privacy-health-clubsAfter at least 7 or maybe 10 years I returned to a fitness club yesterday. I need some practice and some weightloss, in short trying to keep my health and body in shape. It also adds to your mental health. So far this sounds positive. But then I arrived at the fitness club. I wanted to follow a program and measure all my exercises to see any progress. And then my Privacy Awareness was triggered by the following. I had to become a club member again.

To my surprise the receptionist of the club asked me if I had been a member earlier. I could recall it so I said yes. What is your date of birth? After typing in she found all my data in the database of their system. Well at least what she let me know: date of birth, name adddress, phone, email. I don’t know what else really. I did not ask. But it simplified the process of being authorized. All my privacy data was still there after all those years of absence. In few minutes I paid and became a full member again. So far so good you might think.

 

Then I was on a sports program. They gave me a Technogym Key. This key holds all your personal information but also body and achievements information. The trainer weighted me and from that data he could see far more than only my weight. Your body mass, you anabolics, you fat mass and many other information related to you as a person. Now I put my GDPR knowledge to analyse this case. All sorts of question are now coming to my mind. Too much to be honest. Let me put a few questions: 1. Is this club aware of the GDPR? And especially that you are not allowed to retain personal data for no purpose at all even not marketing purposes? 2. Do they have a privacy policy stating what they will do with your privacy data of you stop being a member? 3. What other information on my person do they have stored? (I can imagine how many times I come and go, the exercises data?) 4. Is the data stored in a secure way? Is the data used by third parties? 5 Did I gave any consent ? 6. Can I be erased ? ?

Many more GDPR related questions can be asked. But the message is clear: after 25th of may 2018 this Gym has to comply to the GDPR. This means that they will have to demonstrate compliancy and have an up to date privacy policy on the use of my privacy data as a member but also when I stop being a member. A lot of work needs to be done to achieve this. But we can help : https://www.informationsecure.nl

GDPR in Practice. Returning to the Gym after years: what is your date of birth?
Tagged on:                                         

Leave a Reply