Privacy notice: Sports Centre membership
Please read this page for the University’s Sports Centre membership privacy notice.
For more details please contact the Information Governance Manager.
This privacy notice tells you what to expect us to do with your personal data when you become a member of the University’s sports centre. Personal data (or personal information) is any information which relates to and identifies you. Data protection legislation (the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA)) set out how we should handle your personal information.
The University of Lancashire (formerly the University of Central Lancashire) is the controller for the personal data we process, unless otherwise stated. We are registered with the Information Commissioner’s Office and our registration number is Z5512420.
There are many ways you can contact us, including by phone, email, social media and post. See our main contact details.
You can contact the University’s Sports Team on STFSportsCentre@lancashire.ac.uk and find more information on the sports centre web pages.
The University’s Information Governance Manager & Data Protection Officer can be contacted on DPFOIA@lancashire.ac.uk. Further information and contact details can be found on the data protection pages of our website.
To use the sports centre, you must create a membership account. Our sports centre gym contains smart equipment that can track various elements of your fitness journey. As well as your membership account, you can choose to set up a Technogym MyWellness account to track your fitness associated with the use of our smart gym equipment. The equipment can be used without creating a MyWellness account.
We will use information that you provide to us directly when you set up your membership account. If you choose to create a MyWellness account, we will use the information you give us and the information generated from your use of the account and the linked gym equipment.
We will also use information about you that we hold in our student records systems or our staff record system. We will link some of this information with your membership information to help us with research and planning associated with our sports provision. Further information about this is included in later sections of this privacy notice.
Membership administration
We will use the information we hold about you to set up and administer your sports centre membership. To facilitate the running of our facilities we use software from a supplier called Gladstone, which provides us with its Go platform, which you will be invited to use to facilitate your membership. We will use your personal data to create memberships and take associated payments, control access to our facilities and manage the booking of activities and classes, and any other activities associated with our sports membership services. We use third party payment processors (WorldPay) to take payments.
If you use our Technogym smart gym equipment, you may choose to create a Technogym MyWellness account, which allows you to collate your workout data so that you can track your performance and progress. You can add data such as height and weight to your user account, which facilitates further tailoring of the available features to enhance your gym experience. After setting up your account you will be invited to share your data with the University (‘the facility’). This will mean that we will be able to see your data in a management dashboard for the equipment used in our facility. This data will help us see which machines and features are popular or unpopular and will help us enhance the gym experience. You can choose to delete your MyWellness account or stop sharing your data at any time. For the purposes of the UK GDPR, Technogym is a processor when it provides this service on the University’s behalf. If you terminate your University sports membership but want to keep your MyWellness account e.g. to use it at another gym that provides Technogym equipment, Technogym will become the controller of the personal data in your MyWellness account, for the purposes of the UK GDPR.
Communicating with you
We will use your personal data to communicate with you about your membership, associated fees and payments, and any classes or activities you have booked on to, via phone, text message or email. We will use your University email address as well as the contact details you provide to us when you set up your membership. If you choose to receive marketing messages from us, we will send you information about events, activities, products or services that may be of interest. You can change your marketing preferences in your account using the Gladstone Go mobile app at any time.
Research, reporting and statistics
We will use your personal data to produce aggregated and anonymised statistics to use for reporting purposes within the University. These will include analyses of memberships (uptake, status, etc.), facility usage and capacity, booking processes and payments and utilisation of spaces. These analyses and reports allow us to make management decisions and analyse trends.
If you are a student, alumnus or member of staff, we will use your University email address and your student or staff ID number to match your sports centre activity data with demographic data held in existing University systems. If you are a community member, we will use demographic data that you provide to us directly when setting up your membership. This linked data will be used to produce the anonymised, aggregated statistics described above to enable us to make management decisions about our sports facilities and sports provision, and to analyse trends.
If you are a student, we will also use your student ID number to link data about your use of our sports facilities with other data held in our student records systems relating to your progression and achievement on your course. We will use this linked information to undertake high level, aggregate data analysis of the role that sport and physical activity may play in the overall student experience. Such analysis is done at an aggregate level looking at group outcomes and individuals cannot be identified from the data. We will use aggregate data in this way to conduct research into how sport and physical activity potentially contributes to, or impacts upon, the student experience.
We may also use your information to compile other statistics to help with corporate planning, reporting and University administration; and for other research purposes, including research by University staff for planning and development purposes, and University researchers for the purposes of academic research. We may also use your information to participate in research carried out by third parties such as British Universities and Colleges Sport (BUCS), including research that would benefit current and future University students/staff or the student population generally, or research that would help formulate government policy. Your information will only be used in this way where the law allows us to and we consider it appropriate under the circumstances.
Monitoring and compliance
We will use your personal data to monitor compliance with legal requirements e.g. those relating to health and safety legislation. If you have an accident while using our sports facilities, the University’s Health and Safety team will investigate in line with the University’s procedures and applicable legislation.
When you use our facilities, you are likely to be captured by the University’s CCTV system. For further information, please see our CCTV privacy notice.
The University can only process personal data about you if there is a lawful basis from the UK GDPR which allows us to do so.
