Privacy Policy

Privacy Policy

Surrey Sports Park Privacy Policy and GDPR- updated 25th May, 2018

This Privacy Policy relates to personal data processed and stored by Surrey Sports Park. Surrey
Sports Park is a wholly owned subsidiary of the University, which runs the sports facilities for the
University of Surrey, for students, staff and public members. We are registered as a data controller
with the Information Commissioner’s Office and are committed to ensuring that the personal data
we process is handled in accordance with data protection legislation. We have a named Data
Protection Officer, James Newby, who can be contacted via dataprotection@surrey.ac.uk

This Privacy Policy is designed to protect you, our users by informing you how personal data is
collected, how we look after that data and with whom we share it. Surrey Sports Park and the University of Surrey are committed to complying with the General Data Protection Regulation (GDPR).

What personal data do we collect and why?

What personal data we collect from you depends on what you are doing at Surrey Sports Park. For members we need to collect more personal data than for people who make the occasional visit.

Why do we process your personal data?

  • Surrey Sports Park has a legitimate interest in processing your personal data. We use your personal data so that you can use the facilities at Surrey Sports Park and for us to keep records of the process.
  • We will process your personal data if you have a contact with Surrey Sports Park. The most common form is when you have a membership at Surrey Sports Park to allow us to meet the terms of the contract that exists between us. This will include us to collecting direct debit payments if you pay via this method.
  • We would like to send you marketing information, to which we will ask you for your consent. You can choose to opt-out or opt-in at any time.
  • We are required by legal obligation to keep information about accidents which may occur at Surrey Sports Park and this will include personal data.

Personal data that we collect

  • When you join Surrey Sports Park we will collect your name, date of birth, contact information and a limited amount of heath information
  • If you are Student of the University of Surrey and you take out a University of Surrey Student
    membership then you will be asked to consent to your University contact information being
    provided to Surrey Sports Park
  • If you are not a member and make a booking here then we will need to collect your name, postal address, email address, Date of Birth and either a mobile or landline number
  • For all members and bookings, each individual person will be assigned a unique identifier which is used across our booking system to allow Surrey Sports Park to manage your use our facilities. In addition we may issue a member with a Membership card, which has a further unique identifier
  • If you contact us by email, via the website, in person or by telephone we may keep a record of your contact information and enquiry and may subsequently use your contact details to respond to your enquiry

Data relating to children

  • All memberships for anyone under the age of 18 require that we have parental consent. All personal data provided about anyone under the age of 18 must be provided by a parent or guardian

Details of your transactions

  • We collect data for any transactions you carry out through our website and directly at Surrey Sports Park, so that we can administer the services you have with us. Please note that we never store your payment details on our website or in our database

Sensitive Health Data

  • If you join Surrey Sports Park or register for an online booking account then we will ask for a limited amount of health data. We use this data to ensure that you have no significant health issues that may impact on you while taking part in activates at Surrey Sports Park or in the event of an issue, to assist in any necessary medical assistance

Banking data

  • If you pay for your membership through a Direct Debit mandate we need to store your bank account number, sort code, bank name and account name data. When your membership finishes we will remove your banking data within one month of the last date that payment was taken
  • We process payment card (credit card or debit card) information at the time we take payment. This data is not stored on our systems and is processed on Payment Card Industry Data Security Standard compliant systems

Information about website visits including IP address.

  • The IP address is your computer’s individual identification number. We use your IP address to capture information about website visits so we can learn more about how our customers use the website in order to find ways to improve the website and our products and services for your benefit

Customer feedback

  • We will record customer comments and surveys about how we are performing

Your communications preferences

  • We keep a record of any permissions and preferences you give us about what types of
    communication you are happy to receive from us

How do we look after your personal data?

  • We maintain our systems in a secure environment, limiting access to your personal data to
    those who need it to provide our services to you
  • We will contact you according to your preferences
  • We will update your personal data or preferences promptly when you ask us to
  • We will let you see what personal data we hold about you when you request it
  • We will never sell your personal data to a third party
  • We will ensure that all personal data is held within the EEA (European Economic Area)

Retention Policy

  • We keep your personal data only for as long as we need to be able to contact you, for our legitimate business reasons or to meet any legal obligations. You have the right to ask for your data to be removed from the system, see the contacts section

Services provided by contracted third parties

Surrey Sports Park does not share your personal data with any third parties except;

