top of page

Ebor Fitness

Privacy Policy


Privacy Policy Overview

This privacy policy sets out how we collects, uses and protects Personal Data, which you agree to when you give us this data.


We are committed to ensuring that your privacy is protected. Your Personal Data will only be used in accordance with this privacy policy. We will also advise you of your Personal Data rights and how to register a complaint to the relevant authorities, namely the Information Commissioner’s Office (UK).


We may change this policy. You should check this page periodically to review any changes. This policy is effective from and complies with the General Data Protection Regulation (GDPR) from May 25th 2018.


If you choose not to give us Personal Data, it may delay or prevent us from fulfilling our contract with you, or doing what we must do by law. If it means we cannot provide a service or product, it could mean that we cancel a product or service you have with us.



Who are we and how to contact us

References in this Privacy Policy to Ebor Fitness, “we”, “us” or “our” relate to Ebor Fitness (Registration number 05732559).


We control the ways your Personal Data is collected and the purposes for which your Personal Data is used by Ebor Fitness, acting as a “data controller” in line with GDPR and the Data Protection Act 2018.


Where we act on behalf of a client, we act as a “data processor” under their strict instruction and in line with applicable European data protection legislation and under the Data Protection Act 2018.


In the interests and protection of individuals under the age of 18, we will never knowingly market to these individuals and maintain only data which is essential to membership (casual or full).


For any privacy policy related enquiries you can contact us via:


  • Telephone: 01904 611070

  • Email:

  • Post: 33 Hospital Fields Road, Fulford, York YO10 4DZ



Protecting your Personal Data

Your Personal Data is protected by regulations and laws. These state that we can only process your Personal Data for one of the following genuine reason types:

• To fulfil and provide services as per our contract;

• Where we have a legal obligation;

• Where you have consented to the processing (e.g. Marketing);

• When it’s our legitimate interest;

• When it’s in the public interest;

• When it’s in your vital interests.


The law and other regulations treat some types of sensitive Personal Data as special. This includes information about racial or ethnic origin, sexual orientation, religious beliefs, trade union membership, health data and criminal records. We will only collect or use these types of data with your consent unless the law allows us to do so.


Legitimate Interests for using your Personal Data

When we have a business or commercial reason to process your Personal Data this is referred to as a legitimate interest. Your Personal Data is still protected and we must not process it in a way that would be unfair to you or your interests.


Here are our reasons for using your data:

Personal Data Use

Genuine Reason

Our Legitimate Interest

Serving you as a customer

• To manage our relationship with you or your business

• To develop and carry out marketing activities

• To study how our customers use products and services from us and other organisations

• To communicate with you about our products and services

• Your consent

• Fulfilling contracts

• Our legitimate interests

• Our legal duty

• Keeping our records up to date, working out which of our products and services may interest you and telling you about them

• Developing products and services, and what we charge for them

• Defining types of customers for new products or services

• Seeking your consent when we need it to contact you

• Being efficient about how we fulfil our legal and contractual duties

Business improvement

• To test new products

• To manage how we work with other companies that provide services to us and our customers

• To develop new ways to meet our customers' needs and to grow our business

• Fulfilling contracts

• Our legitimate interests

• Our legal duty

• Developing products and services, and what we charge for them

• Defining types of customers for new products or services

• Being efficient about how we fulfil our legal and contractual duties

Managing our operations

• To deliver of our products and services

• To make and manage customer payments

• To manage fees, charges and recover money owed to us

• Fulfilling contracts

• Our legitimate interests

• Being efficient about how we fulfil our legal and contractual duties

• Complying with rules and guidance from regulators

Managing security, risk and crime prevention

• To detect, investigate, report, and seek to prevent financial crime

• To manage risk for us and our customers

• To obey laws and regulations that apply to us

• To respond to complaints and seek to resolve them

• Fulfilling contracts

• Our legitimate interests

• Our legal duty

• Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect

• Complying with rules and guidance from regulators

• Being efficient about how we fulfil our legal and contractual duties

Business management

• To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate governance, and audit

