top of page

Privacy Policy

DANNY MILANESI

1. Introduction
Level Up Gyms (“we”, “us”, “our”) is committed to protecting and respecting your privacy in
accordance with the UK General Data Protection Regulation (UK GDPR) and the Data
Protection Act 2018.

 

This Privacy Policy explains how we collect, use, store, and protect your
personal data when you interact with us, whether as a member, prospective member,
employee, contractor, or visitor to our website or facilities.


We act as the data controller for the personal data we process, meaning we determine the
purposes and means of processing your personal information. We are responsible for
ensuring that your data is handled lawfully, transparently, and securely.


2. Types of Personal Data We Collect
We may collect and process a range of personal data depending on your interaction with us.


This includes personal identification data such as your full name, date of birth, gender, home
address, email address, and telephone number. We also collect membership-related
information including your membership ID, attendance records, class bookings, preferences,
and communication history.


Financial data may be collected where relevant, such as billing address, payment method
details, and transaction history. However, we do not store full card details directly; these are
processed securely via third-party payment providers.


We may also collect health-related information where necessary and voluntarily provided, for
example in relation to fitness assessments, medical conditions, injuries, or physical
limitations. This type of data is classified as “special category data” under GDPR and is
handled with additional safeguards.


Technical data may also be collected when you use our website or systems, including IP
address, browser type, device information, and usage patterns via cookies and similar
technologies.


3. How We Collect Your Data
Your personal data is collected through various channels. This includes direct interactions
such as when you sign up for a membership, complete forms, contact us, participate in
surveys, or use our services.

 

Data may also be collected automatically through website usage via cookies and tracking technologies.

 In some cases, we may receive your data from third parties such as payment processors,
corporate partners, or referral programmes, provided that such sharing complies with
applicable data protection laws.


4. Lawful Basis for Processing
We process your personal data under one or more of the lawful bases defined by GDPR. This
includes processing necessary for the performance of a contract, such as managing your gym
membership or providing services you have requested.


We may also process your data to comply with legal obligations, such as financial reporting
or health and safety requirements. In certain cases, we rely on legitimate interests, such as
improving our services, preventing fraud, or ensuring business continuity, provided these
interests do not override your rights.


Where required, we will obtain your explicit consent, particularly when processing special
category data (such as health information) or sending marketing communications.


5. How We Use Your Personal Data
Your personal data is used to manage your membership, provide gym services, process
payments, and communicate with you regarding your account. We also use your data to
personalise your experience, such as recommending classes or services based on your
preferences.


Additionally, your data may be used for administrative purposes including customer support,
record-keeping, and internal reporting. We may also use anonymised or aggregated data for
analytical purposes to improve our operations and offerings.


Where consent has been provided, we may use your contact details to send marketing
communications about promotions, events, or new services. You can opt out of such
communications at any time.


6. Data Sharing and Disclosure
We do not sell your personal data. However, we may share your data with trusted third parties
where necessary to deliver our services. This includes payment processors, IT service
providers, CRM systems, marketing platforms, and professional advisers.


All third parties are required to process your data in accordance with GDPR and only on our
instructions. We ensure appropriate contracts and safeguards are in place.


We may also disclose your data if required by law, regulatory authorities, or to protect our
legal rights, for example in cases of fraud prevention or legal claims.

7. International Data Transfers
Where your personal data is transferred outside the UK, we ensure that appropriate
safeguards are in place to maintain the same level of protection.

 

This may include transferring
data to countries deemed to have adequate protection by the UK government or using
approved contractual clauses.


8. Data Storage and Retention
We store your personal data securely using appropriate technical and organisational
measures, including encryption, access controls, and secure servers.

Your data is only retained for as long as necessary to fulfil the purposes for which it was collected.


Membership data is typically retained for the duration of your membership and for a

reasonable period thereafter to comply with legal, tax, and accounting requirements. Health-
related data is retained only as long as necessary and with heightened security.

Once data is no longer required, it is securely deleted or anonymised.


9. Data Security
We take data security seriously and implement robust measures to protect your personal
data from unauthorised access, loss, misuse, or disclosure.

These measures include restricted access to systems, staff training, secure data storage, and regular security reviews.


Despite these measures, no system is completely secure.

 

In the event of a data breach, we will act promptly in accordance with GDPR requirements, including notifying the Information
Commissioner’s Office (ICO) and affected individuals where necessary.


10. Your Data Protection Rights
Under GDPR, you have several rights regarding your personal data.

 

You have the right to access the data we hold about you and request corrections if it is inaccurate or incomplete.


You also have the right to request the deletion of your data, restrict processing, or object to
certain types of processing, particularly for direct marketing.

 

Additionally, you have the right to data portability, allowing you to request your data in a structured format.


Where processing is based on consent, you have the right to withdraw that consent at any
time without affecting the lawfulness of prior processing.


Requests to exercise your rights can be made by contacting us using the details below.

EMAIL : team@levelupgyms.co.uk

Subject : Subject access request

We will respond to your request within one calendar Month of your request eg,

Request made 10th April we will respond no late than 5pm on 10th May.

11. Cookies and Website Tracking
Our website uses cookies and similar technologies to enhance user experience, analyse site
traffic, and support functionality.

Cookies may collect information such as browsingbehaviour and preferences.
You can control cookie settings through your browser. Further details are provided in our
separate Cookie Policy.


12. Children’s Data
Our services are not directed at individuals under the age of 16 without parental consent.


Where youth memberships are offered, we ensure that appropriate consent is obtained from
a parent or guardian and that data is handled responsibly.


13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements
or our practices. Any updates will be communicated via our website or directly where
appropriate.

bottom of page