Privacy Policy
Created: April 13, 2026
This Privacy Policy explains how Winchester Racquets & Fitness (“the Company”) collects, uses, and protects your information. We are committed to processing all Personal Data lawfully, fairly, and in a transparent manner.
- Information We Collect
We collect and process Personal Data (information that identifies you) to provide our services:
- Contact Inquiries: Your name, email address, and message content provided via our “Contact Us” form.
- Member Account Data: Managed via our portal provider, ServeSport. This includes account credentials and profile information necessary for the performance of your membership contract.
- Payment Information: Processed securely via GoCardless. Financial details are provided directly to them; we do not store full bank details on our internal systems.
- Website Analytics: We use Google Analytics to collect anonymous data to help us improve our website.
- How We Use and Share Your Information
We use your information strictly for legitimate business purposes:
- Expert Responses: To provide the best support, we may forward your inquiries to relevant coaches or staff members (Company Personnel) within our organisation.
- Service Provision: Data in the member portal is used to manage bookings and memberships.
- Trusted Third Parties: We only share data with service providers who have agreed to comply with our security standards and UK GDPR-approved clauses. These include:
- ServeSport (Portal hosting)
- GoCardless (Payment processing)
- Google (Analytics)
Coach and Personal Trainer Contact
Our website includes profiles for coaches and personal trainers, which may display their professional contact details. If you choose to contact a coach or personal trainer directly using these details, any personal data you provide (such as your name, contact information, and message content) will be shared with that individual for the purpose of responding to your enquiry.
Coaches and personal trainers are required to handle personal data responsibility and in line with applicable data protection laws.
- External Links
Our website may contain links to third-party websites, plug-ins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.
- Data Retention & Minimisation
We only collect data that is adequate and relevant to your needs.
- Contact Inquiries: Records are retained for 24 months from the last correspondence to ensure continuity of service, then securely destroyed.
- Member Data: Retained for the duration of your active membership and erased once no longer required for lawful processing.
- Data Security
We implement technical and organizational measures to protect your data against unauthorized access or accidental loss:
- All data transmissions on our website, the ServeSport portal, and GoCardless use SSL encryption.
- Internal access is restricted to personnel with a “need to know” to perform their duties.
- Your Rights
Under the UK GDPR, you have rights regarding your Personal Data, including the right to withdraw consent, request access, or ask for the erasure of your data.
Further detail on these rights and how we meet out UK GDPR obligations is set out in our Data Protection Policy.
Data Privacy Contact: All data requests and privacy inquiries are managed by our Data Protection Lead, Ian Fowler, General Manager, in accordance with our internal Data Protection Policy. To exercise your rights, please contact us via the details on our ‘Contact Us’ page.
