Effective Date: 28 May 2025
Last Updated: 28 May 2025
Muro Bouldering Gym ("we", "our", or "us") respects your privacy and is committed to protecting your personal information. This policy explains how we collect, use, and safeguard your data. It also explains your rights under the **UK General Data Protection Regulation (UK GDPR)** and the **Data Protection Act 2018**.
Please read this policy carefully. Providing your personal information is voluntary, but without it, some services (e.g. bookings, memberships) may not be available to you.
---
1. How we collect personal information about you
2. What personal information do we use?
3. How and why we use your personal information
4. Lawful bases for processing
5. Communications for marketing
6. Children’s personal information
7. How long we keep your personal information
8. Sharing your personal information
9. Data security and storage
10. International data transfers
11. Your rights under data protection law
12. Changes to this policy
13. Links to third-party websites
14. How to contact us
---
We may collect your personal information in the following ways:
- **Directly from you**, when you register for membership, make a booking, complete forms online or on-site, or communicate with us via email, phone or in person.
- **Indirectly from third parties**, such as booking platforms, payment providers, or analytics services. We will inform you if we obtain your data in this way.
- **From publicly available sources**, including social media platforms (depending on your privacy settings).
- **Automatically**, through your interactions with our website, including technical data such as IP address, browser type, time zone, clickstream data, and cookies (see our [Cookie Policy]).
We may collect and process the following:
- Full name, email, phone number, postal address
- Date of birth and gender
- Emergency contact information
- Booking and attendance records
- Payment details (processed securely via third parties)
- Medical information relevant to your safety at our facility
- Personal identifiers from social media (if interacting with us)
- Technical information (e.g., IP address, browser type)
- CCTV footage
- Photos and videos (only with your consent)
- Any other data you provide in relation to our services
**Special categories of personal data** (e.g., medical conditions) are only processed where necessary and with appropriate safeguards.
---
We use your data to:
- Register and manage your membership
- Enable bookings and deliver our services
- Respond to enquiries and provide support
- Communicate updates about your membership or account
- Send marketing communications (with your consent)
- Ensure safety within our gym (including incident reporting)
- Monitor usage trends and improve our services
- Comply with legal obligations
- Prevent fraud or misuse
- Defend legal claims or manage disputes
---
We rely on the following legal grounds:
- **Consent** – for marketing or processing sensitive data
- **Contractual necessity** – to manage your membership or bookings
- **Legal obligations** – e.g., tax compliance, health & safety
- **Vital interests** – e.g., medical emergencies
- **Legitimate interests** – e.g., gym operations and safety
We balance our legitimate interests against your privacy rights before processing.
---
With your permission, we may contact you about:
- Upcoming classes or events
- Membership offers or promotions
- Relevant gym news
You can withdraw consent at any time via the unsubscribe link in emails or by contacting us directly.
---
For users under 18, we may collect personal data with parental or guardian consent. Safeguards are in place to handle this data responsibly.
---
We retain data only as long as necessary, typically:
- **Membership & booking records** – 6 years after your last visit
- **Children’s data** – up to 6 years after they turn 18
- **Marketing suppression** – indefinitely (to respect opt-outs)
- **CCTV footage** – typically 30 days unless required longer
We do not sell your data. We may share it with:
- Booking and payment providers (e.g., Stripe, TeamUp)
- IT and system support services
- Legal or regulatory authorities, when required
- Emergency services, in case of incidents
- Professional advisors (e.g., accountants or solicitors)
- Subcontractors assisting in service delivery
In exceptional cases, we may share data during business asset transfers.
---
We implement appropriate safeguards, including:
- Encrypted servers and databases
- Access limited to trained personnel
- Regular security reviews and staff training
No system is 100% secure, but we take all reasonable measures to protect your data.
---
We primarily store your data in the UK or the EEA. If data is transferred outside the EEA (e.g., to US-based cloud providers), we ensure:
- Appropriate safeguards (e.g., Standard Contractual Clauses)
- Compliance with UK GDPR standards
---
You have the right to:
1. **Access** – request a copy of your personal data
2. **Rectification** – correct inaccurate or outdated data
3. **Erasure** – request deletion of your data in some cases
4. **Restriction** – limit how we use your data
5. **Objection** – object to data use in certain circumstances
6. **Portability** – transfer your data to another provider
7. **Withdraw Consent** – stop marketing communications
8. **Avoid automated decisions** – not be subject to decisions made solely by automated means
To exercise these rights, contact us using the details in section 14.
If you're unhappy with our response, you can lodge a complaint with the UK Information Commissioner’s Office: [www.ico.org.uk](https://www.ico.org.uk)
We may update this policy occasionally. The latest version will always be available on our website. We will notify you of significant changes via email where appropriate.
---
Our site may contain links to external sites. We are not responsible for the privacy practices or content of those sites. We recommend reviewing their privacy policies separately.
If you have any questions, requests or complaints regarding this policy, please contact:
**Data Protection Officer**
Muro Bouldering Gym
Peckham, London, UK
nathan@muroclimbing.com