Privacy Policy
Privacy Policy
This Privacy Notice sets out how Agility Parks (the Data Controller) collects and uses your personal data. When we refer to “we”, “us” “our” or “controller” in this Privacy Notice we mean Agility Parks.
Agility Parks has a legal obligation to comply with relevant data protection legislation when we collect and use your personal data, in particular the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (DPA18), and the Privacy & Electronic Communications Regulations 2003 (PECR).
Our Privacy Notice is set out so you can easily find the specific details of what we do with your personal data. Part 1 of our Privacy Notice is information we must tell everyone regardless of our relationship with you. Parts 2 to 5 give specific information on how we use your personal data for the different services processing activities we undertake.
PART 1 – GENERAL INFORMATION
Our contact details
Agility Parks is the data controller for the personal data we process about you.
You can contact us regarding the use of your personal data via one of the following ways:
- Postal Address: Agility, London Ebor Business Park, Millfield Lane, Nether Poppleton, York, YO26 6PB
- Telephone: 01904 340495
- Email: info@agilityparks.co.uk
Our Data Protection Officer contact details
We do not have a legal obligation under GDPR to appoint a Data Protection Officer. However, a member of our team does oversee our data protection compliance. The various ways you can contact us to discuss any data protection issues or concerns are shown in the “Our contact details” section.
How we get your personal data
We generally obtain personal data directly from you when you:
- enquire about the facilities and services we offer;
- book and use any of the facilities and services we offer;
- sign up to receive our newsletters and promotional offers;
- apply for a job with us; and
- provide a service to us as one of our suppliers.
If you are coming to a birthday party or corporate event it is likely that we will obtain your name (in some cases this may only be a first name) from the person who has made the booking.
The legal basis to process your personal data
When obtaining and using your personal data we must have a legal basis to do so – this is a requirement of data protection law.
The legal basis we rely on to process your personal data varies depending on the facility you are using and the relationship we have with you, e.g. using the park, attending a fitness class, receiving marketing, applying for a job with us, etc. Generally, we rely on, contractual obligation or legitimate interests to process your personal data. The full details of these and the other legal basis we rely on to process your personal data are given in Parts 2 to 5 of this privacy notice.
We may also need to share personal data when required to do so by law, in such cases the legal basis we will rely on is legal obligation.
Sharing your information
We do not share, sell or rent your personal data to third parties for them to use for their own marketing purposes.
We use some third-party organisations (known as data processors) to process personal data on our behalf to enable us to provide our services to you. When we do use a data processor, we ensure we have appropriate contracts in place with each one that are compliant with data protection laws. The data processor is not allowed to do anything with your personal data unless we have instructed them to do it. They will not share your personal data with any organisation apart from us, unless they are required to do so by law. They will hold it securely and retain it for the period we instruct.
Our data processors include:
- IT servicing and maintenance providers;
- Website host providers;
- Ticket booking provider;
- Card payment provider.
- Payroll provider;
- Pension provider
Transferring personal data outside of the UK and EU
We do not transfer your personal data outside of the UK or the EU.
Children’s information
We collect and process the names and dates of birth of children who use our facilities. We require to know ages of children as we have facilities that are only available for certain age groups.
We may also use images of children using the facilities at specific events to publish on our social media sites to promote such events. We will only publish images where we have obtained the specific consent of the parent/guardian to do so.
CCTV
We operate CCTV on our premises for security and health and safety purposes. We have CCTV cameras on the entrances and exits to our premises and within key internal non-public accessible areas.
We also operate a specific CCTV system that monitors the indoor park area only for health and safety and insurance purposes. We project the live feed of the indoor park area to the big screen in the café so that parents/guardians can enjoy a drink and bite to eat whilst keeping an eye on their children in the park.
Wi-Fi
We operate a free wi-fi service for individuals to use whilst enjoying our park and facilities. To access the wi-fi you will need to provide your email address only. This will only be used to allow you access to the wi-fi network only.
Visitors to our website
In operating our website www.agiltyparks.co.uk we may collect your personal data using various technologies and means, such as:
- Internet Protocol (IP) addresses and Web logs; and
- Cookies.
