For the purposes of the UK General Data Protection Regulation (“the Regulation”) and the Data Protection Act 2018, the controller is (INSERT ADDRESS). The term ‘BareRooms Ltd’ or ‘us’ or ‘we’ refers to the operator of BareRooms Ltd and the owner of the Website whose registered office is (INSERT ADDRESS). Our company registration number is (INSERT COMPANY REGISTRATION NUMBER) (United Kingdom). The term ‘you’ refers to the user of one of the centres that we operate or any other visitor to this Website, as the context dictates.
The Regulation gives you certain rights which are detailed in the section headed "Your Rights regarding personal information". The contents of this Privacy Notice are subject to these overriding rights and no provision in any other part of this Privacy Notice is to be construed as restricting the scope of those rights.
By using our Services, you consent to the collection and use of this information by us as set forth in this Privacy Statement and amended from time to time. If we decide to change our privacy practices, we will post those changes on this page so that you are always kept informed of what data we collect, how we use it, and under what circumstances we disclose it. Please check this page for changes from time to time to make sure you are aware of our latest privacy practices.
We are committed to respecting your privacy. We recognize that when you choose to provide us with information about yourself, you trust us to act responsibly. That's why we have put a policy in place to protect your personal information. You may always use our Services without giving us any personal information. Please read on for more details about our privacy practices.
If you are a visitor to our Website, even an anonymous visitor, we may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information internally and externally. This statistical data about browsing actions and patterns does not identify any individual. Nevertheless, to the extent that such information falls to be treated as personal data, and you do not wish us to process it, you should change the settings on your internet browser to prevent collection of this information.
When you sign-up to become a member of BareRooms Ltd we will know who you are, and the activities you perform on this Website or undertake at the gyms that we operate.
We may collect and process the following data about you:
We may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical information about the browsing actions of users of the Website and does not identify any individual. As indicated above, you may be able to change settings on your internet browser to prevent collection of this information, to the extent that it may in future be considered by law to be personal data.
We use collected information for the purposes of our legitimate interests, including:
We may collect and use special category personal data, and in particular, information about your health, with your consent or where you have provided it to us, to allow us to tailor our services to meet your needs and to ensure your health and safety.
We may also process information relating to actual or alleged criminal offences where it is necessary for the safety of staff or members, and only where such use is permitted by the law.
BareRooms Ltd does not use your personal information in any automated decision-making process.
BareRooms Ltd may contact you in relation to the nature of your attempted transaction, even if you don't confirm the transaction. This will be an operational email to enquire as to why the transaction was not completed. The data will not be used for any other purpose and certainly not shared with any other company other than the company that initiates the operational email (if this is not BareRooms Ltd). Our aim is simply to provide you with the highest level of service that we can.
Your personal data may be transferred abroad for any of the purposes explained in this policy and such transfer may be to a country outside of the EEA. If we transfer your personal data outside the EEA, it will only be to recipients who offer an adequate level of protection and who have appropriate safeguards in place to protect your personal data. It may also be processed by personnel operating outside the EEA who work for us or for one of our service providers. Again, this will only be where there is an adequate level of protection and who have appropriate safeguards in place to protect your personal data. Countries where personal information relating to you may be stored and/or processed, or where recipients of personal information relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal information, you accept that personal information relating to you may be transferred, stored or processed in this way.
The period of use of the personal data supplied by you will not be longer than we deem necessary to carry out the purpose for which such data was collected, provided that we may store and process your personal data for longer periods solely for archiving or statistical purposes where we have appropriate safeguards in place to protect your rights.
We may share your personal information with certain companies performing services on behalf of BareRooms Ltd (such as direct marketing agents) who will only use the information to provide a service that BareRooms Ltd has asked them to provide.
Those selected companies will perform a function for us, such as agencies and suppliers who have been instructed to assist us to more effectively deliver services, manage and conduct promotions and offers, provide technical assistance and support and perform other functions to support marketing activities. A list of approved companies that process data on our behalf is available on request.
All selected companies may have access to personal information if needed to perform such functions but will only be permitted by us to use personal information for the purpose of performing that function and not for any other purpose.
Where you have given specific consent, your information may be shared with independent self-employed trainers for them to contact you to inform you of personal training services which they would like to offer you.
We may disclose your information to our subsidiaries or ultimate holding company and its subsidiaries, as defined in Section 1159 of the Companies Act 2006.
In the event we seek to sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer, subject to satisfactory assurances that the data will be processed securely by them.
Save for this, we do not sell, transfer or disclose personal information we have collected from you in connection with our website activities to third parties outside BareRooms Ltd.
You may request details of personal information which we hold about you under the Regulation. If you would like a copy of the information held on you, please contact us by email to Info@barerooms.com or in writing to The Data Protection Officer at Unit 8a, Valley business park, Birkenhead CH41 7ED
If you think any information we have about you is incorrect or incomplete, please e-mail or write to us and we will correct or update any information as soon as possible. You can also update member information via the online Member Area.
Where we have given you a password to access certain areas of the Website you are responsible for keeping this confidential and we ask that you do not share this password.
Our Website may, from time to time, contain links to other websites which are not within our control. Once you have left our Website, we cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement applicable to the website in question.
Some sections of our Website (for example the online shop) are provided by third parties.
This section sets out the appropriate actions and procedures which BareRooms Ltd follows in respect of the use of CCTV (closed circuit television) surveillance systems (“CCTV Systems”) at Our premises.
Sound recording is disabled on all cameras.
Please note that all public areas are monitored by CCTV 24 hours a day. BareRooms Ltd reserves the right for its employees and contractors to review footage as required and by entering onto our sites you consent to your image being recorded and reviewed and waive any and all claims in relation to same. Recorded CCTV footage will be stored securely and retained in compliance with applicable laws. BareRooms Ltd is registered as a Data Controller with the ICO, Registration Number 13216069
In drawing up this policy, due account has been taken of the following:
This policy will cover all employees and persons providing a service to BareRooms Ltd, visitors and all other persons whose image(s) may be captured by our CCTV Systems.
We will also ensure that the personal data captured by our CCTV Systems is only processed in accordance with the following requirements:
BareRooms Ltd CCTV Officer has the legal responsibility for the day-to-day compliance with the requirements of this policy.
The purpose of the use of the CCTV Systems and the collection and processing of CCTV images is for the prevention or detection of crime or disorder, apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings), interest of public and employee Health and Safety, protection of public health and the protection of our property and assets and to ensure compliance with our policies and procedures.
Prior to any camera installation the CCTV Officer will ensure that the installation complies with this policy and that the use of any camera is justified, necessary and proportionate. The CCTV Officer will regularly assess whether the use of any camera and the CCTV System as a whole continues to be justified, necessary and proportionate.
The location of the equipment is carefully considered because the way in which images are captured needs to comply with the Regulation.
All cameras are located in prominent positions within public and staff view and do not infringe on sensitive areas. All CCTV surveillance is automatically recorded, and any breach of this siting policy will be detected via controlled access to the CCTV System and auditing of the CCTV System.
The images produced by the equipment will as far as possible be of a quality that is effective for the purpose(s) for which they are intended. Upon installation, all equipment is tested to ensure that only the designated areas are monitored, and suitable quality pictures are available in live and play back mode. All CCTV equipment is maintained under contract.
Images which are not required for the purpose(s) for which the equipment is being used will not be retained for longer than is necessary. While images are retained, it is essential that their integrity be maintained, whether it is to ensure their evidential value or to protect the rights of people whose images may have been recorded. Access to and security of the images is controlled in accordance with the requirements of the Regulation.
All images are digitally recorded and stored securely within the system’s hard drives. Images are stored for a minimum of 14 days and typical for no more than 31 days
Where the images are required for any other purpose, for example system testing, evidential purposes or disciplinary proceedings, a copy file will be moved to an access controlled confidential location on the network and held until completion of the investigation. Viewing of images within the system is controlled by the CCTV Officer or a person nominated to act on their behalf. Only persons trained in the use of the equipment and authorised by the CCTV Officer can access data.
Access to, and disclosure of, the images recorded by our CCTV System and similar surveillance equipment is restricted and carefully controlled. This ensures that the rights of individuals are preserved, and the continuity of evidence remains intact should the images be required for evidential purposes e.g., a police enquiry or an investigation being undertaken as part of an internal procedure.
Access to the medium on which the images are displayed and recorded is restricted to the CCTV Officer, staff authorised by them and third parties as authorised from time to time for specific purposes. Access to and disclosure of images is permitted only if it supports the purpose for which such images were collected.
The Regulation gives any individual the right to request access to CCTV images which contain their personal data.
CCTV is managed and maintained by BareRooms Ltd. Individuals who request access to images must submit this formally in writing to us. This will provide us with sufficient details to identify the section of footage they are concerned with and to enable BareRooms Ltd to satisfy itself that the person making the request is the data subject of that specific recording. Upon receipt of the request, the CCTV Officer, or another member of staff authorised by them, will determine whether disclosure is appropriate and whether there is a duty of care to protect the images of any third parties. If the duty of care cannot be discharged, then the request can be refused.
A written response will be made to the individual, giving the decision (and if the request has been refused, giving reasons) within 31 days of receipt of the request.
The Regulation provides certain overriding rights for data subjects.
You are entitled to request details of the information we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information (including in relation to direct marketing), to stop unauthorised transfers of your personal information to a third party and, in some circumstances to obtain your personal information in a structured, commonly used and machine-readable format or to have it transferred directly to another organisation. You may also have the right to lodge a complaint in relation to our processing of your personal information with a local supervisory authority (for residents of the United Kingdom: the Information Commissioner’s Office; further information can be found at https://ico.org.uk/).
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see the section " What do we do with the information we collect?") or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law on the basis of legitimate interest, in particular in connection with exercising and defending our legal rights, making disclosures to law enforcement authorities or meeting our legal and regulatory obligations.
If you have a concern about the way we are collecting or using personal information relating to you, we request that you raise your concern with us in the first instance: The Data Protection Officer, firstname.lastname@example.org or write to unit 8a, Valley business park, Birkenhead ch41 7ed. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without adult verification or parental consent, we will take the necessary steps to remove that information from our servers.
This Privacy Notice may be updated periodically to you to reflect changes in our information practices or relevant laws. We will indicate at the top of the Notice when it was updated. Please review this Notice any time you access or use our sites to make sure you have reviewed the most recent version.