privacy policy
This Privacy Policy explains how The Gym Vault (“we”, “our”, “us”) as a controller collect, use, store, and share the personal data of our members and personal trainers who use our clubs. In this policy, The Gym Vault is a company registered in England and Wales (company number 14021759), whose registered office is 110 Dunstable Street, Ampthill, Bedfordshire, MK45 2JP. The Gym Vault is committed to protecting your privacy and handling your personal data in a fair, lawful, and transparent way, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), as supplemented by the Data Use and Access Act 2025.
overview
This Privacy Policy describes:
What personal data we collect and why
How we use and protect your information
When and why we share data with third parties
Your rights in relation to your personal data; and
How to contact us or the Information Commissioners Office (ICO) if you have concerns
By visiting The Gym Vault, using our website or contacting us, you acknowledge and agree to the terms of this Privacy Policy.
2. the information we collect
We collect and process the personal data necessary to provide our services and operate our business.
Personal Identity
We collect information such as your name, date of birth, gender, address and contact number. We collect this when you sign up to become a member or visitor via our website.
Financial Information
When you sign up to become a member or a visitor at our gym, we would require payment details including bank account or card information (processed securely via third-party payment providers).
Health and Fitness Information
When signing up to become a member or a visitor you may be asked to complete a health questionnaire. Health declarations (to ensure exercise readiness and safety) and any information you voluntarily provide to personal trainers or staff. We will also require further health information if you request to freeze or cancel your membership on health grounds.
Photographs & Identification
When signing up to become a member or a visitor a digital photograph may be taken for security and/or gym access. We may also request identification for any verification purposes.
CCTV and Video
We use CCTV in our gym for health, safety and crime prevention. If you have any queries in relation to the use of CCTV operating in and around the gym, please speak to a member of staff.
Digital Data
We may collect: IP address, browser type, location and traffic data, booking data via The Gym Vault website and membership accounts.
Marketing Data
This will be your marketing preferences.
Special Categories of Personal Data
Certain personal data are defined as ‘Special Categories of Personal Data’ under the UK GDPR, such as data regarding race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying a person, data concerning health (including mental and physical health), or data concerning sex life or sexual orientation.
3. How we use your personal data
We process your personal data for the following purposes and under the lawful bases permitted by the UK GDPR:
To provide and manage your membership and payments.
To contact you about memberships and/or operational updates.
To identify you and grant you access to our facility.
To bill you for using our service as part of your membership and enforce the collection of debt if necessary.
To send marketing and promotional communications (where applicable).
To improve services, analyse usage and develop business insights.
To comply with legal and regulatory requirements.
To ensure member safety and gym security (CCTV, access systems).
To answer FAQs through our website and contact form.
To ensure members safety when using our gym.
To handle an emergency relating to your health.
We do not use your personal data for automated decision-making that produces legal or significant effects.
4. communication from the gym vault
We may contact you via email, SMS or phone for:
Operational updates (opening hour changes or closures)
Membership and billing information
Compulsory Communications
There are certain communications which are essential in order to provide our service and they cannot be opted out of.
Marketing Communications
If you have purchased or shown interest in our memberships or services you will receive marketing communications from us via email, SMS or phone unless you have opted out of receiving marketing.
Third Party Marketing
With your explicit consent, we will share your contact information with our personal trainers so they can send you information about their services.
You can manage or withdraw your preferences at any time by:
Updating your preferences via your account
Using unsubscribe links in our emails or texts
Contacting info@thegymvault.co.uk
5. Sharing your information
We share limited personal data with trusted third parties such as:
Membership management platforms
CRM and communication systems
Payment processors and debt collectors
Personal trainers
Advertising and analytics
All processors act under written contracts, only process data on our instructions and are required to maintain confidentiality and security consistent with GDPR.
6. Cookie policy
We use cookies to enhance your experience:
Essential Cookies: Required for website functionality and security
Analytics Cookies: Helps us understand how you use our website (google analytics)
Marketing Cookies: For retargeting and social media integration (only with consent)
You can manage your cookie preferences through your browser settings or our cookie banner.
7. Data security & Retention
Your data is protected with industry-standard security measures including SSL encryption, secure servers, and restricted access. While we implement strong safeguards, no system is 100% secure, and we continuously work to protect your information.
We keep your data only as long as necessary:
Marketing Data: Until you unsubscribe or request deletion
Website Analytics: 26 months maximum