Like most website operators, The Apex collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. The Apex purpose in collecting non-personally identifying information is to better understand how The Apex visitors use its website. From time to time, The Apex may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
The Apex also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on www.theapex.ie blogs/sites. The Apex only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that commenter IP addresses and email addresses are visible and disclosed to the administrators of the blog/site where the comment was left.
PROTECTION OF CERTAIN
The Apex discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on The Apex behalf or to provide services available at The Apex websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using The Apex websites, you consent to the transfer of such information to them. The Apex will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, The Apex discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when The Apex believes in good faith that disclosure is reasonably necessary to protect the property or rights of The Apex, third parties or the public at large. If you are a registered user of an The Apex website and have supplied your email address, The Apex may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with The Apex and our products. If you send us a request (for example via email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. The Apex takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
The Apex Data Protection Notice
We know your personal information is important to you and The Apex is committed to protecting and respecting your privacy.
Please read this Data Protection Notice to understand:
- How and why we use your personal data.
- Your data protection rights.
Who we are
New Ross Sport and Leisure Limited (“The Apex”) is a company limited and registered in the Republic of Ireland.
What we do
The Apex offers a complete sport, health and leisure experience. Our dream is to make New Ross the healthiest town in Ireland and to make The Apex the heart of the community. It’s a well-known fact that physical activity is good for mental health and improves your mood, confidence and sense of wellbeing. We want people of all ages and abilities to come along, get active and have fun.
To contact us
For further information about how we process personal data please use one of the following methods:
Address: Bosheen, New Ross, Co. Wexford, Republic of Ireland, Y34 X045
Telephone: +353 (0)51 445 522
Why we use personal data
We process personal data for the following reasons:
- To process your membership application and give you access to our facilities and service according to your needs. This may include membership packages, Pay As You Go (PAYG) or occasional visitors.
- To provide information about our sports centre when requested through the contact point on our website or by subscribing to our newsletter.
- To ensure the security of our services and facilities and to facilitate the prevention and detection of theft and other crimes.
- To process the payment orders for the membership fee or other purchases made in the establishment.
- To deliver you the best experience offering services that adapts to your health condition and supporting you to achieve your goals.
- To the management of our human resources, including payroll and recruitment process.
How we collect data about you
We may collect your data whenever you interact with us. This includes when you:
- Make a membership application.
- Visit or make use of our facilities.
- Contact us directly and ask us about our services and facilities.
- Engage in a fitness assessment with our specialized staff.
- Become part of our staff team.
Personal data we process and the legal basis for using this data
The personal data we collect, and the legal basis for using it, depends on how you interact with us. The personal data we collect is primarily:
- Name and contact information (Name, address, email and phone number)
- Financial/Payment details e.g. purchases.
- Information you provide in any communications between us.
- CCTV footage.
- Employment relationship information: PPSN, attendance records, sick certs and CVs.
The legal basis for using these types of data are:
- Consent. You have agreed and provided consent e.g. when we communicate with you to answer information requests. When the legal basis relied upon is consent you will be informed that you can withdraw your consent at any time.
- Contract. Where we have entered into a contract with you and need to process personal data to fulfil the contract e.g. membership application.
- Legal Obligation. Where for legal reasons we are required us to maintain records about our dealings e.g. financial records. In some circumstances we may also be legally obliged to share your data with State entities, for example the Revenue Commissioners, for financial compliance.
- Legitimate Interest. We have a legitimate interest to do so, and to which you may object. This means a business reason to use your data which takes into account your rights and interests e.g. when we collect your personal data to ensure security in our facilities.
About the Sensitive Personal Data we process
Data Protection Law recognises that some categories of personal data are more sensitive (it refers to these as “Special categories of personal data”). Sensitive Personal Information can include data about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
Due to the nature of the services provided by The Apex, we process sensitive data related to health. Personal data related to your health may be processed in the following circumstances:
Health condition statement:
As well as contact information, other personal data processed includes:
- Knowledge of any disease
- Knowledge of any physical condition
By processing personal data related to health, we provide you a secure service that respects your health condition. We always make sure that when you join any of our activities, our staff is aware of your needs.
