Privacy Policy - General | Anytime Fitness

1. INTRODUCTION

We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable UK data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data.

This policy sets out the types of personal data we collect, how your personal data is processed, for what purposes we process your personal data, and how your privacy is safeguarded during our relationship with you. It is intended to comply with our obligations to provide you with information about our processing of your personal data under UK data protection laws.

This privacy policy (“policy”) is provided in a layered format so you can click through to the sections set out below and find the information of interest to you:

Introduction
Who we are and our contact details
- Questions and complaints
- Changes to this policy and your duty to inform is of changes
The personal data we collect about you
How we collect your personal data
What are the purposes for our processing of your personal data and what is our legal basis for carrying out that processing?
Marketing
Sharing your personal data
International transfers of personal data
Data security
Data retention
Your legal rights
Cookies
Contact us

Please note that our website (anytimefitness.co.uk) may contain links to and from other websites (e.g., social media sites such as TikTok, and those operated by Meta including Facebook and Instagram). Clicking on any such links, or enabling those connections, may allow third parties to collect or share data about you. We have no control over these third-party websites / social media sites or how they handle your data and we are not responsible for their privacy practices. You must therefore make sure that you understand how those websites / organisations will use your personal data and not rely on this policy.

Our website (https://www.anytimefitness.com/en-gb) is not intended for children, and we do not knowingly collect data relating to children, except in limited cases where our clubs are used by members that are 16 and 17 years old with parental or guardian consent.

2. WHO WE ARE AND OUR CONTACT DETAILS

2.1 We are ANYTIME CLUBS UK LIMITED (we, us, our, or Anytime UK). Our registered office is at Victoria House, 50-58 Victoria Road, Farnborough, GU14 7PG, and we are incorporated in England and Wales with company number 07130617.

2.2 Anytime UK, has been appointed by Anytime Fitness Franchisor LLC (AFC) as master franchisee for “Anytime Fitness” branded clubs in the United Kingdom and Ireland. AFC is incorporated in the State of Minnesota, USA, and is the owner of the Anytime Fitness system for operating clubs and all intellectual property associated with that system. Anytime UK’s business is the entry into franchise agreements with the owners of clubs (franchisees) granting franchisees the right to operate their independently owned businesses as Anytime Fitness clubs and the provision of training and support to franchisees.

2.3 Because the nature of the franchising relationship between Anytime UK, AFC and Anytime UK’s franchisees involves the use of certain prescribed procedures, policies and information systems in relation to personal data concerning you and your membership, Anytime UK and AFC are independent “controllers” and the franchisee is our “processor”.

Questions and Complaints

2.4 Please contact our Compliance Team by email at: gdpr@anytimefitness.co.uk, who has been appointed to oversee compliance with this policy if you:

have any questions or concerns about this policy or how we handle your personal data;
wish to exercise any of your rights (see section 11 Your legal rights); or
wish to raise a data protection complaint.

2.5 You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (see www.ico.org.uk for the ICO’s contact details). However, before doing so please make sure you have first made your complaint to us (using the email address specified above) or asked us for clarification if there is something you do not understand or is not clear. The ICO will expect you to have done this before reviewing your complaint.

Changes to this policy and your duty to inform us if your personal data changes

2.6 We regularly review this policy. We may update this policy at any time and, when we do, we update this page, so please check back frequently.

2.7 It is important that the personal data we hold about you is accurate and current. We may ask you to confirm updates to your personal data from time to time but please keep us informed if your personal data changes during your relationship with us in the meantime. Please inform us of any changes in your personal data.

