Data Protection Policy Statement
CrossFit Northern Soul is strongly committed to the security and protection of members’ personal information and we do our utmost at all times to ensure privacy. We take the security and privacy of our customers very seriously. We strive to conform with the UK and European Data Protection laws. We do not share any information with third parties, nor do we collect or retain any information other than that necessary for us to provide our services to you.
We use members’ personal information only as necessary for us to provide our services to you. We do not share any information with unrelated third parties nor do we collect or retain any information other than is required for the provision of our products or services. Information collected during the online registration process is stored securely. Information collected will be securely destroyed if it is no longer required by CrossFit Northern Soul. Members may request details of personal information, which we hold under the General Data Protection Regulation. A small fee will be payable. Copies of the information can be obtained by writing to us at firstname.lastname@example.org. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect. We request all members check their details for accuracy annually and make any necessary changes. This includes redoing our waiver if any information has been changed on GoTeamUp. We will email reminders for this. Please note in order to receive emails from us, you need to ‘opt in’ and complete an email verification to show your consent in order for us to comply with legal requirements. We require this to allow us to communicate with members effectively.
Where we engage third party contractors (e.g. coaches, presenters) to perform services for us, those third party contractors may be required to handle your personal information. Under these circumstances, those third party contractors must safeguard this information and must only use it for the purposes for which it was supplied, although we are not responsible for ensuring this. Other than the above, we will not disclose your personal information without your consent unless disclosure is either necessary to prevent a threat to life or health, authorised or required by law, reasonably necessary to enforce the law or necessary to investigate a suspected unlawful activity.
CrossFit Northern Soul makes use of third party software to manage bookings and membership, provided by Team Up.Team Up has their own privacy and data security policy with regard to client information. You can access this information on their website.
Personal information collected by CrossFit Northern Soul and our website www.crossfitnorthernsoul.com is stored in secure operating environments that are not available to the public. We will protect your personal information no matter where we process or store your data.
Changes to our Policy:
From time to time, it may be necessary for us to review and revise this Policy. We reserve the right to change our Policy at any time and should this occur, the amendment will be posted on our website and will be effective immediately.
CCTV is in operation at CrossFit Northern Soul. Signs are displayed to make all visitors and members aware of this. There are signs on both doors, one sign under the camera near the iPad, another by camera in the open gym area. There are currently 3 cameras in operation, one monitoring the general class area, one monitoring the front doors & desk area and the other monitoring the open gym area.
The Company Secretary has shared this policy with all staff members so everyone is aware our requirements under the Data Protection Act/forthcoming General Data Protection Regulation and other relevant legislation. All staff have been made aware how to handle personal data, in this case, not to share with anyone at any time unless required to by Law, and that it is a criminal offence to do so.
There are various contacts available on CrossFit Northern Soul’s website, any of which can be used as an access point to information and complaints in relation to our CCTV.
We have utilised Appendix 2 from the CCTV Code of Practice (October 2014) to ensure our compliance with CCTV requirements. This can be found at the end of this policy, entitled “CCTV checklist”.
Our business Terms and Conditions are available on our website which outlines how we use personal information. This is freely available information so anyone visiting our website can access it.
Any requests for personal information go straight to the Company Secretary for action.
We annually request members update their information. Any old members that have left and there is no chance of them returning are deactivated on Team Up‘s system. This third party, external system is only accessible by staff using specific details and is not freely available.
CLUB DATA PROTECTION OFFICER: Sara Clarke
· Notification has been submitted to the Information Commissioner: reference A8336172 made 23/5/18 Renewal date 23/5/19
· Named individual responsible for the operation of the system: Sara Clarke
· The problem we are trying to address has been clearly defined and installing cameras identified as the best solution. This decision is reviewed on a regular basis:
o The CCTV is for capturing thefts and any incidents, and to back up staff if needed when working alone with a client. Reviewed annually for effectiveness.
· A system has been chosen which produces clear images which law enforcement bodies (i.e.the police) can use to identify crime. These can easily be taken from the system when required.
· Cameras have been sighted so that they provide clear images and cover the biggest areas possible. They have been positioned to avoid capturing the images of people not visiting the premises.
· As mentioned in the policy text, there are visible signs showing that CCTV is in operation.
· Images are securely stored on the CCTV server and only authorised staff have access to them. They will not be shared with any third party with the exception of law enforcement bodies.
· The recorded images are wiped monthly. This is automatically actioned by the system. From past events this has shown to just be enough for incidents to come to light (e.g. thefts). Any shorter and these incidents risk being missed.
· The potential impact on individuals’ privacy has been identified when taking into account the use of the system. Cameras are sited to film only that which would be in plain sight, and the monitor location has also been chosen bearing this in mind.
· CrossFit Northern Soul knows how to respond to individuals making requests for copies of their own images, and to seek advice from the Information Commissioner as soon as such a request is made. Firstly an offer for them to come and view the footage would be made, then a copy supplied if still requested. A third party company (by means of a secrecy contract) would be used to blur our the faces of others if deemed necessary. Staff have been made aware it is a criminal offence to misuse CCTV footage
· Regular checks are carried out to ensure the system is working properly and produces high quality images. Spiderwebs are cleaned off the external camera monthly, or more frequently if required and a signed record of this is kept. Viewing monitor is switched on at the start of each day to ensure the cameras are online and working properly. The date and time stamp is checked at least twice a year (accounting for daylight savings’ time) and the system is reviewed annually for effectiveness.