PRIVACY NOTICE

Information about how Wirral Council’s Leisure Services uses your personal data.

Wirral Council’s Leisure Services

Wirral Council’s Leisure Services is committed to protecting your privacy when you use this service. This Privacy Notice below explains how Wirral Leisure Services collects, uses and protects personal data that we hold.

Data Controller

Wirral Council is the data controller. This means it decides how your personal data is processed and for what purposes.

Wirral Council
PO Box 290
Brighton Street
Wallasey
Wirral
CH27 9FQ

Personal Data

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

Issues of how data is handled are dealt with by the Council’s Data Protection Officer Jane Corrin who can be contacted by email at DPO@wirral.gov.uk or by writing to: Data Protection Officer, Treasury Building, Cleveland Street, Birkenhead, Wirral, CH41 1AH.

As a public authority, we must comply with all relevant legislation relating to data handling.

The Information Commissioner’s Office (ICO) is the supervisory authority in the United Kingdom established to ensure that your data rights are upheld. See Formal Resolution below for the ICO address.

What are our lawful bases for processing your personal data?

Wirral Council’s Leisure Services processes your personal data under the following lawful bases:

  1. Where the processing is necessary for the performance of a contract (Article 1(b) GDPR); (Membership)
  2. To comply with a legal obligation (Article 6(1)(c) GDPR) (Health and Safety Legislation)
  3. With your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR). (Marketing and Advertising)

Types of personal data we process:

The following are the sources of personal details we require from you and for what purposes

Membership (Contract)
Full name
(Membership number and barcode when issued which links to your membership details)
Date of birth
Contact details
Address
Bank details for payment

Health and Safety (Legal Obligation)

Emergency contact details
Recording of incidents: Name, Address, Date of birth, injury details etc.
Depending on the injury and causes some of the health details may be special category Data the condition for processing this data would be GDPR Article 9(2)(h). The provision of health or social care or treatment or the management of health or social care systems and services.

Advertising and marketing (Consent)

Email address if consented to receiving marketing and advertising relating to Leisure Services. You will have a choice of Mobile contact, ezine contact, mobile push notifications as well as email.

How we protect your data

We will take appropriate steps to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. The Council takes security measures such as, but not limited to:

Logical Security Control

  • Encryption
  • Anonymisation
  • Partitioning
  • Paper document security

Physical Security Control

  • Managing workstations
  • Website security
  • Backups
  • Network security
  • Physical access control
  • Monitoring network activity
  • Hardware security
  • Organisational Control
  • Monitoring committee
  • Policies
  • Managing Privacy risks
  • Integrating privacy protection in projects (PIA)

People we share data with

We may be asked on occasion to provide information to other areas within the local authority organisation.

Some data may also be shared with third parties working in partnership with Leisure Services such as sports clubs, coaches etc. which you have enrolled with to provide sporting services.

Where you have consent to marketing your email address, it is shared with the leisure services marketing provider which market services on our behalf.
However we do not use or sell your data to 3rd parties or use it for any other purposes.

How long we keep your data

Incident data:

Adults – 3 years from date of incident

Children to the age they reach 21

Personal Account Data:
Attendance records, personal data such as address and Date of Birth, financial data such as Bank Account information and payment records will be kept for no longer than is deemed an acceptable time after you have ceased using our facilities or cancelled your membership.

Financial Data:

All financial contracts are kept for a minimum period of 6 years from cancellation of your contract. Should you choose to re-join the Wirral Leisure Membership Scheme the original contract will be destroyed within a timely period.

Consent data:

Until consent is withdrawn you may unsubscribe to marketing consent at any time by following the unsubscribe tab at the bottom of all marketing emails or you can withdraw consent at any Leisure Centre.

Transfers outside the European Economic Area

We do not share personal information beyond the European Economic Area (EEA).

Your data rights

  1. Right to be informed

We must be completely transparent with you by providing information ‘in a concise, transparent, intelligible and easily accessible form, using clear and plain language’. Our privacy notice is one of the ways we try and let you know how data is handled.

  1. Right of access

You have the right to access your personal information except where:

It contains confidential information about other people and the Council has to balance the rights of other individuals

Includes information a care professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing information which may prejudice an investigation if disclosed

For details on how you can access your personal information see our Data Protect Policy.

  1. Right to rectification

You have the right without undue delay to request the rectification or updating of inaccurate personal data.

  1. Right to object

You can object to certain types of processing such as direct marketing. The right to object also applies to other types of processing such as processing for scientific, historical research or statistical purposes (although processing may still be carried out for reasons of

public interest)

  1. Right to erasure or ‘right to be forgotten’

You can request the erasure of your personal data when:

  1. i) the personal data is no longer necessary in relation to the purposes for which it was collected and processed.
  2. ii) the Council’s lawful basis for processing your personal data was consent and you no longer provide your consent and there is no other legal ground for the processing, or

iii) you object to the processing and there are no overriding legitimate grounds for the processing.

The Information Commissioner regulates data handling by organisations in the U.K and work to uphold the data rights of citizens and the Information Commissioner’s website provides more information on the rights available to you.

Withdrawing consent

If you consented to providing your personal information to us and you have changed your mind and you no longer want the Council to hold and process your information, please let us know. In the first instance please contact the relevant department. Withdrawing consent
should be as easy to do as when you provided consent in the first place. If that isn’t your experience with a particular service it is important you let us know of your difficulties so that we can put that right.
If you encounter any difficulties in withdrawing consent, please contact the Council’s Data Protection Officer by email at DPO@wirral.gov.uk or by writing to: Data Protection Officer, Treasury Building, Cleveland Street, Birkenhead, Wirral, CH41 1AH

The right to complain about data handling

The Council sets very high standards for the collection and appropriate use of personal data. We therefore take any complaints about data handling very seriously. We encourage you to bring to our attention where the use of data is unfair, misleading or inappropriate and we also welcome suggestions for improvement.

Informal resolution

In the first instance we would ask that you try and resolve data handling issues directly with the relevant the Bookings and Information Team before applying for a formal resolution.

Email bookingsandinformation@wirral.gov.uk; or
Telephone 0151 606 2010

Formal resolution

If you are dissatisfied with the informal resolution of your complaint you can request a review by the Data Protection Officer Jane Corrin by email DPO@wirral.gov.uk or by writing to: Data Protection Officer, Treasury Building, Cleveland Street, Birkenhead, Wirral, CH41 1AH

If you remain dissatisfied following an internal complaint, you can lodge a complaint with the Information Commissioner: Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Changes to our Privacy Notice

We regularly review our privacy notice and encourage you to check it from time to time.

This notice was last updated in September 2018.