Privacy Policy

Effective Date: 27th August, 2025

Aerilon Ltd trading as Apex Gyms (“Apex Gyms”, "Apex", “we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you interact with us — whether in person at one of our clubs, online through our website (www.apexgyms.co.uk), via mobile app, or through other communication channels.

We adhere to the principles set out in the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and relevant ICO guidance.

1. Personal Data We Collect

We may collect and process the following categories of personal data:

a. Membership & Identity Data

Full name, date of birth, gender
Address, email address, phone number
Membership ID and preferences
Proof of identity documents (if applicable)

b. Health & Lifestyle Data

Health declarations (e.g., PAR-Q forms)
Medical conditions disclosed voluntarily
Emergency contact details

Note: Health data is considered “special category data” and is processed with your explicit consent.

c. Financial & Transactional Data

Payment details (e.g., bank account or card details)
Billing history, invoices, failed payment records
Direct debit or recurring billing info

d. Technical & Usage Data

IP address, device ID, browser type, cookies
Log-in and location data (via app or web portal)
Session times, class bookings, check-ins
Communications history (email, SMS, chat)

e. Visual & Audio Data

CCTV footage from gym premises
Photographs (e.g., for ID verification)
Customer service call recordings (where applicable)

We may collect and process the following categories of personal data:

a. Membership & Identity Data

Full name, date of birth, gender
Address, email address, phone number
Membership ID and preferences
Proof of identity documents (if applicable)

b. Health & Lifestyle Data

Health declarations (e.g., PAR-Q forms)
Medical conditions disclosed voluntarily
Emergency contact details

Note: Health data is considered “special category data” and is processed with your explicit consent.

c. Financial & Transactional Data

Payment details (e.g., bank account or card details)
Billing history, invoices, failed payment records
Direct debit or recurring billing info

d. Technical & Usage Data

IP address, device ID, browser type, cookies
Log-in and location data (via app or web portal)
Session times, class bookings, check-ins
Communications history (email, SMS, chat)

e. Visual & Audio Data

CCTV footage from gym premises
Photographs (e.g., for ID verification)
Customer service call recordings (where applicable)

2. How We Use Your Data

We use your personal data for the following purposes:

Purpose

To set up and manage your membership.

To process payments and billing

To contact you about class bookings, cancellations, or gym updates

To send marketing messages (email/SMS)

To ensure health & safety on premises

To operate CCTV and ensure security

To personalise your experience (e.g., app recommendations)

To comply with legal and regulatory requirements

Purpose

To set up and manage your membership.

To process payments and billing

To contact you about class bookings, cancellations, or gym updates

To send marketing messages (email/SMS)

To ensure health & safety on premises

To operate CCTV and ensure security

To personalise your experience (e.g., app recommendations)

To comply with legal and regulatory requirements

Legal Basis

Contract

Contract / Legal Obligation

Legitimate Interest

Consent

Legal Obligation

Legitimate Interest

Legal Obligation

Legal Basis

Contract

Contract / Legal Obligation

Legitimate Interest

Consent

Legal Obligation

Legitimate Interest

Legal Obligation

Legal Basis

Contract

Contract / Legal Obligation

Legitimate Interest

Consent

Legal Obligation

Legitimate Interest

Legal Obligation

3. Marketing & Communication

With your consent, we may send you:

Newsletters

Class updates
Promotions and offers
Surveys and feedback requests

You can opt out at any time by clicking “unsubscribe” in our emails or managing preferences in your member account.

With your consent, we may send you:

Newsletters

Class updates
Promotions and offers
Surveys and feedback requests

You can opt out at any time by clicking “unsubscribe” in our emails or managing preferences in your member account.

4. CCTV Monitoring

We use CCTV in all Apex Gym premises for:

Preventing and detecting crime
Ensuring the safety of members and staff
Monitoring compliance with health and safety rules

CCTV footage is retained for no more than 30 days unless required for investigation or legal proceedings.

We use CCTV in all Apex Gym premises for:

Preventing and detecting crime
Ensuring the safety of members and staff
Monitoring compliance with health and safety rules

CCTV footage is retained for no more than 30 days unless required for investigation or legal proceedings.