• Our legitimate interests

• Our legal duty

• Complying with rules and guidance from regulators

• Being efficient about how we fulfil our legal and contractual duties

• To exercise our rights set out in agreements or contracts

•Fulfilling contracts

For processing special categories of Personal Data

• Substantial public interest

• Using criminal records data to help prevent, detect, and prosecute unlawful acts and fraudulent behaviour
• Using criminal and health information as needed to provide insurance products

• Responding to regulatory requirements

• Showing whether we have assessed your situation in the right way
• Passing information to the regulator as needed to allow investigation into whether we have acted in the right way

• Legal claims

• Using any special categories of data as needed to establish, exercise or defend legal claims

• Consent

• Telling you that we need your consent to process special categories of Personal Data, when that is what we rely on for doing so



How we store and process your data

Your Personal Data will be collected, processed and stored in the EU for up to 2 years after you cease to be a ‘customer’ of Ebor Fitness. After this period, we will give you the option to re-opt in, (in case you've moved or are unable to take advantage of our offers and services) and we'll seek re-consent, without which, we'll remove you from our database where applicable.



Who we share your information with

In order to provide updates and offers that may be of interest to you, we may use recognised third parties to manage and provide services that enable us to meet and provide the services we’ve outlined in this privacy policy. These businesses operate within the EU.


Where services and processes are completed by our partners and 3rd parties, we ensure they operate to our strict guidelines in accordance with this privacy policy and we take reasonable precautions to safeguard your Personal Data and ensure our partners do the same.


Here we list all the types of organisation that we may share your Personal Data with.

Authorities – This means official bodies and includes:

  • Central and local government

  • HM Revenue & Customs, regulators and other tax authorities

  • UK Financial Services Compensation Scheme and other deposit guarantee schemes

  • Law enforcement and fraud prevention agencies.

Other Services - These are organisations that we may need to share your Personal Data with, because of what you can do with the product or service you have with us or companies we use to help grow and improve our business:

  • Ashbourne Management Services – a company used to manage your membership, payment services and access cards

  • WIX Website hosting organisation - a company who host and manage our web-site and provide web related services



In an unlikely event of a data breach we will notify the appropriate authorities as per applicable regulations and laws. If the incident affects you, we will contact you also.




Cookies are small files containing information which are downloaded to the device you use when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies do lots of different and useful jobs such as remembering your preferences, tailoring web-site content and generally improving your online experience.


By using our website, you agree that we can place these types of cookies on your device. You can block cookies using your browser settings. How to guides can be found online on how to do this for most web browsers.


At Ebor Fitness, we do not place cookies on your browser however it is likely that there are 3rd party cookies targeting and browser cookies which you manage via your browser settings.



Contacting us, exercising your information rights and complaints

Under certain circumstances, by law you have the right to:

  • Request Personal Data (known as a Data Subject Access Request) we hold about you, what that is and why we are holding/using it;

  • Request correction of any incomplete or inaccurate Personal Data that we hold about you;

  • Request erasure of your Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below);

  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object unreservedly where we process Personal Data for direct marketing purposes;

  • Object to automated decision-making including profiling by us using your Personal Data or profiling of you;

  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it;

  • Request transfer of your Personal Data (commonly known as a right to “data portability”) in an electronically useable format and for your data to be transferred to another party in an electronically useable format;

  • Withdraw consent where it was requested to enable the collection, processing and transfer of your Personal Data for a specific purpose. Once we have received notification and assessed your request, if valid, we will no longer process your Personal Data for that purpose (e.g. direct marketing);

  • Register a complaint to us in relation to our collection, usage and/or storage of your Personal Data or that of one of our suppliers or partners;

  • Lodge a complaint with the Information Commissioner’s Office via their web-site.


You will not have to pay a fee to exercise any of these rights however we may charge a reasonable fee if your request for Personal Data access is clearly unfounded or excessive or alternatively, we may refuse to comply with the request in such circumstances.


We may need to request specific information from you to help us confirm your identity and ensure your right to invoke any of your Personal Data rights. This is another appropriate security measure to ensure that Personal Data is not disclosed incorrectly.


If you have any questions about this Privacy Policy, wish to exercise your information rights in connection with the Personal Data you have shared with us or wish to make a complaint, please contact us via our contact details listed earlier in this Privacy Policy.

bottom of page