MCRactive is committed to ensuring that personal information is held fairly, lawfully and securely in accordance with data protection laws. Please read the following carefully to understand our views and practices regarding your personal information and how we treat it. We may change this Privacy Notice from time to time, so please ensure that you check this page regularly.
How We Use Your Information
This Privacy Notice tell you what to expect when we, MCRactive, collect personal information. It applies to information we collect about:
• Users of and/or visitors to our websites
• People who register for an on-line membership account.
• People who register for and use our services, programmes and activities
• People who e-mail us
• People who subscribe to our e-newsletter
• People who complete our questionnaire and survey (including completing a questionnaire and survey for a prize draw)
• People who contact us with a comment, enquiry or complaint
• People who are recorded on CCTV operated by us; and
• Job applicants and our current and former employees.
What is Personal Information?
Personal information (sometimes referred to as personal data) is any information that enables MCRactive to identify a living individual from that information, either directly or indirectly. For example, basic details such as your:
• Telephone number
• Date of birth
• Visual images
• Information held in files
Some information is classed as ‘special categories of personal data” and needs more protection because it is more sensitive. It is often information that you would not want widely known and is very personal to you. This is likely to include anything that can reveal your:
• Sexuality or sexual health
• Religious or philosophical beliefs
• Physical or mental health
• Trade union membership
• Political opinion
• Genetic/biometric data
• Criminal history
How will we use personal information about you?
MCRactive is known as a Data Controller for any personal information which we have collected, for example, from online or paper correspondence or forms, by telephone, email or in person. This means that we collect the information and decide how it should be used. As we are collecting some information in relation to Manchester City Council owned facilities, Manchester City Council may also be a joint Data Controller of this information in certain circumstances. For details on how Manchester City Council use personal information, please click here http://www.manchester.gov.uk/cookies
We use some personal information to provide and manage services effectively. We do not share personal information unless it is necessary, lawful and appropriate to do so in the circumstances.
We will always try and tell you how and why the information will be used. For some of our services, we need to collect personal information so that we can get in touch with you or provide the service.
We may need to use personal information about you to:
1. Provide services to you, such as access to sports facilities; operate and administer our membership schemes and programmes
2. Communicate with you about services we and/or third party providers provide
3. Facilitate or enable transactions and/or bookings by you for activities with third party providers
4. Check and improve the quality of our services, products and programmes and to help with research and planning new services and programmes, such as by consulting, informing and getting your opinion.
5. Train, support and manage our staff
6. Help investigate any worries or complaints you have about our services.
7. Prevent crime and prosecute offenders, including via the use of CCTV.
8. Ensure we meet our obligations in relation to diversity and equal opportunity
9. Send promotional information about new services, products, programmes, special offers or other information that we think you may find interesting using the e-mail address or other contact details that you have requested we use
10. Contact you for market research purposes
11. Protect you or others from harm or injury
How do we use your personal information?
Generally, we collect and use personal information where:
1. You have entered a contract with us for the provision of services
2. You have joined our membership schemes and/or other programmes
3. You have registered to use our site and filled in forms on our site including relating to searching for and/or selecting a third-party provider
4. You, or your legal representative, have given us consent
5. It is necessary for employment purposes
6. You have made your information publicly available
7. It is necessary for archiving, research or statistical purposes
8. It is necessary for legal cases
9. It is required by law; and/or
10. It is necessary to protect someone in an emergency or to protect public health
Each individual service we provide will collect and use personal information in a way in order to provide and run that service. Further information about all our services and what we do can be found by clicking on the links below.
Click here People who use our services outside of our facilities
Who do we share personal information with?
We use a limited range of organisations to either store personal information or help deliver our services to you and/or our programmes and/or projects. We’ll sometimes complete a data protection impact assessment before we share personal information to make sure we protect your privacy and comply with the law.
The list below is a broad summary of the types of organisations your personal information may be shared with:
• In order to provide appropriate, timely and effective services and/or programmes and/or projects, we may share information about you such as your name and address internally and/or between services or sections within MCRactive. This is so that we can keep information on you as up to date as possible and so we can improve our services to you and/or our programmes and/or projects. However, we ensure that staff within MCRactive can only access information they need to do their job.
• Organisations that own and/or control us such as Manchester City Council and organisations that are affiliated with us
• Funders of our organisation and activities
• Partner organisations and agencies under data sharing agreements or protocols. MCRactive have data sharing agreements in place with local agencies and partner organisations (such as, but not limited to, Greenwich Leisure Limited and Everyone Active) who we work with to provide activities, programmes and services at Manchester’s leisure facilities. Under a data sharing agreement, certain personal information is shared for a specific purpose. The agency or organisation receiving the information are obliged to only use that information to carry out that specific purpose to keep your data safe and secure.
• We may also share information for research and evaluation purposes. This helps us to make sure we are providing the right services, in the right areas, in the right way.
Sometimes the law requires that we have to pass on your personal data to a third party. For example, personal information may be provided to the courts, either because the court has ordered such information to be provided, or because MCRactive requires a court to do something (e.g. pursue an individual for settlement of a debt).
Even if not required to do so by law, we may also share your personal information when we feel there is good reason that doing so is more important than protecting your privacy. For all these reasons, the risk must be serious before we can override your right to privacy. This does not happen often, but we may share your information:
• in order to find and stop crime and fraud.
• if there is a serious risk to the public, our staff or to other professionals.
• to protect a child; or
• to protect adults who are thought to be at risk, for example, if they are frail, confused or cannot understand what is happening to them.
