We at ukactive, Suite 1.03–1.05, Fox Court, 14 Gray’s Inn Road, London, WC1X 8HN, registered in England with company number 2589238 (“we” or “our” or “us“) want to make sure all the personal information we have collected about you is safe and secure, whether we collect it through our website at ukactive.com.
This Policy sets out our commitments to you, in compliance with and beyond the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and explains how we collect, store and use your personal information.
We have appointed a Data Protection Officer to oversee our compliance with data protection laws. If you have any questions about this Policy or what we do with your personal information, their contact details are set out in the Contact section below.
Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services you may request from us, or in providing services to our customers and members, or just managing our relationship with you.
When we hold or use your personal information as a data controller (see below for a description of what this means), we will provide you with a privacy notice which sets out in detail what information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.
Where we collect personal information from you directly, we will provide this privacy notice at the time we collect the personal information from you. Where we receive your personal information indirectly, we will provide this privacy notice when we first contact you, first pass the data to someone else, or within a month, whichever is the earlier.
We will only provide this privacy notice to you once, generally at the start of our relationship with you. However, if the applicable privacy notice is updated substantially, we may provide you with details of the updated version. You are encouraged to check back regularly for updates.
A data controller is a person or organisation that determines the purposes and means of processing personal information. A data processor is a person or organisation that processes personal information on behalf of, and under the instructions of, a data controller.
This distinction is important. You have certain rights in relation to your personal information — for example, the right to be provided with the personal information held about you and details of its use, and the right to have certain personal information erased or anonymised, commonly referred to as the right to be forgotten (see below for your full rights).
These rights can generally only be exercised against a data controller. In most cases, ukactive will be the data controller of your personal information. Where we act only as a data processor on behalf of a third party, we will endeavour to inform you who the data controller is so that you can direct any requests to them.
We will use your personal information as described in the privacy notice provided to you. By way of example, we may use your personal information to:
User accounts: If you register for an account on our website, we will collect and process your name, email address, password (stored in encrypted form) and account preferences. This information is used to authenticate your login and provide access to resources or member content appropriate to your account type. The lawful basis for this processing is the performance of a contract. We will retain your account data for as long as your account remains active or as is otherwise necessary to provide our services. You may request deletion of your account at any time by contacting us using the details in the Contact section below.
Event ticket purchases: When you purchase an event ticket through our website, we collect your name, email address, billing address and payment details. Payment transactions are processed securely by Stripe, our third-party payment processor; we do not store full payment card details on our systems. Your purchase data is retained for a minimum of six years for accounting and legal compliance purposes. The lawful basis for this processing is the performance of a contract.
Details of how we disclose your personal information are set out in the relevant privacy notice provided to you. Generally, we share information only where necessary to run our organisation, for example where third parties process information on our behalf. In all such cases, we put in place appropriate arrangements to protect your personal information. Outside of this, we do not disclose your personal information unless required to do so by law.
We do not sell, trade or rent your personal information to others.
The following third-party processors may handle your personal information on our behalf:
Stripe: We use Stripe to process payments for event ticket purchases made through our website. Stripe acts as a data processor on our behalf and is certified to the highest payment security standards (PCI DSS). Data may be transferred outside the UK; Stripe maintains appropriate safeguards in accordance with UK GDPR requirements. For further information, please refer to Stripe’s privacy policy.
Salesforce Account Engagement: We use Salesforce Account Engagement, a marketing automation platform operated by Salesforce, Inc., to manage communications with our members and contacts. This service may track your interactions with our website and emails in order to help us communicate with you more relevantly. Salesforce acts as a data processor on our behalf. Data may be transferred to the United States; Salesforce maintains appropriate safeguards in accordance with UK GDPR requirements. For further information, please refer to Salesforce’s privacy policy.
Google Analytics and Google Tag Manager: We use Google Analytics and Google Tag Manager, services provided by Google LLC, to collect anonymised information about how visitors use our website. This helps us improve our content and services. Google may process data outside the UK; it maintains appropriate safeguards under the UK GDPR. You can opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on. For more information, see Google’s privacy policy.
If we transfer personal information outside the UK, we will ensure that appropriate safeguards are in place, such as UK International Data Transfer Agreements (IDTAs) or adequacy decisions, in accordance with the requirements of the UK GDPR. We will notify you in your privacy notice if we are the data controller and such a transfer takes place.
Further details of retention periods are set out in the relevant privacy notice provided to you. We will only hold your information for as long as is necessary, or delete it earlier where you ask us to do so.
The duration for which we retain your personal information will differ depending on the type of information and the reason why it was collected. In some cases, personal information may be retained on a long-term basis — for example, personal information that we need to retain for legal purposes will normally be retained for at least six years in accordance with usual commercial practice and regulatory requirements.
Full details of your rights are set out in the relevant privacy notice provided to you, but you are entitled by law to:
To exercise any of your rights, or if you have any questions relating to your rights, please contact us using the details in the Contact section below. You can also unsubscribe from any direct marketing at any time by clicking the unsubscribe link in any marketing message we send to you.
You should note that some rights have specific requirements and exemptions, and may not apply in all circumstances. However, your right to withdraw consent and your right to object to processing for direct marketing are absolute rights.
If you are unhappy with the way we are using your personal information, you have the right to complain to the UK Information Commissioner’s Office (ICO). More information about your legal rights can be found at ico.org.uk/for-the-public. We would, however, encourage you to contact us in the first instance so we can try to resolve your concern.
Our website may, from time to time, contain links to and from other websites, including those of our partners, government agencies, advertisers and members. If you follow a link to any of these websites, please note that those websites have their own privacy policies and will be the data controller of your personal information in that context. We do not accept any responsibility or liability for those policies, and you should review them before submitting any personal information.
If you arrived at our website via a link from a third-party site, we cannot be responsible for the privacy policies and practices of that site’s owners or operators, and recommend that you check their policy and contact them directly if you have any concerns.
We employ a variety of technical and organisational measures to keep your personal information safe and to prevent unauthorised access, use or disclosure. Whilst no information transmission over the internet can be guaranteed 100% secure, and no storage system is entirely without risk, we take all appropriate steps to protect the security of your personal information and treat information and system security with the utmost seriousness.
We use cookies and similar technologies on our website. Some cookies are strictly necessary for the site to function; others are used for analytics, functionality and marketing communications, and are only placed on your device with your consent.
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept, reject or manage your preferences by category. You can update your preferences at any time via the Cookie Settings link in the footer of our website.
For full details of the cookies we use, their purposes and how long they are retained, please see our Cookie Policy.
In common with most websites, our website logs various information about visitors, including IP addresses, browser type, internet service provider (ISP) information, referring and exit pages, and date and time stamps.
We may use this information to analyse trends, administer the site, track movement around the site and gather broad demographic information. This data is not used to identify individual users.
Any changes we make to this Policy will be posted on our website and, where appropriate, notified to you by email. When we make a material change, we will update the date at the bottom of this page. Please check back periodically to see any updates, and contact us if you have any concerns.
In the event of any query or complaint in connection with the personal information we hold about you, please contact us at:
ukactive Suite 1.03–1.05, Fox Court 14 Gray’s Inn Road London, WC1X 8HN
Our Data Protection Officer can be contacted at GDPR@ukactive.org.uk.
Whilst this Privacy Policy sets out a general summary of your legal rights in respect of personal information, this is a complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at ico.org.uk/for-the-public.
This Privacy Policy was last updated: 19 March 2026
