A1 Thornaby Limited (trading as allGym)
Privacy Notice
Last updated: July 2026
This notice explains how we collect, use, store and share personal information when you visit our website, contact us, become a member, use our app or facilities, or otherwise interact with allGym.
1. Who we are
A1 Thornaby Limited, trading as allGym, is the controller of the personal information described in this notice. This means we decide why and how that information is used.
Company: A1 Thornaby Limited (t/a allGym)
Company number: 13920365
Registered/business address: 8 New Street, Thornaby, Stockton-on-Tees, TS17 6BU
Privacy contact: dataprotection@allgym.co.uk
2. Information we collect
Depending on how you interact with us, we may collect:
- Identity and contact details: name, date of birth, address, email address, telephone number and emergency contact details.
- Membership information: membership type, start date, status, freezes, cancellations, guest visits and communications about your account.
- Payment information: billing details, payment status, transaction references and limited payment-card or direct-debit information. Full card details are normally handled by our payment providers rather than stored by us.
- Access and usage information: dates and times of entry and exit, QR code or access credential activity, attendance patterns, bookings and use of facilities.
- Account and technical information: usernames, account identifiers, device information, IP address, browser type, app and website activity and security logs.
- Health and safety information: health declarations, information you choose to provide about an injury, illness, disability or pregnancy, accident-book records and incident reports.
- CCTV images: footage recorded in and around the club, excluding areas where privacy would reasonably be expected.
- Customer-service information: enquiries, complaints, feedback, reviews, call notes, emails, messages and records of our interactions with you.
- Marketing information: your marketing preferences and information about how you interact with our emails, website, app and advertisements.
- Promotional content: photographs, video or testimonials where you have agreed that we may use them.
- Recruitment information: information provided when applying to work with us.
3. How we collect information
We collect information:
- directly from you when you join, contact us, complete a form, use the app, attend the club, make a payment or take part in a promotion;
- automatically through our website, app, access-control systems, CCTV, cookies and similar technologies;
- from service providers that help us administer memberships, payments, communications, website services and member benefits;
- from social-media platforms when you contact us, tag us or interact with our pages and advertising;
- from another person where they lawfully provide your details, for example as an emergency contact or guest.
4. How and why we use information
| Purpose | Typical information | Lawful basis |
|---|---|---|
| Set up and administer memberships, provide access and deliver member services | Identity, contact, membership, payment and access information | Performance of our contract with you |
| Take payments, issue refunds and recover unpaid sums | Payment, contact and membership information | Contract; legitimate interests; legal obligations |
| Provide customer support and manage enquiries, complaints, freezes and cancellations | Contact, account and communication records | Contract; legitimate interests; legal obligations |
| Control entry, prevent misuse of memberships and investigate unauthorised access | Access logs, membership records and CCTV | Legitimate interests in protecting members, staff, property and the business |
| Maintain health and safety, investigate accidents and respond to incidents | Incident reports, CCTV, access records and health information | Legal obligations; legitimate interests; substantial public interest or explicit consent where required |
| Operate, analyse and improve the club, website, app, facilities and services | Usage, attendance, technical, feedback and aggregated information | Legitimate interests |
| Prevent and detect fraud, misuse, damage and unlawful activity | Account, access, payment, technical and CCTV information | Legitimate interests; legal obligations |
| Send service messages about your membership, payments, safety or changes to our services | Contact and membership information | Contract; legitimate interests; legal obligations |
| Send marketing and measure its effectiveness | Contact details, preferences and interaction data | Consent or legitimate interests, together with applicable electronic-marketing rules |
| Establish, exercise or defend legal claims | Information relevant to the dispute or claim | Legitimate interests; legal obligations |
Where we rely on legitimate interests, we consider whether our interests are necessary and balanced against your rights and reasonable expectations.
5. Health and other sensitive information
Information about health is treated as special-category personal data under UK data-protection law. We only collect and use it where there is a valid reason and an additional legal condition permitting us to do so.
This may include information you provide in a health declaration, cancellation or freeze request, accident report, reasonable-adjustment request or other communication concerning your ability to use our facilities safely. We limit access to this information and do not use it for unrelated purposes.
6. CCTV and access monitoring
We operate CCTV and electronic access monitoring in and around the club for safety, security, access management, incident investigation, protection of members and staff, protection of property, enforcement of membership rules and, where appropriate, prevention and detection of unlawful activity.
CCTV is not installed in toilets, changing cubicles, showers or other areas where people would reasonably expect complete privacy. Access to footage is restricted to authorised people and footage may be disclosed to the police, insurers, legal advisers, regulators or other parties where lawful and necessary.
CCTV footage is normally retained for a minimum of 14 days and a maximum of 30 days, unless it is required for longer to investigate an incident, respond to a request or establish, exercise or defend a legal claim.
7. Marketing
We may send information about allGym memberships, services, offers, events and facilities by email, SMS, telephone, post, app notification or social media where the law permits us to do so.
We may rely on your consent or, where permitted, our legitimate interests and the electronic-marketing “soft opt-in” for our own similar products and services. You can opt out at any time by using the unsubscribe option in a message, changing your preferences where available, or contacting us.
Service communications about your membership, payments, safety, access or material operational changes are not marketing and may still be sent where necessary.
Our marketing emails may record delivery, opening and link-click information so that we can understand engagement and improve future communications. Where consent is required for this technology, we will seek it.
10. International transfers
Some service providers may store or access information outside the United Kingdom. Where personal information is transferred internationally, we take steps intended to ensure an appropriate level of protection, such as relying on UK adequacy regulations or approved contractual safeguards including the UK International Data Transfer Agreement or UK Addendum.
You may contact us for further information about the safeguards used for a particular transfer.
11. How long we keep information
We keep personal information only for as long as reasonably necessary for the purpose for which it was collected, including to meet legal, accounting, tax, insurance and reporting requirements and to establish, exercise or defend legal claims.
- Core membership and transaction records: normally for up to six years after the membership or relevant transaction ends, unless a longer or shorter period is justified.
- CCTV: normally for the period stated in section 6, unless footage is preserved for an incident, claim or lawful request.
- Access logs: up to 36 months after a membership lapses.
- Marketing records: for as long as you remain subscribed, together with a limited suppression record after you opt out so that we can respect your preference.
- Cookie and analytics data: according to the duration stated in our cookie settings or relevant provider information.
- Health, accident and incident information: for a period appropriate to the nature of the record, legal requirements and potential claims.
We may anonymise information so that it no longer identifies you and use the anonymised information for statistical or business purposes.
12. How we protect information
We use organisational and technical measures designed to protect personal information from loss, misuse, unauthorised access, alteration or disclosure. These may include access controls, authentication, staff permissions, secure systems, supplier due diligence and procedures for responding to suspected personal-data breaches.
No system is completely secure. You are responsible for keeping your account credentials confidential and should tell us promptly if you believe your account or access credentials have been compromised.
13. Your rights
Depending on the circumstances, you may have the right to:
- request access to your personal information;
- ask us to correct inaccurate or incomplete information;
- ask us to erase information;
- ask us to restrict how information is used;
- object to processing based on legitimate interests or to direct marketing;
- receive certain information in a portable format;
- withdraw consent at any time where processing is based on consent;
- ask for safeguards relating to certain international transfers;
- complain to the Information Commissioner’s Office.
These rights are not absolute and may not apply in every case. We may ask for information to verify your identity before acting on a request. We will not usually charge a fee, although the law permits a reasonable fee or refusal in limited circumstances involving manifestly unfounded or excessive requests.
14. Children and young people
Where a person under 18 uses our services, we may require the involvement or consent of a parent or legal guardian, depending on the service, the person’s age and our membership rules. We take additional care when handling children’s information and only collect what is reasonably necessary.
15. Changes to this notice
We may update this notice to reflect changes in our services, suppliers, technology or legal obligations. The latest version will be published on our website and the “last updated” date will be amended. Where a change is material, we may also bring it to your attention by email, through the app or by another appropriate method.
16. Contact and complaints
For questions about this notice or to exercise a data-protection right, contact:
A1 Thornaby Limited (t/a allGym)
8 New Street, Thornaby, Stockton-on-Tees, TS17 6BU
Email: dataprotection@allgym.co.uk
Please contact us first if you have a concern so that we have an opportunity to resolve it. You also have the right to complain to the Information Commissioner’s Office:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
