Wirral Council’s Leisure Services
Information about how Wirral Council’s Leisure Services uses your personal data.
Wirral Council’s Leisure Services
Wirral Council’s Leisure Services is committed to protecting your privacy when you use this service. This Privacy Notice below explains how Wirral Leisure Services collects, uses and protects personal data that we hold.
Wirral Council is the data controller. This means it decides how your personal data is processed and for what purposes.
PO Box 290
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.
Issues of how data is handled are dealt with by the Council’s Data Protection Officer Jane Corrin who can be contacted by email at DPO@wirral.gov.uk or by writing to: Data Protection Officer, Treasury Building, Cleveland Street, Birkenhead, Wirral, CH41 1AH.
As a public authority, we must comply with all relevant legislation relating to data handling.
The Information Commissioner’s Office (ICO) is the supervisory authority in the United Kingdom established to ensure that your data rights are upheld. See Formal Resolution below for the ICO address.
What are our lawful bases for processing your personal data?
Wirral Council’s Leisure Services processes your personal data under the following lawful bases:
1. Where the processing is necessary for the performance of a contract (Article 1(b) GDPR); (Membership)
2. To comply with a legal obligation (Article 6(1)(c) GDPR) (Health and Safety Legislation)
3. With your explicit consent (Articles 6(1)(a) and 9(2)(a) GDPR). (Marketing and Advertising)
Types of personal data we process:
The following are the sources of personal details we require from you and for what purposes
(Membership number and barcode when issued which links to your membership details)
Date of birth
Bank details for payment
Health and Safety (Legal Obligation)
Emergency contact details
Recording of incidents: Name, Address, Date of birth, injury details etc.
Depending on the injury and causes some of the health details may be special category Data. The condition for processing this data would be GDPR Article 9(2)(h) …. The provision of health or social care or treatment or the management of health or social care systems and services.
Advertising and marketing (Consent)
Email address if consented to receiving marketing and advertising relating to Leisure Services. You will have a choice of Mobile contact, ezine contact, mobile push notifications as well as email.
How we protect your data
We will take appropriate steps to make sure we hold records about you (on paper and electronically) in a secure way, and we will only make them available to those who have a right to see them. The Council takes security measures such as, but not limited to:
Logical Security Control
Paper document security
Physical Security Control
Physical access control
Monitoring network activity
Managing Privacy risks
Integrating privacy protection in projects (PIA)
People we share data with
We may be asked on occasion to provide information to other areas within the local authority organisation.
Some data may also be shared with third parties working in partnership with Leisure Services such as sports clubs, coaches etc. which you have enrolled with to provide sporting services.
Where you have consent to marketing your email address, it is shared with the leisure services marketing provider which market services on our behalf.
However we do not use or sell your data to 3rd parties or use it for any other purposes.
How long we keep your data
Adults – 3 years from date of incident
Children to the age they reach 21
Personal Account Data: Attendance records, personal data such as address and Date of Birth, financial data such as Bank Account information and payment records will be kept for no longer than is deemed an acceptable time after you have ceased using our facilities or cancelled your membership.
All financial contracts are kept for a minimum period of 6 years from cancellation of your contract. Should you choose to re-join the Wirral Leisure Membership Scheme the original contract will be destroyed within a timely period.
Until consent is withdrawn you may unsubscribe to marketing consent at any time by following the unsubscribe tab at the bottom of all marketing emails or you can withdraw consent at any Leisure Centre.
Transfers outside the European Economic Area
We do not share personal information beyond the European Economic Area (EEA).
Your data rights
1. Right to be informed
We must be completely transparent with you by providing information ‘in a concise, transparent, intelligible and easily accessible form, using clear and plain language’. Our privacy notice is one of the ways we try and let you know how data is handled.
2. Right of access
You have the right to access your personal information except where: It contains confidential information about other people and the Council has to balance the rights of other individuals
Includes information a care professional thinks will cause serious harm to your or someone else’s physical or mental wellbeing
information which may prejudice an investigation if disclosed
For details on how you can access your personal information see our Data Protect Policy
3. Right to rectification
You have the right without undue delay to request the rectification or updating of inaccurate personal data.
4. Right to restrict processing
You can ask for there to be a restriction of processing such as where the accuracy of the personal data is contested. This means that we may only store the personal data and not further process it except in limited circumstances.
5. Right to object
You can object to certain types of processing such as direct marketing. The right to object also applies to other types of processing such as processing for scientific, historical research or statistical purposes (although processing may still be carried out for reasons of
6. Right to erasure or ‘right to be forgotten’
You can request the erasure of your personal data when:
i) the personal data is no longer necessary in relation to the purposes for which it was collected and processed.
ii) the Council’s lawful basis for processing your personal data was consent and you no longer provide your consent and there is no other legal ground for the processing , or
iii) you object to the processing and there are no overriding legitimate grounds for the processing.
The Information Commissioner regulates data handling by organisations in the U.K and work to uphold the data rights of citizens and the Information Commissioner’s website provides more information on the rights available to you.
If you consented to providing your personal information to us and you have changed your mind and you no longer want the Council to hold and process your information, please let us know. In the first instance please contact the relevant department. Withdrawing consent
should be as easy to do as when you provided consent in the first place. If that isn’t your experience with a particular service it is important you let us know of your difficulties so that we can put that right.
If you encounter any difficulties in withdrawing consent, please contact the Council’s Data Protection Officer by email at DPO@wirral.gov.uk or by writing to: Data Protection Officer, Treasury Building, Cleveland Street, Birkenhead, Wirral, CH41 1AH
The right to complain about data handling
The Council sets very high standards for the collection and appropriate use of personal data. We therefore take any complaints about data handling very seriously. We encourage you to bring to our attention where the use of data is unfair, misleading or inappropriate and we also welcome suggestions for improvement.
In the first instance we would ask that you try and resolve data handling issues directly with the relevant the Bookings and Information Team before applying for a formal resolution.
Email firstname.lastname@example.org; or
Telephone 0151 606 2010
If you are dissatisfied with the informal resolution of your complaint you can request a review by the Data Protection Officer Jane Corrin by email DPO@wirral.gov.uk or by writing to: Data Protection Officer, Treasury Building, Cleveland Street, Birkenhead, Wirral, CH41 1AH
If you remain dissatisfied following an internal complaint, you can lodge a complaint with the Information Commissioner: Information Commissioner’s Office
Changes to our Privacy Notice
We regularly review our privacy notice and encourage you to check it from time to time.
This notice was last updated in September 2018.