Privacy Policy

Last updated: December 22, 2025

Welcome to Evolution Fitness Centre (evolutionfitnesscentre.co.uk). We respect your privacy and are committed to protecting your personal information. This privacy policy explains how we collect, use, and protect your information when you visit our website or use our services.

1. Information We Collect
1.1 Information You Provide

We may collect the following information when you use our website or services:

  • Name and contact details (email address, phone number, postal address)
  • Date of birth and age
  • Emergency contact information
  • Health and medical information (relevant to fitness training)
  • Fitness goals and training history
  • Body measurements and fitness assessment data
  • Payment and billing information
  • Membership details and preferences
  • Class bookings and attendance records
  • Comments, feedback, and testimonials
  • Newsletter subscription information
  • Any other information you voluntarily provide through forms, emails, or in-person consultations
1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information, including:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Visit time and date
  • Pages you visit and time spent on pages
  • Referring website
  • Geographic location (country/city level)
  • Interaction with website content
1.3 CCTV and Security Information

Our fitness centre premises are monitored by CCTV cameras for security, safety, and operational purposes. CCTV footage may be recorded and retained in accordance with UK law.

2. How We Use Your Information

We use the collected information for the following purposes:

  • To provide fitness services, personal training, and gym membership
  • To assess your fitness level and create personalized training programs
  • To ensure your safety during training and exercise
  • To process membership applications and renewals
  • To manage class bookings and attendance
  • To process payments and maintain billing records
  • To contact you regarding your membership, bookings, or services
  • To send newsletters and promotional communications (if you have consented)
  • To respond to inquiries and customer service requests
  • To improve our services, facilities, and programs
  • To analyze website performance and user behavior
  • To maintain security and safety of our premises and members
  • To comply with legal and regulatory obligations
  • To prevent fraud and protect our business interests
3. Legal Basis for Processing (UK GDPR)

We process your personal information based on the following legal grounds:

  • Contract performance: Processing is necessary to fulfill our membership agreement and provide fitness services to you
  • Consent: You have given clear consent for processing your health information, marketing communications, or other specific purposes
  • Legitimate interests: Processing is necessary for our legitimate business interests, such as improving services, maintaining security, or direct marketing (where permitted)
  • Legal obligation: Processing is necessary to comply with legal or regulatory requirements (e.g., health and safety, tax, accounting)
  • Vital interests: Processing is necessary to protect your life or physical safety in emergency situations
4. Special Category Data (Health Information)

We collect and process health and medical information that is considered “special category data” under UK GDPR. This includes:

  • Medical history and health conditions
  • Physical fitness assessments
  • Injuries or physical limitations
  • Dietary requirements or allergies
  • Body composition measurements
  • Exercise performance data

We process this sensitive health information based on:

  • Explicit consent: You provide clear, informed consent for us to collect and use this information
  • Necessary for health/social care: Processing is necessary for health and safety purposes in the fitness environment
  • Vital interests: In emergency situations where your health or safety is at risk

Your health information is handled with the highest level of confidentiality and is only accessed by authorized staff who need it to provide safe and effective fitness services.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance user experience and analyze website traffic.

Types of Cookies We Use:
  • Essential cookies: Necessary for basic website functionality (e.g., booking system, member portal)
  • Analytics cookies: Help us understand how visitors use the website (e.g., Google Analytics)
  • Functionality cookies: Remember your preferences and settings
  • Marketing cookies: Used to deliver relevant advertisements (if applicable)

You can manage or disable cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of our website, such as the booking system or member portal.

6. Information Sharing and Disclosure

We do not sell your personal information to third parties. We may share information with:

  • Service providers: Companies that help us operate our business (payment processors, booking systems, website hosting, email services, accounting software)
  • Fitness and health professionals: With your consent, we may share information with physiotherapists, nutritionists, or medical professionals involved in your care
  • Emergency services: In the event of a medical emergency, we may share relevant health information with paramedics or healthcare providers
  • Legal requirements: When required by law, court order, or to protect rights, safety, and property
  • Business transfers: In the event of a merger, acquisition, or sale of business assets
  • Insurance providers: If required for insurance claims or liability purposes

All third-party service providers are required to maintain appropriate security measures and confidentiality of your information.

7. Payment Information

We use secure third-party payment processors to handle membership fees, personal training payments, and other transactions. We do not store full credit card or debit card details on our systems. Payment information is encrypted and processed securely by our payment partners in compliance with Payment Card Industry Data Security Standards (PCI DSS).

