Member Login

New York Athletic Club Privacy Policy


If you have any requests about your personal data or queries with regard to how we handle your data you can contact us by email [email protected] .  

What information do we collect?

We collect the following personal data about you:

Membership
When applying for membership the personal details you provide include your name, address, phone number, email address, business address, date of birth, a picture of yourself, information about your work and your industry sector. Depending on the membership type, we may collect information on spouses and/or dependents if listed as additional named persons on the account. We also collect your bank account information which is required for the processing of your membership application and continual renewal of your membership.  This information is held by a PCI-Compliant payment processor and not the NYAC.

Private Events
When an individual contacts us with a new enquiry we record the individual’s name, member number, or sponsoring member’s number to be able to send the client information on the event spaces. To confirm an event the client completes a booking form with their member or sponsoring member’s number

Guest Rooms
If sponsored by a Member, we will collect the Guests’ contact details and information about their stay such as the dates of stay. We also take payment details to enable us to process payment. To enable us to provide a high level of customer service we also collect additional information about guest requirements and preferences.

Security
To ensure the safety and security of our members, employees, and guests, we utilize video surveillance systems on our properties that may collect still and video images recorded by security cameras.

Incidents
When an individual contacts us regarding an incident, we will collect the individual’s name, e-mail address, phone numbers and details regarding the incident.  

Employee Recruiting
When an individual contacts us regarding a position, we will collect the individuals name, phone, home address, email address, employment history, references, education history, interests, and other information as necessary relative to the position being applied.  

Employment
As an employee we will collect and process the individuals name, phone, home address, email address, social security number, banking information (if direct deposit is elected), emergency contacts, family member(s) personal information as necessary to process benefits.  

Contractor\Vendor
As a contractor or vendor we will collect and process various personal information dependent on the nature of the contract and the relationship. For example, an independent contractor may supply us a SSN as a tax identification number. Information may include name, phone, business address, email address, tax identification number and banking information for payment.

Automatically Collected Personal Data

• Log Data
Our web servers record information (‘log data’) when you visit our site, including information that your browser sends automatically whenever you visit the site. Information recorded in this log data includes your browser type and settings, your Internet Protocol (‘IP’) address, the date and time of your request. An IP address is identified and logged automatically in our server log files when a user accesses our website, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Websites. We also may derive your approximate location from your IP address (Geolocation).

Cookies
What are cookies?
When you visit different websites small text files are stored on your computer. These are called ‘cookies’ and most websites use them for different purposes. Cookies may be used to improve your experience of a website, for example by making particular parts of a website work or remembering preferences you’ve selected. Cookies are also used to get a picture of how often people use a website, and how they are using it, so that improvements can be made to it.  

How we use cookies
Cookies help us to improve your experience of our website. For example, they allow us to: • Provide certain functionality such as the ability to adjust the size of the text, and to change the color of the text and the background, to suit your preferences. • Share video content with you. Monitor how our website is being used so that we can keep improving it. There is also a cookie which enables us to administer the website and make changes to the content.

Opting out
By visiting our website, some cookies will already have been stored on your computer. However, you can remove these and you can also change your browser settings to prevent them from being placed on your computer in future. For more information about this, please visit www.allaboutcookies.org.

Please note that if you choose to opt out of our cookies, this may affect your experience of our site. For example, you may not be able to view some of the content on our site such as embedded video content, Please note that one of the cookies we use on our website is strictly necessary for our site to work. Without it, you won’t be able  

Pixel Tags and other similar technologies - We collect data from pixel tags (also known as web beacons and clear GIFs), which are used to, among other things, track the actions of users of the Website or email recipients of HTML email communications (did you open the e-mail), measure the success of our marketing campaigns and compile statistics about usage of the Website.

Analytics - Google Analytics is a web analysis service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Websites. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/  and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

Aggregated Data. We may aggregate data that we collected, and this aggregated data will not personally identify you or any other user.

Social media
Depending on your settings or the privacy policies for social media services like Facebook, Instagram, LinkedIn, Pinterst, or Twitter, you may give us permission to access information from those accounts or services, such as your online behavior, should you interact with us on those services. The majority of this behavior is anonymized. For more information on how to control your privacy settings for these services, go to the following links:
Facebook - Privacy Policy
Instagram - Privacy Policy
Twitter - Privacy Policy
YouTube - Privacy Policy
LinkedIn - Privacy Policy
Pinterest - Privacy Policy

What are the purposes of processing personal data?

Contractual Purposes

We collect our members’ and guests personal information so that we can fulfil the contract and manage your relationship with us. For example, we may use personal information to create and manage a membership, set up an online membership account enabling you to manage your membership and communication preferences, and in creating and managing a reservation or event booking.  

Legal Obligation

We may be required to process and share personal data to comply with statutory obligations, for example in providing CCTV footage to the police in relation to the investigation of a criminal offence. Details of financial transactions are retained as are legally required.

Consent

We may also process your personal information due to the consent you have provided to us to do so, for example in opting in to receive marketing communications from us, in the form of our newsletter or other marketing emails pertaining to offers and events at the Club. You may withdraw consent at any time by emailing [email protected], page or by following the link to unsubscribe at the bottom of our newsletter emails.

Legitimate Business Interest

We will process your personal information to satisfy our legitimate business interests except where such interests are overridden by the interests or fundamental rights and freedoms of the individual.  