The legal basis for processing these includes explicit consent, the vital interest of the person and legitimate interest.
Our catalogue of services in the fitness area includes the realization of an individualized routine made especially for you. For this, our staff will perform an evaluation that may include data related to your health.
Again, the legal basis for this processing activity is your explicit consent.
When an incident takes place in our facilities, our staff will carry out an incident report that will include all relevant facts and information. This report will be disclosed to the line manager and parents or guardians if a child is involved and may include personal data about health.
The legal basis for this processing activity is legitimate interest.
About data related to children
Our services are aimed at people of all ages, and therefore, we may process data related to children. We have a strong commitment to children’s privacy.
For club members or guests under the age of 16, a parent or guardian must give consent for the processing of their child’s personal data. The processing of children’s personal data is necessary for us to carry out our service contract.
How long we keep your data for
We only keep your personal data as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations.
As a prospective member that has consented for us to contact you, we will retain your data for up to 12 months, unless you notify us that you no longer wish to be contacted.
If you join us, we will retain your data for as long as you are a member. On termination of your membership, your personal data will be stored for a maximum period of 6 years for the purposes of responding to you in the event of any future indemnity claim that may arise.
We have a legal obligation to retain all relevant financial records for the current financial year plus six years (Revenue Commissioners).
Who we share your data with
The personal data we collect about you will mainly be used by our staff. Employees having responsibility for membership, administration and gym functions will just have access to your data which is relevant to their function. All our employees have been trained to ensure your data is being processed in line with GDPR.
Additionally, your personal data is also passed to our data processors for the purpose of providing our service to you. Any third parties that we may share your personal data with are obliged to implement appropriate technical and organizational measures to ensure secure processing.
Categories of recipients of personal data include:
- Data Processors providing services to The Apex such as membership management, class bookings, or HR management systems
- Emergency services in the event of an incident in our facilities
- Law Enforcement in the event of lawful requests being made for access to CCTV or other data.
- Statutory authorities in the context of health and safety and compliance with our obligations as an employer.
The Apex endeavours to keep your personal data within the European Union (EU)/European Economic Area (EEA). Most of the data transfers outlined above are within Ireland or the rest of the EU/EEA. We also process and store data in other countries, for example third party service providers, outside the EEA e.g. UK and the USA. When we do transfer data outside the EEA, we take steps to ensure appropriate safeguards are in place in line with data protection laws.
Individuals have rights over their personal data under EU and Irish Data Protection Law. These rights are not absolute, and qualifications or restrictions can apply. The following section outlines your rights:
At any time, you may:
- Ask us for a copy of your personal data (Article 15 GDPR).
- Correct and update mistakes/incomplete personal data (Article 16 GDPR).
- Raise a complaint with the Data Protection Commission (Article 77 GDPR).
In certain circumstances you may:
- Delete your personal data (Article 17 GDPR).
- Restrict use or object to us processing your data e.g. for marketing purposes (Articles 18 and 21 GDPR).
- Take your personal data to another provider (Article 20 GDPR).
- Exercise a right not to be subject to solely automated decisions (Article 22 GDPR).
Where you have consented to the use of your data, e.g. for marketing, you have the right to withdraw this consent at any time. This can be done by emailing: email@example.com
If you have a Data Protection complaint
We would like it if you contacted us first to see if we can resolve the issue. But, if you have an issue with how we are processing your personal data, you have the right to raise this with the Data Protection Commission at any time by contacting them any of the following methods:
Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, Ireland.
Telephone: +353 (0)57 8684800 / +353 (0)761 104800
We may update our Data Protection Notice from time to time. Any updates will be made available and, where appropriate, notified to you.
This data protection notice was last updated in June 2023.