Background image for section-1

Privacy Policy

Privacy Policy – BookaGym.co.uk Last updated: 26.08.2025

This Privacy Policy explains how BookaGym ("we", "us", or "our") collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

We may collect and process:

  • Identity Data: Name, address, email, phone number, date of birth.
  • Account/Profile Data: Photographs, biography, fitness profile, and other info you add to your profile.
  • Booking Data: Details of bookings (venue, date, time), host/user communication, payments.
  • Verification Data: Proof of address, ID, and insurance details (for Hosts).
  • Payment Data: Processed securely by our payment provider; we do not store full card numbers.
  • Technical Data: IP address, device type, browser, cookies, and analytics.
  • Marketing Preferences: Choices for receiving promotional content and notifications.
  • CCTV, Photography, and Recording: a. Some Hosts may operate CCTV or use photography/video recording for the purposes of:
    • Security and safety
    • Preventing and detecting crime
    • Insurance and dispute resolution
    • Marketing, promotions, or listing photographs (only with consent) b. If a gym location uses CCTV:
    • Hosts must display clear notices/signage informing Users before or upon entry.
    • Footage is typically controlled by the Host as the Data Controller for those recordings, not BookaGym.

However, if BookaGym receives a copy for dispute resolution or safety investigations, we will process that footage under this Privacy Policy.

  • If photographs or videos are taken for marketing purposes:
  • We will obtain your explicit consent before using your identifiable image in any promotional material.
  • You have the right to withdraw consent at any time.
  • If photographs or videos are taken for insurance, safety, or incident recording:
  • These will be retained for the period required to resolve the matter or as required by law.
  • You may request access to such recordings where you are identifiable, subject to certain exemptions under UK GDPR.

We may also receive information about you from third-party partners for ID verification, fraud prevention, or advertising.

2. How We Use Your Data

We use your personal data to:

  • Provide and manage bookings between Hosts and Users.
  • Process payments and handle disputes.
  • Verify identity for fraud prevention and legal compliance.
  • Improve our website, apps, and customer support.
  • Send booking confirmations, updates, and service notifications.
  • Send marketing communications where you have consented.
  • Comply with legal obligations.

3. Legal Basis for Processing

Under UK GDPR, our processing is lawful because it is based on:

  • Contract Performance to fulfil a booking request.
  • Legal Obligation to comply with UK laws (e.g., tax reporting, law enforcement requests).
  • Legitimate Interests to improve our service, prevent fraud, ensure safety.
  • Consent for direct marketing and optional services (you can withdraw consent at any time).

4. Cookies and Tracking Technologies

We use cookies, pixel tags, and similar technologies to personalise your experience, remember your preferences, and analyse website performance. We comply with the Privacy and Electronic Communications Regulations (PECR) and will request your consent where required before setting non-essential cookies.

You can manage cookie preferences in your browser settings, although disabling certain cookies may affect the functionality of our site.

5. Sharing Your Data

We share personal information only when necessary:

  • With Payment Processors to manage transactions.
  • With Hosts (for Users’ bookings) or Users (for Hosts’ bookings).
  • With Service Providers who support our platform (IT, marketing, analytics).
  • With Law Enforcement when legally required.
  • With Insurers in connection with claims or coverage verification.
  • In Business Transfers, such as a sale, merger, or acquisition. We do not sell your personal data.

6. International Transfers

We may transfer your data outside the UK, for example to cloud service providers. Where this occurs, we use:

  • The UK Addendum to the EU Standard Contractual Clauses, or
  • An adequacy decision from the UK Government.

7. Data Retention

We keep your data:

  • For as long as you have an account.
  • To comply with legal and tax obligations.
  • To resolve disputes or enforce agreements. We securely delete or anonymise data when no longer required.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of your data.
  • Request deletion (right to be forgotten).
  • Restrict or object to processing.
  • Request a copy of your data in a portable format.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk
  • You can write to us at 15 High Street, Brackley, Northants, NN13 7DH.

9. Children’s Privacy

Our services are not directed to children under 18 without parental consent. We do not knowingly collect personal data from minors without approval.

10. Security

We use technical and organisational measures to protect your personal data. However, no method of online transmission is entirely secure.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Any significant changes will be notified on our website before taking effect.