PlayPlus Ltd is committed to protecting and respecting your privacy.
PlayPlus Ltd understands that your personal data is entrusted to us and appreciates the importance of protecting and respecting your privacy. To this end we comply fully with the data protection law in force in the UK (“Data Protection Laws”).
For the purpose of Data Protection Laws, the data controller is PlayPlus Ltd, with registered address at: Jamesfield Centre, Abernethy Road, Newburgh, Fife, Scotland, KY14 6EW, (Scotland), a Private Limited Company Registered in Scotland Number: SC600189.
When we refer to ‘we’, ‘us’ and ‘our’, we mean PlayPlus Ltd.
What personal data may we collect from you?
When we refer to personal data in this policy, we mean information that can or has the potential to identify you as an individual.
Accordingly, we may hold and use personal data about you as a customer, client, or in any other capacity, for example, when you visit one of our websites, complete a form, access our services or speak to us.
Personal data we collect from you may include the following:
information that you give us when you inquire or become a customer of us or apply for a job with us including name, address, contact details (including email address and phone number).
the name and contact details (including phone number) of your next of kin.
details of referrals and other contact and correspondence we may have had with you.
details of services you have received from us or which have been received from a third party and referred on to us.
information obtained from customer surveys, promotions and competitions that you have entered or taken part in.
as part of your induction or prior to a bespoke training programme, or provision of nutritional advice, notes and reports about your health and any treatment and care you have received and/or need.
patient feedback and health outcome information you provide.
information about complaints and incidents.
information you give us when you make a payment to us, such as financial or credit card information.
other information received from other sources, including from your use of websites and other digital platforms we operate, or are operated for us by third parties, or the other services we provide, information from business partners, advertising networks, analytics providers, or information provided by other companies who have obtained your permission to share information about you.
Where you use any of our websites, we may automatically collect personal data about you including:
computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform,
Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
We use third party providers for some of our services.
Website (including mobile site) - https://www.wix.com/about/privacy[GN1]
We may request special category data from you to assist in the development of a health or fitness programme. Special category data that might be collected includes information that relates to the following (the list is not exhaustive of items classified as special category, however, we don’t expect to collect data on other categories such as political views or sexual orientation):
racial or ethnic origin, or
religious or philosophical beliefs, or
genetic data, biometric data for the purpose of uniquely identifying a natural person, or
Examples of why we might record the above data include; racial or ethnic origin may help identify common ailments or allergens that tend to affect a particular group; religious beliefs may restrict the consumption of specific foods and therefore affect the nutritional advice that can be provided.
When do we collect personal data about you?
We may collect personal data about you if you:
visit one of our websites
enquire about any of our services
register to be a customer with us or book to receive any of our services
fill in a form or survey for us
carry out a transaction on our website
participate in a competition or promotion or other marketing activity
make online payments
contact us, for example by email, telephone or social media
participate in interactive features on any of our websites.
In the interests of training and continually improving our services, calls to PlayPlus Ltd and its agents may be monitored or recorded.
What personal data we may receive from third parties and other sources?
We may collect personal data about you from third parties such as:
If you are an employee of one of our corporate clients who has taken up one of our services, we may be passed your name, contact number and email address, in order to get in touch with you to arrange an appointment or collect further information from you;
We have a number of independent third parties acting on our behalf who may collect personal data from you to allow us to carry out the services we offer e.g. your GP might refer you for a consultation and development of a training programme tailored to your needs – they may collect personal data from you which is subsequently shared with PlayPlus Ltd for the continuity of your care and may be used for quality and monitoring purposes;
Your work/business contact information e.g. name, job title, address, email, contact number, which may have been collected from agencies, partner organisations or other third parties, for the purpose of business to business marketing activity, to allow PlayPlus Ltd to provide you with direct marketing communication about relevant products or services to you in your professional capacity or your organisation.
PlayPlus Ltd uses the services of independent instructors who teach classes or provide personal training. Instructors may need to share your personal data with PlayPlus Ltd;
How do we lawfully process your personal data?
Set out below are some of the ways in which we process personal data although to do so lawfully we need to have a legal ground for doing so. We normally process personal data if it is:
necessary to provide you with our services - to enable us to carry out our obligations to you arising from any contract entered into between us and you including relating to the provision by us of services to you and related matters such as billing, accounting and audit, credit or other payment card verification and anti-fraud screening
in our or a third party's legitimate interests to do so - see details below. For further information about direct marketing to businesses and legitimate interest, please see the ‘Marketing’ section below.
required or allowed by any applicable law
with your explicit consent for example: direct consumer marketing communications
Generally, we will only ask for your consent to processing if there is no other legal grounds to process. In these circumstances, we will always aim to be clear and transparent about why we need your consent and what we are asking it for. Where we are relying on consent to process personal data you have the right to withdraw your consent at any time by contacting us using the details below and we will stop the processing for which consent was obtained.
To process special category data we rely on additional legal grounds and generally, they are as follows:
With your explicit consent. We will confirm your consent at the start of any consultation and request your signature to confirm you are happy for PlayPlus Ltd to hold that data.
It is necessary to establish, make or defend legal claims or court action
It is necessary so that we can comply with employment law
It is necessary for a public interest purpose in line with any laws that are applicable. This should assist in protecting the public against dishonesty, malpractice or other seriously improper behaviour for example, investigating complaints, regulatory breaches or investigations.
Processing of personal data which you have made public:
As stated above, one of the legal grounds for processing data is where it is in our legitimate interest to do so, taking into account your interest's, rights and freedoms. This allows us to manage the relationship that exists between you and us and can include the following reasons:
provide you with information, products or services that you request from us
managing all aspects of our relationship with you, our products and services and any third parties who may provide products or services on our behalf
allow you to participate in interactive features of our services, when you choose to do so
notify you about changes to our products or services
keep our records up to date
respond to requests where we have a legal or regulatory obligation to do so
check the accuracy of information about you and the quality of your treatment or care, including auditing medical and billing information for insurance claims as well as part of any claims or litigation process
assess the quality and/or type of service you have received (including giving you the opportunity to complete customer satisfaction surveys) and any concerns or complaints you may raise, so that these can be properly investigated
to conduct and analyse market research
to ensure that content from any of our websites is presented in the most effective manner for you and for your computer
to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations including to defend ourselves from claims, exercise our rights and adhere to laws and regulations that apply to us and the third parties we work with
to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part our business.
The security of your personal data
We protect all personal data we hold about you by ensuring that we have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. We conduct assessments to ensure the ongoing security of our information systems.
Any personal data you provide will be held for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws.
All information you provide to us is stored securely. Any payment transactions on our website will be processed securely by third party payment processors. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.
The transmission of information via the internet cannot be guaranteed as completely secure. However, we ensure that any information transferred to our websites is via an encrypted connection. Once we have received your information, we will use strict procedures and security features to minimise the risk of unauthorised access.
At your request, we may occasionally transfer personal information to you via email, or you may choose to transfer information to us via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so understanding the risks associated with doing so.
How long do we retain your personal data?
Unless we explain otherwise to you, we will retain your personal data on the basis of the following guidelines:
for as long as we have a reasonable business need, such as managing our relationship with you and managing our business
for as long as we provide services to you and then for as long as someone could bring a claim against us (in general this is a period of 8 years); and/or
in line with legal and regulatory requirements or guidance.
Disclosure of your personal data to third parties
In the usual course of our business we may disclose your personal data (which will be limited to the extent reasonably necessary) to certain third party organisations that we use to support the delivery of our services. This may include the following:
business partners, suppliers and sub-contractors for the performance of any contract we enter into with you,
organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored,
third party debt collectors for the purposes of debt collection,
delivery companies for the purposes of transportation,
third party service providers for the purposes of storage of information and confidential destruction, third party marketing companies for the purpose of sending marketing emails, subject to obtaining appropriate consent.
Where a third-party data processor is used, we ensure that they operate with due regard to their obligations under Data Protection Laws.
We may also disclose your personal data to third parties in the event that we sell or buy any business or assets or where we are required by law to do so.
Special Category/Health information collected during provision of treatment or services
In an emergency and if you are incapacitated, we may also process your personal data (including special category data) or make personal data available to third parties on the basis of protecting your ‘vital interest’ (i.e. your life or your health).
We will use your personal data in order to monitor the progress and outcome of the program you undertake with us.
What do we do with any non-personal information collected when accessing the website?
We may also use other companies to set cookies on our websites and gather cookie information for us – please refer to the information detailed below. From time to time we may also analyse Internet Protocol (IP) addresses or other anonymous data sources.
By law, website operators are required to ask for a website user’s permission when placing certain kinds of cookie on their devices for the first time.
Where consent is required, the law states that it should be “informed consent”, which means we must ensure that you understand what cookies are and why we want to use them.
What are Cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving your user experience.
They can also help to ensure that adverts you see online are more relevant to you and your interests.
Category 1 Cookies
These cookies are essential in order to enable you to move around our websites and use its features, such as accessing secure areas of the websites. Without these cookies, services you have asked for cannot be provided.
Your consent is not required for the delivery of those cookies which are strictly necessary to provide services requested by you.
