PRIVACY POLICY

Surge Fitness Privacy Policy

Introduction

Surge is always committed to respecting the privacy of our members and protecting your personal information. We are transparent about the information we collect and this document sets out the ways that this information will be used.

Who is responsible for your data?

Our Privacy Policy applies to the personal data that Surge collects and uses. References in this Policy to “Surge”, “we”, “us” or “our” mean Surge Fitness Limited (a company registered in England and Wales, registration no 09839342 and whose registered office is located at 40 Queen Anne Street, London, W1G 9EL).

We are the “data controller” for the purposes of UK and EU data protection legislation.

When We Collect Personal Information

We collect personal information about you whenever you use our services, such as attending sessions in the studio, when you interact with us via email or other means and when you visit our website.

Types Of Personal Information That We Collect

We may collect and process the following categories of information about you:

• Your title, name, surname and contact details including email address, home address and telephone numbers.
• Your employer (if relevant to your membership, for instance a corporate promotion)
• Medical details, such as any conditions that may impact your ability to participate in EMS training sessions or that need to be considered by our staff in delivering the sessions. See “Sensitive Personal Data” for more information.
• Health information collected via the InBody device. See “Sensitive Personal Data” for more information.
• Your date of birth
• Your payment card details
• Transaction data, including payment histories
• Details of bookings, including date and time of booking and attendance information
• Records of communications with us, including emails, phone calls and interactions with studio staff.
• Your exercise goals and preferences.

Sensitive personal data

In the course of providing services to you, we may collect information that is considered “sensitive personal data” such as details of a medical condition relevant to your training with us or information collected via the InBody device for the purposes of tracking your progress. We only collect this information where you have given your explicit consent, it is necessary to protect your vital interests, or you have deliberately made it public. If you do not allow us to process any special category personal data, this may mean we are unable to provide all or parts of the services you have requested from us.

How and why we use your personal data

To fulfill your membership contract & to deliver the service

Membership of Surge is specific to each individual member, so we need to be able to identify you for each session attended. Payment and billing details and histories are required for the accurate charging of your membership.

To keep you safe when training with us

We collect details of any relevant medical conditions to ensure that our services can be delivered safely.

To communicate with you and manage our relationship with you

We may need to contact you by email, phone, letter and / or SMS for administrative, customer service or operational reasons, please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you choose not to receive marketing communications. Examples of these include notifications regarding your contract, session reminders and amendments to studio opening hours.

We will also use your personal data to contact you after you have visited the studio for a trial session, made a booking for a session or contacted us via email or on social media.

Your opinion is very important to us, so we may send you an email or SMS to seek your feedback.

We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our customer and to improve our services and experiences for other members.

To inform you about our news and offers that you may like

As part of our service, we will email you with studio news and special offers. If you do not wish to receive these communications, you can opt out at the point of creating an account with us or choose the ‘opt out / unsubscribe’ option present on our email or reply STOP or UNSUBSCRIBE to any email / text contact.

As a previous member, we may contact you following the expiry of your membership with details of special offers.

To improve our services, for administration purposes and to protect our business interests

The business purposes for which we will use your information include accounting, budgeting, billing and audit, credit or other payment card verification, safety, security, statistical and marketing / profiling analysis, systems testing, maintenance, ordering of supplies, planning and development.

We also use data to comply with any other legal obligations.

CCTV

Surge has CCTV installed only in the public areas of our studios. Recordings are stored securely and used only for the purposes of security.

Sharing your personal data

We may also share some of your personal data with, or obtain your personal data from, the following categories of third parties:

• Your employer, if your membership is via a corporate scheme and Surge invoice them for your membership payments.
• An individual who pays for your membership on your behalf – to administer your membership on an ongoing basis
• Email provider – to send out communication to you on our behalf.
• Bank / credit or debit card companies – in order to process your payments for services.
• Credit control company – with prior notification, should contracted membership payments become overdue (as per our T & C’s).
• Web servers / website providers – hosting / storing some personal data.
• IT support company – able to access some information to assist with IT issues.
• Booking and billing software

In addition to the categories of recipient listed above, we may disclose your personal data when this is required by the law of any jurisdiction to which Surge may be subject.

