Privacy policy

Last updated: 28 April 2026

Who we are

Social Climbing ("we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy policy explains how we collect, use, store, share and protect information about you when you visit our website, book a session, become a member, attend a class or course, or interact with us by email, phone, in person or on social media.

This Privacy policy applies to all three companies trading as Social Climbing:

  • Recreational Fitness Limited — trading as Social Climbing Leicester
  • Prior Walls Limited — trading as Social Climbing Coventry
  • Flash Climbing Centre Limited — trading as Social Climbing Solihull

Each company is the data controller for the personal data collected at and on behalf of its own gym. Our shared services (website, central marketing, group accounting) are administered by Prior Management Holdings Ltd, the holding company, on behalf of the three operating companies. We process personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The personal data we collect

We collect and process the following categories of personal data:

  • Identity and contact data — name, date of birth, postal address, email address, phone number, and (for under-18s) the name and contact details of a parent or guardian.
  • Account and booking data — username and password, climbing waiver and registration records, session and class bookings, membership history, attendance records, and induction notes.
  • Payment and transaction data — billing address, payment card details (processed by our payment providers — we do not store full card numbers on our own systems), direct debit mandates for monthly memberships, and purchase history.
  • Health and emergency data — where you choose to disclose it, information relevant to your safe participation (such as medical conditions or injuries), and the name and number of an emergency contact.
  • Marketing and communications data — your marketing preferences and the channels you have agreed to receive messages on.
  • Technical data — IP address, browser type and version, device type, time-zone setting, and information about how you use our website, collected through cookies and similar technologies.
  • CCTV footage — our gyms are covered by CCTV for the safety of our staff and customers.
  • Photos and video — content captured at events, competitions or for marketing, where you have consented or where signage has made it clear that filming is taking place.

How we collect your data

We collect data:

  • directly from you — when you create an account, sign a climbing waiver, book a session, sign up for a course, contact us, or complete a form on our website;
  • through our systems — via our booking and CRM platform (BETA Climbing Designs) and our marketing platform (Mailchimp) when you transact with us;
  • automatically — when you use our website, via cookies and analytics tools;
  • from third parties — for example, when you interact with our pages on social media platforms;
  • from CCTV — when you visit one of our gyms.

Why we use your data, and our lawful basis

We only process personal data where we have a lawful basis under UK GDPR. The bases we rely on are:

  • Performance of a contract — to register you as a customer, take bookings, manage your membership, deliver coaching and sessions, and process payments and refunds.
  • Legitimate interests — to keep our gyms safe (including operating CCTV), prevent fraud, manage our day-to-day business, conduct internal analytics and customer research, and send service-related (non-marketing) communications.
  • Consent — for marketing emails, non-essential cookies, and the use of your image in our marketing.
  • Legal obligation — to keep accounting and tax records, respond to lawful requests from regulators, and comply with health and safety law.
  • Vital interests — to contact your emergency contact and respond appropriately if you are seriously injured at one of our gyms.

Who we share your data with

We share data only with parties who help us run the business, and only as far as is necessary. These include:

  • Booking and gym management software — BETA Climbing Designs Ltd.
  • Payment processors — including Dojo, Stripe and GoCardless.
  • Email and marketing platforms — Mailchimp.
  • Website, cloud and hosting providers — including Webflow and Google Workspace.
  • Analytics providers — Google Analytics and similar tools.
  • Professional advisers — our accountants, auditors and legal advisers, where they need access to perform their work.
  • Other parts of our group — Prior Management Holdings Ltd, as the holding company, may process data on a shared services basis on behalf of Recreational Fitness Limited, Prior Walls Limited and Flash Climbing Centre Limited.
  • Authorities and emergency services — where we are required to by law, or where it is necessary to protect a person's vital interests.

We do not sell your personal data, and we do not share it with third parties for their own marketing purposes.

International transfers

Personal data is stored within the UK and the European Economic Area wherever possible. Where any of our service providers transfer data outside the UK (for example, to US-based services), we rely on appropriate safeguards such as the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision made by the UK Government.

How long we keep your data

We keep personal data only for as long as we need it. Typical retention periods are:

  • Booking, membership and customer account records — up to 6 years after your last interaction with us, in line with HMRC and contract law requirements.
  • Accounting and tax records6 years after the end of the financial year they relate to.
  • CCTV footage30 days, unless retained longer to investigate a specific incident.
  • Marketing data — until you unsubscribe or withdraw consent, after which we keep a suppression record so that we do not contact you again.
  • Website analytics — in line with the retention settings of the analytics provider (typically up to 26 months).

Your rights

Under UK GDPR, you have the right to:

  • access the personal data we hold on you;
  • ask us to correct inaccurate or incomplete data;
  • ask us to delete your data, where we are not required to keep it;
  • ask us to restrict or object to certain processing;
  • request the data you have given us in a portable format;
  • withdraw consent at any time, where we rely on consent;
  • complain to the Information Commissioner's Office (ICO) at ico.org.uk or on 0303 123 1113.

To exercise any of these rights, contact us using the details below.

Cookies

Our website uses cookies for essential site functionality, performance analytics, and (with your consent) marketing. You can manage your preferences using the cookie banner on the site, or by changing your browser settings.

Security

We take appropriate technical and organisational measures to protect your data, including encryption in transit, access controls on internal systems, and the use of reputable, accredited third-party processors. No system is completely secure, however, and we recommend you choose a strong password and keep it confidential.

Changes to this Privacy policy

We may update this Privacy policy from time to time. The current version is always available on this page, and the date of the last update is shown at the top.

Contact us

If you have any questions about this Privacy policy or how we handle your data, or if you want to exercise any of your rights, contact us at: