top of page

Privacy Policy


Cloud 9 Ladies Gym & Wellness
Privacy Policy
Last updated: 25 June 2025


hello@cloudninegym.co.uk

1. Who We Are

Cloud 9 Ladies Gym & Wellness is committed to protecting your privacy. We provide fitness and wellness services through independently operated health clubs. This policy explains how we collect and use your personal data, why we do it, who we share it with, and your rights in relation to that data.

When you become a member or use our services, both Cloud 9 and the individual gym (your "Home Club") may be responsible for processing your data. In most cases, we act as joint data controllers with the operators of our clubs. This means we make joint decisions about how and why your personal data is used—for example, to manage your membership, collect payments, or run wellness programs.

If a club is independently operated, that operator is also responsible for their own privacy practices and may act as an independent controller for certain purposes (e.g. incident management, emergency contact use).

2. How We Collect and Use Your Personal Data

We collect personal data from you when you interact with us—such as signing up, visiting our website, attending classes, using our app, or contacting us.

We also receive information from devices and services you use with us (e.g. wearable trackers or fitness systems), and from our partners (e.g. payment processors). This helps us deliver and improve our services.

We collect the following categories of personal data:

  • Personal identifiers: Your name, address, email, phone number, emergency contact

  • Demographic details: Gender, date of birth, Home Club

  • Usage data: Class attendance, frequency of visits, activity levels

  • Device and web data: IP address, browser type, device ID

  • Transaction data: Payments, refunds, billing records

  • Communications: Inquiries, feedback, or support requests

  • Biometric data: If using fingerprint or facial recognition for entry (with consent)

  • Health and fitness data: Collected via programs like Empower, or in emergencies (with consent)

We use this data to:

  • Provide and manage your membership

  • Deliver tailored programs and services

  • Track your progress and visits

  • Contact your emergency contact when necessary

  • Conduct surveys and gain feedback

  • Manage bookings, payments, and support

  • Improve our services, operations, and communications

3. Special Category Personal Data

Some personal data is considered more sensitive under law—this includes health details and biometric data. We may collect this when:

  • You participate in health assessments or the Empower Programme

  • You use gyms that require biometric access (like fingerprint or facial scan)

  • You experience an accident or health event while on our premises

We only process this information:

  • With your explicit consent, or

  • When needed for health and safety purposes, or

  • To protect your vital interests in emergencies

We treat this data with extra care, and you can withdraw your consent at any time.

4. Legal Bases for Using Your Data

Under data protection law, we must have a valid reason ("legal basis") to use your personal data. These include:

  • Consent – when you agree to us using your data (e.g. for marketing or health data)

  • Contractual necessity – to fulfill our obligations as part of your membership

  • Legal obligation – to comply with laws or regulations (e.g. health and safety)

  • Vital interests – when necessary to protect your life or safety in emergencies

  • Legitimate interests – where the use of data benefits our operations and doesn’t unfairly affect your rights (e.g. improving our services, maintaining security)

5. Legitimate Interests Explained

We may use your data based on our legitimate interests in situations such as:

  • Managing and improving club operations

  • Understanding member usage and preferences

  • Responding to inquiries and resolving complaints

  • Running promotions or loyalty schemes

  • Ensuring IT and network security

  • Enforcing legal claims and defending disputes

We always balance our interests with your rights and only process data in a way that’s fair and proportionate.

6. Emergency Contact

When you join, we ask for an emergency contact. This is used only in urgent cases (e.g. if you faint or are injured during a workout). We may share limited health details with your contact to ensure you receive proper help.

You should let your emergency contact know you’ve shared their details with us.

7. How Long We Keep Your Data

We keep your personal data for only as long as necessary for the purposes for which it was collected, in line with our legal and operational obligations.

  • Communications and correspondence are kept for 12 months.

  • Booking data related to online classes is retained for 18 months.

  • Records of gym visits and access logs are stored for 60 months (5 years).

  • Fitness assessments or one-on-one wellness appointments are kept for 72 months (6 years).

  • All personal data connected to your membership (including contact information, emergency contacts, Home Club, birth date, purchases, and injury records) is kept for 60 months (5 years).

  • Financial transactions (such as payment records, refunds, and billing history) are retained for 84 months (7 years) in line with accounting and tax regulations.

We may retain data for longer if required for legal, regulatory, or dispute resolution purposes.

8. Who We Share Your Data With

We may share your personal data with:

  • Club franchisees/operators – to manage your Home Club membership

  • Payment processors (e.g. GoCardless) – to handle transactions securely

  • Service providers – like IT platforms, database hosts, email tools, CRM systems

  • Wellness technology providers – e.g. MyZone (for fitness trackers)

  • Emergency services – in health or safety incidents

  • Regulatory or legal authorities – when legally required

  • Marketing partners – only where consent is provided

All third-party providers are required to follow strict data protection standards.

9. International Data Transfers

We store your data within the UK and European Economic Area (EEA). However, we may work with providers outside this region. Where we do, we ensure appropriate safeguards are in place, such as:

  • UK adequacy decisions, or

  • Standard Contractual Clauses (SCCs) approved by data regulators

This ensures your data remains protected even when processed abroad.

10. How We Protect Your Data

We take data security seriously and use technical and organisational safeguards, such as:

  • Password-protected systems and accounts

  • Staff training in data handling

  • Regular system updates and audits

  • Secure hosting and encrypted communications

Please note, while we do our best, internet transmissions aren’t completely secure. Use caution when submitting data online.

11. Your Rights

You have legal rights relating to your personal data, including:

  • Right to access – to see what data we hold about you

  • Right to correct – to fix inaccurate or outdated data

  • Right to erasure – to request deletion (subject to exceptions)

  • Right to restrict – to pause processing in certain cases

  • Right to data portability – to transfer your data to another provider

  • Right to object – especially for marketing or profiling

  • Right to withdraw consent – if you previously gave permission

To exercise these rights, contact us at hello@cloudninegym.co.uk.

If you’re unhappy with how we’ve handled your data, you also have the right to complain to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.

12. Direct Marketing

We may send you marketing communications via:

  • Email, SMS, or app notifications – but only if you opt in

  • Phone or post – unless you opt out

Marketing may include updates about our services, events, offers, or third-party promotions. You can manage or withdraw your consent anytime via your member portal or by emailing us.

We may still contact you with service messages (e.g. booking confirmations, schedule changes, emergency closures), even if you opt out of marketing.

13. How to Contact Us

To ask questions or exercise your data rights:

Email: hello@cloudninegym.co.uk
Post: Cloud 9 Ladies Gym & Wellness
1 Crabapple Road
Tonbridge, United Kingdom

For club-specific issues (e.g. missed appointments, membership queries), contact your Home Club manager directly.

14. Third-Party Links

Our website may include links to third-party sites. These sites operate independently and have their own privacy policies. We’re not responsible for their content or data handling practices.

15. Changes to This Policy

We may update this Privacy Policy from time to time. You’ll always find the latest version on our website, with the effective date noted at the top. If we make significant changes, we’ll notify you via email or an alert on our site.

bottom of page