Privacy Policy - One Gym Cheshire

Last Updated: June 2026

1. INTRODUCTION

One Gym Cheshire ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website (https://onegymcheshire.co.uk/) and use our services.

Please read this Privacy Policy carefully. By accessing or using One Gym Cheshire, you acknowledge that you have read and understood this policy.

2. DATA CONTROLLER

Business Name: One Gym Cheshire

Address: The Old Stables, Chelford Road, Alderley Edge, Cheshire SK10 4SY, United Kingdom

Email: enquiries@onegymcheshire.co.uk

Phone: 07310 967409

We are the data controller responsible for your personal data under UK GDPR and the Data Protection Act 2018.

3. LEGAL BASIS FOR PROCESSING

We process your personal data on the following legal bases:

• Contract Performance: To provide membership services, process bookings, and manage your account
• Legal Obligation: To comply with tax law, health & safety regulations, and anti-money laundering requirements
• Consent: For marketing communications and non-essential cookies (you can withdraw consent anytime)
• Legitimate Interests: To improve our services, prevent fraud, and protect our business

4. WHAT PERSONAL DATA WE COLLECT

4.1 Data You Provide Directly

When you use our services or contact us, we collect:

• Account Information: First name, last name, email address, phone number, date of birth
• Membership Data: Membership type, payment details, billing address
• Health Information: Fitness assessment data (height, weight, fitness level), health questionnaire responses, injury/medical history
• Booking Data: Class bookings, session times, attendance records
• Communication: Messages via WhatsApp, email, contact forms

4.2 Payment Information

Payment details are processed securely through [payment processor name]. We do NOT store full card details on our servers.

4.3 Data Collected Automatically

When you visit our website, we collect:

• Device Information: IP address, browser type, operating system, device type
• Usage Data: Pages visited, time spent on site, links clicked, referral source
• Cookies & Tracking: See Section 8 (Cookies) for details

5. HOW WE USE YOUR DATA

We use your personal data for:

5.1 Providing Services:

• Processing membership signups and renewals
• Managing class bookings through Mindbody
• Processing payments and invoicing
• Providing customer support
• Health & safety assessments

5.2 Communication:

• Sending booking confirmations and reminders
• Notifying you of schedule changes
• Responding to enquiries
• Sending newsletters and promotions (with your consent)

5.3 Business Operations:

• Improving our services and facilities
• Analysing attendance patterns
• Preventing fraud and misuse
• Complying with legal obligations
• Managing staff scheduling (for instructors)

5.4 Marketing (With Your Consent):

• Email newsletters about classes, offers, and updates
• SMS notifications (if you opt in)
• Social media promotions
• Targeted advertising

You can opt out of marketing anytime by clicking "unsubscribe" in emails or contacting us directly.

6. WHO WE SHARE YOUR DATA WITH

6.1 Third-Party Service Providers

We share data with trusted providers who help us deliver services:

• Mindbody (class booking platform): Name, email, phone, booking/attendance data
• Payment Processor [Name]: Payment information (card details NOT stored by us)
• Email Marketing Platform [Name if used]: Email, name, subscription preferences
• Google Analytics [if used]: Anonymised usage data for site analytics

All third-party processors are contractually required to protect your data under UK GDPR.

6.2 Legal Requirements

We may disclose data if required by law or to:

• Comply with court orders or government requests
• Protect against fraud or security threats
• Enforce our Terms & Conditions
• Protect the rights and safety of our members and staff

6.3 Data We Do NOT Share

We do NOT sell or rent your personal data to marketers or third parties for their own purposes.

7. HOW LONG WE KEEP YOUR DATA

Data TypeRetention PeriodMembership records6 years after membership ends (tax compliance)Payment/billing data6 years (tax law requirement)Health questionnairesDuration of membership + 1 yearEmail marketing listUntil you unsubscribeWebsite analytics26 months (Google Analytics default)Customer enquiries2 years

After retention period expires, data is securely deleted or anonymised.

8. COOKIES & TRACKING

8.1 What Are Cookies?

Cookies are small files stored on your device that help us recognise you and improve your experience.

8.2 Cookie Types We Use

Essential Cookies (Always Active):

• Session management
• Security and fraud prevention
• Site functionality

Performance Cookies (Your Consent Required):

• Google Analytics (usage analytics)
• Performance monitoring

Marketing Cookies (Your Consent Required):

• Tracking ad performance
• Retargeting ads across websites

8.3 Managing Cookies

You can:

• Accept or reject cookies via our consent banner
• Adjust settings in your browser (Google Chrome, Safari, Firefox, etc.)
• Clear cookies from your device anytime
• Opt out of Google Analytics via browser extension

Note: Rejecting essential cookies may prevent site functionality.