Information provided by you in response to our consultations, including personal information, may be disclosed in accordance with the Freedom of Information Act 2000 and the Data Protection Act 2018.
Please tell us if you want the information you provide to be treated as confidential. We cannot guarantee confidentiality, but we will take your views into account.
We will not sell or give your personal information to a third party for marketing purposes unless we have asked your permission.
Services provided by third parties
We may share information with third party service provider organisations that provide specific services on our behalf which enhance our products and your experience with us. These organisations act as a Data Processor under our instructions. They may process data securely outside of the UK and/or European Economic Area. Our Data Processors must also act to protect your privacy.
Our current processing partners include:
• We use Cloud hosting service providers based in the UK to store your personal information
• Microsoft Services
We may share information with third party service providers who you have booked with or participated in an activity within the course of your use of our site.
You may have the following rights with respect to your personal information:
1. You have the right to ask for access to the personal information we hold about you. This is known as a ‘subject access request’. You have the right to ask for all the information we have about you and the services you receive from us. When we receive a request orally or in writing, we must give you access to everything we’ve recorded about you.
2. You have the right to request that your personal information be given back to you or another service provider of your choice in a commonly used format. This is known as ‘data portability’. However, this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer, not a human being. It is likely that data portability will not apply to most of the services that you receive from MCRactive.
3. You have the right to ask MCRactive to stop using and/or delete your personal information. This is commonly known as the ‘right to be forgotten’. This includes withdrawing your consent to processing your personal data if your consent was relied upon. In some circumstances, you can ask for your personal information to be deleted, for example:
• Where your personal information is no longer needed for the reason why it was collected in the first place.
• Where you have removed your consent for us to use your information.
• Where there is no other legal reason for the use of your information.
• Where deleting the information is a legal requirement.
Please note that we can’t delete your personal information where:
• We’re required to have it by law.
• It is used for freedom of expression.
• It is in the interest of the wider public, for example, public health purposes.
• It is for statistical purposes where it would make information unusable.
• It is necessary for legal claims.
• Where use of your personal information is not reliant on obtaining consent, for example, where your personal information is needed to comply with a legal obligation.
4. You have the right to ask us to restrict what we use your personal information for, or to object to ways in which we process your personal information
5. You have the right to ask us to stop using your personal information for any service. However, if this request is approved, this may cause delays or prevent us delivering that service to you. This request may be a temporary one (your right to restrict) or a more permanent one (your right to object). Where we process personal data for our legitimate interests, you have a right to object to that processing.
6. When you ask for the use of your personal information to be limited, this means that it can’t be used, other than:
• To securely store the personal information itself.
• With your consent, to handle legal claims; or
• Where we are legally obliged to do so.
7. Where possible, we’ll seek to comply with your request, but we may need to hold or use your personal information because we are required to by law.
8. Where we can limit the use of your personal information as requested, we will inform you of this.
9. You have the right to change personal information that you think is wrong. You should let us know if you disagree with something written on your file. We may not always be able to change or remove that information, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
10. You have the right to not be subject to automated decision making and profiling. Automated decision making is where decisions are made about you by a computer, rather than a human.
11. You have the right to ask to have any computer made decisions explained to you and details of how we may have ‘risk profiled’ you.
12. You have the right to question decisions made about you by a computer unless it’s required for any contract you have entered, required by law, or you have consented to it. Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions. If and when we use your personal information to profile you in order to deliver the most appropriate service to you, you will be informed. We do not currently undertake any automated decision making or profiling using your personal information. However, if that position changes, we will contact you to make you aware of this and to share our policy on this with you.
Can we use your information for any other purposes later?
If we need to use your personal information for a different reason than we originally told you, or for an extra reason and we did not tell you about this in either this privacy notice or the privacy notice of the specific service using your personal information, then we will provide you with a new notice. This will be given either at the time the information is collected, or before we begin to use information we already hold.
This notice will explain the new or additional reason we need to use your personal information, and on what legal basis we can do so.
How long will your personal information be kept?
We will only hold your personal information for as long as necessary and in line with legal requirements or industry guidelines. If you would like a copy of our Data Retention Policy, please contact email@example.com
Where is your personal information kept and how is it protected?
The majority of personal information is stored on electronic systems or computer servers which are located in the UK.
However, there are some occasions where your information may leave the UK. For example, this may be because it needs to be transferred to another organisation which may use systems which store information outside of the UK (for example, over the internet such as cloud-based servers). When doing so, we will ensure that procedures and technologies are put in place to maintain the security of all personal data which is processed overseas.
We will take appropriate steps to make sure we hold records about you in a secure way, including:
1. All employees who have access to your personal data or are associated with the handling of that data are obliged to respect the confidentiality of your personal data; and
2. We will have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.
Complaints or queries about personal data collection
MCRactive tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns about the way we process your personal information, you have the right to complain to the Information Commissioner’s Office. The contact details are:
0303 123 1113 (Local rate) / firstname.lastname@example.org
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
If you require a paper copy of this Privacy Notice or if you require this information in large print, please contact us via email@example.com.
Links to other websites
This privacy notice does not cover the links within our websites linking to other websites. We encourage you to read the privacy statements on the other websites you visit. We also have no control over the nature, content and availability of websites linked from our websites. The inclusion of any links does not necessarily mean that we endorse the views expressed within those websites and we accept no liability for any statements, information, products or services published or expressed on or accessible through any websites owned or operated by third parties.
Changes to this privacy notice
We keep our privacy notice under regular review. You should check this page from time to time to ensure that you are happy with any changes made.