Ashbourne Management Services Limited (“Ashbourne”, “us”, “we” and “our”). respects your privacy and we are committed to protecting your information (“Personal Data”).

This privacy notice (the “Notice”) sets out how we collect, and use, your personal data when you sign up for a membership at one of our partnering clubs, by entering into the terms of service.

When you sign up for a membership at one of our partnering clubs, both us and the partnering club may be responsible for processing your personal data. In most cases, we act as joint data controllers, This means we make joint decisions about how and why your personal data is used.

We use your information in line with the Data Protection Acts 1998 to 2018, the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK GDPR, and any other applicable law or regulation relating to the processing of Personal Data and to privacy.

This Notice sets out the basis on which we use, process, store or disclose any Personal Data detailed below that is collected, or otherwise provided to us.

Overview of This Notice

(1) The Personal Data We Process

We fully respect your right to privacy in relation to your enjoyment of the services provided and we strive to be transparent in our dealings with you as to what information we will collect and how we will use your information.

We collect and process the following Personal Data from you:

Contact Data

• Name
• Email address
• Telephone number
• Company details (if applicable)

Identity Data

• Full name
• Title
• Date of birth
• Gender

Financial Data

• Billing and payment information

Fingerprint Data

Some clubs may provide the option for fingerprint authentication for security purposes or to control entry into their premises.

If you choose to use this:

• Your fingerprint is scanned during enrolment
• Data points are collected and stored locally on the gym’s internal PC system

For general entry:

• Fingerprint scans are not stored
• Data is pseudonymised
• No images or scans are stored
• Stored as numerical data (repeat ratio 1 in 10,000)

How and Why We Use Your Personal Data

Legal Bases & Purposes

Contract

Purpose:

• Member registration
• Enable use of facilities and services
• Process membership payments

Data Used:

• Contact Data
• Identity Data
• Financial Data

Legitimate Interests

Purpose:

• Identity verification
• Fraud prevention

Data Used:

• Identity Data

Explicit Consent

Purpose:

• Biometric authentication for entry

Data Used:

• Fingerprint Data

You may refuse consent and use a PIN code instead.

Legal Obligation

Purpose:

• Compliance with legal requirements

Data Used:

• Contact Data
• Identity Data
• Financial Data
• Fingerprint Data

Legal Claims

Purpose:

• Establish, investigate, or defend legal claims

Data Used:

• Contact Data
• Identity Data
• Financial Data
• Fingerprint Data

Who We Share Your Personal Data With

Recipients

• Payment Service Providers
• Warehouse and Delivery Companies
• Gym Owners
• Marketing Agencies
• Website Hosts
• Social Media Sites (if linked)

Other Recipients

• Regulatory authorities and law enforcement
• External advisors (lawyers, accountants, auditors)
• IT and service providers
• Business transfer or merger partners

All third parties are required to:

• Respect data security
• Process data only as instructed

Transfers of Your Personal Data

• Data is stored in the UK (except biometric data stored locally at gyms)
• Transfers outside the EEA may occur where legally permitted

Transfers are based on:

• Adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Explicit consent
• Contract necessity
• Legal permissions

How Long We Keep Your Personal Data

• Data is retained as long as necessary for its purpose
• After contracts end, data may be kept for up to 7 years
• Longer retention may occur for legal or regulatory reasons

Your Rights and How to Exercise Them

You have the following rights:

Right of Access

• Request a copy of your data
• Understand how it is processed

Right to Rectification

• Correct inaccurate data

Right to Erasure

• Request deletion under certain conditions

Right to Restriction

• Limit how your data is used

Right to Data Portability

• Receive data in a transferable format

Right to Object

• Object to processing based on legitimate interests

Right to Withdraw Consent

• Withdraw consent at any time

Contact

Data Protection Officer
Ashbourne Management Services Limited

Email:
[email protected]

Requests will be handled:

• Within 1 month (extendable to 2 months if required)
• Identity verification may be required

You may also lodge a complaint with:

• Ireland: Data Protection Commission
• EU: Local supervisory authority
• UK: Information Commissioner’s Office

Data Security

We implement appropriate security measures to:

• Prevent unauthorised access
• Prevent loss or misuse of data

Access is restricted to authorised personnel only.

We have procedures in place to:

• Detect breaches
• Notify users and regulators where required

Changes to This Notice & Questions

This Notice may be updated from time to time.

If you have any questions or concerns, please contact us using the details above.