Our respect for the privacy and security of your data is of great importance to Edge Hill Sport and Edge Hill University. All personal data is held and processed in accordance with the Data Protection Act 1998 and the General Data Protection Regulation (the GDPR)
What information do we collect about you?
“All personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.” (Article 5 (1) (a) of the GDPR.)
“The processing of this personal data is necessary for reasons of public interest in the area of public health and to protect vital interests (Art.6 and 9 of the GDPR), it also complies with our legal obligation, ensuring compliance to the COVID-19 Bill.”
When you sign-up for an Edge Hill Sport membership or to hire or attend our facilities, we may collect some or all of the following information that you provide in order that we can identify you when you attend the facility and to administer your membership or facility request:
- Your title, name, gender, ethnicity and date of birth
- Your photograph
- Your Student or membership number to help identify you
- Your contact information including address, telephone number, email and social media details
- Emergency contact details in case we need to contact someone on your behalf in the event of an emergency
- Your bank details for the setting up of Direct Debits
- Any health conditions that you may have that we need to know about that could impact on your ability to safely undertake exercise
- A record of interactions with you
- A record of your usage
- Any other information you have provided us with
The information listed above is only available to us if you have chosen to share it with us.
We will update the data we hold on you from time to time. For example, if you provide us with updated details or change your details on websites managed by the University. You can update your information yourself by contacting email@example.com
How do we use the information you provide to us?
Under the GDPR, we do have to meet one of the conditions set out in Article 6 for processing your data. We use the information we collect only in compliance with this privacy notice.
In most cases, the processing of your data is necessary for statutory and contractual purposes. We may also need to process the sensitive data you provide to us to ensure your safety and wellbeing. Processing could be necessary to protect the vital interests of the data subject or others. In addition to this, we also need to process some of the data you provide to us to help us comply with legal obligations.
We will use your data to contact you about anything that directly relates to your membership with us and any transactions that you make with us, normally by email. If you give us your consent we may send you information about upcoming events and promotions, any changes to activity programmes and any new activities that we think that you may be interested in. We may also on occasions seek to obtain your feedback as a customer to help us to improve our service. You can withdraw your consent for this or change your contact preferences at any time by contacting us.
On occasions we may also use photographs and images of individuals and groups for marketing and promotional purposes but we would always seek your consent in advance for this purpose
We may also use your information for internal analysis to evaluate the success of our events, activities or classes and how to better target them in future.
Who do we share your information with?
We do not share the information you provide to us outside of the European Economic Area (EEA) or with other parties unless there is a legal or statutory requirement to do so. We will never sell, rent or trade your personal data.
Your membership data is held within our leisure management software system licensed from Delta Computers, who are based in the UK and who have access to the system under a data sharing agreements. As part of our transactional processes we may share data with other departments within Edge Hill University such as IT Services and Finance. We may also disclose your data to other internal and external stakeholders or service providers who render services to us or you on our behalf. All of these stakeholders and service providers are themselves GDPR compliant and contractually obligated to act only on our instructions and in accordance with applicable laws, including GDPR. An example of some of these are as follows:
- EHU Finance
- EHU IT Services
- EHU Student Services
- FM Customer Services
- Technogym Mywellness
- British University and College Sport (BUCS)
- Sport England
- British Gymnastics
- National Governing Bodies of Sport (NGBs)
- Survey Monkey
- NHS Test and Trace
- Endsleigh Insurance
How long do you keep my information?
We retain personal information that you provide us as long as we consider it potentially useful in contacting you about the product and services we provide, or as needed to comply with legal obligations or until you request us to do otherwise. We remove or delete some information when it is replaced with updated information.
Where you exercise your right to erasure, we may continue to maintain a core set of personal data to ensure we do not contact you inadvertently in the future. We may also need to retain some financial records about you for statutory purposes.
Our current Edge Hill Sport data Retention Policy states how long we will keep your data for.
Is my personal data secure?
We are committed to the security of the information we hold and in ensuring that only people who need to access the information, are able to do so. Your information is held securely on password protected University servers or in secure areas, with access restricted to authorised personnel only. We will not sell your personal data to third parties under any circumstances and we do not permit third parties to sell on the data we have shared with them.
You have the right to access and be informed about what personal data the University or Edge Hill Sport holds about you and what it is used for. To submit a request please refer to the University’s Subject Access Request Form. You can correct or update your data at any time by contacting the Edge Hill Sport team directly at firstname.lastname@example.org or in person at the Reception desk in the Sports Centre. You can also restrict processing of your data by informing us. We may amend this privacy notice from time to time, any significant changes to this notice or to the way we treat your data will be communicated via either the Edge Hill Sport website, the University website, or by contacting you directly through the most appropriate means.
You have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns
Should you wish to contact anyone regarding your personal data or if you have any concerns about the use or processing of your data, please contact:
Data Protection Office
Edge Hill University
St Helens Road