From the point you create your membership (and create your MyWellness account, if you choose to do this), information will be collected, and records will be created and maintained, for the purposes set out in this notice. The lawful bases on which we rely for processing information for those purposes are as follows:
Membership administration
We rely on Article 6(1)(b) UK GDPR, which allows us to process personal data when it is necessary for the performance of a contract. You enter into a contract with us when you create your membership. Under that contract, we provide our sports facilities and undertake associated administrative processes, among other things. We require you to provide any information we reasonably request for these purposes otherwise we cannot deliver your membership contract.
If you create a MyWellness account, we rely on Article 6(1)(a) UK GDPR (consent) and – for health data and other special category data – Article 9(2)(a) UK GDPR (explicit consent) because creating an account is optional and only occurs if you choose to do so. If you create an account, you can also choose to share information with us so we can see how you use the equipment. You can use the Technogym equipment without creating a MyWellness account.
Communicating with you
When we communicate with you about the administration of your membership, we rely on Article 6(1)(b) UK GDPR because such communications are necessary for the performance of your membership contract.
When we send you messages that promote events and activities or contain details of other offers associated with your use of our facilities, we rely on Article 6(1)(f) UK GDPR, which allows us to process personal data where it is in our legitimate interests to do so and it does not unduly prejudice your rights and freedoms. It is in the University’s legitimate interests to promote its services and events to those who may be interested. You can opt out of marketing communications by changing your preferences in the Gladstone Go app.
Research, reporting and statistics
When we match your personal data with existing data we already hold then anonymise it for research purposes, we rely on Article 6(1)(e) UK GDPR, which allows us to process personal data where it is necessary to perform a task in the public interest. Research and internal reporting are carried out as part of our public tasks. One of the University’s tasks set out in law is to undertake and publish research in the public interest, and our use of your personal data in this way is necessary for the research we want to undertake. We also rely on Article 6(1)(e) UK GDPR to undertake internal and external audits. Where we use special category data for research purposes, we also rely on Article 9(2)(j) UK GDPR, which allows us to process special category data for archiving, scientific or historical research purposes or statistical purposes, where there is a basis to do so in law. The law which allows us to rely on this basis is section 10 DPA by virtue of Schedule 1(4) DPA.
Monitoring and compliance
We rely on Article 6(1)(c) UK GDPR to process personal data to comply with our legal obligations, such as those set out in health and safety legislation. Where we are required to process special category data, such as your health data, for these purposes, we also rely on Article 9(2)(g) UK GDPR and Schedule 1(6) DPA, which allows us to process special category data to comply with a statutory or legal obligation.
Where we use personal data to monitor equality of opportunity or treatment, we rely on Article 6(1)(e) UK GDPR and Article 9(2)(g) UK GDPR and Schedule 1(8) DPA.
When processing special category data in reliance on some of the above conditions from Schedule 1 DPA the University must have an appropriate policy document, which can be read here: Data Protection: Processing special category data and criminal convictions data.
We share your information with some external organisations and bodies. We also share it with suppliers which are processing personal data on our behalf, such as Gladstone and Technogym. We only share your personal data with another person or organisation where the law allows us to and we consider it to be appropriate under the circumstances. The external parties we will share information with include the following:
- External debt collection agencies to recover unpaid debts owed to us.
- University insurers: information, including accident forms, is shared with our insurers to provide insurance cover and to enable us to make and defend insurance claims.
- Government agencies and authorities, including the police for the prevention and detection of crime, apprehension and prosecution of offenders, the collection of tax or duty and safeguarding national security, among other things.
- Executive agencies or non-departmental public bodies such as the Health and Safety Executive.
- Internal and external auditors to provide assurance that the University is following its risk management, governance and internal control processes and to independently inspect our financial statements and records.
- Third parties carrying out research or surveys where there is a lawful basis to share information and they are carrying out their statutory tasks in the public interest.
- Companies or organisations acting on our behalf: We use processors who are third parties who provide elements of services for us. We have contracts in place with our processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.
We do not send your personal data outside the EEA for the purposes of your sports centre membership.
We only retain membership records for current members. If you or we terminate your membership, your member data will be deleted.
Any payment data or health and safety/accident information associated with your membership and your use of our sports facilities will be retained for six years following the end of the financial year in which it occurred. This is retained separately to your membership data.
If you create a MyWellness account, you control your account and can delete it at any time. If you or we terminate your membership of our facilities, you can choose to keep your MyWellness account, at which point, Technogym will become the controller of your account data for UK GDPR purposes.
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. Further information about each of these rights can be found on the Information Commissioner’s Office website. To make a request to exercise any of these rights, please contact the Data Protection Officer on DPFOIA@lancashire.ac.uk.
Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. For further information or to make a request, please see the data protection pages of our website.
Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing
You have the right to object to any processing we carry out, if we carry it out on the basis that it forms part of our public task or is in our legitimate interests. You also have the right to object to your personal information being used for direct marketing purposes.
Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information because we have your consent or because it is necessary for a contract you are a party to, and the processing is automated.
We work to high standards when it comes to processing your personal data. If you have queries or concerns, please contact the Information Governance Manager & Data Protection Officer.
If you remain dissatisfied, you can make a complaint about the way we process your personal data to the Information Commissioner’s Office, which is the UK supervisory authority for data protection. Further information can be found on the data protection pages of our website.