IP Addresses and Web Logs
An IP address is assigned to your computer each time that you access the Internet. This allows your computer to send and receive data. Generally, every time you connect to the Internet, your IP address changes. However, there are some circumstances when your IP address is fixed, for example with some broadband connections. A fixed IP address can be associated with your computer and may, therefore, amount to your personal data.
Web log information is non-personal data that is collected by the computer that hosts the site each time you visit. Examples of the type of information that can be collected using your IP address and/or web log information include details of the date and time that you visited the site and the type of Internet browser and computer operating system that you used. We, including some of our data processors, use your IP address and/or web log information to collect and report aggregate information on how the site is being used and ways in which the site can be improved. Generally, we use Google Analytics to collect standard internet log information and details of website visitor behaviour patterns.
We will always tell you when we collect your personal data through our website.
Cookies
Our website uses cookies, some of which are necessary for functionality, security and accessibility. For all optional cookies we will ask for your consent to use these. To find out more about how and why we use cookies and to change your cookie preference please read our Cookie Policy.
Links to other websites
Our website may provide links to websites of other organisations. Our Privacy Notice does not cover how those organisations process your personal data when you visit their website. We advise you to read their Privacy Notices.
Your rights
Depending on the purpose and legal basis we rely on for processing your personal data, there are various rights available to you. You can:
- access the personal data we keep about you and be given specific information about the processing. This right always applies regardless of the processing activity we undertake.
- ask us to rectify personal data we hold about you that you think is inaccurate. This right always applies regardless of the processing activity we undertake.
- ask us to delete your personal data but only when specific circumstances apply.
- ask us to restrict the processing of your personal data but only when specific circumstances apply.
- object to the processing when we have relied on legitimate interest to undertake that processing activity and you believe we have infringed your rights.
- transfer your personal data from us to another service provider or give it to you. This right only applies to personal data you have given to us and when the processing is based on your consent or contractual basis and the processing is automated.
We do not undertake any solely automated decision making about you with the personal we process.
To find out more about how to exercise your rights please refer to the guidance on the Information Commissioner’s Office website - https://ico.org.uk/your-data-matters/.
You do not have to pay a fee to us to exercise any of your rights. However, if your request is manifestly unfounded or excessive we may either charge a reasonable fee or refuse the request.
We shall respond to a valid request within one month of receiving it.
If you wish to exercise one of your rights, please contact us via one of the methods shown in the “Our contact details” section.
How to make a complaint about us to the Information Commissioner’s Office
If you are not happy with how we are processing your personal data or you believe we have not dealt with one of your rights correctly you are entitled to make a complaint to the Information Commissioners Office (ICO). The ICO has several ways in which you can get in touch with them, including post, email, and online forms. For full details how to make a complaint please refer to their website - https://ico.org.uk/make-a-complaint/.
Changes to our Privacy Notice
We keep our Privacy Notice under review to ensure it remains accurate and up to date and we reserve the right to modify this policy at any time. Changes to this policy will be posted on this site and you should endeavour to review the policy frequently.
If you have any questions about our Privacy Notice, please contact us us via one of the methods shown in the “Our contact details” section.
This Privacy Notice was last updated in September 2019.
PART 2 – IF YOU: USE THE FACILITIES AT THE PARKWANT TO JOIN OUR MEMBERSHIP SCHEMETAKE PART IN ONE OF OUR FITNESS CLASSES (including children’s classes)BOOK A BIRTHDAY PARTYBOOK A CORPORATE EVENT
What personal data do we need?
We will collect some or all of the following personal data from you, depending on the facility being used:
- Full Name (of individual making the booking);
- Postal Address (of individual making booking, it is required for online booking only to verify payment details);
- Email Address (of individual making the booking);
- Mobile and/or landline telephone numbers (of individual making the booking, required to notify you of any changes to fitness classes and birthday party/corporate event reminder information);
- Date of birth (of all those using the facilities);
- Declaration of fitness (for those using our fitness classes);
- Health/medical information of a child (for those using the child fitness classes);
- Name of birthday child (for birthday party events only);
- Names of children attending a birthday party;
- Any other information you may choose to share with us.
How do we get your personal data?
We usually obtain the information directly from you when you purchase your ticket via our on-line booking system or on the door.
If you attend a corporate event, we may, where necessary, have obtained your information from the person making the booking.
We will gather children’s data from their parent/guardian.