3. THE PERSONAL DATA WE COLLECT ABOUT YOU

3.1 Personal data means any information about an individual from which that person can be identified. It does not include data where the person's identity has been removed. When we refer to the processing of your personal data in this policy, this covers virtually any action involving personal data from collection and storage to destruction

3.2 We process the following types of personal data set out in the table below.

Type of Data	List of Personal Data
Identity Data	First name, last name, username or similar identifier, marital status, title, date of birth, gender, height, weight and photographs.
Contact Data	Postal address, email address and telephone number.
Financial Data	Billing address, bank account and payment card details.
Profile Data	Your username and password, unique customer number, subscription history and orders made by you (e.g. personal trainer sessions, sun bed products etc.), class history, gym access (entry and exit) times and locations, your interests, preferences, feedback and survey responses.
Marketing and Communications Data	Your preferences in receiving marketing from us and your communication preferences.
Technical Data	The type of device you use to access our website, the Internet Protocol (IP) address, your login data, the type and version of your browser, your time zone setting and location, browser plug-in types and versions, operating system, platform and mobile network information.
Usage Data	Information about your usage of our website, the pages you viewed, and how you interacted with the page (such as scrolling, clicks and mouse-overs) (in accordance with your cookie preferences).

We do not seek to obtain any information about criminal convictions and offences or any of the following more sensitive types of personal data, such as race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data (collectively often referred to as special category data).

4. HOW WE COLLECT YOUR PERSONAL DATA

4.1 If you become a member of an Anytime Fitness UK club, you can download our mobile application, i.e. the AF app (AF App), to gain access to a club. The AF App may be integrated with other mobile applications owned by third parties (see further details at section 7 Sharing your personal data). Before using the AF App, please read the applicable terms of use carefully.

4.2 We use different methods to collect data from and about you including through:

Direct interactions. You give us your personal data directly when you:
- apply for a membership to an Anytime Fitness club;
- enquire about a membership to an Anytime Fitness club;
- download our AF App and create an account;
- use our AF App to monitor your progress and set your goals;
- request marketing to be sent to you;
- enter a competition, promotion or survey;
- give us some feedback or contact us;
- engage with any of our social media accounts.
Automated technologies or interactions. As you interact with our website, we may automatically collect Technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Technical data from the following parties:
  - analytics providers such as Google based outside the UK; and
  - advertising networks such as social media companies based inside or outside the UK.

5. YOUR PERSONAL DATA AND WHY WE ARE PROCESSING IT

5.1 The law requires us to have a legal basis for processing your personal data, and, in general, we rely on one or more of the following legal basis for our processing:

Performance of a contract with you: where we need it to perform a contract with you.
Compliance with a legal obligation: where we need to comply with a legal or regulatory obligation.
Legitimate interests: we use personal data where it is necessary to conduct our business and pursue our legitimate interests.
Consent: we only rely on your consent where we have obtained your express agreement to use your personal data for a specified purpose.

5.2 We set out below the purposes we use personal data for and the lawful basis we rely on in each case:

Purpose for processing	Types of personal data	The lawful basis we rely on
To provide our services to you and enabling you to register for a membership to our clubs, including: a) agreeing a contract for our membership, as well as renewals or cancellations; b) communicating with you regards your membership	Identity data Contact data Financial data Profile data	Performance of a contract with you
To provide you with access to any of our clubs, including use of your photograph to prevent unauthorised access.	Identity data Profile data	Performance of a contract with you Legitimate interests (to maintain the security of premises and safety of our staff and members)
To provide you with the AF App to: a) enable you to monitor your progress; b) provide you with a coaching plan; c) provide you with notifications relevant to your club membership and coaching activities	Identity data Contact data Financial data Profile data Marketing and communications data Technical data Usage data	Performance of a contract with you Legitimate interests (to maximise our service offering and utilise the latest technological developments to encourage you to continue your membership)
To provide you with all the benefits of your membership to our clubs, such as personal training sessions, vouchers and discounts, service upgrades or special guest access to events.	Identity data Contact data Profile data	Performance of a contract with you Legitimate interests (to maximise our service offering and encourage you to continue your membership)
Financial management, including: a) billing; b) payment processing and accounting; c) financial reporting and auditing.	Identity data Contact data Financial data	Performance of a contract with you Legitimate interests (to assess performance of our business and to inform our decisions to promote our continued success)
To manage our relationship with you, including notifying you about changes to our terms of business or privacy policy	Identity data Contact data	Performance of a contract with you
For our IT and infrastructure, to protect our business and website (including troubleshooting, data analysis, testing, backups, system maintenance, support, reporting and hosting of data)	Identity data Contact data Financial data Profile data Technical data Usage data	Legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud) Compliance with a legal obligation
To market and advertise our products and services: a) including events we think will be of interest to you; and b) sending service updates or marketing.	Identity data Contact data Marketing and communications data	Legitimate interests (to market, promote and develop our business and to inform our marketing strategy) Consent (where you opt-in to receive marketing materials and communications from us)
To conduct member research and surveys for the purposes of gaining insights into our business and identifying member trends and preferences	Identity data Contact data	Legitimate interests (to improve our service offering by listening to customer feedback).
We engage with ambassadors and influencers on social media for the purpose of promoting and marketing the business	Identity data Contact data Profile data Technical data Usage data	Performance of a contract Legitimate interests (to promote the business using third parties with an online following)
To enforce our legal rights or defend or undertake legal proceedings	Identity data Contact data Financial data Profile data Marketing and communications data Technical data Usage data	Compliance with a legal obligation Legitimate interests (to protect our business, interests and rights)
To share your personal data with companies in our group	Identity data Contact data Financial data Profile data Marketing and communications data Technical data Usage data	Compliance with a legal obligation Legitimate interests (to protect, realise or grow the value in our business and assets)
To share your personal data with third parties that will or may take control or ownership of some or all of our business	Identity data Contact data Financial data Profile data Marketing and communications data Technical data Usage data	Legitimate interests (to facilitate a sale of the business)
To enable you to partake in a prize draw, competition or complete a survey	Identity data Contact data Profile data	Performance of a contract Legitimate interests (to publicise and promote our business and benefit our members, as well as improve our brand image)

