Privacy Policy - General | Anytime Fitness

1. INTRODUCTION

We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable UK data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data.

This policy sets out the types of personal data we collect, how your personal data is processed, for what purposes we process your personal data, and how your privacy is safeguarded during our relationship with you. It is intended to comply with our obligations to provide you with information about our processing of your personal data under UK data protection laws.

This privacy policy (“policy”) is provided in a layered format so you can click through to the sections set out below and find the information of interest to you:

Introduction
Who we are and our contact details
The personal data we collect about you
How we collect your personal data
Your personal data and why we are processing it
Marketing
Sharing your personal data
International transfers of personal data
Data security
Data retention
Your legal rights
Cookies
Contact us

Links to Third Parties: Please note that our website (anytimefitness.co.uk) may contain links to and from other websites (e.g., social media sites such as TikTok, and those operated by Meta including Facebook and Instagram). Clicking on those links may allow third parties to collect or share data about you. We have no control over these third-party sites and are not responsible for their privacy practices.

Children: Our website is not intended for children. We do not knowingly collect data relating to children, except in limited cases where our clubs are used by members who are 16 and 17 years old with parental or guardian consent.

2. WHO WE ARE AND OUR CONTACT DETAILS

2.1 We are ANYTIME CLUBS UK LIMITED (we, us, our, or Anytime UK). Our registered office is at Victoria House, 50-58 Victoria Road, Farnborough, GU14 7PG. We are incorporated in England and Wales with company number 07130617.

2.2 Anytime UK has been appointed by Anytime Fitness Franchisor LLC (AFC) as the master franchisee for “Anytime Fitness” branded clubs in the United Kingdom and Ireland. Anytime UK enters into franchise agreements with independent club owners (franchisees).

2.3 In this relationship, Anytime UK and AFC act as independent “controllers” and the franchisee acts as our “processor.”

Questions and Complaints

2.4 Please contact our Compliance Team at gdpr@anytimefitness.co.uk if you have questions, wish to exercise your rights, or wish to raise a complaint.

have any questions or concerns about this policy or how we handle your personal data;
wish to exercise any of your rights (see section 11 Your legal rights); or
wish to raise a data protection complaint.

2.5 You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) in the UK or the Data Protection Commission (DPC) in Ireland. We would appreciate the chance to deal with your concerns first before you approach these authorities.

Changes to this Policy

2.6 We regularly review this policy and will update this page accordingly. Please check back frequently.

2.7 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.

3. THE PERSONAL DATA WE COLLECT ABOUT YOU

3.1 Personal data means any information about an individual from which that person can be identified.

3.2 We process the following types of personal data:

Type of Data	List of Personal Data
Identity Data	First name, last name, username or similar identifier, marital status, title, date of birth, gender, height, weight and photographs.
Contact Data	Postal address, email address and telephone number.
Financial Data	Billing address, bank account and payment card details.
Profile Data	Your username and password, unique customer number, subscription history and orders made by you (e.g. personal trainer sessions, sun bed products etc.), class history, gym access (entry and exit) times and locations, your interests, preferences, feedback and survey responses.
Marketing and Communications Data	Your preferences in receiving marketing from us and your communication preferences.
Technical Data	The type of device you use to access our website, the Internet Protocol (IP) address, your login data, the type and version of your browser, your time zone setting and location, browser plug-in types and versions, operating system, platform and mobile network information.
Usage Data	Information about your usage of our website, the pages you viewed, and how you interacted with the page (such as scrolling, clicks and mouse-overs) (in accordance with your cookie preferences).

Special Category Data: We do not seek to obtain information about criminal convictions or sensitive data (race, religion, sexual orientation, health, genetic/biometric data) unless strictly required for specific club access cases with consent.

4. HOW WE COLLECT YOUR PERSONAL DATA

4.1 If you become a member of an Anytime Fitness UK club, you can download our mobile application, i.e. the AF app (AF App), to gain access to a club. The AF App may be integrated with other mobile applications owned by third parties (see further details at section 7 Sharing your personal data). Before using the AF App, please read the applicable terms of use carefully.

4.2 We use different methods to collect data from and about you including through:

Direct interactions. You give us your personal data directly when you:
- Apply for a membership to an Anytime Fitness club;
- Enquire about a membership to an Anytime Fitness club;
- Download our AF App and create an account;
- Use our AF App to monitor your progress and set your goals;
- Request marketing to be sent to you;
- Enter a competition, promotion or survey;
- Give us some feedback or contact us;
- Engage with any of our social media accounts.
Automated technologies or interactions. As you interact with our website, we may automatically collect Technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Technical data from the following parties:
  - Analytics providers such as Google based outside the UK; and
  - Advertising networks such as social media companies based inside or outside the UK.

5. YOUR PERSONAL DATA AND WHY WE ARE PROCESSING IT

5.1 The law requires us to have a legal basis for processing your personal data, and, in general, we rely on one or more of the following legal basis for our processing:

Performance of a contract with you: where we need it to perform a contract with you.
Compliance with a legal obligation: where we need to comply with a legal or regulatory obligation.
Legitimate interests: we use personal data where it is necessary to conduct our business and pursue our legitimate interests.
Consent: we only rely on your consent where we have obtained your express agreement to use your personal data for a specified purpose.

