The London Borough of Hounslow is committed to protecting and respecting your privacy. Through this Privacy Notice we have sought to be as transparent as possible and fully explain how your personal data is held and processed.

London Borough of Hounslow is the data controller and Lampton Leisure is the Data Processor this privacy notice applies to services provided by Lampton Leisure and tells you what to expect us to do with your personal information.

If you have any questions about this privacy notice or any concerns about how we process your data, please contact Dataprotection@hounslow.gov.uk. The privacy notice will continue to be monitored and updated. You are advised to check this page from time to time.

What type of information we have

We currently collect and process the following information:

  • Contact information: full names, usernames, addresses, email addresses, and phone numbers.
  • Identity information: age and date of birth.
  • Financial information: bank details and payment details.
  • Details about interactions, including any contact we have had with individuals, such as compliments, complaints, or incidents.
  • Preferences information: regarding receiving marketing and communications through various channels such as post, phone, social media, email, and text.
  • Technical information: about how individuals use our website, apps, or other technology, including IP addresses or device information.
  • Where we do collect and handle special category personal information, we will only handle that information in accordance with applicable law, including where:
  • we have your explicit consent-including where you voluntarily provide us with that information
  • processing is necessary for the establishment, exercise or defence of legal claims; or
  • processing is necessary for reasons of substantial public interest such as preventing and detecting unlawful acts of fraud.

Less commonly, we may process this type of information where it is needed to protect your vital interests (or someone else`s vital interests) and you are not capable of giving your consent, or where you have already made the information public.

How do we get your information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

Direct Interaction: You provide us with your personal data when you interact with us directly. This could be through our website, online apps, by telephone, email, or in-person visits. For example, when you sign up for a membership, book a class, participate in our swim school, or provide feedback through surveys, you are voluntarily sharing your information with us.

Registration and Membership: If you register your interest or become a member of Lampton Leisure, we collect personal data to set up your membership and deliver services to you. This information is gathered either online, in person at our facilities, or over the phone. We may retain your membership records while you continue to use our facilities, and transaction records for up to 7 years for reporting purposes.

Health Questionnaires: To ensure your safety, we may ask you to complete health questionnaires when you join, especially if you`re participating in physical activities. This helps us tailor our services to your needs and ensure you exercise safely.

Booking Classes and Activities: When you book to attend a class or activity, we collect personal data to facilitate the service effectively.

CCTV Monitoring: For safety and security purposes, we operate CCTV systems in our centres. This helps us prevent and detect crime and monitor the safety of our staff and customers. CCTV recordings are retained for up to a month before deletion, unless required for legal proceedings.

Customer Satisfaction Surveys: After using our services, you may be invited to provide feedback through surveys. This information helps us improve our services and respond to your needs effectively. Customer feedback data is retained for up to 2 years.

Third-party Service Providers: We may use third-party data processors to deliver certain services, such as hosting our website or processing payments. In such cases, we ensure that these providers have appropriate measures in place to safeguard your personal data We also receive personal information indirectly, in the following scenarios:

Referrals: If you are referred to us by a third party, such as a partner organization or healthcare provider, we may receive personal information about you indirectly. This could include basic contact details and relevant health information necessary for providing you with tailored services.

Surveys and Market Research: We may obtain personal information indirectly through surveys or market research conducted by third-party agencies. This information helps us gain insights into customer demographics, preferences, and behavior, enabling us to improve our services and customer experience.

Analytics and Tracking Tools: We use analytics and tracking tools on our website and online platforms to gather information about user behavior and interactions. While this data is typically anonymized and aggregated, it may indirectly provide insights into individual preferences and browsing habits, which can inform our marketing strategies and service offerings.

If it is not disproportionate or prejudicial, we`ll contact you to let you know we are processing your personal information.

Our Lawful basis for processing your information

The lawful basis we rely on for processing this information is

Consent: When you explicitly provide consent for specific processing activities, such as signing up for mailing lists or marketing communications.

Contractual Necessity: Processing personal data is necessary for the performance of a contract, such as membership agreements or booking services.

Legal Obligation: Processing personal data is necessary for compliance with a legal obligation, such as responding to legal claims or obligations under insurance law.

Vital Interests: Processing personal data is necessary to protect vital interests, either yours or that of another individual, for example, contacting authorities if immediate harm is believed to be imminent.

Legitimate Interests: Processing personal data is necessary for pursuing our legitimate interests, provided those interests do not override your fundamental rights and freedoms. These interests include operating our business effectively, marketing our services, ensuring safety and security, and informing our partners about service performance.

You can remove your consent at any time by contacting

Aaron.needham@lamptongroup.co.uk

Why we need your information (purposes of processing)

The personal data we collect will be used for the following purposes:

Service Provision: Lampton Leisure collects personal data to provide services to customers, such as registering for memberships, booking classes or activities, and delivering requested services.

Safety and Security: Personal data may be used to ensure the safety and security of staff and customers, such as through the operation of CCTV systems to detect and prevent crime or to monitor the safety of swimmers in pools.

Customer Feedback and Improvement: Lampton Leisure may collect personal data through customer satisfaction surveys or feedback forms to improve their services based on customer input. Customer feedback data may be retained for up to 2 years.

Operational Efficiency: Personal data may be used to operate the business effectively and efficiently, including marketing services to potential customers and informing local authority partners about service performance.

Legal Compliance: Personal data may be processed to comply with legal obligations, such as responding to claims under insurance law or other statutory requirements.

Contractual Obligations: Personal data may be processed to fulfill contractual obligations with customers, such as delivering services requested by members or processing payments for memberships or bookings.

Vital Interests: Personal data may be processed to protect the vital interests of individuals, such as contacting relevant authorities if an individual is likely to come to immediate harm.

Legitimate Interests: Lampton Leisure may process personal data for legitimate interests, such as operating the business effectively, marketing services, ensuring safety and security, and informing partners about service performance.

Who your information may be shared with (internally and externally)

We share your information with:

Lampton Leisure Staff: Personal data may be shared internally with Lampton Leisure staff members who require access to the information to fulfill their roles and responsibilities in delivering services, ensuring safety and security, and improving operations.

EXTERNAL RECIPIENTS:

Suppliers and Subcontractors: Personal data may be shared with suppliers and subcontractors who provide services on behalf of Lampton Leisure, such as hosting the website, processing payments, or sending emails. These recipients are required to implement data processing policies and control measures to ensure the security and protection of personal data.

Companies we share data with are below 

Gladstone 

Verifone (PDQ) 

Avius 

KeepMe 

Synergy Dance 

Mailchimp

Third-Party Software Companies: Some services, such as the online booking app, may be provided by third-party software companies. Personal data may be shared with these companies to enable the delivery of services.

London Borough of Hounslow: Lampton Leisure operates leisure centers on behalf of the local authority, London Borough of Hounslow. Personal data may be shared with the London Borough of Hounslow to ensure continuity of service if Lampton Leisure`s contract ends, or if there is a change in service operations.

OTHER RELEVANT AUTHORITIES: In certain circumstances, personal data may be disclosed to relevant authorities, such as the police, if required by law or to respond to legal claims.

There will be times when we are under a legal duty to share information. This includes, but is not limited to:

  • disclosure under a court order
  • sharing with the police for the prevention or detection of crime
  • where there is an overriding public interest to prevent abuse or serious harm to others
  • disclosure to a Regulator if we identify a situation of potential misconduct or if the information is requested

We will strive to ensure that any personal data in our care will be kept safe and that where your information is disclosed to a third party working on our behalf, we will seek to ensure that they have sufficient systems and procedures in place to prevent the loss or damage of personal data.

HOW LONG WE KEEP YOUR INFORMATION 

We keep all information in line with our retention schedule 

We will then dispose your information in the most secure manner possible.

TRANSFER TO THIRD COUNTRIES 

All the information you provide us is held within the UK & European Economic Area

BUSINESS INTELLIGENCE, PROFILING AND ANALYSIS 

We may analyze your personal information to improve Lampton Leisure services for the following purposes: 

Undertaking statutory functions efficiently and effectively. 

  • Service planning by understanding your needs and your community`s needs and providing the services requested.
  • Understanding what services can be provided to you and your community and informing you of other relevant services and benefits.
  • Assisting in building a comprehensive understanding of our performance in delivering services and identifying the needs of the customers of Lampton Leisure.
  • Analyzing costs and expenditures of services provided to ensure better and efficient use of public funds. We are committed to using pseudonymised or anonymised information where practical, and in many cases this will be the default position.

Pseudonymisation is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field. An example of this is your National Insurance number or Council Tax Reference number. 

Anonymisation is the process of removing identifying particulars or details. This means that the data cannot be linked back to identify you.

DATA MATCHING AND AUDITING

We are required by law to protect the public funds we administer. We may use the information you provide to us for the prevention and detection of crime. We may also share this information with other bodies that are responsible for auditing or administering public funds including the Department for Work and Pensions, other local authorities, HM Revenue and Customers and the Police. 

The council uses data matching as a way of processing large volumes of information. While this can be a useful way of detecting fraud, it also enables us to identify information that is inaccurate or out of date, helping us comply with Data Protection law, while improving service provision. 

As part of the council`s fraud prevention and detection activities, the council participates in the National Fraud Initiative (NFI). The data matching exercise is run by the Cabinet Office. You can find more information about this at the link below: 

https://www.hounslow.gov.uk/info/20110/open_data_and_information_requests/1365/data_protection/5

YOUR DATA PROTECTION RIGHTS 

The rights available to you depend on our reason for processing your information. For further information about your data protection rights and how to make a request, please see `Your rights`

YOUR RIGHT TO MAKE COMPLAINT

The Council tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.

If you want to make a complaint you can contact us on:

Complaints Team 

London Borough of Hounslow 

Hounslow House, 

7 Bath Road, 

TW3 3EB 

DATA PROTECTION OFFICER

The Council`s Data Protection Officer can be contacted on: 

Aaron.needham@lamptongroup.co.uk 

Information Governance Team 

LAmpton Leisure 

Hounslow House, 

7 Bath Road, 

TW3 3EB

INFORMATION COMMISSIONER`s OFFICE

The Information Commissioner is the UK`s independent body set up to uphold information rights. 

If you would like to know more about your rights under the Data Protection law, and what you should expect, visit the Information Commissioner`s website: https://ico.org.uk/

If you have any concerns regarding any privacy practices or about exercising your Data Protection rights, you may contact the Information Commissioner`s Office:

Information Commissioner`s Office 

Wycliffe House 

Water Lane 

Wilmslow Cheshire 

SK9 5AF

Telephone: 0303 123 1113 or 01625 545 745 

Email: casework@ico.org.uk

A full list of what information we control and process and for what purposes is set out in our notification with the Information Commissioner`s Register of Data Controllers. Our registration number is Z5761176. You can view our registration on the Information Commissioner`s website.