Privacy Policy
Last updated: 08/08/2026
1. Introduction
Nordic Power Gym Ltd is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with us, including when you become a member, use our facilities, visit our website, or contact us.
We are the data controller for the purposes of UK data protection law.
Contact details:
Gym Name: Nordic Power Gym Ltd
Address: Unit 3 Foundry yard, Honiton, Devon, EX14 1LA
Email: nordic_power@outlook.com
Phone: 07827 225770
2. Personal Data We Collect
We may collect and process the following types of personal data:
a) Identity and Contact Information
Full name
Date of birth
Address
Email address
Phone number
b) Membership and Payment Information
Membership type and start/end dates
Attendance records
Payment status and transaction references
(We do not store full card details; payments are handled securely by third-party providers.)
c) Health and Fitness Information
Health questionnaires and fitness assessments
Injury or medical information you choose to provide
This information is treated as special category data and handled with additional care.
d) CCTV Footage
Images and video recordings from CCTV systems used for safety and security
e) Website and Communication Data
IP address
Website usage data
Emails, messages, or enquiries sent to us
3. How We Use Your Personal Data
We use your personal data to:
Manage gym memberships and bookings
Provide fitness services and support
Process payments and maintain accounts
Ensure health and safety within the gym
Communicate important information (e.g. membership updates)
Improve our services and facilities
Comply with legal and regulatory obligations
4. Legal Bases for Processing
Under UK GDPR, we rely on the following lawful bases:
Contract – to provide gym membership and services
Legal obligation – for accounting, health & safety, and regulatory compliance
Legitimate interests – for security, service improvement, and administration
Consent – for marketing communications and health-related data where required
You may withdraw consent at any time.
5. Marketing Communications
We may send you marketing emails or messages if you have opted in.
You can opt out at any time by:
Clicking the unsubscribe link in emails, or
Contacting us directly
6. Sharing Your Data
We may share your data with:
Payment processors
Membership management software providers
IT and system support providers
Legal or regulatory authorities (where required by law)
All third parties are required to protect your data and use it only for specified purposes.
7. Data Retention
We retain personal data only for as long as necessary:
Membership records: up to 6 years after membership ends
Financial records: as required by HMRC
CCTV footage: typically 30 days, unless required for an investigation
8. Data Security
We take appropriate technical and organisational measures to protect your personal data, including:
Secure digital systems
Restricted access to personal information
Staff training on data protection
9. Your Data Protection Rights
You have the right to:
Access your personal data
Request correction of inaccurate data
Request erasure of your data
Restrict or object to processing
Data portability
Withdraw consent at any time
To exercise your rights, contact us using the details above.
10. Complaints
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Website: https://www.ico.org.uk
11. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available at our premises or on our website.