Where do we get your data from?
Most of the data we hold comes directly from our users. In some case, such as training courses, data may be shared with us by a third party. We do not buy data from any source.
What is our legal basis for processing your data?
York Sport needs to collect and retain certain types of data, in various formats, about its members and users in order to fulfil its function.
Typically, data will be processed on the following grounds:
Where data is held specifically so that York Sport are able to effectively deliver its service to its customers and members it is held under Article 6(1)(b) of the General Data Protection Regulation (GDPR) – Contract: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”. N.B. This article does not require the contract in question to be written or a formal signed document. The data held by York Sport is limited to what is necessary to comply with our obligations to provide the best possible service to customers and members.
York Sport have a legitimate business interest in encouraging customers or members to continue using our facilities and services. To this end, it is necessary to retain some customers’ data in order to be able to communicate with them for marketing and member retention purposes. To ensure that this remains proportionate and balanced the following measures are in place:
- Only keeping this data for 1 year after an individual has stopped being an active member/customer.
- Only contacting individuals for marketing when the service/offer promoted is directly relevant to the York Sport services/facilities they use.
York Sport understands that sometimes customers may need to stop their membership temporarily with the intention of returning at a later date. York Sport therefore believes that it is in customers/members’ legitimate interest to be able to resume their memberships/ return as a customer easily within a reasonable timeframe of having ceased to use the service. This reinforces the decision to keep data for 1 year after a member leaves – in order to make resuming their membership as easy as possible.
At the point of gathering some data from users York Sport offers opt in options to be contacted for wider marketing purposes. Individuals who choose to opt in will only be contacted to advertise services directly relating to York Sport, and their data will not be sold or shared with any third party. Individuals can opt out of this service at any time by following the steps below.
How and why do we use your data?
York Sport collects data on various individuals, members and customers for various reasons, including; data crucial to be able to provide our service, legal obligations, and in order to promote the business.
York Sport uses personal data for a variety of reasons. Much of this data is necessary in order for York Sport to deliver its service to its members and customers.
What data do York Sport collect and why?
- Name, date of birth and photograph are necessary to ensure nobody other than the paying member is accessing the facilities using their membership.
- Contact details are necessary to be able to ensure that York Sport can communicate scheduled or unscheduled closures, cancellations or other service disruptions to the customer to ensure the minimum inconvenience (this may also include contact details of parents/guardians and emergency contacts).
Other reasons for data retention include:
- Accident reporting and investigation.
- Regulatory Requirements.
- Marketing purposes (see below).
Who do we share your data with?
York Sport is a subsidiary company of the University of York and subject to the University’s rules and regulations (including privacy rules).
Some aspects of York Sport’s functions (including financial procedures and accident reporting) are dealt with by the University and data is passed on to allow for this. More details about the University’s privacy measures can be found here.
How long will we keep your data?
Except for in specific cases, this section sets out our guidelines for retaining specific types of data:
- Personal customer data: Personal data will be held for as long as the individual is an active paying customer or member of York Sport plus 1 year.
- Personal potential customer data (enquiries): Personal data of potential customers to York Sport (supplied by the individual while making an enquiry about, or trialling our services) will be kept for 1 month.
- Health and Safety: Records of incidents/ accidents occurring on our premises are passed on to our parent organisation The University of York’s Health and Safety department who retain records in accordance with their policies.
- Financial information: this information is passed on to our parent organisation The University of York’s Finance department, who retain records for 7 years, in accordance with University policy.
Disposal of data
At the end of the retention period, or if an individual requests that their data is removed, all personal data for an individual will either be destroyed or anonymised.
For some of York Sport’s services the retention policy detailed above could potentially act against the best interests of users. Therefore the following exceptions have been made:
Customers of our swimming lessons and related activities are likely to return after a longer period once they have stopped using the service. In the interest of making the process of returning to York Sport swimming as easy as possible for these individuals a longer retention period of 2 years after they cease using the service is in place.
Automated decision making
In order to give users the best possible experience, York Sport occasionally send automated messages to find out your experience of York Sport, and to find ways to improve services, or to offer reminders of classes and timetables. These are typically sent at the end of a membership, or if members have missed classes or have not used their membership for a while. You may opt out of this service at any time by contacting email@example.com.
How do we keep your data secure?
Both York Sport and the University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information see, https://www.york.ac.uk/it-services/security/.
How do we transfer your data safely internationally?
If in certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers, York Sport will comply with our obligations under Data Protection Law and ensure an adequate level of protection for all transferred data.
What rights do you have in relation to your data?
Individuals now have greater control over their data, and can withdraw consent at any time. You can view your full rights or lodge complaints on the ICO website here. If you wish to contact York Sport about your data, including opting out of being contacted for marketing purposes, please email firstname.lastname@example.org.