5. Sharing Your Information

We may share your data with:

Payment providers (i.e., Stripe)
CRM and booking systems (i.e., GoKenko)
Marketing platforms (i.e., GoKenko)
IT service providers (hosting, maintenance)
Insurers or legal advisors (as required)
Government authorities or law enforcement (if legally required)

We ensure all vendors comply with data protection standards through contracts and due diligence.

We may share your data with:

Payment providers (i.e., Stripe)
CRM and booking systems (i.e., GoKenko)
Marketing platforms (i.e., GoKenko)
IT service providers (hosting, maintenance)
Insurers or legal advisors (as required)
Government authorities or law enforcement (if legally required)

We ensure all vendors comply with data protection standards through contracts and due diligence.

6. International Data Transfers

Some service providers may store data outside the UK. In such cases, we ensure:

Adequate safeguards (e.g., UK IDTA, SCCs)
Data minimisation and encryption
Vendor compliance with UK GDPR standards

Some service providers may store data outside the UK. In such cases, we ensure:

Adequate safeguards (e.g., UK IDTA, SCCs)
Data minimisation and encryption
Vendor compliance with UK GDPR standards

7. How Long We Keep Your Data

Data Type

Membership data

Financial records

Health declarations

CCTV footage

Marketing preferences

Data Type

Membership data

Financial records

Health declarations

CCTV footage

Marketing preferences

Retention Period

6 years after account closure

6 years (HMRC requirement)

Until membership ends

30 days (unless required longer)

Until consent is withdrawn

Legal Basis

6 years after account closure

6 years (HMRC requirement)

Until membership ends

30 days (unless required longer)

Until consent is withdrawn

Legal Basis

6 years after account closure

6 years (HMRC requirement)

Until membership ends

30 days (unless required longer)

Until consent is withdrawn

8. Your Data Protection Rights

You have the following rights under the UK GDPR:

Right of access – to request a copy of your data
Right to rectification – to correct inaccurate information
Right to erasure – to request deletion of data
Right to restrict processing – under certain conditions
Right to data portability – in certain scenarios
Right to object – to processing based on legitimate interest or direct marketing
Right to withdraw consent – at any time

You can exercise your rights by emailing privacy@apexgyms.co.uk.

You have the following rights under the UK GDPR:

Right of access – to request a copy of your data
Right to rectification – to correct inaccurate information
Right to erasure – to request deletion of data
Right to restrict processing – under certain conditions
Right to data portability – in certain scenarios
Right to object – to processing based on legitimate interest or direct marketing
Right to withdraw consent – at any time

You can exercise your rights by emailing privacy@apexgyms.co.uk.

9. Cookies & Website Tracking

We use cookies for:

Functionality (e.g., keeping you logged in)
Performance analytics (e.g., Google Analytics)
Marketing (e.g., Meta Pixel, Google Ads)

You can manage cookies via your browser preferences.

We use cookies for:

Functionality (e.g., keeping you logged in)
Performance analytics (e.g., Google Analytics)
Marketing (e.g., Meta Pixel, Google Ads)

You can manage cookies via your browser preferences.

10. Data Security

We protect your data through:

Secure HTTPS encryption
Access control and authentication
Data minimisation and anonymisation
Regular staff training and audits
Secure off-site backups

We protect your data through:

Secure HTTPS encryption
Access control and authentication
Data minimisation and anonymisation
Regular staff training and audits
Secure off-site backups

11. Children’s Data

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children without parental consent.

12. Complaints

If you are not satisfied with how we handle your data, please contact our Data Protection Lead at privacy@apexgyms.co.uk.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): https://www.ico.org.uk

If you are not satisfied with how we handle your data, please contact our Data Protection Lead at privacy@apexgyms.co.uk.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO): https://www.ico.org.uk

13. Changes to This Policy

We may update this policy from time to time. The latest version will always be posted at www.apexgyms.co.uk/privacy-policy with a revised “Effective Date”.

Crafted by

Free Trial