Loading

Privacy Notice

Our privacy policy including how we use or share your information, our disclaimer and copyright information.

1. Introduction

This Privacy Policy outlines how Active Leicester, a service provided by Leicester City Council, collects, uses, and protects your personal data. We are committed to complying with UK data protection legislation, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, and ensuring your privacy is protected. This policy explains the types of personal data we collect, how we use it, your rights regarding your data, and how to contact us with any queries.

2. Data Collection and Use

2.1 Membership Information
Purpose: To manage your Active Leicester account, provide and improve our services (including identity verification, service updates, and tailored communications), conduct research and analysis to enhance service offerings, comply with legal obligations, and monitor service equality.
Data Collected:
  • Identification and Contact: Name, postal address, email address, telephone number(s).
  • Payment Information: Details for processing membership fees and transactions.
  • Optional Demographic Data: Age, gender, ethnicity (provided voluntarily to help us monitor
    and improve service inclusivity).
  • Usage Data: Records of your facility usage and programme participation, including entry/exit
    times, equipment usage, and class attendance.
  • Feedback and Survey Responses: Information provided through customer feedback and
    surveys.
  • Health Information: If you choose to provide it.
  • Identity Verification Data: Information used to verify your identity.

Legal Basis for Processing:

  • Contractual Necessity: To fulfil our membership agreement and provide core services.
  • Legal Obligation: To comply with legal requirements (e.g., disclosures to law enforcement, public health, identity verification for legal reasons).
  • Public Task: Processing necessary for tasks carried out in the public interest.
  • Legitimate Interest: To conduct research and analysis for service improvement, and to notify
    you of service changes. A Legitimate Interest Assessment has been conducted to ensure
    your rights and freedoms are protected.
  • Consent: For processing health information and optional demographic data, unless another
    legal basis applies.

2.2 Payment Processing

  • Card Transactions: Managed by Cardstream also referred to as GladstonePay, which handles
    your card details and contact information to process payments securely.
        o Card Stream Privacy Policy
  • Direct Debits: Administered by Paygate, which processes your name, bank account
    information, and direct debit value to manage payments.
        o Paygate Privacy Policy
  • Address and Bank Detail Verification: GBG Group validates your address and bank details to
    ensure accuracy, using your house number, postcode, telephone number, and bank account
    details.
         o GBG Privacy Policy

2.3 Service Partners

  • Gladstone Ltd: Provides the database system for managing your account.
  • Fitronics: Acts as a data processor for GoLearn course management software, accessing the
    Gladstone database for product support and maintenance.
  • Bristow & Sutor: Our authorised debt collection and enforcement agency, who process your
    details in the event of unpaid debts, in accordance with data protection law.
  • Marketing Partners: We may work with marketing partners, which, when required by the
    service, will process your relevant information on their systems to assist in service provision.
    We ensure that these partners comply with UK Data Protection law.

3. Data Sharing

  • Legal and Statutory Requirements: We may share your data with legal authorities,
    regulatory bodies, or other statutory organisations, such as the police, Department for Work
    and Pensions, or enforcement agencies, when required by law or to comply with legal
    obligations.  
  • Service Providers: To provide essential services, we share necessary information with third-
    party providers who assist with payment processing, account management, and other
    operational functions. We ensure these providers comply with strict data protection
    agreements.
  • Public Health and Safety: In situations involving public health emergencies or to protect the
    safety of our members and staff, we may share relevant information with appropriate
    authorities, as legally permitted.
  • Anonymised Data for Equality Monitoring: We share anonymised demographic data for
    equality monitoring and reporting purposes.  
  • Marketing Partners: Where required to provide the service, we may share information with
    marketing partners. We ensure that these partners comply with UK Data Protection Law.
  • Data Transfers Outside the UK: If data is transferred outside the UK, we will ensure
    appropriate safeguards are in place to protect your data in accordance with UK data
    protection law.
  • With Your Consent: We will share your data with other organisations when you have given
    us explicit consent to do so.

4. Data Security

CCTV Surveillance:

  • CCTV is used in leisure centres for crime prevention and safety.
  • Cameras are visible, and private areas are not monitored.
  • Footage is retained for a limited period and accessed by authorised personnel only.

