Privacy Policy

TO GYM PRIVACY NOTICE (PRIVACY POLICY)

This is our Privacy Notice. In it you can find all the information you need about how we use your personal data.

WHO WE ARE

TO GYM is a brand owned by THELEO LTD, with registered office at 40 Temple Fortune, London, NW11 0QU, registered in England under Company No 12628426.

PERSONAL INFORMATION WE COLLECT

THELEO Limited is registered as a data controller with the ICO, the UK’s independent authority set up to uphold information rights and data privacy. As a data controller, we must make sure we comply with UK data protection law in relation to our processing of personal data. We may collect and process the following data about you summarised by category:

Contact and identification details

We record your name, postal and email addresses, telephone number(s) and contact preferences when you enquire on our website or when you sign in as a guest at our gym. If one of our members makes a booking for you as a guest or recommends you as a friend they may provide us with your name, phone number and email address.

When you join our gym we record your date of birth and gender. We may also take your photograph when you join. We store your user name and password if you register online with us. If you give us evidence in support of your membership application we will keep it on file.

Session and device details

We record your name, email address, your device’s MAC address and IP address when you log on to our wireless network. If you use our mobile app we record your usage data and location (if your device settings allow).

Usage and attendance details

We may capture your image on CCTV when you visit our gym.

If you use our website we record information about the URL you came from, your device’s IP address, your browser type and information about where your device is located.

We keep a record of when you check-in by scanning your QR code into the gym using your app. We also hold information about your racquets and class bookings. We keep a note of vouchers and guest passes issued to you. We keep a record of your health and fitness goals if you choose to share them with us.

Correspondence and incidents

If you contact us we may keep a record of that correspondence and any comments and responses you submit via surveys and our feedback system. 

If you are involved in an incident at our gym, we will record details of the incident.

Payment details

We keep details of your membership package and fees for you and others linked to your membership and the payments you make to us. If you pay your membership and other fees by direct debit, we keep a record of your bank details. If you pay for goods and services in our clubs by card we record your payment card details.

Your personal circumstances

If you give us evidence of relocation, redundancy or a medical condition in line with our cancellation or suspension policy we will keep it on file.

HOW WE USE YOUR PERSONAL INFORMATION

Legal basis for processing

If you are not a member, we use the information that you provide or that we collect in line with this Privacy Policy and our Website Terms of Use on the basis of our legitimate business interests unless otherwise stated. In addition, if you are a member, we use the information that you provide or that we collect in line with our Terms and Conditions of Membership and on the basis of our contract with you.

Contact and identification details

We use your contact details to respond to your enquiry or manage your booking and to let you know about our products and services which may be of interest (including through the use of email, phone and text if you have agreed to receive this information from us electronically).

In addition, when you become a member, we use your contact details to register you with CLUBWISE, to set up and manage your membership account and to administer our services in accordance with our terms and conditions and to contact you about changes to facilities, fees and membership terms.

Session and device details

We use session and device details to manage access to our network, to make our website easier to use and to alert you about bookings and classes through our mobile app.

Payment details

We use your payment card details to collect payment for goods and services. We use your payment details to collect membership fees and other payments due from you in line with our terms and conditions; to take advice and action in relation to the collection of debts and to assist us in resolving any disputes.

Usage and attendance details

We use CCTV for the prevention and detection of crime and the health and safety of guests, members and staff. We use information about website usage to make our website easier to navigate.

We use usage and attendance data to administer our booking policy and the terms and conditions on the use of our facilities; to improve your experience of our facilities and to tailor our communications with you.

Correspondence and incidents

We use your feedback to improve our facilities and services and to assist us in dealing with any query you may have. We record details of incidents to comply with our obligations under health and safety legislation.

Your personal circumstances

We use the information you give us to administer our policy on suspension or cancellation.

Information we receive from third parties

We use data from your wearable device to improve your experience of our facilities. We use information supplied by your employer to collect payment if your membership is paid for by them.

SPECIAL CATEGORIES OF PERSONAL DATA

We may process information about your health, for example to ensure your safety or to comply with our obligations under health and safety law. Where the processing is to provide a service to you, we will always ask for your agreement. If you are not happy for us to have this information you do not have to agree, and you can change your mind at any time.

SHARING YOUR INFORMATION WITH OTHERS

We value your privacy and do not sell your information to any third parties under any circumstances.

We may give information about you to the following third parties, who may use it for the same purposes as us and also as set out below:

We share data with our agents, contractors and employees to administer your membership, your account, and any products and services provided to you now or in the future.

We share your card and bank details with our secure payment providers to process card transactions and direct debit payments.

We share your contact details and preferences with mailing houses, our marketing agencies, systems providers and other distributors for the distribution of information to you.

We share contact and identification details with our media agents, search engine providers and social media platforms so that we can tailor our communications to the right audience.

We may share attendance details with your employer or flexible benefits provider if your membership is arranged through them.

We may share your data with anyone to whom we transfer or may transfer our rights and duties under our agreement with you, if we have a duty to do so or if the law allows us to do so. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. We share data with third parties who will help process or administer our services or who will provide advice and take action in relation to the collection of debts.

HOW LONG WE KEEP YOUR INFORMATION

We keep the information that you provide or that we collect only for as long as we need to in line with the reason it was collected. More detail is given below for each category of information.

We keep your contact details for up to four years after your first enquiry. We keep enough information to record your communication preferences indefinitely in order to avoid sending you unwanted information in future.

