GDPR User Group Communication Detail Policy
Member GDPR Policy
What:
Administrative communication to allow the performance of the membership contract. We will communicate with members throughout the life of their membership.
Why:
To ensure we support and help members to achieve their fitness and lifestyle goals (the reason for being a member) by encouraging them to maximise their usage of the club facilities and services.
GDPR Opt In:
There is no Opt In as we view this communication to be an essential administrative function to enable members to fully benefit from their membership.
Method:
This communication includes but is not limited to:
Membership Payments, Club Usage, Club Updates, Club Surveys, Advice and Support including Facilities.
The communication methods include but are not limited to:
In Club Communication, Phone Calls, Letter, SMS, Email, App Push Notifications and News Updates, Social Media.
GDPR Opt Out:
Members cannot Opt Out from receiving this communication as it is an essential administrative function.
The only exception to this is Club surveys which members can opt out from receiving.
Policy Statement:
There will be a communication statement on the Membership Application Form explaining the essential administrative communication function to enable members to fully benefit from their membership.
There will be two specific Opt Ins for:
Marketing
Third party communication, like our partner Harlands and Membr. (Please note we will never sell your data to a third party).
Member GDPR Policy 2 Marketing Communications
What:
Marketing communication to members. We will communicate with members throughout the lifecycle of their membership.
Why:
To ensure we support and help members to achieve their fitness and lifestyle goals (the reason for being a member) by encouraging them to maximise their usage of the club facilities and services.
GDPR Opt In:
There will be a specific Opt In on the Membership Application Form, that members can Opt In to.
Method:
This communication includes but is not limited to:
Facilities, Products, Advice and Support including the club newsletter.
The communication methods include but are not limited to:
In Club Communication, App Push Notifications and News Updates, Social Media, Phone Calls and Letters.
Opt In for each of:
Phone (including text)
Email
GDPR Opt Out:
Members can Opt Out from receiving this communication or specific communication methods at any time.
Ex-Members GDPR Policy
What:
Ex-members are members that have cancelled their membership.
They have exited the lifecycle of their current membership and therefore they will not receive future member communication. However we will continue to communicate to them under their existing opt in permissions but only with ex-member relevant communication.
Why:
The most likely re-joiners are ex-members and therefore we will continue to communicate to ex-members for up to 2 years after they cancel their membership, which is an ICO best practice marker. We view this communication as Legitimate Interest. Legitimate Interest is a lawful condition for sending direct marketing by post or for live calls to telephone numbers.
If they were opted in to receive marketing we will continue to communicate to ex-members to the communication methods they opted in to (SMS/Email) on top of calls and letters for up to 2 years after they cancel their membership or until they Opt Out.
GDPR Opt In:
There will be a specific opt in on the Membership Application Form that as a new member they will select their preferred communication methods. This Opt In will allow MyGym to communicate to you though email and Phone, including text and letters.
Method:
Members who move to a status of cancelled will only receive communication for up to 2 years from cancellation.
Ex-members who have Opted In will receive communication for up to 2 years from cancellation by SMS, Email, Phone Calls and Letters or until they Opt Out.
Ex-members who have not Opted In will receive communication for up to 2 years from cancellation by Phone Calls and Letters or until they Opt Out of these specific communication forms too.
If they enquire regarding re-joining they will re-enter the process of negotiation (sales cycle) to buy a membership.
GDPR Opt Out:
Ex-Members can Opt Out from receiving ex-member communication or specific communication methods at any time.
Sales Cycle GDPR Policy
What:
We will only communicate to enquiries during the process of negotiation to buy a membership. We consider the process of negation to buy a membership to have a maximum duration of 60 days.
Membership enquiries are:
Enquiries in the pending file on membr or prospects we enter onto membr with their express permission and format of communication
Why:
This will allow us to communicate to all enquiries during the course of the sales negotiation.
GDPR Opt In:
We do not require specific Opt In as we are only communicating during the course of the sales negotiation = Soft Opt In
Method:
The communication methods include but are not limited to: Phone Calls, Letter, SMS, Email and Social Media.
We will consider the membership enquiry to have opted out when the process of negotiation to buy a membership ended and we will not contact them by Email or SMS.
All enquiries will automatically be changed status after 60 days from data entry date.
Specifically POSR (Point of Sale Referrals) and Membership Referrals are leads and are therefore Opted Out. We receive the data for POSR and Referrals from the referring member; therefore they have not yet entered into the process of negotiation to buy a membership.
GDPR Opt Out:
Enquiries can Opt Out from receiving SMS and Email at any time.
Policy Statement:
There will be a communication statement on the Welcome to MyGym forms that we will only communicate to enquiries during the process of negotiation to buy a membership and that this process has a maximum duration of 60 days.
Member Guests GDPR Policy
What:
All members can bring guests.
Why:
All member Guests are prospects and are therefore have the option to Op in or Out from receiving SMS and Email as they have not yet entered into the process of negotiation to buy a membership unless they agree.
GDPR Opt In:
We will use an Opt In system for guests of members when they use the club.
Method:
If they Opt In the process of negotiation to buy a membership commences and they are now an enquiry and enter the sales cycle.
GDPR Opt Out:
Guests can Opt Out from receiving this communication or specific communication methods at any time.
Policy Statement:
Guest registration form will have a specific opt in asking them if they are interested in communication.
Paid for Trial Members GDPR Policy
What:
We sell try before you buy temporary memberships called Cash No DD or temp passes, which allow enquiries to trial the club before committing to buying a full membership.
Why:
These are try before you buy temporary membership and are therefore membership enquiries. We will only communicate to enquiries during the term of the period they purchased and for 60 after it expire.
We consider the process of negotiation to buy a membership to have a maximum duration of 60 days.
GDPR Opt In:
We do not require specific Opt In as we are only communicating during the course of the sales negotiation = Soft Opt In
GDPR Opt Out:
Paid for Trial Members are enquiries and can Opt Out from receiving this communication or specific communication methods at any time
Document Control
This Procedure needs to be formally reviewed on an annual basis, as a minimum, or if required changes are identified to address one or more of the following:
A change in business activities, which will or could possibly affect the organisations ability to fully comply with GDPR and other related data protection requirements
A change in the way in which MyGym manages personal data, or specifically the activities relating to the conduct of privacy impact assessment
A change in data protection regulations or associated legislative requirements related to privacy by design or the requirements for privacy impact assessment activities
An identified shortcoming in the effectiveness of this Procedure for example as a result of a data breach, Supervisory Authority investigation, formal review or an audit finding.