Data Protection:

  • We use robust security measures, including encryption and access controls, to protect your
    data.
  • Regular security assessments and staff training are conducted.
  • We maintain up to date security patches, and software updates.
  • We have documented data breach procedures, and will notify the ICO, and data subjects as
    required in the event of a data breach.

5. Data Retention

  • Retention Period: We retain your personal data only for as long as necessary to fulfil the
    purposes for which it was collected, including providing our services and complying with
    legal obligations.  
  • Membership Data: For active memberships, we retain your data while your account is
    active. Upon account closure or inactivity, we will retain your data for a period of 2 years,
    after which it will be anonymised.
  • Unused Accounts: Accounts created where no payments or attendances have been
    recorded, will be removed after 1 year.
  • Payment Information: Payment transaction data is retained for the period required by
    financial regulations and for audit purposes.
  • CCTV Footage: CCTV footage is retained as a standard for 30 days unless required for legal
    proceedings.
  • Debt-Related Data: Data related to unpaid debts, including communications with Bristow &
    Sutor, will be retained until all legal and financial obligations related to the debt are met, in
    accordance with applicable statutory limitation periods.
  • Deletion Requests: You can request the deletion of your data. We will comply, unless we
    have a legal obligation or legitimate interest to retain it. We will provide confirmation of
    data deletion, once the process has been completed. Please be aware that some data may
    be retained in backups for a limited period and will be deleted as per our backup deletion
    policy.
  • Anonymisation: Where data is no longer required, but still required for statistical purposes,
    we will anonymise the data.

6. Your Rights

You can ask to see what data we hold about you and ask to be sent a copy. This is called a Subject
Access Request. To make a Subject Access Request, please visit the Leicester City Council website

You can also ask us to:

  • Correct your data if you think it is wrong (Right to Rectification);
  • Erase your personal data in certain circumstances (Right to Erasure);
  • Stop using your data if you think it is wrong or we shouldn’t have it, until it’s put right or
    deleted (Right to Restriction);
  • Stop using your data if you think we no longer should be using it (Right to Object);
  • Transfer the information you gave us from one organisation to another, or give it to you. The
    right only applies if we are processing information based on your consent or under, or in
    talks about entering into a contract and the processing is automated (Right to Data Portability)
    ;
  • Consider any complaint you have about how we have used your data.

Automated Processing:

In addition, you have the right:

  • Not to be subject to a decision that is based solely on automated processing if the decision
    affects your legal rights or other equally important matters (for example, automatic refusal
    of an online credit application, and e-recruiting practices without human intervention)
  • To understand the reasons behind decisions made about you by automated processing and
    the possible consequences of the decisions, and
  • To object to profiling in certain situations, including for direct marketing.

You can read more about this on the ICO website.

Consent Withdrawal: If we process your data based on your consent, you can withdraw this
consent at any time.

7. Data Relating to Children

  • Collection: We collect personal information from individuals under the age of 16 only with
    parental or guardian consent.
  • Usage: This data is used to provide appropriate services and ensure safety.
  • Marketing: We do not knowingly market to children under 16 years.

8. Cookies

  • Usage: We use cookies to enhance your experience on our website. Full details can be found
    in our Cookie Policy (Link).
  • Management: You can manage your cookie preferences through your browser settings.

9. Keeping You Updated

  • Service Communications: Essential notices about your account and services.
  • Marketing Communications: Sent only if you have opted in, with options to manage your
    preferences.

10. Complaints

  • Process: Contact us via email active@leicester.gov.uk or information-security- incidents@leicester.gov.uk if you have concerns about how we manage your data. You can also contact the Information Commissioner’s Office (ICO)

11. Links to Other Websites

  • External Links: Our websites may contain links to external sites with their own privacy
    policies. We are not responsible for their data practices.

12. Changes to This Policy

  • Updates: This policy may be updated periodically. Please review it regularly for any changes.

Contacting Us

For any queries or to exercise your data rights, please contact us at:

  • Email: active@leicester.gov.uk
  • Address: Active Leicester, 2 Knighton Lane East, Leicester LE2 6LU
  • Alternatively, you can contact our Data Protection Officer by email: data-protection- officer@leicester.gov.uk

TURNING THE TIDE ON INACTIVITY

read our strategy

We serve the people, communities and businesses of Leicester

Company

Quick Links

More

Copyright, Active leicester 2025. All rights reserved.

Chat with Us