privacy

The Bridge is committed to ensuring the safety and security of your information. The purpose of this document is to explain what we do with the information you provide when signing up to receive communications from us that are outside of your business with us (if you have any). It includes data captured on our website, our app or relevant CRM systems. If we make any significant changes to this document, we will advertise this on the website so please check the website occasionally to make sure you are happy with any changes.

For the purposes of the legislation in this area, The Bridge is known as the ‘Data Controller’, and is therefore responsible for what happens to the information you provide. We have a dedicated email address for any questions you may have about the use to which we put your data – the address is dp@thebridge-uk.org.

If you prefer to write to us, please address your letters to the Head of Operations, 73-81 Southwark Bridge Road, London SE1 0NQ, or telephone us on 020 7089 6250.

The Bridge is committed to complying with the Data Protection Act 1998, the General Data Protection Regulation (GDPR) from 25th May 2018 and The Privacy and Electronic Communications (EC Directive) Regulations 2003. By using our website, office and services, you are consenting to us processing your information in the ways stated in this document.

personal information we collect

We collect personal information when you ask about our activities, register with us or when you order products and services – for example, hire a room, register as a gym member, attend one of our programmes or register for email newsletters.

By submitting personal data manually or in electronic form to our website, or by using our app, you automatically give your consent that all personal data you submit may be processed in the manner and for the purposes described below.

If you do nothing other than read pages or download information while using our web site, we will collect information about your visit. This information will not personally identify you. It relates to:

  • the internet domain and IP address from which you access the web site

  • the type of browser and operating system you use

  • the date and time of your visit, 

  • demographic and interest information from Google,   

  • the pages you visit, and

  • the address of the website from which you linked to us (if applicable)..

sensitive data

When registering and signing up for our health and fitness services, we collect the personal health data you provide to us. We collect this to ensure we are offering you the right services and so your progress can be tracked by yourself and us. We may ask you for information about your health in order to recommend appropriate exercise regimes or offer our other services.

We collect financial data for payment processing and to comply with our legal obligations.

We are sometimes required to collect information about your ethnicity and other sensitive data in order to provide information and reports on our charitable work and profile to the relevant stakeholders. This information is used only for statistical purposes and is always kept secure and anonymous. If you prefer not to provide us with this data, you do not have to.

how we use your information

We will use your information (personal or otherwise) to provide you with the services, products or information you have requested. We may need to share your information with our service providers, associated organisations and agents for these purposes.

We will use your information only for the purposes of:

  • responding to your query and providing relevant information

  • providing you with any services that you have purchased or receive free as part of a health or other schemes

  • checking your eligibility where appropriate

  • research and analysis so we can develop and improve our services for your benefit

  • providing marketing communications (if you have given us your permission)

  • asking you to complete a survey or an evaluation

  • contacting you about events

  • notifying you of gym and fitness related confirmations and updates. This may include class, appointment and course bookings and membership purchases. Although you have to consent to receive said notifications, we strongly recommend utilising this feature to receive essential information regarding your membership and bookings and for your own personal records.

  • notifying you of news and promos, including events, workshops and projects taking place at The Bridge (if consented to receiving said notifications)

  • processing a transaction if you make a payment to us

  • complying with legal requirements

  • safeguarding users of our services

The Bridge Central will only use your information in the instances when consent was given. The Bridge Central will not put information given to any other use without seeking additional consent from you. 

how The Bridge Gym stores and uses your data

If you wish to sign up for gym memberships, classes, courses and appointments at The Bridge Gym, you will have the opportunity to review our app and CRM software (Mindbody) Privacy Policy. This policy directly aligns with our Privacy Policy as The Bridge Central, and provides detailed and sufficient information into how your data will be safely handled and stored by Mindbody.

Where data is transferred out of Europe via our Mindbody database, we employ the EU-US Privacy Framework.

The EU-U.S. Privacy Framework was designed by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements and GDPR when transferring personal data from the European Union to the United States.

You can view their full Privacy Policy here: https://co.mindbodyonline.com/legal/privacy-policy

our legal basis for processing your information

By submitting an email via our “contact us” section on our website, you have consented to us contacting you in response to your query, and using your details for that purpose. 