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

  • Secure server infrastructure with SSL/TLS encryption (HTTPS)
  • Password-protected systems and access controls
  • Regular security assessments and software updates
  • Staff training on data protection and confidentiality
  • Secure storage of physical records in locked cabinets
  • CCTV footage stored securely with restricted access
  • Data backup and recovery procedures
  • Confidentiality agreements with staff and contractors

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights:

  • Right of access: Request a copy of the personal information we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete information
  • Right to erasure (right to be forgotten): Request deletion of your personal information (subject to legal retention requirements)
  • Right to restrict processing: Request limitation of how we use your data
  • Right to data portability: Request your data in a structured, commonly used format
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Right to withdraw consent: Withdraw consent for processing health data or marketing communications
  • Right to lodge a complaint: File a complaint with the Information Commissioner’s Office (ICO)
  • Rights related to automated decision-making: Not be subject to decisions based solely on automated processing

To exercise any of these rights, please contact us using the details provided in Section 18. We will respond to your request within one month as required by UK GDPR.

10. Data Retention

We retain your personal information for different periods depending on the type of data and purpose:

  • Active membership data: Retained for the duration of your membership and up to 7 years after termination for legal and accounting purposes
  • Health and fitness assessments: Retained for up to 7 years for liability and insurance purposes
  • Financial records: Retained for at least 6 years to comply with HMRC and accounting requirements
  • Marketing consent: Retained until you withdraw consent or we determine it’s no longer valid
  • CCTV footage: Retained for up to 30 days unless required for incident investigation or legal purposes
  • Website analytics: Anonymized data may be retained indefinitely
  • Accident/incident reports: Retained for at least 3 years or longer if involving minors

When retention periods expire, we securely delete or anonymize your information unless we have a legal obligation to retain it longer.

11. Third-Party Services and Links

Our website may contain links to external websites or integrate third-party services such as:

  • Booking and class scheduling systems
  • Payment processors (Stripe, PayPal, GoCardless, etc.)
  • Social media platforms (Facebook, Instagram, Twitter)
  • Google Analytics and other analytics tools
  • Email marketing services (Mailchimp, etc.)
  • Member management software
  • Video hosting platforms (YouTube, Vimeo)

These third-party services have their own privacy policies, and we are not responsible for their practices. We encourage you to review their privacy policies before providing personal information.

12. Marketing Communications

With your consent, we may send you marketing communications including:

  • Newsletters with fitness tips and centre updates
  • Information about new classes, programs, or services
  • Special offers and membership promotions
  • Event invitations and announcements
  • Motivational content and success stories

You can opt-out of marketing communications at any time by:

  • Clicking the “unsubscribe” link in any email
  • Contacting us directly to update your preferences
  • Adjusting your preferences in your member account (if applicable)

Please note that even if you opt-out of marketing, we may still send you important service-related communications about your membership, bookings, or account.

13. Children and Minors

We may provide fitness services to individuals under 18 years of age with appropriate parental or guardian consent. For members under 16, we require:

  • Parental or guardian consent for membership and training
  • Parental consent for processing health information
  • Emergency contact details for a parent or guardian
  • Appropriate supervision requirements depending on age

We take extra care when handling information about minors and ensure appropriate safeguarding measures are in place.

14. CCTV and Video Recording

Our premises are monitored by CCTV for the following purposes:

  • Security and crime prevention
  • Member and staff safety
  • Investigating accidents or incidents
  • Monitoring facility usage and maintenance

CCTV cameras are positioned to monitor public areas of the facility. Signage is clearly displayed to inform you of CCTV monitoring. Footage is:

  • Stored securely with restricted access
  • Retained for up to 30 days (unless required for investigation)
  • Only viewed by authorized personnel
  • May be shared with law enforcement if required

You have the right to request access to CCTV footage that shows you, subject to verification of your identity and privacy rights of others.

15. International Data Transfers

Your information is primarily stored and processed within the United Kingdom. If we use service providers located outside the UK, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the ICO
  • Adequacy decisions confirming equivalent data protection
  • Binding corporate rules for multinational service providers
16. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you without human oversight.

17. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or services. Updates will be posted on this page with a revised “Last updated” date.

For significant changes affecting your rights, we will provide additional notice through:

  • Email notification to active members
  • Notice at our reception desk
  • Prominent banner on our website
  • Social media announcements

Your continued use of our services after changes indicates acceptance of the updated policy.

18. Contact Us

If you have questions about this privacy policy, wish to exercise your rights, or have concerns about how we handle your information, please contact us:

Evolution Fitness Centre