We at Compass Fitness (“we”, “our” or “us”) are committed to respecting your privacy and want to make sure all the personal information we have collected about you is safe and secure.
This Policy set outs our commitments to you, in compliance with the General Data Protection Regulation (commonly known as the ‘’GDPR’’) and explains how we collect, store and use your personal information when you interact with us.
Collecting specific, relevant personal information is a necessary part of us providing both you and the sport of rugby league with an excellent service. This Policy applies when we collect person data from you and provides you with details about our use of your personal information, what information we hold about you, how your personal information may be used, the basis for this use and details of your rights.
2. HOW DO WE PROCESS YOUR PERSONAL INFORMATION?
In most cases we will be a data controller of your personal information. A data controller controls how personal information is processed and used. We will use your personal information as described in section 6 below.
A data processor processes and uses personal information in accordance with the instructions of a third party (i.e. the data controller). In any case where we are not a data controller, this means that you cannot exercise your rights against us directly, but you can do so against the data controller (i.e. the person who controls how we process the personal information). In these cases we will inform you who is the data controller of your personal information so that you can direct any such requests to them.
3. PERSONAL INFORMATION WE MAY COLLECT FROM YOU
When you sign up to access services that we provide, either through compassfitness.co.uk (our ‘’Site’’) or otherwise, you may provide us with or we may obtain personal information about you, such as information regarding your:
Personal contact details which allow us to contact you directly, such as name, title, email addresses and telephone numbers; date of birth; gender; and where applicable records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us; any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you; use of our online portal, passwords, personal identification numbers, IP addresses, user names and other IT system identifying information; records of your participation and/or attendance at any events or competitions hosted by us; images in video and/or photographic form and voice recordings; and your marketing preferences so that we know whether and how we should contact you.
4. SPECIAL CATEGORIES OF PERSONAL INFORMATION
We may also collect, store and use the following “special categories” of more sensitive personal information regarding you:
Information about your race or ethnicity, religious beliefs and sexual orientation.
It may be that we do not collect all of the above types of special category personal information about you. In relation to the special category personal data that we do process we do so on the basis that the processing is necessary for reasons of substantial public interest, on a lawful basis; it is necessary for the establishment, exercise or defence of legal claims; it is necessary for the purposes of carrying out the obligations and exercising our or your rights in the field of employment and social security and social protection law; or based on your explicit consent. In the table below, we refer to these as the “special category reasons for processing of your personal data”.
We may also collect criminal records information from you. For criminal records history, we process it on the basis of legal obligations or based on your explicit consent.
6. HOW WE USE THE INFORMATION
The table below describes the main purposes for which we process your personal information, the categories of your information involved and the lawful basis for being able to do this.
You will be notified when we share your personal data with Compass Fitness and the reason for doing so
|Purpose||Personal Information Used||Lawful Basis|
|To send you other marketing information you might find useful or which you have requested, including newsletters, information about events, participation products and information about commercial partners||All contact and marketing preferences.||Where you have given us your explicit consent to do so.|
|To answer your queries or complaints||Contact details and records of your interactions with us.||We have a legitimate interest to provide complaint handling services to you in case there are any issues.|
|Retention of records||All the personal information we collect||We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. We may need to retain your records in relation to complaints or marketing purposes and in some cases, we may have legal or regulatory obligations to retain records. We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 4 above. For criminal records history we process on the basis of legal obligations or based on your explicit consent. We have specific retention policies in relation to compliance and safeguarding matters and have a legitimate interest in retaining such records for varying lengths of time. Where we process medical information we retain it for 10 years (or 10 years from the age of 18 where appropriate) unless this data is anonymised.|
|To answer your queries or complaints||Contact details and records of your interactions with us||We have a legitimate interest to provide complaint handling services to you in case there are any issues with your membership.|
|Retention of records||All the personal information we collect||We have a legitimate interest in retaining records whilst they may be required in relation to complaints or claims. We need to retain records in order to properly administer and manage your membership and in some cases, we may have legal or regulatory obligations to retain records. We process special category personal data on the basis of the “special category reasons for processing of your personal data” referred to in section 4 above. For criminal records history we process on the basis of legal obligations or based on your explicit consent. We have specific retention policies in relation to compliance and safeguarding matters and have a legitimate interest in retaining such records for varying lengths of time. Where we process medical information we retain it for 10 years (or 10 years from the age of 18 where appropriate) unless this data is anonymised.|
|The security of IT systems||Your usage of our IT systems and online portals.||We have a legitimate interest to ensure that our IT systems are secure.|
|To conduct data analytics studies to better understand event attendance and trends within the sport||Records of your participation and/or attendance at any events or competitions.||We have a legitimate interest in doing so to ensure that our membership is targeted and relevant.|
|For the purposes of promoting the sport, our events and membership packages.||Images in video and/or photographic form.||Where you have given us your explicit consent to do so except where such is not possible (i.e crowd photos from events, where you will be notified of such as part of your ticket purchase).|
|To comply with health and safety requirements||Records of attendance||We have a legal obligation and a legitimate interest to provide you and other members of our organisation with a safe environment in which to participate in sport.|
7. DIRECT MARKETING
From time to time, we may contact you by email, post, phone or SMS with information about products and services we believe you may be interested in.
We will only send marketing messages to you in accordance with the marketing preferences you set. You can then let us know at any time that you do not wish to receive marketing messages by updating your preferences by emailing us at firstname.lastname@example.org.
You can also unsubscribe at any time from our marketing by clicking on the unsubscribe link in the marketing messages we send to you.
8. DISCLOSURE OF YOUR PERSONAL INFORMATION
Generally, we share information where we need to do so in order to run our organisation (e.g. where other people process information for us or are required to process information for the benefit of Rugby League). In such circumstances, we will put in place arrangements to protect your personal information. Outside of that we do not disclose your personal information unless we are required to do so by law.
We share personal information with the following parties:
Any party approved by you or notified to you at the point of data collection;
Other service providers: for example, payment processors, data analysis, contractors or suppliers and IT services (including CRM, website, video and teleconference services);
Our supply chain partners and sub-contractors, such as couriers, import/export agents and shippers;
Our commercial partners: for the purposes of providing you with information on any tickets, special offers, opportunities, products and services and other commercial benefits provided by our commercial partners where you have given your express for us to do so;
The Government or our regulators: where we are required to do so by law or to assist with their investigations or initiatives;
Police, law enforcement and security services: to assist with the investigation and prevention of crime and the protection of national security;
Certain parties who act as joint Data Controllers or Data Processes in relation to services that we provide. You will be notified where this is the case;
Those who we are required to share your personal information with for the purpose of monitoring betting and/or anti-doping for the purposes of compliance cases.
We do not disclose personal information to anyone else except as set out above.
9. TRANSFERRING YOUR PERSONAL INFORMATION INTERNATIONALLY
The personal information we collect may be transferred to and stored in countries outside of the UK and the European Union. Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in.
10. HOW LONG DO WE KEEP PERSONAL INFORMATION FOR?
We will only hold your information for as long as is necessary. Where you ask us to delete records, we may delete it, subject to any retention requirements.
The duration for which we retain your personal information will differ depending on the type of information and the reason why we collected it from you. However, in some cases personal information may be retained on a long-term basis: for example, personal information that we need to retain for legal purposes will normally be retained in accordance with usual commercial practice and regulatory requirements. Generally, where there is no legal requirement we retain all physical and electronic records for a period of 6 years after your last contact with us.
Exceptions to this rule are:
Information that may be relevant to personal injury claims, or discrimination claims may be retained until the limitation period for those types of claims has expired. For personal injury or discrimination claims this can be an extended period as the limitation period might not start to run until a long time after you have worked with us; Where we have specific internal policies relating to the retention of data for compliance matters;
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you change your phone number or email address.
You will be able to update some of the personal information we hold about you by emailing email@example.com.
11. YOUR RIGHTS IN RELATION TO PERSONAL INFORMATION
You are entitled by law to ask for a copy of your personal information at any time. You are also entitled to ask us to correct, delete or update your personal information, to send your personal information to you or another organisation and to object to automated decision making. Where you have given us your consent to use your personal information in a particular manner, you also have the right to withdraw this consent at any time.
To exercise any of your rights, or if you have any questions relating to your rights, please contact us by using the details set out in section 17 below. You can also unsubscribe from any direct marketing by clicking on the unsubscribe link in the marketing messages we send to you.
You have the following rights in relation to your personal information:
the right to be informed about how your personal information is being used;
the right to access the personal information we hold about you;
the right to request the correction of inaccurate personal information we hold about you;
the right to request the erasure of your personal information in certain limited circumstances;
the right to restrict processing of your personal information where certain requirements are met;
the right to object to the processing of your personal information; and the right to object to certain automated decision-making processes using your personal information.
If you are unhappy with the way we are using your personal information, we are here to help and would encourage you to contact us to resolve your complaint by using the contact details set out in section 17 below.
12. LINKING WITH THIRD PARTY SITES
Our Site may, from time to time, contain links to and from the websites of our commercial partners, Rugby League Bodies, advertisers and clubs. If you follow a link to any of these websites, please note that these websites have their own privacy policies and they will be a data controller of your personal information. We do not accept any responsibility or liability for these policies and you should check these policies before you submit any personal information to these websites.
In addition, if you linked to this Site from a third-party site, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party site and recommend that you check the policy of that third party site and contact its owner or operator if you have any concerns or questions.
We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access to, or use, or disclosure of it. Unfortunately, no information transmission over the Internet is guaranteed 100% secure nor is any storage of information always 100% secure, but we do take all appropriate steps to protect the security of your personal information.
We take information and system security very seriously indeed. Where third-party providers store data on our behalf, we endeavour to ensure they are certified to ISO levels and/or comply with industry best practice.
Certain parts of our Site use “cookies” to keep track of your visit and to help you navigate between sections.
15. LOG FILES
In common with most websites, our Site logs various information about visitors, including internet protocol (IP) addresses, browser type, internet service provider (ISP) information, referring / exit pages and date / time stamp.
16. CHANGES TO THIS POLICY
In the event of any query or complaint in connection with the information we hold about you, we can be contacted by email on firstname.lastname@example.org or in writing to Compass Fitness, Barrys Lane, Scarborough, North Yorkshire, YO12 4HA.