Privacy Policy

Last updated: 1st January 2026

Introduction

UrbanArchivium is committed to protecting your privacy and ensuring the security of your personal information. This privacy policy explains how we collect, use, store, and protect your personal data when you use our services, visit our wellness center, or interact with our website.

Data We Collect

The data we collect from you includes personal information necessary to provide our fitness and wellness services effectively. We collect the following types of personal data:

• Personal Identification Information: Name, email address, phone number, date of birth, and postal address
• Health and Fitness Information: Medical history relevant to fitness, fitness goals, physical assessments, and progress tracking data
• Membership Information: Membership type, payment details, attendance records, and service preferences
• Website Usage Data: IP address, browser type, pages visited, time spent on site, and device information
• Communication Records: Correspondence via email, phone, or in-person consultations

How We Use Your Information

We use of your data is essential for providing personalised fitness services and maintaining our business operations. Your information is used for the following purposes:

• Providing personalised fitness training and wellness programmes
• Managing your membership and processing payments
• Scheduling appointments and sending service reminders
• Monitoring your fitness progress and adjusting programmes accordingly
• Communicating important updates about our services and facilities
• Ensuring the safety and security of our premises and members
• Improving our services based on feedback and usage patterns
• Complying with legal and regulatory requirements

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds: performance of contract (membership services), legitimate interests (service improvement and safety), consent (marketing communications), and legal obligation (health and safety requirements).

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information only in the following circumstances:

• Service Providers: Trusted partners who assist in delivering our services (payment processors, fitness equipment providers)
• Healthcare Professionals: With your explicit consent, for specialised health and fitness consultations
• Legal Requirements: When required by law or to protect our legal rights
• Emergency Situations: To protect your vital interests or those of others

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Membership data is retained for the duration of your membership plus seven years for legal and tax purposes. Health and fitness records are kept for five years after your last visit. Website analytics data is typically retained for 26 months. Marketing consent records are kept until you withdraw consent or for three years of inactivity.

Your Rights

Under GDPR and UK data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing where applicable

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include encrypted data transmission, secure server infrastructure, regular security assessments, staff training on data protection, and controlled access to personal data.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer data outside the EEA, we ensure appropriate safeguards are in place, including adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are primarily designed for adults. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have collected information from a child under 16, please contact us immediately.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website and, where appropriate, by email.

Contact Information

If you have any questions about this privacy policy or wish to exercise your rights, please contact us using the following information:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.