Skibbereen Sports & Fitness Centre Data Protection Regulation Policy
When people join the Fitness Centre, they are asked to provide personal data such as postal address, email address, mobile telephone number, gender, date of birth, relevant health conditions and third-party contact details. This data is initially recorded on the Application Form and some of the details are then transferred to a Membership database on the office computer.
Why do we hold personal data?
We use the contact details as part of our contract with members and subject to their consent, to inform them of Sports Centre activities and any other information that we feel would be relevant to our members.
Do you have to give personal data?
Yes, as some of it is relevant to your use of the Fitness Area. However, you may withhold certain contact details, if we are satisfied that your membership can be uniquely identified.
How secure is the data?
The completed application forms are locked in a filing cabinet with access limited to management staff. Access to the computer database “Clubmaster” is password protected and limited to access by management.
Is the data shared with any third parties?
We use a web-based texting service, Globaltext to send texts to our members. The data is never shared with any other third party.
How long do we retain it?
We delete all personal data from our database and destroy completed application forms for all lapsed members twelve months after their last membership unless we have received their consent to retain details for legitimate interests.
Can you have access to your personal data?
Yes, you may request access to your personal data by contacting the manager at email@example.com at any time and we undertake to respond within 7 days.
Can you request that your personal details be removed?
You may request that some of your personal data be removed by contacting the manager at firstname.lastname@example.org at any time and we undertake to remove it within 7 days.
All breaches will be reported to the affected members and reported to the Data Protection Commissioner within 3 days.