Login Register

Privacy Policy – GDPR

GB ActivePrivacy Policy – GDPR

We need to make sure your data is secure, and protecting it is one of our most important responsibilities. We’re committed to being transparent about our security practices and helping you understand our approach.

We are also committed to GDPR and want to make sure that you understand why we have your data and what we do with it.

To help with this, we created this FAQ section to better explain how we handle your data.

What is GDPR?

The General Data Protection Regulation, or GDPR, is a European Union regulation that establishes a new framework for handling and protecting the personal data of EU residents. It replaces the Data Protection Directive as of 25 May 2018.

You can read all about the GDPR on the EU GDPR or the UK Information Commissioner’s Office websites.

In summary, there are six key principles of GDPR:

  1. Lawfulness, fairness and transparency.
  2. Collected for specified, explicit and legitimate purposes.
  3. Adequate, relevant and limited to what is necessary.
  4. Accurate and, where necessary, kept up to date.
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  6. Processed in a manner that ensures appropriate security of the personal data.

We at GB Active Limited have a legal obligation to adhere to these principles and we work with our members to ensure that you remain in control of your own data.

Similar to the Data Protection Act, GDPR defines the roles of each party and this is important for our users to understand:

Data Subject: This is you. Because you are logged in and can read this, it means you are a user and we hold your data.
Data Controller: This is us and we are ultimately responsible for your data.
Data Processor: This is us in the main but can include third parties we refer to in our terms and conditions that process your personal data on our behalf in accordance with our terms and conditions.

Lastly, we should also explain by what is meant by “personal data” and “sensitive personal data”.

Personal data: This is any data that can be attributed to you. For example, your phone number or email address would be classed as “personal data”.
Sensitive personal data: This is one of the following types of personal data that can be attributed to you:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic data, biometric data
  • health
  • sex life or sexual orientation

Where does GB Active store my data?

Your data is stored in the UK and is not transmitted outside of the UK.

Please be aware that GB Active Limited is not responsible for any internal or external processes that third parties may have for processing data they receive for example the processing of payments.

Who has access to my personal data?

Only GB Active staff and authorised trainers will have access to your personal data.

Who has access to my sensitive personal data?

Only the directors of the company have access to sensitive personal data. Health data may be passed on to our medical team when checking the suitability of members attending sessions or following an accident or incident.

How can I see my personal data?

If you log into our members section of the website you will be able to see most of the data that is held against your account with the exception of health screening data and payment data.

If there is a mistake, how do I go about correcting it?

Please contact us and we will change anything you need.

How can I request a download of all my data (Subject Access Request)?

You can request your data in electronic format by emailing either of the company directors.

What happens to my data if I leave?

Unless legally required to do so

  • After 12 months of a user leaving all your details will be removed from our systems.

Our website Privacy (Word Press):

Our website address is: https://gb-active.co.uk.

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

You maybe asked to agree to these T&Cs when submitting an item on our contact forms.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.