We use these types of cookies.
Category 2 Cookies
These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All the information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.
We use these types of cookies. By using our website and online services you agree that we can place these types of cookies on your device.
Category 3 Cookies
These cookies allow our websites to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video. The information these cookies collect is generally anonymised and they cannot track your browsing activity on other websites.
We use these types of cookies. By using our websites these you agree that we can place these types of cookies on your device.
Category 4 Cookies
These cookies are used to deliver adverts more relevant to you and your interests They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.
We do not use these cookies on our website.
Definitions used above are consistent with those supplied by the International Chamber of Commerce ‘ICC UK Cookie Guide’ April 2012 (copy available at accessed 05 Feb 2019).
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential Category 1 Cookies) you may not be able to access all or parts of our websites. For information on how to delete cookies, please refer to: https://ico.org.uk/for-the-public/online/cookies
PlayPlus Ltd may carry out two types of direct marketing:
1) Business to Consumer (B2C) which means, if you engage with PlayPlus Ltd in your capacity as an individual i.e. you are a gym member or an indoor play customer, then we may process your personal data for marketing purposes but only if we have your prior consent to do so; and
2) Business to Business (B2B) which means, if you engage with PlayPlus Ltd in your professional capacity e.g. if you represent a company with whom PlayPlus Ltd has an existing or prospective business relationship, PlayPlus Ltd may keep you up to date with services we offer/provide.
Business to Consumer (B2C)
You may also receive service communications from time to time (e.g. regarding your direct debit payment) which will not include an unsubscribe option as they are not considered marketing communication and will remain unaffected by your marketing preferences.
Business to Business (B2B)
Whether you have received a B2C marketing communication or a B2B marketing communication you will have the right to ask us to stop sending you marketing communication. B2B customers will have the right to opt out of receiving any further specific marketing communication at any time. Our marketing emails will include an unsubscribe option which you can select or, If you no longer wish to receive web based marketing information you can unsubscribe by emailing PlayPlus@treehouseandgym.co.uk.
For non-web based marketing information please write to: PlayPlus Ltd, Jamesfield Centre, Abernethy Road, Newburgh, Fife, Scotland, KY14 6EW. We would ask you to give us a reasonable amount of notice, to give us time to update our systems. While the precise timings vary by department, we generally ask that you give us at least 30 days’ notice.
Our premises are surveyed by CCTV for the purposes of security of individuals and the facility. Images and videos may be retained for 30 days in accordance with ICO guidelines[GN3] .
Your Rights under Data Protection Laws
The law gives you certain rights in respect of the personal data that we hold about you as well as information about what we do with it, who we share it with and how long we will hold it for. We may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs. The website of the Information Commissioner's Office (http://www.ico.org.uk) has a wealth of useful information in respect of your rights in your personal data. In addition to your right to stop marketing, detailed above, below is a short overview of the most commonly-used rights.
Data Subject Access Request [GN4] - With some exceptions designed to protect the rights of others you have the right to a copy of the personal data that we hold about you as well as information about what we do with it, who we share it with and how long we will hold it for. We may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs.
The Right of Erasure ('Right to be Forgotten') - the right to have your personal information erased where we have no reason to continue processing;
Data Portability - the right to move, copy or transfer personal information you have provided to us;
Right to Rectification - You have the right to have the personal data we hold about you corrected if it is factually inaccurate. It is important to understand that this right does not extend to matters of opinion, such as an exercise program. If any of your personal data has changed, especially contact information such as: email address, postal address and phone number please get in touch with us at Jamesfield, by email or by phoning us on the number displayed on the website so we can ensure your personal data is kept up to date
If you want to exercise your rights in respect of your personal data, the best way to do so is to contact us by email on PlayPlus@treehouseandgym.co.uk, or to write to us at the address below. In order to protect your privacy, we may ask you to prove your identity before we take any steps in response to such a request. Jamesfield Centre, Abernethy Road, Newburgh, Fife, Scotland, KY14 6EW.
If you are not satisfied with how we handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (http://www.ico.org.uk).
PlayPlus Ltd, Jamesfield Centre, Abernethy Road, Newburgh, Fife, Scotland, KY14 6EW
[GN1]What other web services will we use where customer data is entered? We should add their data here. We need to ascertain if we remain the data controller in these aspects, or if it is the responsibility of the 3rd party and they are therefore the data processor.
[GN2]Need to make sure this is in any independent instructors contract
[GN3]Assuming we’re still installing a CCTV system, we need to establish a routine for deletion after 30 days.
[GN4]Need to understand from each of the web services providers how we can request the info/actions below.