Privacy Policy

Last updated: 15 January 2026

HaveDiamonds Ltd ("we", "our", or "us") operates the website havediamonds.com and provides fitness services from our location at Patrick Street 6, Galway, H67 6879, Ireland. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Data We Collect

The data we collect helps us provide better services and improve your experience with HaveDiamonds. We may collect the following types of personal information:

• Personal Identification Information: Name, email address, telephone number, postal address, and date of birth
• Membership Information: Membership details, payment information, and service preferences
• Health and Fitness Information: Health questionnaire responses, fitness goals, and training records (with your consent)
• Website Usage Data: IP address, browser type, pages visited, time spent on pages, and referring websites
• Communication Records: Records of correspondence, enquiries, and support requests

How We Use Your Information

We use of your data is based on legitimate business interests and your consent where required. Specifically, we use your information to:

• Provide and manage your gym membership and fitness services
• Process payments and maintain billing records
• Communicate with you about your membership, classes, and our services
• Develop personalised fitness programmes and recommendations
• Ensure the safety and security of our facilities and members
• Comply with legal obligations and industry regulations
• Improve our services and develop new offerings
• Send you marketing communications (with your consent)

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: To provide our fitness services and fulfil our membership agreements
• Legitimate Interests: To operate our business, improve our services, and maintain facility security
• Consent: For marketing communications and processing sensitive health data
• Legal Obligation: To comply with financial, health and safety, and other legal requirements

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

• Service Providers: With trusted partners who assist in operating our business (payment processors, IT support, cleaning services)
• Legal Requirements: When required by law, court order, or government request
• Emergency Situations: To protect the health, safety, or rights of our members or staff
• Business Transfers: In connection with any merger, sale, or acquisition of our business

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this privacy policy and comply with our legal obligations. Specifically:

• Membership Data: Retained for the duration of your membership plus 7 years for financial and legal compliance
• Health Information: Retained for 7 years after your last visit for health and safety compliance
• Marketing Data: Retained until you withdraw consent or we determine it's no longer needed
• Website Analytics: Typically retained for 2 years for business analysis purposes

Your Rights

Under GDPR and UK data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another organisation
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Rights Related to Automated Decision Making: Rights regarding any automated profiling or decision-making

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include secure data storage, encryption, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. For detailed information about our use of cookies, please refer to our Cookie Policy.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses, or other legally recognised protection mechanisms.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last updated" date. Your continued use of our services after any changes indicates your acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal data, please contact us using the following details:

We aim to respond to all privacy-related enquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Irish Data Protection Commission or your local supervisory authority.