Performance of a contract with you: where we need it to perform a contract with you.

Special Category Data: We do not seek to obtain information about criminal convictions or sensitive data (race, religion, sexual orientation, health, genetic/biometric data) unless strictly required for specific club access cases with consent.

6. MARKETING

6.1 We strive to provide you with choices regarding certain personal data uses, particularly around marketing. You can manage your marketing preferences by opting out of marketing at any time by following the opt-out links on any marketing message sent to you or by contacting your club directly at any time.

6.2 We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

6.3 You will receive marketing communications from us if you have requested information from us or purchased services from us (i.e. become a member of an Anytime Fitness club) and, in each case, you have not opted out of receiving that marketing.

7. SHARING YOUR PERSONAL DATA

7.1 We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

7.2 We may need to share your data with third parties where they provide services on our behalf (for example those who help us to operate our website and AF App). We require that all our third-party service providers take necessary security measures to protect your personal data. We do not permit your personal data to be used by those third parties for their own purposes, and they may only process your data for specified purposes, and in accordance with our instructions.

7.3 We set out further details in the table below about the personal data we share with third parties.

Category of Recipient	Further details
Internal Recipients	Companies within our group and/or our franchisees. We share your personal data with: Our franchisees: (i.e. owner of the Anytime Fitness club at which you are a member), to provide our services to you, permit you to use your membership and give you access to our clubs, as well as for internal administrative purposes, management purposes or other business-related purposes, in order to operate our website, to communicate with you, see section 5 for more details. Our personnel and staff:We share personal data internally on a need-to-know basis with our staff and personnel including directors, shareholders, employees, contractors and other temporary workers. Our fitness coaches / personal trainers: We share personal data with those engaged by our franchisees for the purpose of administering your fitness plan and providing you with coaching.
External Recipients	Service providers and suppliers. We engage third party suppliers to provide services to us, from time to time, including: Website and mobile application development suppliers; IT service providers to help manage our IT and back office systems; Digital communication providers (messaging, chat and email); Service providers for improvement and optimisation, data analytics and market research; Professional advisors such as tax or legal advisors. Third parties in case of a legal requirement. We may share your personal data with third parties if we are under a duty to disclose or share your personal data to comply with any legal obligation, to enforce or apply our website terms of use, or to protect the rights, property or safety of our site, our users and others. We may also disclose personal data in case we believe, in good faith, that such disclosure is necessary to enforce our policies, take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of the service and protect our rights and property. Third parties in case of a corporate transaction. We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction. We may also need to share your personal information with national authorities, law enforcement, a regulator or to otherwise comply with the law.

