Privacy Policy

Rubicon Leisure

Privacy Policy – Updated 2025

Rubicon Leisure (RL) is a Local Authority Trading Company. Redditch Leisure facilities are operated by Rubicon Leisure on behalf of the Local Authority.

Rubicon Leisure collects and processes personal information to provide leisure services across our sites. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). We only collect the information necessary to deliver our services and process your data under the lawful bases set out below.

Legal Bases for Processing

Depending on the service, we use these lawful bases (UK GDPR Article 6):

Where we process special category data (e.g., health information), we do so under Article 9(2)(h) for health and social care purposes, or another applicable Article 9 condition.

Site-Specific Information

Abbey Stadium

Lawful basis: Contract (membership, facility hire, activities, newsletter subscriptions where requested) and legal obligation (RIDDOR reporting where applicable).

Children and capacity: Where the data relates to a child, a parent/guardian must complete the contract. Where a person is 18+ but lacks capacity, an appropriate adult/guardian must complete it.

What we collect may include:

Optional consent-based processing (PECR/marketing):

Pitcheroak Golf Course

Lawful basis: Contract (membership, pay-as-you-play, facility hire, club membership, newsletter subscriptions where requested) and legal obligation (RIDDOR where applicable).

What we collect may include:

Optional consent-based processing: communications in connection with your membership and events you are interested in.

Arrow Valley Visitor Centre

Lawful basis: Contract (newsletter subscriptions where requested, facility/function hire) and legal obligation (RIDDOR where applicable).

What we collect may include:

Optional consent-based processing: communications about your transactions and events you attend; promotions; audience insights to improve services. If you do not consent to additional processing, your rights are unaffected. You can browse the website or contact the Arrow Valley Visitor Centre directly without disclosing personal information. You will still receive essential transactional messages when you purchase tickets or book workshops.

Forge Mill Needle Museum

Lawful basis: Contract (newsletter subscriptions, events, activities, workshops, hires) and legal obligation for collections management (including compliance with the UNESCO 1970 Convention and the Dealing in Cultural Objects (Offences) Act 2003). RIDDOR applies for first aid incidents where required.

What we collect may include:

Optional consent-based processing: communications about your transactions and events you attend; promotions; audience insights to improve services. If you do not consent to additional processing, your rights are unaffected. You can browse the website or contact the Forge Mill Needle Museum directly without disclosing personal information. You will still receive essential transactional messages when you purchase tickets or book workshops.

Palace Theatre

Lawful basis: Contract (ticket purchases, workshop bookings, account creation, function hire, newsletter/email marketing subscriptions where requested) and legal obligation (RIDDOR where applicable).

What we collect may include:

Optional consent-based processing: communications about your transactions and events you attend; promotions; audience insights to improve services. If you do not consent to additional processing, your rights are unaffected. You can browse the website or contact the Box Office without disclosing personal information. You will still receive essential transactional messages when you purchase tickets or book workshops.

Youth Theatre

Lawful basis: Contract (membership) and legal obligation (RIDDOR where applicable). For under-13s, parental/guardian consent is required in line with the ICO’s Age-Appropriate Design Code. Where a member is 18+ but lacks capacity, an appropriate adult/guardian must complete the contract.

Data collected about your child may include:

Data collected about the parent/guardian may include:

Optional consent-based processing: images and video footage to promote Summer & Autumn shows on the website and social media.

Community Centres

Lawful basis: Contract (one-off or rolling facility hire) and legal obligation (where applicable).

What we collect may include:

Processing of Special Category Data

Where health information is collected (e.g., to ensure safe participation), this is processed in accordance with UK GDPR Article 9(2)(h) for health and social care purposes across: Abbey Stadium, Pitcheroak Golf Course, Arrow Valley Visitor Centre, Forge Mill, Palace Theatre and Youth Theatre.

Marketing Communications (PECR)

We will only send you marketing communications (e.g., newsletters, promotions) where we have your consent or where allowed by PECR. You can withdraw consent or change your preferences at any time (see “Contact Us”). Where you agree to be contacted, your data is kept until you withdraw consent or it is overwritten in line with our retention practices.

Who We Share Your Information With

We share data with trusted providers strictly for service delivery, under contract and with appropriate safeguards. Examples include:

Abbey Stadium

Pitcheroak Golf Course

Arrow Valley Visitor Centre

Forge Mill Needle Museum

Palace Theatre

Youth Theatre

Community Centres


Emergency situations: Where anyone requires medical attention, information may be shared with the emergency services. Information will not be shared other than as stated unless required by law or for safeguarding purposes.

Cookies and Tracking

We and third-party providers use cookies and similar technologies (e.g., pixel tags) on our websites and in our emails to improve services, measure performance and support marketing. You can manage your preferences at any time via our cookie banner and your browser settings.

We do not sell your personal data. We do not transfer data outside the UK/EEA unless appropriate safeguards are in place (such as adequacy regulations or standard contractual clauses).

How Long We Keep Your Information

Otherwise, where you enter into a contract or take part in activities, information is retained for the length of the contract and, where ongoing, refreshed annually.

Your Rights

Under UK GDPR you have the following rights (subject to conditions):

Automated Decision-Making

No decisions around this data are made by automated means.

CCTV Policy

CCTV and associated systems are used only for the following purposes:

Contact Us

To exercise your rights or ask questions about this policy, please contact:

Info@rubiconlesiure.co.uk

If you raise a concern with us and are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO) for independent advice and the right to complain.