5.2 We set out below the purposes we use personal data for and the lawful basis we rely on in each case:

Purpose for processing	Types of personal data	The lawful basis we rely on
To provide our services to you and enabling you to register for a membership to our clubs, including: a) agreeing a contract for our membership, as well as renewals or cancellations; b) communicating with you regards your membership	Identity data Contact data Financial data Profile data	Performance of a contract with you
To provide you with access to any of our clubs, including use of your photograph to prevent unauthorised access.	Identity data Profile data	Performance of a contract with you Legitimate interests (security of premises and safety of staff/members)
To provide you with the AF App to: a) monitor your progress; b) provide a coaching plan; c) provide relevant notifications	Identity, Contact, Financial, Profile Marketing & Comm data Technical & Usage data	Performance of a contract with you Legitimate interests (service offering & tech development)
To provide you with all the benefits of your membership (PT sessions, vouchers, discounts, upgrades, events).	Identity data Contact data Profile data	Performance of a contract with you Legitimate interests (customer retention)
Financial management, including: a) billing; b) payment processing; c) financial reporting/auditing	Identity data Contact data Financial data	Performance of a contract with you Legitimate interests (business assessment)
To manage our relationship with you, including notifying you about changes to terms or policy.	Identity data Contact data	Performance of a contract with you
For our IT and infrastructure, to protect our business and website (troubleshooting, backups, hosting).	Identity, Contact, Financial Profile, Technical, Usage	Legitimate interests (fraud prevention & security) Compliance with a legal obligation
To market and advertise our products and services: a) events of interest; b) service updates/marketing.	Identity data Contact data Marketing and communications data	Legitimate interests (marketing strategy) Consent (where opted-in)
To conduct member research and surveys to gain insights and identify trends.	Identity data Contact data	Legitimate interests (customer feedback)
Engaging with ambassadors and influencers on social media for business promotion.	Identity, Contact, Profile Technical & Usage data	Performance of a contract Legitimate interests (brand promotion)
To enforce our legal rights or defend/undertake legal proceedings.	Identity, Contact, Financial, Profile Marketing, Technical, Usage	Compliance with a legal obligation Legitimate interests (protection of rights)
To share your personal data with companies in our group.	Identity, Contact, Financial, Profile Marketing, Technical, Usage	Compliance with a legal obligation Legitimate interests (business growth/value)
Sharing data with third parties during a potential sale or restructuring of the business.	Identity, Contact, Financial, Profile Marketing, Technical, Usage	Legitimate interests (business sale facilitation)
To enable you to partake in a prize draw, competition, or complete a survey.	Identity data Contact data Profile data	Performance of a contract Legitimate interests (brand promotion)

6. MARKETING

6.1 We strive to provide you with choices regarding certain personal data uses, particularly around marketing. You can manage your marketing preferences by opting out of marketing at any time by following the opt-out links on any marketing message sent to you or by contacting your club directly at any time.

6.2 We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

6.3 You will receive marketing communications from us if you have requested information from us or purchased services from us (i.e. become a member of an Anytime Fitness club) and, in each case, you have not opted out of receiving that marketing.

7. SHARING YOUR PERSONAL DATA

7.1 We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.

7.2 We may need to share your data with third parties where they provide services on our behalf (for example those who help us to operate our website and AF App). We require that all our third-party service providers take necessary security measures to protect your personal data. We do not permit your personal data to be used by those third parties for their own purposes, and they may only process your data for specified purposes, and in accordance with our instructions.

7.3 We set out further details in the table below about the personal data we share with third parties.

Category of Recipient	Further details
Internal Recipients	Companies within our group and/or our franchisees. We share your personal data with: Our franchisees (i.e. owner of the Anytime Fitness club at which you are a member), to provide our services to you, permit you to use your membership and give you access to our clubs, as well as for internal administrative purposes, management purposes or other business-related purposes, in order to operate our website, to communicate with you, see section 5 for more details. Our personnel and staff. We share personal data internally on a need-to-know basis with our staff and personnel including directors, shareholders, employees, contractors and other temporary workers. Our fitness coaches / personal trainers or those engaged by our franchisees. We share personal data with our fitness coaches or those engaged by our franchisees for the purpose of administering your fitness plan and providing you with coaching.
External Recipients	Service providers and suppliers. We engage third party suppliers to provide services to us, from time to time, including: Website and mobile application development suppliers to support with our website and AF App development; IT service providers to help manage our IT and back office systems; Digital communication providers including online and instant messaging, chat and email providers; Service providers for improvement and optimisation of our services and business processes and operations, including data and usage analytics, forecasting, sales and business performance analytics and market research for statistical and survey purposes; Professional advisors such as tax or legal advisors (for example, as necessary for the establishment, exercise or defence of legal claims or to protect the rights or safety of Anytime UK). Third parties in case of a legal requirement. We may share your personal data with third parties if we are under a duty to disclose or share your personal data to comply with any legal obligation, to enforce or apply our website terms of use, or to protect the rights, property or safety of our site, our users and others. We may also disclose personal data in case we believe, in good faith, that such disclosure is necessary to enforce our policies, take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of the service and protect our rights and property. Third parties in case of a corporate transaction. We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction. We may also need to share your personal information with national authorities, law enforcement, a regulator or to otherwise comply with the law.

