General Data Protection Regulations
Data Protection Officer: ricky.gill@reading.gov.uk
What Personal Data Is Held?
Name: Required order to verify details and for general customer service.
Address: Required for any important correspondence such as changes to Direct Debits or changes to customer terms and conditions.
Date of birth: Required for Health and Safety as some classes and equipment have age restrictions and we need to be able to verify age.
Gender: Required as we run some female only classes for cultural and religious purposes.
Mobile phone number: Required to inform you of last minute class changes. We will only use your mobile phone number if a class or operational changes directly affects you.
Home phone number: Not mandatory, but can be added if requested as another means of contact.
Email address: Not mandatory, but required if any of our customers wish to book classes on online.
Ethnic origin: Not mandatory
Medical records: Required to ensure customer safety before using gyms or classes.
Bank account number: Only needed/ mandatory of setting a Direct Debit
Bank sort code number: Only needed/ mandatory of setting a Direct Debit
Photograph: Required for verification purposes.
Medical information obtained when customers completed a Physical Activity Readiness Questionnaire (PARQ) will be retained in a secure filing cabinet on the site at which enrolment took place.
How with the data be stored?
On secure encrypted computers.
Information is stored in on an external server who provide the system software. This is is supplied and supported by a private commercial company named Legend. This uses a database for the storage and retrieval of the data. To ensure security of data the system can only be accessed with a username and password. Each system user has an individual username and password and a user profile which only allows them to access the details they need to carry out their job. All user actions are logged by the application in an audit log.
Medical information obtained when customers completed a Physical Activity Readiness Questionnaire (PARQ) will be retained in a secure filing cabinet on the site at which enrolment took place.
What is the legal basis for the collection, use and storage of the data?
Necessary for performance of public interest task in exercise of official legal duty under Section 19 of the Local Government (Miscellaneous Provisions) Act 1976
Details of how long the data will be stored and criteria used to determine this:
With the exception of Physical Activity Readiness Questionnaire (PARQ forms), we retain customer details for 6 years from the date of termination as per the guidance from the Local Government Association (LGA). Medical information (PARQ forms) will be destroyed upon termination of membership. We will delete your personal details if your membership is cancelled and you request us to.
Who will it be shared with and for what purpose?
We will pass your information to the Police if required following a criminal offence.
Your employer, but only if they are paying for the cost of the membership and need to verify it has been paid for and/or being used.
How can the service user get access to stored data?
A Subject Access Request can be made by following the link: www.reading.gov.uk/dataprotection
Will the data be transferred outside the EU?
No.
Is processing based on consent?
The right to withdraw consent at any time needs to be communicated.
What rights do you have over your stored data?
You have the right to put a complaint forward to the Information Commissioner’s Office (ICO)
You have the right to change your personal data rectified if it is not accurate.
Will there be any automated decision making?
No.