  • Our parent company, the University of Surrey
    • We use the University of Surrey to process Direct Debit payments. This uses
      external systems to allow Direct Debit payments to be validated and submitted –
      these are provided by Bottomline and BACS
    • We use the University of Surrey access control system to limit access to various parts
      of Surrey Sports Park (e.g. the swimming pool) to those members who are eligible to
      use the facility. Where access is granted via a membership card or a University of
      Surrey card, then we send your name, membership identifier, membership card
      number and memberships
    • We use the University of Surrey to invoice to individuals and to make payments to individuals who are suppliers to Surrey Sports Park
  • The University of Surrey Students Union. For members of Surrey Sports Park who have a
    University of Surrey Student membership, we will provide a list of members to the Students
    Union to ensure that all students taking part in Team Surrey activities have a Surrey Sports
    Park membership
  • Support of our Leisure Management System (LMS) is provided by Xn Leisure. There will be
    times when they have access to the system for upgrades, enhancements and problem
    resolution. Access to the LMS is controlled by Surrey Sports Park and changes are
    monitored
  • We use MailChimp to send emails to our members and guests. You can withdraw consent
    for us to send you marketing emails at any point. Access to the data held in MailChimp is
    restricted to only those who need use it as part of their job
  • We use 4Global to allow us to manage the members and guest data. Access to the data held in 4Global is restricted to only those who need to use it as part of their job

Marketing Partners

  • Surrey Sports Park will never sell or give your personal data to any third party for marketing or other purposes. Subject to your consent we may send you information about our partners and other third parties

How do we use your personal data?

  • We use your personal data to help us provide and improve our services for you. We may use your personal data in the following ways
    • to provide you with any services that you have purchased
    • to check your identity
    • to validate your eligibility for memberships and activities
    • to check that our copy of your personal data is correct
    • to let you know about any changes to an existing booking
    • to provide marketing communications, subject to your consent
    • for research and analysis so we can develop and improve our services for your benefit
    • to meet any legal obligations

Keeping you informed

  • There are some communications that we will need to send to you as part of our service to you. Without these we would not be able to provide you with our services – examples of these include changes to passwords, conformation of bookings, changes to opening hours, notification of major events that may impact you visiting Surrey Sports Park and notices about any direct debit payments
  • For all other communications with Surrey Sports Park you can choose if you want to receive them. All of our emails allow you to unsubscribe from any email sent by Surrey Sports Park to that email address. You can also opt out by contacting us directly either via email, phone and at Surrey Sports Park. Details are provided in the contacts section

Your rights to manage your personal data

  • Accuracy of data
    • If you think that the data we hold about you is incorrect, then we will update it when requested. You can do this either directly at Surrey Sports Park or contact our Data Controller, see the contacts section. We will need to confirm that any request to change your personal data has come from you. Please note that for anyone over the age of 18 we can only accept changes of personal data from the individual member. Personal data changes for any members under the age of 18 can only be made
      by the parent / guardian we have linked to the membership as they are the point of contact we have on record
    • For students at the University of Surrey who have a University of Surrey Student membership, any changes that you make to your personal data with the University of Surrey, that has been shared
      with Surrey Sports Park, will be sent to Surrey Sports Park. This will also include any new Student cards that you get from the University. Students cannot make changes at Surrey Sports Park to their personal data
    • Staff who use their University of Surrey staff card to access the facilities at Surrey Sports Park should contact Surrey Sports Park if their personal data has changed

Seeing your data – subject access request

  • Under the General Data Protection Regulations you can request to see what data we at Surrey Sports Park hold about you, this is called a Subject Access Request. You do this by contacting the Data Controller, see contacts section. We will need to confirm your identify before we are able to supply your personal data

Right to be forgotten

  • If you wish that we no longer retain any personal data about you, then you can request that your data is removed from our systems. Subject to legal or financial constraints we will remove your data. Please write to the Data Controller, see contacts section, about this

If you have a complaint

  • If you are not happy about the way we manage your personal data then please contact us as quickly as possible. You can write to the Data Controller – who will investigate your complaint and get back to you as soon as possible

Information Commissioner’s Office (ICO)

  • The Information Commissioner’s Office (ICO) is the UK’s independent authority which regulates the use of personal data. You have the right to contact them should you wish. Details can be found on their website: https://ico.org.uk/

Links to other websites

  • Our websites may contain links to and from third party website. If you follow a link to other sites please note that these will be governed by their own privacy policies. We cannot accept liability for data use on those websites

Changes to this privacy policy

  • This policy may be updated from time to time. The latest version will always be available on our website. You can request the latest version by asking at Surrey Sports Park or request one from our Data Controller, see contacts section

Contacts

  • The easiest way to contact us is directly at Surrey Sports Park when you visit us. We can normally resolve any issues at that time.
    Should you wish to send an email, then send it to dataenquiries@surreysportspark.co.uk
    Alternatively, should you wish to write, you can contact our Data Controller at the following address
    Data Controller
    Surrey Sports Park
    Richard Meyjes Road
    Guildford
    Surrey
    GU2 7AD
    We will aim to reply within five working days.