Data transferred outside the EU

Some of the companies we use for our apps are situated in third countries; therefore some data may be transferred to countries outside the European Economic Area (EEA). Transfers of data to these companies are either on the basis of adequacy, or subject to appropriate safeguards.

Security of your personal data

We are committed to taking appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage to personal data.

As described in this Privacy Policy, we may in some instances disclose your personal data to third parties. Where Surge your personal data to a third party, we require them to have appropriate technical and organizational measures in place to protect your personal data; However in some instances we may be compelled by law to disclose your personal data to a third party, over which we have limited control.

Cookies

We use cookies when you visit our site. By using our site, you agree to us placing these sorts of cookies on your device and accessing them when you visit the site in the future. If you do not agree to our use of cookies in this way, you should set your browser settings accordingly or not use the Surge site. If you disable the cookies that we use, this may impact your user experience while on the Surge site.

There are three main types of cookies – here’s how and why we use them.

• Site functionality cookies – these cookies allow you to navigate the site and use our features, such as the member portal.
• Site analytics / performance cookies – these cookies allow us to measure and analyze how our visitors use the site, to improve both its functionality and your experience. These cookies don’t identify you as an individual.
• Marketing cookies – used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

The marketing cookies we use on the Surge website are provided by Facebook and Google. Facebook marketing cookies on our site let Facebook know that you have visited the Surge website; this allows Facebook to match your user info to your Facebook account (where applicable) and allow targeted advertising from Surge. We also use our Facebook cookies to review how our generic adverts on Facebook are performing – to log a user reaching our website via clicking on a Surge advert on Facebook. As well as Facebook, we use Google AdWords to re-engage visitors that are likely to convert to members based on online behavior across websites.

If you want to delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies.

Further information about cookies can be found at https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/ .

Please note that by deleting or disabling future cookies, your user experience may be affected and you might not be able to take advantage of certain functions of our site, and the complete surge web experience

We may occasionally include links to third party websites on our emails and / or website. We do not take any responsibility for these sites, the cookies they use or how they manage any data you may provide to them.

Retention period

We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law, for example to comply with retention obligations eg under tax or contract law. You can request deletion of your personal data at any time (see the section below on your right to erasure ).

Your rights

Your rights are as follows (noting that these rights don’t apply in all circumstances):

• The right to request access to your personal data and information about how we process it
• The right to rectification – we will correct your personal data if it’s inaccurate and complete any incomplete personal data. It is your responsibility to ensure that you submit true, accurate and complete information to us. You have the ability to change certain information via your online account (such as email and address).
• The right to erasure – you have the right to request that we delete personal data that we hold about you.
• The right to restrict processing
• The right to object to processing – if you would like us to stop processing your personal data, you can do this in a number of ways; you can choose the ‘opt out / unsubscribe’ option if present on our marketing emails, you can reply STOP or UNSUBSCRIBE to any email / text contact, you can advise a team member if they call, or you can email info@surge.co .uk.
• The right to data portability – move, copy or transfer your personal data

Updates to our Privacy Notice

We may update this Privacy Policy to reflect changes to our information practices or in line with new legislation. We encourage you to periodically review the Privacy Policy on our website for the latest information on our privacy practices.

Contacting surge

If you have any questions or concerns about this Privacy Policy, or the way Surge are processing your data, or would like to exercise your rights in relation to your personal data, please contact our Data Protection Officer via data@surge.co.uk or write to us at: Surge Fitness, 40 Queen Anne St, London, W1G 9EL.

If you have a complaint or concern about how we are processing your personal information then we will endeavor to address such concern (s). However, if you would like to direct your complaint / concerns to a Data Protection Authority, the contact details for your local Data Protection Authority are as follows: https://ico.org.uk/global/contact-us/ .