8.4 Third-Party Cookies

Third-party providers (Google, Facebook, etc.) may place cookies on your device for analytics and advertising. See their privacy policies for details.

9. YOUR RIGHTS UNDER UK GDPR

You have the right to:

9.1 Right of Access

Request a copy of all personal data we hold about you.

Timescale: 30 days

9.2 Right to Rectification

Ask us to correct inaccurate or incomplete data.

Timescale: 30 days

9.3 Right to Erasure ("Right to Be Forgotten")

Request deletion of your data (subject to legal exceptions).

Timescale: 30 days

9.4 Right to Restrict Processing

Ask us to limit how we use your data while we investigate a complaint.

Timescale: 30 days

9.5 Right to Data Portability

Receive your data in a portable format and transfer it elsewhere.

Timescale: 30 days

9.6 Right to Object

Object to marketing communications and certain processing.

Timescale: Immediate for marketing

9.7 Rights Related to Automated Decision-Making

You have rights if decisions affecting you are made by automated means only.

10. EXERCISING YOUR RIGHTS

To exercise any of these rights, contact:

Email: enquiries@onegymcheshire.co.uk

Phone: 07310 967409

Mail: The Old Stables, Chelford Road, Alderley Edge, Cheshire SK10 4SY

Please include:

• Your full name
• Membership ID (if applicable)
• Details of your request
• Proof of identity (copy of ID or utility bill)

We will respond within 30 days. If your request is complex, we may extend to 90 days (with notice).

11. SECURITY

11.1 How We Protect Your Data

• Encryption: Payment data and sensitive information are encrypted (SSL/TLS)
• Access Control: Only authorised staff can access personal data
• Secure Storage: Data stored on secure, password-protected servers
• Regular Audits: We review security practices regularly

11.2 What You Can Do

• Use strong, unique passwords
• Don't share your login credentials
• Log out after using shared computers
• Report suspicious activity immediately

11.3 Data Breach

In the unlikely event of a data breach, we will:

• Notify affected individuals without undue delay
• Report to the ICO if required
• Provide guidance on protective steps

12. MINDBODY & THIRD-PARTY INTEGRATIONS

12.1 Mindbody Privacy

Your booking and class data is shared with Mindbody (class management platform). Mindbody processes this data under their own privacy policy: [Mindbody Privacy Policy URL]

You consent to this sharing when you use our booking services.

12.2 WhatsApp Communication

Messages sent via WhatsApp are subject to Meta's privacy policy. We recommend using email for sensitive information.

12.3 Google Services

If we use Google Analytics, your data is anonymised and subject to Google's privacy policy.

13. CHILDREN'S PRIVACY

Our services are not intended for children under 18. We do not knowingly collect data from children. If we become aware a child has provided data, we will delete it immediately.

Parents/guardians concerned about data collection should contact us.

14. INTERNATIONAL TRANSFERS

Your data is processed and stored in the United Kingdom under UK GDPR. We do not routinely transfer data outside the UK. If transfers occur, we ensure adequate safeguards are in place.

15. MARKETING & COMMUNICATIONS

15.1 Email Marketing

We send marketing emails only with your consent. You can:

• Unsubscribe via the link in every email
• Opt out by emailing enquiries@onegymcheshire.co.uk
• Update preferences in your account settings

15.2 SMS Marketing (If Used)

SMS messages are sent only with explicit consent. Standard SMS rates apply.

15.3 Transactional Messages

We will always send essential messages (booking confirmations, payment receipts, policy updates) regardless of marketing preferences.

16. CONTACT THE ICO

If you have concerns about how we handle your data, you can contact the Information Commissioner's Office:

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane

Wilmslow, Cheshire SK9 5AF

Phone: 0303 123 1113

Email: icocasework@ico.org.uk

Website: www.ico.org.uk

17. CHANGES TO THIS POLICY

We may update this Privacy Policy occasionally. We will:

• Post changes on this page
• Update the "Last Updated" date
• Email you of material changes

Your continued use of our services constitutes acceptance of updated policies.

18. CONTACT US

For questions about this Privacy Policy or your personal data:

One Gym Cheshire

The Old Stables, Chelford Road

Alderley Edge, Cheshire SK10 4SY

Email: enquiries@onegymcheshire.co.uk

Phone: 07310 967409

WhatsApp: 07310 967409