Chesham Moor Privacy Policy

Who we are

Chesham Moor provides health and fitness services, and a cafe, at its centre on Moor Road, Chesham, HP5 1SE. The centre is owned and managed by Chesham Town Council.

We take your privacy seriously, and this notice describes how we collect, store and use any information you chose to share with us. This notice covers both customers of our gym and swimming pool, and also users of our website: https://www.cheshammoor.co.uk

Chesham Town Council’s privacy notice can be viewed here: https://www.chesham.gov.uk/privacy-policy/

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice.

You should exercise caution and look at the privacy statement applicable to the website in question.

Respecting your privacy

We are committed to ensuring that your privacy is protected. When you provide us with information, it will only be used in accordance with our Data Protection Policy and the relevant Privacy Notice. We regularly conduct data flows and a data inventory or data audit which looks at all aspects of the personal data that we process, including the legal basis for processing and any special requirements that the data needs. Any risk assessments (DPIAs) requirements are identified and completed paying particular attention to privacy risks associated with each processing activity: storage, collection, transmission, access and deletion. We will always process your data in a fair and lawful way in accordance with article 5 and article 6 of the GDPR.

We regularly complete Legitimate Interest Assessments to ensure that our marketing activities are considered, appropriate and are in accordance with all relevant legislation.

About this notice

If you have any enquiries related to how we use your personal information or any particular aspects of our privacy policy you can contact us in writing to Alex Jones, Chesham Moor, Moor Road, Chesham, HP5 1SE or you can contact us via our secure contact form

Information we collect and process

The amount and type of information we record and process depends upon your relationship with us.
We collect and process personal information provided by potential customers when they contact us to enquire about our services. This is necessary before entering into any agreement, membership or contract with us.
We collect and process personal information provided by customers because it is necessary for the pursuit of our legitimate interests:

  • Providing our customers with health and fitness services
  • Protecting our customers, employees and other individuals and maintaining their safety, health and welfare
  • Understanding our customers’ behaviour, activities, preferences, and needs
  • Improving existing products and services and developing new products and services
  • Marketing our products and services
  • Managing insurance claims by customers

Your rights

The GDPR provides the following rights for individuals:

Rights  – What does this mean?

The right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy.

The right of access

You have the right to obtain access to your information. This is so you are aware and can check that we are using your information in accordance with data protection law.

The right to rectification

You are entitled to have your information corrected if it is inaccurate or incomplete.

The right to erasure

This is also known as the right to be forgotten and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions such as when data is used for a public task.

The right to restrict processing

You have rights to block or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be blocked to make sure the restriction is respected in future.

The right to data portability

You have rights to obtain and reuse your personal data for your own purposes across different services. If you have any questions you can contact us.

The right to object to processing

You have the right to object to certain types of automated processing or decision making, including processing for direct marketing or where we are relying on our legitimate interests for processing.

The right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.

Collection of information from or about children under the age of 18 requires the consent of their parent or guardian.

Data storage location

We will not transfer your personal information outside of the EU without ensuring the correct data protection is in place.

Sharing information with other organisations and companies

We will not sell, distribute, or lease your personal information to third parties unless we have your consent or are required by law to do so. Please note that we do not require your consent to share this information if we suspect criminal or unlawful activity, in these circumstances we will only contact the relevant organisations.

We use third parties in conjunction with routine business requirements, accountancy and insurance services.

  • With professional advisors such as accountants and insurance, although this information will be very limited;
  • In order to conduct checks on you to verify the information you have provided us with where you are being considered for a position or contract with us;
  • With suppliers but only subject to robust contractual protections;
  • If we are legally obliged to do so.

We use Ashbourne Management Service Ltd for membership services, this is a link to their privacy notice: https://ashbourne-memberships.com/privacy-policy/
We use MailChimp to process data on our behalf to send newsletters and promotional emails, this is a link to their privacy notice: https://www.intuit.com/privacy/statement/

Use of our website

The following aspects of your privacy are related specifically to use of our website.

Cookies

  • Our website uses a technology called cookies for the following purposes:
  • Tailoring the web site to you as an individual by remembering your preferences.

Monitoring web site traffic and identifying which pages are being used. This allows us to improve our web site by better understanding how it is used.

Overall, cookies help us provide you with a better web site. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the web site.

The cookies we use are:

Functional

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Statistics

The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Controlling your personal information

Whenever you provide us with personal information we will use the details you provide in reference to that specific enquiry or sales transaction.

You may also choose to let us contact you from time to time with details of offers or promotions which may also be of interest to you. If you have previously agreed to us using your personal information in this way, you may change your mind at any time by writing to us: Alex Jones, Chesham Moor, Moor Road, Chesham, HP5 1SE or emailing us .

You can also use the “opt-out” or “unsubscribe” link in any marketing email you receive from us.

Data subject access requests

You have the right to request a copy of any personal information which we hold about you. We may need to confirm your identity before any information is released to you. We will try and verify your identity using personal data that we already have but may require other forms of identification or permission details if you are requesting the information on behalf of another data subject. We can extend this response time to three months if the request is complex and involves other data subjects. If we need more time, we will advise you.

We will respond within one month, giving you a copy of your data, why we have it, who it could be disclosed to, the categories of data it involves, and it will be in a format that you can access easily. You have the right to clarify and correct the information as necessary. It can be deleted provided that it is not required for legal or public interest reasons. If your request is more complex, for example it involves other data subjects and we need their consent to release the relevant information we can extend our response time to three months, but we will inform you of this. If they do not give their consent, we will anonymise this data or remove the relevant detail before sending this to you. We will not charge for data subject access requests unless they are excessive or manifestly unfounded. Then we will charge for administrative time only.

If you would like a copy of the information we hold about you, contact us by post, Chesham Town Council, Chesham, Buckinghamshire, HP5 1DS or you can email Chesham Town Council.

Retention of information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Our data retention policy considers the amount of data, its nature and sensitivity, the potential risk of harm from unauthorised use or disclosure, the processing purposes and if these can be achieved by other means and legal requirements.

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. You will not be recognisable as a natural living person from this anonymised data.Many of our customers leave and return to us from time to time. We therefore retain their personal details once they are no longer active customers so that it is unnecessary for them to provide us with the same information multiple times.

We retain the personal information described above for a period of 6 years after our final contact or sales transaction with you, after which the records are permanently deleted. However, if you have opted-in to being contacted for marketing, your email address will remain on our mailing list until you opt-out.

Photography

Chesham Town Council cannot take responsibility for photos that are taken by members of the public and subsequently publicly published. We will obtain consent where required for any photos that we use.

CCTV

We operate CCTV cameras around and outside Chesham Moor, avoiding changing rooms and toilet areas to protect our employees, customers and premises. We have a policy in place that regulates access to any footage and security measures are in place to protect this data.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have physical, electronic and managerial procedures to safeguard and secure the information we collect and process, both online and in person.

All data we retain is protected in accordance with best industry practice, including password protection, data encryption and firewalls.

If – despite our security measures and safeguards – we detect a security breach, we have procedures in place to deal with any suspected personal data breach and will notify you and any supervisory body of a breach if we are legally required to.

Concerns, comments and feedback

If you have any concerns about your data, or any comments or feedback about our services then please email us and we will do our best to help you

If you have any concerns about how your data is being used or processed and we have not been able to help you, then you can contact the ICO. Ways to report concerns are detailed on their website: https://ico.org.uk/concerns/

 

This privacy policy was last updated 5 February, 2025

Accessibility by WAH