Concern about data being held

I have had a very odd experience. I received a letter in the post from a leisure club I havent belonged to for about 5 years. The letter states that I have recently visited the club but am no longer a member and asks me to pay for membership. Its a rather rude letter, implying that I have been using facilities without paying. I haven't been anywhere near the club since I left (in fact I only went about twice when I was a member), so I immediately called them and asked to speak to the membership department. I was informed that I had visited in April. I wasn't told in what capacity (the facilities, the restaurant etc) and when I asked what information they had that had prompted them to think I had visited the woman did not answer. She just kept repeating that I had been there in April. I explained that I have not been there and asked for more details so that I could prove it. I was beginning to think my credit card had been used. She refused to provide any more information. However, 10 minutes later she called back and said they had made a mistake. She refused again to tell me what had happened.

I wrote to the general manager asking for an explanation both about what happened and about what information they are holding about me. I also asked for an apology for the false accusation in the letter. I have not received a reply, and have written again today asking for a response. My intention is then to complain to ICO. I want any information they have about me removed from their database.

Am I going mad? Are organisations like this within their rights to hold information about previous members and compare it to whoever is going in? The whole situation is so weird, and I am really upset about it.      


Comments

  • DullGreyGuy
    DullGreyGuy Posts: 10,215 Forumite
    First Post First Anniversary Name Dropper
    Squoozy said:
    My intention is then to complain to ICO. I want any information they have about me removed from their database.

    Am I going mad? Are organisations like this within their rights to hold information about previous members and compare it to whoever is going in? The whole situation is so weird, and I am really upset about it.      
    If you want to exercise your right to erasure then you have to submit your request to their DPO and only if they refuse or you dont accept their reason for refusing would you then go to the ICO

    https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-erasure 

    Historically companies never would delete data unless they decided to change their software and found out how much it cost to migrate all the data they had (and then for a simple business like this it may not be too bad to do that). 

    I dont know how your gym works either in physical security or billing  but in ours you have an ID card which opens the gate. If your card doesnt work or you forget to bring it etc you would speak to reception, they'd look you up and then open the gate/note the visit. Its potentially a very simple admin error where the receptionist phat fingers the system and accidently clicks the member above/below the one they intended to and so registers the visit to you rather than them. I know our gym have mixed up the Mrs and I as their class booking system is tied to it and the Mrs was bumped from a class when "she hadnt gone through the gates at least 5 minutes before the start of the class" but she had and the receptionist had booked me in instead (we're not the same race, gender etc so hardly likely to be mistaken identity). 

     
  • MorningcoffeeIV
    MorningcoffeeIV Posts: 1,946 Forumite
    First Anniversary First Post Name Dropper
    Squoozy said:


    Am I going mad? Are organisations like this within their rights to hold information about previous members and compare it to whoever is going in? 


    Can't advise on whether you're going mad as that's a wider question (although pushing for an insincere apology is an indicator), but yes, they can retain data in line with their retention policies and if they have  justification for doing so.

    If you disagree with anything in their privacy policy, or feel they have not adhered to it, use that as the basis of your complaint. 
  • Robbo66
    Robbo66 Posts: 481 Forumite
    First Anniversary First Post Name Dropper
    They would be required to keep any data for 6 years from the end of your membership
  • p00hsticks
    p00hsticks Posts: 12,759 Forumite
    First Post Name Dropper Photogenic First Anniversary
    edited 9 June 2023 at 12:25PM
    Robbo66 said:
    They would be required to keep any data for 6 years from the end of your membership 
    Required by whom exactly ?
     The data protection act says that personal data should be kept for 'no longer than necessary'. https://www.gov.uk/data-protection
    What justification would the gym have to retain the information for six years ?

     I volunteer for a non-profit organisation and our policy is to remove details (names addresses, contact phone numbers and e-mails) of members who haven't renewed their membership just a few months later, unless they paid via gift-aid, when HMRC require us to keep their details for (I think) seven years.
  • DullGreyGuy
    DullGreyGuy Posts: 10,215 Forumite
    First Post First Anniversary Name Dropper
    edited 9 June 2023 at 1:43PM
    Robbo66 said:
    They would be required to keep any data for 6 years from the end of your membership 
    Required by whom exactly ?
     The data protection act says that personal data should be kept for 'no longer than necessary'. https://www.gov.uk/data-protection
    What justification would the gym have to retain the information for six years?
    Law of limitations gives someone 6 years to sue for breach of contract from the date of the breach and so most companies do retain data for 6-7 years after the end of a contract so that if the customer was to sue in 5.5 years time that the gym had breached its T&Cs by not having the pool open for a month and they didnt get their pro-rata refund due they'd be able to confirm or deny that it was either due and/or it was paid. 

    For under 18 year old members, assuming they're allowed, you'd probably want to keep the records longer as they have up until their 21st birthday to litigate and could include the much more costly personal injury if the decide 3 months before their 21st birthday that the persistent backpain they have is because of the gym trainer incorrectly advising them on how to use the equipment or a trip they had over loose skipping ropes etc. 

    Its not a legal requirement to keep them, makes defending a case very difficult if you cannot confirm or deny they were even customers etc as you deleted your records.


Meet your Ambassadors

Categories

  • All Categories
  • 343K Banking & Borrowing
  • 250K Reduce Debt & Boost Income
  • 449.6K Spending & Discounts
  • 235.1K Work, Benefits & Business
  • 607.7K Mortgages, Homes & Bills
  • 173K Life & Family
  • 247.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards