Privacy Policy

This notice provides you with information on how we use personal data.  We are committed to protecting and preserving the privacy of our members, customers and visitors.  We can confirm that we hold all personal data securely and that we will comply fully with all applicable UK Data Protection legislation and regulations in force from time to time.

Please note that we may update and amend this privacy policy from time to time and any changes will be posted on our website ( We will notify you of any significant changes to how we use your personal information.

Clarice Leisure PLC (Riverhills) is a data controller. We collect and process data for a number of purposes outlined in this notice. Our contact details are below:

Data Protection Officer: Stuart King (
Riverhills Health Club & Boutique Spa, Bramford Road, Ipswich, Suffolk, IP8 4AZ
01473 463262

Any questions regarding this policy should be directed to the contact above.

Age restriction

If you are aged under 16, please get your parent or guardian’s permission before you provide any personal information to us. Users under 16 without this consent will not be allowed to provide us with personal information.

What do we collect and how do we use it?

In running and operating the business, we may collect and process certain data and information relating to you and your use of this site. Your privacy is important to us and we confirm that we will never release your personal details to any third party for their mailing or marketing purposes.


Upon enquiring about membership, we will ask you for personal details to allow us to contact you to provide you with a quotation and more information.  We will not contact you, without your consent, outside of this purpose.

When you become a member of Riverhills, and throughout your membership contract, you provide us with personal information that we need in order to service your membership.

We will not contact you for marketing purposes, without your consent, following the termination of your membership.

Day Spa guests & salon customers

When attending any appointment or day spa, we will ask you for personal information, including sensitive personal information such as medical history.  This may be via a paper or electronic form and is required for health and safety reasons.  This data will be held securely, and we will not use it to contact you for marketing purposes without your consent.


If you are aged under 16, please get your parent or guardian’s permission before you provide any personal information to us. Users under 16 without this consent will not be allowed to provide us with personal information.

CCTV is in place within the club.  We use CCTV footage to assist in monitoring and maintaining safety and customer service within our club and if required, to assist with law enforcement.  As such, this footage may be shared with the authorities for law enforcement purposes.  This footage may also be used to exercise and defend our legal rights.

Website visitors & other customers

Information about how we use cookies on our website, and how you can change your preferences, can be found in our Cookie Policy.

When purchasing any product / voucher, either online, in person, or over the telephone, you will provide us with the information necessary to make your purchase.

This may include your product selection, your name, email address, billing address, payment information, your contact details and any further information needed to fulfil your order (including special delivery instructions). Without some of this information we will be unable to provide you with products and services.

Your payment card details are not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.

Social media

We use Facebook, Twitter and Instagram to promote Riverhills and advertise to existing and potential customers.  We do not see any personal information that you have shared with the platforms but you might see any adverts on these platforms if you match the criteria set for our targeted marketing activity.

If you interact with us on our social media pages for example by following us or entering into a promotion/competition, we may use the information you have publicly available on your social media page to contact you through your social media page in respect of promotions/competitions and/or recommend products which we think are relevant to you.


We use email addresses collected from members and customers in order to send email marketing communications, if you have given us your consent to do so.  You are able to opt-out of our emails at any time via the unsubscribe link within each email.

Email addresses are stored in our third-party email communication platform. The email platform records whether a recipient has opted-out of email communications and if this is the case, will no longer allow emails to be sent to that recipient. It also enables us to track how many unsubscribes, opens, link clicks and resulting purchases have occurred.

Other purposes

In addition to the methods above, we may also use personal data for:

  • dealing with entries into a competition;
  • seeking your feedback on the services we provide;
  • notifying you about any changes to our website, including improvements, and service or product changes;
  • internal purposes including statistical or survey purposes, quality control, site performance and evaluation in order to improve our website;
  • administering this website

What is our legal basis for using your personal information?

We only use your personal information in accordance with the laws that protect your privacy rights.  We will only use your personal information where:

  • we have your consent (if consent is needed);
  • we need to use the information for legal purposes;
  • we need to use the information to perform a contract with you;
  • it is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you (what is known as a ‘legitimate interest’) – this can include where it is in our interests to market additional products or services to you.

For how long do we retain your data?

We will never retain your personal information for longer than is necessary. We will only retain your personal information for as long as we need to fulfil the purposes we collected it for as set out above, including for the purposes of satisfying any legal, or reporting requirements.

Who do we share your data with?

We may share your personal information with the following categories of third parties:

  • our service providers where necessary to make the products and services available to you such as suppliers of IT services;
  • to promote our products and services to you, such as marketing agencies and social media platforms who may send targeted and automated messages to you;
  • where we are acquired by a third party, personal information held by us will be one of the transferred assets and your personal information will be transferred to the new owner, to be used for the purposes set out in this privacy policy;
  • where necessary to protect the rights, property, or safety of our company, our customers, or others we may share personal information with law enforcement agencies.

Your rights

You have the right to ask us for access to your information, and to change, delete or move your personal information.

These rights are:

  • The right to information on how your data is processed.
  • The right to access information we hold about you.
  • The right to correct and update the information we hold about you.
  • The right to object to us processing your personal data.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
  • The right to have your data erased.
    • You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
  • Right to data portability.
    • You have the right to request that we transfer your personal information to another controller. We will comply where possible.
  • Right to lodge a complaint with a data protection regulator, which in the UK is the Information Commissioner’s Office (
  • The right to withdraw consent to use your personal information to send you marketing emails by clicking unsubscribe.

You can invoke any of these rights at any time using the contact details listed in this policy. In order to ensure that we are disclosing information to the correct person we may ask for identification documents.

Protecting your personal information

To protect your information, we have policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, all employees, contractors and sub-contractors have roles and responsibilities defined in those policies and procedures.

To make sure all employees, contractors and sub-­contractors understand these responsibilities they are provided with the necessary training and resources they need.

In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies.

This policy was updated on 24th May 2018.