Our Privacy Approach

- We will always deal with your data safely and securely. We will protect the data you share with us with all the appropriate security measures and controls.  This will also apply to those we allow to process your data on our behalf.

- We will always keep you informed. We’ll be clear as to how we use your data so you can make fully informed choices and decisions.

- We will only use your data to improve our service. When we do process your data it will be to deliver the service you expect and to understand how we might improve in the future.

- You will always be in control.  We’ll always make it easy for you to control your privacy with easy-to-use tools.

If, after reviewing our Privacy Policy, you have any questions about it or your rights under it please contact:

Address: Data Protection Officer,  English Institute of Sport - Sheffield, Coleridge Road, Sheffield S9 5DA

Telephone: 0114 223 3800

E-mail: dpo@sheffieldcitytrust.org

Sheffield City Trust (company registration: 2164600) is the “data controller” of any personal data we may collect, process and hold about you.  Our registered address is  English Institute of Sport - Sheffield, Coleridge Road, Sheffield S9 5DA.

1. What personal data do we collect?

The personal data we collect from you directly can include your name, email address, mobile/landline telephone number, date of birth, address, your membership card number, your purchasing activity, your credit, or debit card or other payment information, and information you give us when you contact our customer services team, when you engage with our social media platform (for example by tagging us in a post) or when you sign up for any of our membership activities.

If you are using a mobile device and shopping with us online or browsing our website, we may collect your IP address or other device identifier, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other portable device information.

Where you are using a mobile device whilst in store with its WiFi capability switched on or have access to our free in-store WiFi, we may additionally collect your MAC address and location data whilst you are within our venues or immediately within its perimeters. If you do not want us to track your device or use your information in this way, please turn off the WiFi capability on your phone or other electronic device within your settings.

We may, where we have a lawful basis for doing so, also collect personal data about you from third parties who provide us with additional publicly available information about you.

2. When do we collect your personal data?

When you purchase products and services from us in venue, online, or over the phone

When you access our website or use any of our mobile Apps. Our website also uses cookies; to find out more about the use of cookies and how you can manage them, please read our Cookie Policy

When you use our WiFi network and have your WiFi settings switched on

When you join our membership programmes (e.g. lifeCARD, Fitness, Athletics, Coached Programmes, Junior Membership, Golf memberships etc.)

When you contact us or we contact you to take part in surveys, competitions or promotions

When you contact our customer services team in venue, online or over the phone

When you engage with us on social media (by mentioning/tagging us or by contacting us directly)

3. How do we use your personal data and what are our legal justifications for doing so?

To make our products and services available to you

We use your personal data to provide you with the information, products and services that you request or purchase from us (i.e. to complete certain tasks, processes or orders on our website or within our apps, take payment online (where applicable) and deliver your products or services), and to communicate with you regarding those products and services that you purchase from us and respond to your questions and comments;

We may also use your personal data to measure how satisfied our customers are and provide customer service (including troubleshooting in connection with purchases or your requests for services or when you ask us questions on social media);

We rely on our contractual arrangements with you as the lawful basis on which we collect and process your personal data when you make an order for products and services. Alternatively, in some cases, we rely on our legitimate interests as a business (for example, to measure customer satisfaction and troubleshoot customer issues). Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

For administrative and internal business purposes

We may use your personal data for our internal business purposes, such as enhancing our site, improving our services and products and identifying usage trends. We may also use your data to monitor the use of our website and ensure that our website is presented in the most effective and relevant manner for you and your device and setting default options for you (such as language and store location);

It is in our legitimate interests as a business to use your personal data in this way. For example, we want to ensure our website is customer friendly and works properly and that our products and services are efficient and of high quality. We also want to make it easy for you to interact with us. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

For security and legal reasons

We use your personal data to:

- ensure the personal and financial information you provide us is accurate;

- conduct fraud checks or prevent other illegal activity;

- protect our rights or property (or those of others); and

- fulfil our legal and compliance-related obligations.

In some cases we will use your personal data because it's necessary for us to comply with a legal obligation (such as if we receive a legitimate request from a law enforcement agency). In other cases (such as the detection of fraud) we will rely on our legitimate interests as a business to use your personal data in this way. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

In relation to your experience with us

We use your personal data to personalise your experience, to:

- provide you with marketing material via SMS, post and email if you have given us your consent to this;

- process your registration details, account activity and purchase history to analyse how you use our services;

- in some instances we will send specific offers to our members based on their attendances or on a special occasion such as when we know it's your birthday;

- measure the effectiveness of our marketing campaigns and our advertising;

- carry out limited automated decision making based on the information you have given us when we segment our customers database to determine which offers you may be interested in.

We rely on your consent to send direct SMS, postal and email marketing messages based on the consent we acquired from you when you signed up, as amended by you from time to time.

In other cases (for example, measuring the effectiveness of our marketing), we will rely on our legitimate interests as a business to communicate with you in an engaging and efficient way. Where we rely on our legitimate interests, we will always make sure that we balance these interests against your rights.

To personalise and improve our operations

We use your personal data to:

- allow you to create a profile on our online services which enables you to purchase products and services online without having to fill in your personal data every time;

- provide you with marketing material via SMS and email;

- analyse the activities you use. This allows us to provide a browsing experience which is relevant to you.

