PRIVACY POLICY

Introduction:

Continuum Sport and Leisure Limited (Continuum) are committed to respecting people’s privacy. This policy is aimed at those that we come into contact with through the course of work including our staff, associates, clients and their stakeholders. It describes the type of information we collect, how we obtain it, why we have it, what we use it for and how we store it. It also outlines the data protection rights that apply relating to the information we hold.

Our contact details:

Continuum Sport & Leisure Limited New Broad Street House 35 New Broad Street London EC2M 1NH

info@continuumleisure.co.uk

The type of personal information we collect:

We currently collect and process the following information:

• Names and contact details of our existing and prospective clients.
• Names and contact details of those we come into contact with through the course of our work for our clients.
• Images in video/audio recordings and photographs.
• Summaries of interactions we have such as telephone calls, meetings, emails and other correspondence.
• Records of any events that you have attended that are hosted by us.  
• Employee and associate data including personal details, National Insurance number, bank details, medical conditions, emergency contact details, qualifications, insurance details, driving license information, references and payments make.
• For our clients, details of purchase orders and payments made.
• From time to time, in particular circumstances, we may collect and process sensitive information (special category data) which includes details about an individual’s gender, age, ethnicity, religious beliefs, sexual orientation, health (including disability), educational attainment and postcode. We do not routinely collect this data and only do so where there is a legitimate business reason to do so, for example: if we are commissioned to conduct research or produce content for our clients, or you are considering working with us. We work hard to ensure that if information is collected for research purposes it is anonymised wherever possible.

How we get the personal information and why we have it:

Most of the personal information we process is provided to us directly by you or our clients for one of the following reasons:

• You have made an enquiry about using our services.
• You have made an enquiry or information request about a programme or service that we are running on behalf of our clients or partners.
• You have been invited to participate in a consultation exercise, engagement eventor working group.
• You have signed up to receive newsletters, updates or other information from us or as part of one of the programmes or projects we run for our clients.
• You have applied to work with us or are/have previously been employed/contracted by us.
• You have agreed to be part of case study, audio or video recording for us or one of our clients.

We only use your personal data when we are allowed to by law. We use the data that you or our clients have given us in order to:

• Provide you with information about our services (if this is why you have contacted us).
• Provide you with information about the projects and programmes we run on behalf of our clients (if this is why you have contacted us or your details have been shared with you) and offer you the opportunity to participate in related consultation or engagement events.
• Provide evaluation data to our clients on participation in particular programmes.
• Process employment or contract data (if you have applied work with us).

We may share this information with our clients for the purposes of fulfilling our contractual obligations or with the emergency services and law enforcement agencies, should this be required. For employees, we may also share this information with our accountants, HMRC and other official agencies if required.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:

• Your consent (for audio/visual and photographs only).
• We have a legal obligation.
• We need it to perform a public task.
• We have a vital interest (employees and associates only).
• We have a legitimate interest.

You are able to remove your consent at any time. You can do this by contacting info@continuumleisure.co.uk

How we store your personal information:

Your information is securely stored on our secure server which has restricted access. If our clients have provided us with your data, or require us to collect it, it may also be stored on their servers or networks (or those of their suppliers) which we may be permitted to access. We use our best endeavours to protect your personal data and have security measures in place to minimise the risk of this.

We only keep your personal data for as long as necessary and for the purposes we are collecting it for. This varies widely from as little as a few months to up to several years and is largely dictated by the reason we have it and the duration specified in our client contracts, associates’ contracts, accountancy practices, HR policies and employment law. When we no longer need your data, we will securely delete it or shred it.

Your data protection rights:

Under data protection law, under certain circumstances you have the right to access, transfer, rectify or ask us to delete the personal data we hold on you. You have several rights including:

• Your right of access - You may have the right to ask us for copies of your personal information (Employees only).
• Your right to rectification – You may have the right to ask us to rectify personal information you think is inaccurate. You may also have the right to ask us to complete information you think is incomplete.
• Your right to erasure - You may have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing – You may have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing - You may have the right to object to the processing of your personal information in certain circumstances.
• Your right to data portability - You may have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Your rights will differ depending on the lawful basis for our processing of it.

Updating our policy:

Please note that this Privacy Policy is subject to regular review and may change from time to time. The date at the top of the policy indicates the date upon which our policy was reviewed or revised. If we plan to use your personal data for a new purpose, we will update our privacy information and make all best attempts to communicate the changes to affected individuals before we start any new processing.

Transfer of data outside the European Economic Area

We do not currently store or transfer any data outside of the EEA. In the event that this is required we will ensure we meet all the obligations and review implications related to the Schrum II ruling namely:

1. Data Transfer Mechanisms: We will agree and use appropriate data transfer mechanisms when transferring personal data outside the European Economic Area (EEA) to countries that do not have an adequacy decision from the European Commission. This would include standard contractual clauses (SCCs), binding corporate rules (BCRs), or obtaining explicit consent from data subjects.
2. Assessment of Data Transfers: We will conduct a thorough assessment of the laws and practices of the recipient country to ensure that adequate safeguards are in place to protect personal data.
3. Enhanced Due Diligence: We will conduct enhanced due diligence when transferring personal data to countries with questionable data protection practices.
4. Data Protection Impact Assessments (DPIAs): We will conduct DPIAs to assess the potential risks to individuals' rights and freedoms when transferring personal data to third countries. DPIAs can help identify and address privacy risks associated with international data transfers, including those highlighted in the Schrems II ruling.
5. Transparency and Accountability: We will be transparent about our data processing activities, including international data transfers, and be accountable for ensuring compliance with data protection laws. This will include maintaining records of data transfers, implementing appropriate technical and organisational measures to protect personal data, and cooperating with supervisory authorities.

How to complain

If you have any concerns about our use of your personal information, you can contact us at info@continuumleisure.co.uk or 020 7417 1719. 

You can also complain to the ICO if you are unhappy with how we have used your data. The ICO’s address:            

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk