How we use your information
This privacy notice tells you what to expect when Sierra Lima CrossFit collects personal information.
Lawful basis for data processing
We comply with the General Data Protection Regulation (GDPR) and may use two separate bases for the lawful processing of your personal data as follows:
1. Contract basis is used for processing personal data which directly relates to purchases and to the management of contracts for our members, former members and those who have themselves entered their personal details in to our online membership management system but may not have gone on to take out a paid membership.
Whilst you are a current member we are required to store and process certain personal data, such as your name, gender, date of birth, address, email address, telephone number, payment details and health related information. If you have reached the end of your initial contract period you can terminate your membership agreement with us, giving a minimum of 30 days notice, and request that we erase your details from our systems at the end of your contract. Waivers, both electronic and paper based will be retained indefinitely to protect Sierra Lima CrossFit in the event of personal injury in the immediate or long term future. Electronic waivers will be protected by Teamup; paper based waivers will be kept secure in a locked filing cabinet.
If you have yourself entered your personal data in to our membership management system, but decided not to complete the membership process, then you also have the right to request that we erase your details from our systems.
When you become a member it will be necessary for us to share your personal data with some 3rd-party data processors (other companies), as outlined below in the section entitled “People who use our services”
2. Consent basis is used when you opt in to receive our direct marketing such as, but not limited to, email newsletters, promotions and events. This use of personal data applies to both members and non-members and is usually restricted to just your name, address, email address and telephone number.
You may opt out of receiving our newsletters and marketing at any time, whether an active member or not. If you wish to opt out from direct marketing you will be able to do so via an unsubscribe link included in each marketing email or you can contact us using the information at the bottom of this page.
Under the Consent basis of lawful processing you are entitled to the right to be forgotten (erased from our systems) and the right to ask us to transfer the personal data that you supplied us to another company. Please see the contact information at the bottom of this page if you wish to make such a request.
In addition, as a member, you may choose to participate in various health and fitness schemes that we operate, such as, but not limited to, Boxmate and Teamup. By choosing to participate in such schemes you consent to us recording and processing your physical, health and performance data for the sole purpose of fulfilling the functions of the service you have chosen to participate in. If you decide to leave any of these schemes you have the right to request that we erase your data from those systems.
Visitors to our websites
When someone visits sierralimacrossfit.com we use third-party service, Google Analytics and Wix, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google or Wix to make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Terms and conditions of website use
The content of the pages of sierralimacrossfit.com is for your general information and use and is subject to change without notice. Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable, and it shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements. This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with ‘fair use’ as set out by the Digital Millennium Copyright Act (DMCA). Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
Security and performance
The Sierra Lima CrossFit website uses an integrated application to help maintain the security and performance of the website. To deliver this service it processes the IP addresses of visitors to our website and logs any IP addresses that make unauthorised attempts to log in or that try to examine the non-public content.
People who contact us via social media
We may from time to time use a third-party provider, Hootsuite, to manage our social media interactions. If you send us a private or direct message via social media the message will be stored by Hootsuite for three months.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who make a complaint to us
When we receive a complaint from a person we create a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We may at times compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
People who use our services
We offer various services to our members. We have to hold the details of the people who have requested our services, such as a gym membership, in order to provide it to them. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a service to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe to our services, they can cancel their subscription within the individual terms of their contract and are given an easy way of doing this.
Incomplete registrations sometimes occur when a person begins to subscribe via our membership management system and then either changes their mind or decides to finish the process at a later date. In these cases we send a single service related email to that person to see if they require assistance in completing the registration process.
We use third-party data processors to manage memberships, fitness data and to process payments. These data processing companies are PCI and or GDPR compliant. They include, but are not limited to, Boxmate, GoCardless and Teamup. Further information on these companies can be found on their websites or supplied by us upon request.
In addition, should a member fall behind with their monthly payments, it may be necessary for us to share their name, address, contact details and payment information with our accounting, legal and or debt recovery companies.
People who may be recorded by our CCTV system
We utilise CCTV cameras within our premises and on the perimeter areas adjacent to our premises to protect our members, employees, property and visitors. Video is recorded on a central CCTV system and is stored for up to 90 days after which time it is automatically overwritten. Access to the camera images is password protected and restricted to approved staff. Should the need arise, copies of recordings may need to be given to the authorities to aid in any investigation – this will be done within the guidelines issued by the Information Commissioners Office.
Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
Access to personal information
We try to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
give you a description of it;
tell you why we are holding it;
tell you who it could be disclosed to;
and let you have a copy of the information in an intelligible form.
To make a request to us for any personal information we may hold you need to put the request in writing to the address provided below.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting us at the address provided below.
Disclosure of personal information
In most circumstances, we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the persons or organisation concerned and with other relevant bodies.
You can also get further information on
agreements we have with other organisations for sharing information;
circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
our instructions to staff on how to collect, use and delete personal data; and how we check that the information we hold is accurate and up to date.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 1st June 2018.
Address and contact information
You can write to us at:
Sierra Lima CrossFit Limited
Unit 16, Leigh Commerce Park
Or email us via firstname.lastname@example.org
Or telephone us on 01942 601 868