It is in our legitimate interests as a business to use your data in this way and we do this in order to enhance your experience with us. This allows us to help you find services most relevant to you.

When we send you marketing material via SMS and email, we will rely on our legitimate interests as a business, always ensuring that your rights are protected.

4. Who do we share your personal data with?

We will never sell any of your personal data to a third party. However, in order for us to provide our services to you, we share your personal data with our trusted third party service providers or our group companies, as detailed below. Whenever we share your personal data, we put safeguards in place which require these organisations to keep your data safe and to ensure that they do not use your personal data for their own marketing purposes.

Third party service providers

To fulfil orders for products and services

We work with a number of trusted service providers who carry out services on our behalf. It is in our legitimate interests as a business to work with these service providers since we may not have the capabilities to provide these services ourselves. Example services provided by these organisations include delivery of a service and processing payments. In each case, we will ensure that the service provider is only allowed to use your personal data in order to provide the services to us and for no other purpose.

To prevent crime and comply with laws

We share your financial information including your credit, debit card or other payment information with third parties to ensure that your payment is safe and that your details are not being used fraudulently. This data sharing enables us to conduct fraud analysis which ensures that genuine and accurate payment details are provided to us for any purchase. We may share your personal data with credit agencies if you are requesting credit.

There may be other scenarios where we are subject to a legal obligation to share or disclose your personal data, such as with law enforcement agencies or public authorities in order to prevent or detect crime or fulfil a legal requirement.

Other professional services

We may need to disclose your personal data to our insurers where we believe that it is required under our contractual relationship with our insurance provider to do so.

We work with carefully selected third parties, such as marketing agencies and advertising partners who assist us in providing you with a positive customer experience. We work with these third parties to place relevant content and advertisements for you on our website, other websites and online media channels and apps. In order to do this, we use pixels and cookies.

Group companies

We may share the personal data we collect with other organisations in the Sheffield City Trust Group where those other companies share various operations and business processes with us (such as SIV Ltd. And 7Hills Leisure Trust). We will do this in order to fulfil our contractual obligations to you, or because it is in our legitimate interests to do so.

Transfer of your personal data outside the EEA

We may need to transfer your personal data outside of the European Economic Area (EEA) for example the USA, in the following circumstances:

Where you have requested a service which is fulfilled by one of our group companies which sit outside of the EEA; or

Where we work with a supplier which processes some of its personal data outside of the EEA.

These countries may not have the same data protection laws as the UK and the EEA and so your personal data may not be subject to the same protections. However, in such cases, we will make sure that any transfer of your personal data to countries outside the EEA is subject to appropriate safeguards as if it were being processed inside the EEA and under the guiding principles set out in this privacy policy.

5. Your rights

You have a number of rights relating to your personal information and what happens to it. You are entitled to:

- have your data processed in a fair, lawful and transparent way;

- be informed about how your personal data is being used, an example being this privacy policy;

- access personal data we hold about you;

- require us to correct any mistakes in your personal data;

- require us to delete personal data concerning you in certain situations where there is no good reason for us to continue to process it;

- request that we transfer your personal data to you or another service provider in a simple, structured format;

- object at any time to processing of your personal data for direct marketing purposes;

- object to automated decision making which produces legal effects concerning you or similarly significantly affects you;

- object in certain other situations to our continued processing of your personal data; and

- otherwise restrict or temporarily stop our processing of your personal data in certain circumstances.

You can read more about your rights, including the circumstances in which they apply, in the Guidance from the UK Information Commissioner’s Office (ICO) https://ico.org.uk/for-the-public. You also have the right to complain about our use of personal data to the ICO. You can do these by contacting the ICO via their website https://ico.org.uk/concerns or by calling 0303 123 1113.

If you would like to speak to us in relation to any of your rights, please contact us.

6. Changing your preferences

If you no longer wish to be contacted by us about our products or services, or for other marketing purposes, you can amend your preferences or unsubscribe at any point. You can unsubscribe by amending your preference in your online account, following the unsubscribe link provided in our emails or by contacting us.

We want to ensure that all the information we have about our customers is factually correct and up to date. If you find that the personal data we have about you is inaccurate or needs updating (for instance, you may have changed your name or address) then please contact us so that we can correct it.

7. Security and retention of your personal data

Security of your personal data

We take the security of your personaldata very seriously. We have implemented various strategies, controls, policies and measures to keep your data secure and keep these measures under close review. We protect your data by using encryption techniques and we use other safeguards such as firewalls and password protection. This means that your data is protected and only accessible by co-workers who need it to carry out their job responsibilities. We also ensure that there are strict physical controls in our buildings which restricts access to your personal data to keep it safe.

Retention of your personal data

In broad terms, we will only retain your personal data for as long as is necessary for the purposes described in this Privacy Policy. This means that the retention periods will vary according to the type of the data and the reason that we have the data in the first place.

We have procedures in place regarding our retention periods which we keep under review taking into account our reasons for processing your personal data and the legal basis for doing so.

8. Changes to our Privacy Policy

We may update our Privacy Policy from time to time. If we make significant changes we will let you know but please regularly check this summary and the associated documentation to ensure you are aware of the most updated version.

This Privacy Policy was last updated on 17th July 2023.