8. INTERNATIONAL TRANSFERS OF PERSONAL DATA

8.1 Some of the third parties listed above may be based outside the European Economic Area (EEA) and/or the United Kingdom.

8.2 Where we transfer personal data outside of the United Kingdom and/or EEA, we implement appropriate safeguards in accordance with applicable UK data protection laws and will only transfer or share your personal data with third parties:

pursuant to the EU Standard Contractual Clauses and any appropriate additional measures to supplement such clauses as may be required in line with transfer impact assessments we carry out;
pursuant to the UK Addendum; and/or
in countries that have an adequacy decision by the European Commission and/or the ICO/DPC; or
located in the EEA or UK.

9. DATA SECURITY

9.1 We have adopted the technical and organisational measures necessary to ensure the security of the personal data we collect, use and maintain, and prevent their alteration, loss, unauthorised processing or access, having regard to the state of the art, the nature of the data stored and the risks to which they are exposed by human action or physical or natural environment.

9.2 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.

9.3 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

10. DATA RETENTION

10.1 We endeavour to ensure that personal data are kept as current as possible and that irrelevant or excessive data are deleted or made anonymous as soon as reasonably practicable.

10.2 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

10.3 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

10.4 If you have any queries about the retention of personal data, please contact us at: gdpr@anytimefitness.co.uk.

11. YOUR LEGAL RIGHTS

11.1 Under certain circumstances, you have rights under applicable UK data protection laws in relation to your personal data. Please see the table below to find out more about these rights.

Your Right	Further Details
You have the right to request access to your personal data	Commonly known as a "data subject access request", you have the right to request confirmation that your personal data is being processed, access to your personal data (through us providing a copy) and other information about how we process your personal data. This enables you to receive a copy of the personal data we hold about you and check that we are lawfully processing it.
You have the right to ask us to correct or delete your personal data	We aim to ensure that all personal data are correct and up to date. You also have a responsibility to ensure that changes in personal circumstances (e.g. change of address or bank account) are notified to us so that we can ensure that your personal data is up to date. You have the right to request that we correct your personal data if it is inaccurate or incomplete. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. You also have the right, in certain circumstances, to request the deletion of irrelevant data we hold about you where there is no reason for us to continue to process it.
You have the right to ask us to restrict the processing of your personal data	You have the right to ask us to restrict the processing of your personal data that we hold about you, where: (i) you contest the accuracy of the personal data (until we have taken sufficient steps to correct or verify its accuracy), (ii) the processing is unlawful but you do not want us to erase the data, (iii) we no longer need to use your personal data for the purposes we collected it for, but you may require it to establish, exercise or defend legal claims; or (iv) where you have objected to processing justified on legitimate interest (see below) pending verification as to whether we have compelling grounds to continue processing.
You have the right to object to our processing of your personal data	Where we rely on legitimate interests to process personal data, then you have the right to object to that processing, unless we can demonstrate that, on balance, our legitimate interests override your rights or we need to continue processing your personal data for the establishment, exercise or defence of legal claims.
You have the right to port your personal data	You have the right to obtain and reuse your personal data from us / to reuse for your own purposes across different services. This allows you to move personal data easily to another organisation, or to request us to do this for you.
You have the right to withdraw your consent	Where we have relied on your consent to process specific information and you have provided us with your consent to process such personal data, you have the right to withdraw your consent at any time. You can do this by contacting us at: gdpr@anytimefitness.co.uk.
Right to complain	You have the right to lodge a complaint with a relevant supervisory authority, which is the ICO (see www.ico.org.uk for the ICO’s contact details) in the UK or the DPC in Ireland, if you consider that the processing of your personal data infringes applicable law. We would, however, appreciate the chance to deal with your concerns before you approach the ICO or the DPC, so please contact us at: gdpr@anytimefitness.co.uk in the first instance.

11.2 If you wish to exercise any of these rights, please contact the Compliance Team at: gdpr@anytimefitness.co.uk.

11.3 You will not be expected to pay a fee to obtain your personal data unless we consider that your request for access to data is unfounded or excessive. In these circumstances we may charge you a reasonable fee or refuse to comply with your request.

11.4 Whenever you make a request for access to personal data, we may request specific information to confirm your identity. This is to ensure that we are releasing personal data to the correct person.

11.5 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

12. COOKIES

12.1 We use cookies in connection with the operation of our website. A cookie is a small file that is sent by a web server (where we host our website) to a web browser (from where you view our website), and which is then stored by the browser.

12.2 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

13. CONTACT DETAILS

If you have any questions about this policy or about the use of your personal data or you want to exercise any of your rights, please contact us at: gdpr@anytimefitness.co.uk.