Why do we need your personal data and which legal basis do we rely on for the processing?
We need your personal data to:
- process your booking to use the park and fitness facilities, including birthday parties and corporate events;
- process your membership application;
- invite members to specific events included with the membership package;
- send you relevant marketing information, including promotions and news of upcoming events.
The legal basis we rely on are:
Consent (GDPR Article 6(1)(a))
We require the consent of the parent/guardian to:
- deliver a fitness class specifically for children;
- use their child/children’s images on our social media sites.
Contractual obligation (GDPR Article 6(1)(b))
When you either request information about our park and facilities or book tickets to use the park and facilities we have entered into a contractual obligation with you to provide the service you have paid for.
The personal data we obtain to process your enquiry about our park and facilities is necessary in order to take steps at your request prior to entering into a contract with you.
The personal data we obtain to process your booking to use our park and facilities and to provide you with service updates in relation to that booking is necessary for the performance of a contract to which you have entered into.
We require certain information from you to enable us to fulfil our pre-contractual and contractual obligations. If you are not able to provide all the necessary information we need we may not be able to process your booking and you will therefore not be able to use the park and our facilities.
Legitimate Interest - GDPR Article 6(1)(f)
GDPR allows us to rely on legitimate interests for direct marketing purposes. We have undertaken a legitimate interest assessment, which balances our business purposes for the processing against your right to privacy. The outcome of the balancing test justifies our use of legitimate interests for this purpose as it would not be an unreasonable expectation for anyone who has enquired about our park and facilities or made a booking to use the park and facilities to receive information from us relating to upcoming events, promotional offers, and general information about what we are doing.
This also complies with e-Privacy laws, currently the Privacy & Electronic Communications Regulations 2003, which governs how a business can undertake electronic direct marketing. We can rely on soft opt-in for individual customers to undertake email marketing to both existing and prospective customers.
We always give you the opportunity to object to receiving marketing communications from us, when we first collect your personal data and with every marketing communication thereafter. You can change your marketing preferences at any time by clicking the “unsubscribe” link in the marketing email you receive or by contacting us via one of the ways shown in the “Our contact details” section
Who do we share your personal data with?
Your personal data is used by internal employees, contract/agency/freelance staff for the purposes as set out in “why we need your personal data”.
How long do we keep your personal data?
We keep booking information for 2 years from the date of the booking before it is securely destroyed.
We retain your contact details for as long as you want to receive marketing information from us.
Do we use any data processors?
Yes, we use:
- Digitickets - used to process online and on the door ticket purchases.
- World Pay - used to process card transactions for any payments you make, e.g. ticket purchases, food purchased at our on-site café.
- Go Cardless – used for membership direct debits (monthly and annual payments)
PART 3 - IF YOU JUST WANT TO RECEIVE OUR MARKETING INFORMATION & NEWSLETTERS
What personal data do we need?
To sign up to receive our fantastic news, offers, and general information, we will need your:
- Full name;
- Email address; and
- Facilities you are interested in.
How do we get your personal data?
We gather your personal data directly from you when you sign up online to receive marketing information from us.
Why do we need your personal data and which legal basis do we rely on for the processing?
We need your personal data to be able to send you marketing information by email.
The legal basis we rely on is:
Consent (GDPR Article 6(1)(a)
By submitting your contact details to receive marketing from us you have given your consent for us to use your personal data for this purpose.
You always have the right to withdraw your consent to receive marketing, you can do this by clicking the “unsubscribe” link in the marketing email you receive.
Who do we share your personal data with?
Your personal data is used by internal employees and contract/agency staff for the purposes as set out in “why we need your personal data”.
How long do we keep your personal data?
Marketing contact details are held for as long as you want to remain on our marketing contact list.
PART 4 – WHEN YOU APPLY FOR A JOB WITH US
What personal data do we need?
When you apply for a job with us you will need to provide some or all of the following information as part of the job application process:
- Full name
- Postal address
- Telephone number
- Mobile number
- Email address
- Equal opportunities information (which includes age, disability, gender, religion, sexual orientation, ethnic group, relationship status, caring responsibility) – voluntary
- Education history
- Qualifications
- Employment history
- Whether you have a disability and you believe you are eligible for a guaranteed interview (Disability Confident Employer)
- Whether you hold a driving licence and any endorsements on the licence
- Whether you hold a UK work permit
How do we get your personal data?