If you have opted into any of our mailings (events, updates, to be contacted regarding programmes, etc.), you have consented to us using your information for this purpose. 

When we contact you to ask if you would like to participate in a survey, we treat this as a legitimate interest of the business – that interest being to seek views to improve our service.  We do not send these requests frequently and there is no obligation to respond, therefore we consider any prejudice to you to be limited, and the legitimate need to seek views of our contacts on how we are performing so that we can deal with any issues that arise and improve our offering, outweigh this.

You can withdraw your consent to this at any time by contacting dp@thebridge-uk.org or writing to us at the above address.  However your consent will remain valid until we receive the withdrawal notice from you.  There will also be the option to unsubscribe from any of our mailings at the bottom of the email you receive.

how we keep your information safe

We understand the importance of security of your personal information and take appropriate steps to safeguard it. We hold data in secure environments such as on our CRM systems. All of our data held in our servers is stored in London. Any cloud-based storage through our CRM for the purposes of space hire is stored within the EEA in line with guidelines. The CRM system used for space hire purposes is with Hallmaster, their Privacy Policy can be read in full here.

For our gym membership CRM system please reference the storage information we provide in ‘how the The Bridge Gym stores and uses your data’ section above.

We regularly review our IT provision to ensure that what we have is fit for purpose and that data is secure.

All staff who have access to personal data are trained in how to use the information in a secure and sensitive way, and our policies on accessing information from other devices ensure that your information is as secure as it can reasonably be.

No data transmission over the internet can be guaranteed to be 100% secure, so while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.

access to your information

Other than staff employed by The Bridge, the Charity may share information with third party organisations that provide specific services on our behalf which enhance our products and your experience with us, such as our app provider. These organisations act as a Data Processor under our instructions. We select our third party service providers with care and only provide them with the information that is necessary to deliver the service. There is a contract in place with each third party which includes strict terms and conditions to protect your privacy. These are:

  • Third parties who provide mailing services for us, for example Mail Chimp, who we use to send out group emails on our behalf.

  • Third parties if we run an event, service or programme in conjunction with them. We will let you know how your data is used when you register for any event.

  • If you are making a payment through the website, the transaction is undertaken by PayPal, with whom we have a legal agreement.  When you checkout, you will be automatically redirected to a secure server managed by PayPal, and we will not see, store or use any of the details that you enter into that site.

  • Payments made by credit or debit cards are processed by Cardnet and we will not see, store or use any of the details that you enter. However we do hold the supplier receipts but these are kept securely to fulfil our legal requirements.

  • Accounts set up through our Mindbody software for our health and fitness services.

We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.

Other than this, we will not share your information with other organisations without your consent.

keeping your information up to date

We really appreciate it when you let us know that your contact details have changed. To do this contact us at info@thebridge-uk.org.

how long we keep your information

We retain personal information as long as we consider it useful to contact you, or as needed to comply with our legal obligations.  Where data is not needed for legal or statutory purposes we will delete this information if you request. See the contacts section to request your data to be deleted.

If you ask us to stop contacting you, we will keep a record of your contact details and limited information needed to ensure we comply with your request.

your rights

You have the right to request details of the information that we hold about you and the uses to which it is put - this is known as a Subject Access Request. Such requests have to be made in writing. To make a request, please contact us at dp@thebridge-uk.org or at the address given above.

You also have the following rights which will be introduced in the UK under the GDPR in May 2018:

  • the right to request rectification of information that is inaccurate or out of date;

  • the right to erasure of your information (known as the “right to be forgotten”);

  • the right to restrict the way in which we are dealing with and using your information; and

  • the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”);

Under the EU-US Privacy Framework Principles, the right of access is fundamental to privacy protection. In particular it allows individuals to verify the accuracy of the information held about them. The Principles mean an individual has the right to:

1.       obtain from an organisation confirmation of whether or not the data processed about the individual can be verified as accurate and lawful;

2.       have the data corrected, amended or deleted where it is inaccurate or has been processed in violation of the Principles.

All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact dp@thebridge-uk.org.

If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found at https://ico.org.uk/concerns

Last updated 17 November 2023

If you have any questions or queries about any aspect of our privacy policies or procedures, please contact us using the above contact details.