Club Crawl Privacy Notice

1. Data Controller and Data Protection Officer

This Privacy Notice (hereinafter: "Privacy Notice") provides relevant information about the processing of personal data collected by Virgin Active Limited, 26 Little Trinity Lane, Mansion House, London, EC4V 2AR (hereinafter “VAUK” or “we”).
This Privacy Notice concerns the processing of personal data that we carry out in connection with the Club Crawl activity. In this context, where duly consented to by your specific authorisation, we might also process your images/pictures.

VAUK, as identified above, is the Data Controller of your personal data.

VAUK has appointed a Data Protection Officer ("DPO") whom you can contact by writing to data.requests@virginactive.co.uk.

2. What data we collect and process

To allow your attendance at and participation in the Club Crawl, we need to process some of your personal data, such as full name, membership number, contact number, date of birth, gender, home address, postcode, signature. We might also process your image/picture. When enrolling to the Club Crawl and before participating in any physical activity with us, we might, again with your consent, also process your special categories of personal data (e.g., health-related data). 

Within the scope of the Club Crawl, you might also provide VAUK with the personal data of third parties (i.e., your next of kin’s number for your doctor). It is your responsibility to inform the emergency contact why you have provided their contact details to VAUK and to direct them to our privacy policy should they require further information. Moreover, in this regard, you grant VAUK the widest indemnity with respect to any dispute, claim, request for compensation for damages resulting from VAUK unlawfully processing the personal data of the third parties which you provided. Should you provide VAUK with or otherwise facilitate VAUK’s processing of the personal data of third parties, you warrant as of now - assuming all related liabilities - that such processing has an appropriate legal basis legitimizing the processing of the information in question. 

3. Why we collect and process your DataWhat are the relevant legal basis?

VAUK will process your personal data for the following purposes:

  1. to allow your attendance at and participation in the Club Crawl. The relevant processing activities are carried out to provide you with the service requested and permit your participation to such event. With regard to the processing of your special categories of data, we rely on your explicit consent or on our need to safeguard your vital interest (in an emergency situation).
  2. to use your images/pictures as described. VAUK will only process such personal data insofar as you have consented to such activity by signing the relevant authorization;
  3. to comply with any applicable legal obligations or authorities' decisions. VAUK will process your personal data for this purpose to execute a legal obligation to which we are subject.

The provision of your personal data is not mandatory, but in the absence of such, it will not be possible for you to take part in the Club Crawl. 

4. How we use your Data (method of processing)

Personal data collected for the purposes indicated above are processed both manually and via automated processing, in each case adequate to guarantee its security and confidentiality.

5. How we may disclose your Data

Your personal data may be shared, for the purposes set out in Section 3 of this Privacy Notice, with (“Recipients”):
a.        including recipients who typically act as data processors, i.e.: i) persons, companies or professional firms that provide assistance and advice to VAUK in accounting, administrative, legal, tax, financial and debt recovery matters; ii) video-maker, photographers; iii) entities delegated to perform technical maintenance activities. We have signed agreements with each of our data processors to ensure that your data are processed with appropriate safeguards and only under our instruction.
b.       Systems administrators: our employees and those of our data processors which assist us with the management of our IT systems and therefore can access, modify, suspend and limit the processing of your data. These recipients have been previously selected, adequately trained and their activities tracked by systems they cannot modify.
c.        persons, entities, or authorities to whom it is mandatory to disclose your personal data by law or by order of the authorities;
d.       persons authorized by VAUK to process personal data to carry out activities strictly related to the provision of the requested service, who have an appropriate legal obligation of confidentiality (e.g., employees of VAUK).
e.       Law enforcement or any other authority whose decisions are binding for us: this is the case when we have to comply with a judicial order or law or defend ourselves in legal proceedings. Where the government, whether central or local government, statutory, administrative or regulatory body, court, agency, including a law enforcement agency, or any other authority in any part of the world (also outside of your jurisdiction) whose regulations, directives, notices, resolutions, orders, decrees, injunctions, warrants, subpoenas, or judgments are binding upon us requires us to disclose your data, we will not share your data without your consent, unless we are under a legal obligation to comply with said regulations, etc

6. Transfer of Personal Data 

Your personal data may be stored, accessed, used, processed, and disclosed to Recipients that could be located outside the United Kingdom (“UK”). We take steps to ensure that the processing of your personal data by our Recipients is compliant with the applicable data protection laws, including UK law to which we are subject. Where required by UK data protection law, transfers of your data to Recipients outside of the UK will be subject to adequate safeguards (such as the relevant UK standard contractual clauses for data transfers between UK and non-UK countries), and/or other legal basis according to the UK legislation.  For more information on the adequate safeguards we have implemented with regard to data that is transferred to third countries, you may contact VAUK’s Data Protection Officer ("DPO") by writing to data.requests@virginactive.co.uk.

7. How long we retain your Data

Personal data processed for the purposes referred to in Section 3 will be retained for the period strictly necessary to achieve those purposes, and in particular, for the purposes legitimated by your consent, until you withdraw it.

Personal data processed for the purposes set forth in Section 3.3 will be retained for the period required by the specific obligation or applicable law.

Further information about the retention period can be requested by writing to data.requests@virginactive.co.uk.

8. How to control your Data and manage your choices

At any time, you can ask to:  
-          access your data: we will provide the personal data we have related to you;
-          exercise your right to the portability of your personal data: where applicable, we will provide you with an Excel file containing the personal data we have about you;
-          correct your data: for example, you can ask us to modify your e-mail address or telephone number if they are incorrect;
-          delete your data: for example, if you do not want us to keep your personal data and there is no other good reason for us keeping it.
-          revoke the consent previously given without affecting the lawfulness of the processing carried out before the revocation.
-          object to the processing of your personal data by VAUK.
 
You can exercise your rights by writing to the DPO at the following e-mail address: data.requests@virginactive.co.uk.
 
In accordance with UK data protection law, we will reply to your request within one month of its receipt (extendable by two further months in cases of particular complexity).  In some cases, it is possible that our response may be  limited, or excluded based on restrictions or exclusions provided for in national legislation. In these cases, you can address your request directly to the UK’s data protection Supervisory Authority, the Information Commissioner’s Office www.ico.org.uk.
 
At any time, you may also:
-          Contact the UK Supervisory Authority.
-          Initiate appropriate legal actions without involving the Information Commissioner’s Office. However, we encourage you to seek to resolved any question or complaint you have with us first, before approaching either the ICO and/or taking legal action.

9. Changes to the Privacy Notice

This Privacy Notice entered into force on the date indicated at the beginning of this document. We reserve the right to modify or update this notice, in full or in part, at our discretion or as a consequence of changes in applicable regulations. You will receive a message informing you of any substantial changes we may make to the Privacy Notice.

Back To Top