SPORT AND PHYSICAL ACTIVITY PRIVACY NOTICE

See here for separate social sports Privacy Notice.

This Notice explains how we will collect and use your personal data.

We are the Data Controller for the personal data that we process about you.

Throughout this Notice, “University”, “we”, “our” and “us” refers to the University of Leeds.  “You” and “your” refers to those data subjects using the University’s Sport and Physical Activities facilities (SPA).

Change in the law

Until 24 May 2018, we shall process your personal data in accordance with the Data Protection Act 1998 (DPA for short).  From 25 May 2018, we shall process your personal data in accordance with the General Data Protection Regulations, as incorporated into UK law (GDPR for short).

This Notice complies with the requirements under the DPA and the GDPR.

Changes to this Notice

We shall inform you of any changes to this Notice by means of this website.

Where we get your personal data from

From you

You will be asked to provide personal data when you register as a user.  You may also be invited to subscribe to newsletters or other activities throughout the duration of your membership. When you are required to provide personal data the uses of this data will be explained at the point of collection.

From the University’s SAP(staff) and BANNER (student) CRM systems

In order to allow staff and students to join SPA online, the personal data of members will be retrieved from the University’s CRM systems every 24 hours.  This data includes name, address, date of birth, gender, department, phone number, student status, completion date, year of study.  The data is used to verify your status as a member of staff/student and is held securely on the SPA’s database.

From external sources

Where there is a legitimate interest to do so, the University will collect data about you from third parties in order to tailor the service that SPA provides. Our marketing team will have access to your UCAS form in order to provide you with information about sports or physical activities which you have expressed an interest in.  If you are a member of a Leeds University Union club they will share details of your membership, year and semester of study and your university email address with us so that we can provide you with relevant information about access to training facilities etc.

In order to notify you of news and information from Sports and Physical Activity at the University of Leeds, we retrieve data from external sources deemed to have a legitimate interest in our activities. External sources include Leeds University Union (LUU) and Universities and Colleges Admissions Service (UCAS). This data includes email addresses, year and semester of study and sports interests.

Automated collection of personal data

As with most other web servers, when you access the SPA webpages certain   This will include your IP address, browser type, and information relating to the page you last visited.  This information is processed to estimate how much usage of the server is made by different categories of users and, in the event of a breach of security, may be used to aid detection.

Cookies

Our website uses first party cookies; which are small text files placed on your device by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. We do not use cookies to collect personal information about you; by using our website you agree that we can place these types of cookies on your device.

For more information see our cookie policy.

The purposes for which we process your personal data and the legal basis for that processing

The processing of your personal data is necessary for the performance of the contract that you have entered into with the University to access the Sports and Physical Activity provisions.

If you do not want your personal data to be used in the manner described then you will need to terminate your contract with SPA.

From time-to-time, we may need to contact you in order to let you know about facility or service closures within Sports & Physical Activity.  We will only contact you via the preferred method which you expressed at the time of registration.

Marketing

You may be invited to subscribe to newsletters or other activities throughout the duration of your membership. When you are required to provide personal data the uses of this data will be explained at the point of collection. Where personal data is requested for marketing purposes you will be given the opportunity to opt-out.

  

Who might we share your data with?

The information that you provide to the University will be stored securely and access will be restricted to those members of staff who need it. The University will not share your personal data with third parties other than those listed below.

Where credit/debit card details have been requested as part of a transaction between you and us, the details will be encrypted and handled by a secure web server using SSL, the standard security technology for establishing an encrypted link between a web server and a browser.

XN Leisure

XN Leisure facilitates the membership application process for Sport & Physical Activity. All data is held on University servers and not by XN Leisure, however, XN Leisure will, from time to time, need access to this data in order to provide support.

Pure Promoter Ltd

Sport & Physical Activity use an email service provider, Pure Promoter Ltd, in order to communicate with our customers via email. Pure Promoter is given access to/holds the email address which you supply; the ways in which Pure Promoter can use and store your email address is strictly regulated by a data processing agreement.

Technogym

Sports & Physical Activity rent fitness equipment from Technogym. Guests are not obliged to provide personal information in order to use this equipment but when provided this data is then owned and stored solely by Technogym UK Ltd.

Retention periods

We will hold your personal information on our systems for as long as you remain a member of Sport & Physical Activity. Once you are no longer a member we will securely delete your data after 6 years.

Your rights as a data subject

You have the right to:

  • access your personal data;
  • request the rectification or deletion of your personal data;
  • request the restriction of the processing of your personal data;
  • object to the processing of your personal data;
  • receive your personal data in a structured, commonly used format and to;
  • complain to the regulator (the Information Commissioner’s Office)

Concerns and contact details

If you have any concerns with regard to the way your personal data is being processed or have a query with regard to this Notice please contact, in the first instance, the SPA Administration team at sport.leeds.ac.uk or the University’s Data Protection Officer, Adrian Slater at a.j.slater@adm.leeds.ac.uk.

Our general postal address is University of Leeds, Leeds LS2 9JT, UK.

Our postal address for data protection issues is University of Leeds, Room 11.72 EC Stoner Building, Leeds, LS2 9JT.

Our telephone number is +44 (0)113 2431751.

Our data controller registration number provided by the Information Commissioner’s Office is Z553814X.