We collect information directly from you when you submit your application form and/or CV to us.
We will also collect information about you from your referees as you progress down the recruitment process.
Why do we need your personal data and which legal basis do we rely on for the processing?
We need your personal data to be able to process your application for a job with us, which includes, but is not limited to:
- assessing your suitability for the role applied for;
- making a decision on whether your application progresses to the next stage of the recruitment process (sifting and shortlisting);
- inviting you to interview or tests;
- making a decision on whether or not to appoint you to the role applied for;
- obtaining further information in order to carry out pre-employment checks if we make a conditional offer of employment to you; and
- gathering of information for equal opportunities monitoring
The legal basis we rely on to undertake our recruitment activities includes:
Contractual obligation (GDPR Article 6(1)(b))
The processing of your job application is necessary in order for us to take steps at your request before entering into a possible employment contract with us.
We require certain information from you to enable us to fulfil our employment pre-contractual and contractual obligations. If you are not able to provide all the necessary information we need we may not be able to process your application and consider you for one of our job vacancies.
Legal obligation (GDPR Article 6(1)(c))
We have certain obligations under employment law in relation to recruitment and selection and equal opportunities that we must comply with.
Processing for employment law (GDPR Article 9(2)(b))
Information you provide to us that relates to special category personal data, such as health, religious or ethnic information is necessary for our recruitment and selection purposes as it relates to our obligations in employment law.
Processing to assess working capacity (GDPR Article 9(2)(h))
We have certain obligations to assess your health in relation to your ability to work for us.
Who do we share your personal data with?
Your personal data is used by internal employees and contract staff for the purposes as set out in “why we need your personal data”.
Do we use any data processors?
We do not use any data processors for the purpose of recruitment and selection.
How long do we keep your personal data?
All unsuccessful candidate details are kept for 6 months from the end of the recruitment process they relate to.
Successful candidate details are transferred to their employment record and kept for 6 years after employment ends.
PART 5 – IF YOU ARE A SUPPLIER/CONTRACTOR/FREELANCER
What personal data do we need?
For us to pay you for the service or goods you have provided to us we need to collect and use a small amount of information about you and your business, this is also likely to include some information about the individuals who work at your business. The personal data we are likely to need is:
- Your business name;
- The name (first and last name) of the person who we are liaising with at your business (in some cases this may be several staff members details);
- Business postal address;
- Business email address;
- Business telephone number;
- Business mobile number;
- Bank details to enable payment to be made;
- Any other information you feel is relevant for the purposes of the processing.
We do not collect any of the special categories of personal data.
How do we get your personal data?
We obtain your data directly when we start to use your services or have purchased goods from you. We gather the relevant information from you to enable us to process payment to you for those services and goods.
We also obtain some data, such as your business name and contact details, indirectly from publicly available sources or recommendations from 3rd parties to enable us to contact you to enquire about the services and goods you provide prior to us making a purchase.
Why do we need your personal data and which legal basis do we rely on for the processing?
We need your personal data to either enquire about the services or goods you provide that we may be interested in purchasing or to make a purchase. We then use your personal data to pay for those goods and services when you invoice us or to raise any queries about the payment.
The legal basis we rely on are:
Contractual obligation (GDPR Article 6(1)(b))
The services or goods you have provided to us are done so under contract or with a view to entering into a contract (i.e. we have asked you for a quote for the goods or to undertake the service for us).
We require certain information from you to enable us to fulfil our part of the pre-contractual and contractual obligations, e.g. we need to have certain information to make the purchase and to process payment. If you are not able to provide all the necessary information for us to do this, we will not be able to purchase the goods or services you provide or be able to make payment once purchased.
Legal obligation (GDPR Article 6(1)(c))
We have a legal obligation to pay for any services or goods we have purchased.
Who do we share your personal data with?
Your personal data is used by internal employees and contract staff for the purposes as set out in “why we need your personal data”.
Our Accountant will see personal data relating to suppliers and any payments we make.
How long do we keep your personal data?
All unsuccessful candidate details are kept for 6 months from the end of the recruitment process they relate to.
Successful candidate details are transferred to their employment record and kept for 6 years after employment ends.
