about it.
When we take photos or film events to promote our services we might collect your personal information and share it with our designers and selected promoters.
When we capture your image on CCTV for prevention and detection of crime, safeguarding staff and visitors and ensuring compliance with health and safety procedures.
We sometimes have to collect information about your ethnicity and other sensitive information in order to provide reports to our local authority or commissioning group. This information is used only for statistical purposes and is always kept secure. You cannot be identified in these reports.
If you have recently ceased to be a member, we may contact you about specific discounted membership offers.
As we are processing your personal data for the legitimate interests stated above, you have the right to object to this processing. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it. Please contact our Data Protection Officer, dpo@sll.co.uk, if you wish to object to it.
Consent (you have given your permission for SLL to do this)
In order to provide services to you we collect and use sensitive personal information such as health data or body measurements. We will only do this with your explicit consent and we take extra care to ensure this information is kept secure and is only used for the reason for which it was given.
If you give us consent, we may contact your GP to check that you can safely exercise based on any health or disability conditions you may have shared with us.
We also collect information when you complete customer surveys, provide feedback and take part in competitions.
If you agree to sponsor someone we may contact you using the details you have given us about your sponsorship
Legal Obligation (something the law tells us we have to do)
If you have an accident when using our facilities, we have to record your details and the details of the accident to comply with health and safety legislation.
We have to pass on your information if we think you or your family, or someone working with you could come to harm. We will do this in line with our Safeguarding policy.
If you make a request under the DPA 2018 or UK GDPR 2018 we will use your personal information to comply with the legislation.
We have to provide your personal information if we get a legal request for it –for example from HMRC for tax purposes or NHS Test and Trace.
Automated decision making and profiling:
Automated decision making and profiling is a decision made automatically without any human involvement. SLL will only use this when it has to enter into or carry out, a contract with someone. Or when the law allows it.
The only time SLL uses automated decision making is when we decide on which marketing to send out. Our customer management software uses information about when you have attended to decide if you are an active member, a member who is attending less and less often, or a member who no longer attends.
How we store your personal information
Your information is securely stored on network drives that are regularly backed up, or in paper files that are kept in secure storage with restricted access.
Your personal information will only be kept for as long as it is needed. Once your personal information is no longer needed or we don’t have a legal reason to keep it any more it will be securely disposed of.
We keep membership records for 13 months after the last time someone uses our facilities. By law, if someone has an accident, we have to keep a record of it for 3 years (if the person was a child, we have to keep a record until they are 21 years old). We also have to keep safeguarding records until any children involved are 25 years old and financial records for 7 years. For details about how long we keep other personal information please contact our Data Protection Officer dpo@sll.co.uk
Sending your personal information outside the UK
We may have to send your information to countries outside the UK. If we do so we will make sure it has the same level of protection that it would have in the UK.
Cookies
The SLL website uses cookies to gather information about you. Cookies are pieces of information placed on your computer to allow websites to recognise you when you visit. They collect information about what you do when you visit but do not identify you as an individual.
We use this information to learn about which parts of the website work best and what could be improved. For further information about cookies, visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the websites above tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not work as a result.
Other websites
Our website contains links to other websites. This privacy statement only applies to the SLL website. Please read each company’s policy when using their website. We cannot be held responsible for the privacy policies and practices of third-party websites.
Changes of business ownership and control
SLL may, from time to time, expand or reduce the business. If this happens part, or all of SLL, may be sold or transferred to another owner, data processor or controller. If we have to, we will transfer your personal information to the new owner, data processor or controller. They will be able to use your information for the same reasons as you originally gave it to us.
We may also share your information with a prospective buyer. We will always take steps to make sure your privacy is protected.
Your personal data rights
You have rights over your information, including the right to have:
Accurate information used –We will always try to make sure the information we hold about you is accurate. If you believe the information we hold about you is out of date or wrong please contact our Data Protection Officer dpo@sll.co.uk
Access to your information - You have the right to ask us for copies of your personal information (also called a subject access request).
Your information removed - You have the right to ask us to erase your personal information in certain circumstances.
The use of your information restricted - You have the right to ask us to stop using your personal information for a set length of time in certain circumstances.
Your information not used for certain reasons - You have the right to stop us using your personal information in certain circumstances.
Your information transferred - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
For more information about your rights please visit https://ico.org.uk/your-data-matters/
You do not have to pay for any of these rights. If you make a request, we have one month to respond to you. Please speak to a member of staff or contact us if you wish to make a request:
You can call our Data Protection Officer on: 07785 462 593
Or email: dpo@sll.co.uk
Or write to:
Data Protection Officer
Stevenage Leisure Ltd
The Venue
Elstree Way
Borehamwood WD6 1JY
How to complain
If you have a concern or complaint about how we handle your information, contact us. You have a right to complain to the Information Commissioner if we can’t sort out your complaint.
The Information Commissioner’s Office contact details:
Report a concern online at https://ico.org.uk/make-a-complaint/
Call: 0303 123 1113
Or write to:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, SK9 5AF