8. INTERNATIONAL TRANSFERS OF PERSONAL DATA

8.1 Some of the third parties listed above may be based outside the European Economic Area (EEA) and/or the United Kingdom.

8.2 Where we transfer personal data outside of the United Kingdom and/or EEA, we implement appropriate safeguards in accordance with applicable UK data protection laws and will only transfer or share your personal data with third parties:

pursuant to the EU Standard Contractual Clauses and any appropriate additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out;
pursuant to the UK Addendum; and/or
in countries that have an adequacy decision by the European Commission and/or the ICO; or
located in the EEA or UK.

9. DATA SECURITY

9.1 We have adopted the technical and organizational measures necessary to ensure the security of the personal data we collect, use and maintain, and prevent their alteration, loss, unauthorized processing or access, having regard to the state of the art, the nature of the data stored and the risks to which they are exposed by human action or physical or natural environment.

9.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.

9.3 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

10. DATA RETENTION

10.1 We endeavor to ensure that personal data are kept as current as possible and that irrelevant or excessive data are deleted or made anonymous as soon as reasonably practicable.

10.2 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

10.3 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

10.4 If you have any queries about the retention of personal data, please contact us at: gdpr@anytimefitness.co.uk.

11. YOUR LEGAL RIGHTS

11.1 Under certain circumstances, you have rights under applicable UK data protection laws in relation to your personal data. Please see the table below to find out more about these rights.

You have the right to request access to your personal data	Commonly known as a "data subject access request", you have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data. This enables you to receive a copy of the personal data we hold about you and check that we are lawfully processing it.
You have the right to ask us to correct or delete your personal data	We aim to ensure that all personal data are correct and up to date. You also have a responsibility to ensure that changes in personal circumstances (e.g. change of address or bank account) are notified to us so that we can ensure that your personal data is up to date. You have the right to request that we correct your personal data if it is inaccurate or incomplete. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You also have the right, in certain circumstances, to request the deletion of irrelevant data we hold about you where there is no reason for us to continue to process it.
You have the right to ask us to restrict the processing of your personal data	You have the right to ask us to restrict the processing of your personal data that we hold about you, where: (i) you contest the accuracy of the personal data (until we have taken sufficient steps to correct or verify its accuracy), (ii) the processing is unlawful but you do not want us to erase the data, (iii) we no longer need to use your personal data for the purposes we collected it for, but you may require it to establish, exercise or defend legal claims; or (iv) where you have objected to processing justified on legitimate interest (see below) pending verification as to whether we have compelling grounds to continue processing.
You have the right to object to our processing of your personal data	Where we rely on legitimate interests to process personal data, then you have the right to object to that processing, unless we can demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.
You have the right to port your personal data	You have the right to obtain and reuse your personal data from us / to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.
You have the right to withdraw your consent	Where we have relied on your consent to process specific information and you have provided us with your consent to process such personal data, you have the right to withdraw your consent at any time. You can do this by contacting us at: gdpr@anytimefitness.co.uk.
Right to complain	You have the right to lodge a complaint with a relevant supervisory authority, which is the ICO (see www.ico.org.uk for the ICO’s contact details) in the UK, if you consider that the processing of your personal data infringes applicable law. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us at: gdpr@anytimefitness.co.uk in the first instance.

11.2 If you wish to exercise any of these rights, please contact the Compliance Team at: gdpr@anytimefitness.co.uk.

11.3 You will not be expected to pay a fee to obtain your personal data unless we consider that your request for access to data is unfounded or excessive. In these circumstances we may charge you a reasonable fee or refuse to comply with your request.

11.4 Whenever you make a request for access to personal data, we may request specific information to confirm your identity. This is to ensure that we are releasing personal data to the correct person.

11.5 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12. COOKIES

12.1 We use cookies in connection with the operation of our website. A cookie is a small file that is sent by a web server (where we host our website) to a web browser (from where you view our website), and which is then stored by the browser.

12.2 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

13. CONTACT DETAILS

If you have any questions about this policy or about the use of your personal data or you want to exercise any of your rights, please contact us at: gdpr@anytimefitness.co.uk.