Granite Leisure Walton Hall
Privacy Policy



Granite Leisure Limited Privacy Policy
Effective Date: 1 May 2025

At Granite Leisure Limited, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you become a member of our gyms or interact with us through our customer relationship management (CRM) system.

1. Who We Are

Granite Leisure Limited (“we”, “us”, “our”) operates a number of health clubs and leisure facilities across Scotland. We collect and process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What Personal Data We Collect

When you register with us or use our facilities and services, we may collect the following types of personal information:

  • Full name

  • Date of birth

  • Address

  • Phone number(s)

  • Email address

  • Emergency contact details

  • Health declarations (where relevant to exercise readiness)

  • Membership type and payment information

  • Attendance and booking records

  • CCTV footage (for safety and security at our venues)

3. How We Use Your Data

We use your personal data to:

  • Administer your membership and process payments

  • Manage your access to our facilities and services

  • Communicate with you about your membership, bookings, or updates

  • Ensure your safety while using our services

  • Send you relevant information and promotions (if you have opted in)

  • Comply with legal obligations and protect our business interests

4. Legal Basis for Processing

We process your data under the following legal bases:

  • Contractual obligation – to provide the services you’ve signed up for

  • Legitimate interests – such as improving our services or maintaining security

  • Consent – where you have opted in to receive marketing communications

  • Legal obligation – for compliance with relevant laws and regulations

5. Sharing Your Data

We do not sell your data. We may share your information with:

  • Payment processors for handling direct debits and card transactions

  • IT and CRM system providers who support our membership systems

  • Medical professionals in the case of a health emergency

  • Law enforcement or regulatory bodies where legally required

All third parties we work with are required to comply with data protection laws and only process your data on our instructions.

6. How Long We Keep Your Data

We will retain your personal data for as long as necessary to fulfill the purposes we collected it for, including legal, accounting, or reporting requirements. Membership records are typically kept for 6 years after cancellation unless we are required to keep them longer.

7. Your Rights

You have the right to:

  • Access your personal data

  • Correct inaccuracies in your data

  • Request deletion of your data (where appropriate)

  • Object to or restrict certain types of processing

  • Withdraw consent where processing is based on consent

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, contact us using the details below.

8. How We Protect Your Data

We take the security of your data seriously and implement appropriate physical, technical, and organisational measures to protect it from unauthorised access, loss, or misuse.

9. Contact Us

If you have any questions about this Privacy Policy or your data, you can contact:

Data Protection Officer
Granite Leisure Limited
Email: doni@graniteleisure.com