We keep session and device details for 24 hours to avoid you having to log in again on the same day.

We keep correspondence for up to seven years in case you contact us again about the same subject.

If you are a member, we keep your contact and identification details, usage and attendance details and information about your personal circumstances during your membership and for up to seven years after it ends so we can respond in the event of any query about your membership. We may keep certain information for longer than this if we have a compelling reason for keeping it.

We keep correspondence for up to seven years after you leave in case you contact us again about the same subject. We keep details of incidents for three years after the date of the incident.

We keep payment details during your membership and for seven years after you leave in line with the BACS code of practice.

CCTV recordings are deleted automatically after 30 days unless they are retained in connection with an investigation, in which case we keep them until after the investigation is concluded.

We do not store any data received from your wearable device.

YOUR RIGHTS

You have the right to make a request for a copy of the personal data that we keep about you or to correct the details that we hold about you. We will respond within one month.

If you would like to know what personal information we hold about you, or would like us to correct the details we hold about you, you should write to the address below or email admin@togym.co.uk, enclosing proof of your identity (such as a copy of your passport or driving licence) and asking to see your personal information or asking us to correct the relevant information. You will have to give us enough information so we can identify the personal information you have asked to see or have corrected. We do not have to respond to your request until you have given us the information we need. We will contact you within one month of your request or, where we have asked for further information to identify you, within one month of receiving such information.

You have the right to receive the information in a portable electronic form. If your request is by email from the address that we hold for you we will respond by email to that address.

You have the right to ask us to erase your personal data under certain circumstances.

You have the right to ask us to stop processing your personal data where the processing is based on our legitimate interests. This does not include processing which is in line with our Terms and Conditions of Membership, for example payment processing. If we believe we have a legitimate reason for processing your personal information including for the defence of any legal claims we may decline your request.

Under certain circumstances, for example if we decline your request to stop processing, you have the right to ask us to restrict the processing of your personal data.

UPDATING YOUR MARKETING PREFERENCES

We may use your personal information to provide you with marketing information about our products and services such as newsletters, product updates, surveys, company announcements and invites to events that will be of interest to you.

You can opt out of receiving marketing messages at any time by following the unsubscribe links located within any electronic communication from us. You can also contact us by phone or email using the contact details on our website www.togym.co.uk.

Please note that, even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.

YOUR RIGHT TO COMPLAIN

If you are unhappy about how your personal data is being processed you should raise your concern with us first - see “Contacting Us” below. If you are not happy with the way that we deal with your concerns you can contact the Information Commissioner’s Office (ICO) at ico.org.uk

COOKIES

When you visit our websites or mobile applications, we may send you a cookie. A cookie is a small file that can be placed on your computer's hard disk or mobile device for record keeping purposes and we may use them to do a number of things:

Cookies help us to recognise you when you next visit one of our websites and note the advertisements displayed to you. This allows us to tailor the advertisements we provide to your preferences. We may use the services of third party ad servers for this purpose.

Cookies may be used to compile anonymous statistics related to the take up or use of services, or to patterns of browsing. A third party collects such data on our behalf to measure web site performance. Information collected is aggregated for reporting purposes. No personally identifiable information is collected by this service. The use of this service assists us in measuring and improving the structure and ease of use of our web sites.

If you do not wish to use cookies, you may de-activate cookies in your web-browser or reject the creation of cookies. You may wish to seek technical assistance from your browser provider if you do not know how to do this. 

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy at any time. Any such changes will be posted on our website. If you continue to use our services after we have changed this Privacy Policy, the updated version will apply.

SECURITY AND LIABILITY

In order to comply with our obligations under Data Protection law, we will protect your personal data from unauthorised access, misuse, alteration or loss by using commercially reasonable security measures. Any payment transactions will be encrypted using SSL technology.

Nothing in this policy in any way excludes or limits our liability for negligence causing death or personal injury or for fraudulent misrepresentation.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our site; any transmission will be at your own risk.

We are not responsible or liable to you for any loss or damage you may suffer or incur in connection with your use of our online services which is caused by any event beyond our reasonable control including the electronic transmission of information, content, material and data over the internet and the interception and decryption of it by others.

We are not responsible to you for any losses or damage you may suffer caused by any distributed denial-of-service attack, or any viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful and which may infect, contaminate or damage your computer equipment or computer programs, or cause damage to software or damage to or loss of data unless caused by our negligence. You should ensure that you use appropriate virus checking software and firewalls.

Whilst we have taken reasonable steps to ensure the accuracy, currency, correctness and completeness of the information contained on our website, we do not check, review, monitor, verify or endorse any information, content, material or data collected from or provided by third parties which is displayed on or is otherwise available from our website or any third party websites or services which you can access from our site. We are not responsible to you for any loss, damage or injury you may suffer or incur in connection with such information, content, material or data. It is your responsibility to check that such information, content, material or data is accurate, current, correct and complete.

If your personal data is accessed by an unauthorised third party, we will not be responsible for any direct or indirect damage caused as a result of such unauthorised access.

Where we have given you a password which enables you to access certain parts of our site / mobile app, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Whilst we take all reasonable steps to ensure that our website continues to be available there may be times when it is not available. This may be for reasons relating to the maintenance of, or alterations to, the website or for reasons beyond our control. We are not responsible to you if the website is unavailable.

CONTACTING US

All questions, comments and requests regarding this privacy policy should be addressed to admin@togym.co.uk

Or by writing to: THELEO LTD, 207 Regent Street, London, W1B 3HH