Employment and Employee Recruiting

As an applicant or an employee, we will process your information as necessary during the recruiting and employee application process and to satisfy our obligations to you as an employer upon hire to ensure a happy, productive, and safe work environment.  

Disclosure of information

To provide services the Club may use third party suppliers. On our behalf, as ‘processors’, these suppliers may process personal data. These suppliers have undertaken to protect that personal data and only process it under our instructions. We will never sell your personal information provided to us.  

We only share personal information that is strictly required for the purposes and take reasonable steps to ensure the third parties shall only process the personal information for those purposes.

We may share your data with the following suppliers:

• Card processing or payment services
• IT suppliers and contractors
• Web analytics suppliers
• Bedroom and restaurant booking system suppliers
• Providers of CRM, marketing and sales software solutions
• Other agents, outside vendors or service providers to perform functions on our behalf (e.g., analyzing data, providing marketing assistance,     providing customer service, processing orders, bankers, auditors, etc.)

As a Member, we may also share data with reciprocal clubs in the setting up of reciprocal visits. This is on request and based upon your consent.

At times we may also share your information for the following additional purposes:

• You request or authorize it.
• The information is provided to help complete a transaction for you, for example, a concierge request.  
• The information is provided to comply with the law, applicable regulations, court orders or subpoenas, to enforce our Terms of Use or other     agreements, or to protect our rights, property or safety – or the rights, property or safety of our users or others (e.g., to a consumer                 reporting agency for fraud protection).
• The disclosure is done as part of a purchase, transfer or sale of services or assets (e.g., in the event that substantially all of our assets are     acquired by another party, customer information may be one of the transferred assets)

Where does your data reside?

Your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

How do we protect data?

We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.  In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.  They will only process your personal data on our instructions and they are subject to a duty of confidentiality. .Employees are trained on the secure handling of personal information and current cybersecurity threats. We actively engage with third party cybersecurity firms to assess and help us mitigate cyber and information security risk.  

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  As such, we have put in place procedures to deal with any suspected personal data breach, and we will notify you and any applicable regulator of a breach where we are legally required to do so.

How long do we keep your information?

We will retain your Personal Information only for as long as necessary for the purposes set out in this Privacy Policy.  We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Website usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Website, or we are legally obligated to retain this data for longer time periods. these details secret and are not to share your log-in details or password with anyone else.

What are your rights in relation to your personal data?

You have the following rights with regards to your personal data:

• Request correction of the personal data that we hold about you.
• Request erasure of your personal data, under certain circumstances.
• Request the restriction of processing of your personal data. You have the right to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for us processing it.
• Request access to your personal data (commonly known as a ‘data subject access request’).
• If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
• The right to request your personal data to not be sold to third parties. (We do not sell your data to third parties).  

If you wish to exercise any of these rights please contact us by email atmailto:[email protected] [email protected]  

Children’s Privacy

The Club does provide services and activities in which children under the age of 13 may participate that involve the collection or use of personal information. We use reasonable efforts to ensure that before we collect any personal information from a child, the child's parent receives notice of and consents to our personal information practices.

A parent who has already given the Club permission to collect and use the child(s) personal information can, at any time:

• Review, correct or delete the child's personal information
• Discontinue further collection or use of the child's personal information

If you wish to exercise any of these rights please contact us by email atmailto:[email protected] [email protected]

Changes to our privacy policy

We reserve the right to amend this Policy from time to time without notice. Any changes we may make to our Privacy Policy in the future will be posted on this page. Please check back frequently to see any updates or modifications.

January 2020
 
Privacy Notice for California Residents

Effective Date: October 2021

Last Reviewed on: September 2021

This Privacy Notice for California Residents supplements the information contained in our privacy policy above and applies solely to all visitors, users, and others who reside in the State of California (”consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.

Categories of Information we collect

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
 
Category Examples Collected
A.Identifiers.  A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.  YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).  A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.  YES
C. Protected classification characteristics under California or federal law.  Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).  YES
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
E. Biometric information.  Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.  NO
F. Internet or other similar network activity.  Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.  YES
G. Geolocation data.  Physical location or movements.  NO
H. Sensory data.  Audio, electronic, visual, thermal, olfactory, or similar information.  NO
I. Professional or employment-related information.  Current or past job history or performance evaluations.  YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).  Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.  NO
K. Inferences drawn from other personal information.  Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.  NO

 
Sharing of Personal Information

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A - Identifiers.
Category B - California Customer Records personal information categories.
Category C - Protected classification characteristics under California or federal law.
Category F. Internet or other similar network activity.
Category I - Professional or employment-related information.  

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you.
• The categories of sources for the personal information we collected about you.
• Our business or commercial purpose for collecting or selling that personal information.
• The categories of third parties with whom we share that personal information.
• The specific pieces of personal information we collected about you (also called a data portability request).
• If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
              o sales, identifying the personal information categories that each category of recipient purchased; and
              o disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

3. Debug products to identify and repair errors that impair existing intended functionality.

4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.

7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

8. Comply with a legal obligation.

9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Calling us at 212-767-7000
• Emailing – [email protected]  

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account.  If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.  Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable.  For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

• Deny you goods or services.
• Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Provide you a different level or quality of goods or services.
• Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services