January 16, 2023
How do you feel about this identification process?I would love to hear your opinions and perspectives. You can reach me on LinkedIn or Instagram.
New Year, new habits. Or old habits but maybe in a new environment. That's how I got to this week's article topic. I was looking online for available gyms in the city (Zagreb, Croatia) where I can signup up and restart my workout journey. And it is again related to User Experience. Coincidence? Certainly not! When we (designers) say User Experience is all around us, it truly is, in one way or another.
So I have been to a few different gyms around the city with and without a Multisport card (that is a card for employees to visit a network of recreational centres including gyms, sports clubs and even wellness & spa centres) and never bothered to check in detail their monthly memberships or the way they issue their contracts. Recently, I started researching the topic before getting into a year-long commitment by signing in a contract.
So one gym, in particular, stood out the most. I knew it had a lot of traffic because of its marketing of being a 24/7 gym with multiple locations around the city. Awesome, right? That value proposition is enough as it is to stand out from the competition, and I am talking about the multiple locations, not the 24/7 element. Because for me, as a freelancer (potential user), the time doesn't seem as impressive as the flexibility to explore different locations of the gym's chain.
Okay, where is the catch, Nikoleta? Well, here we are, at my user journey, very excited and ready to apply and sign up for the contract to pay a monthly membership. But then, at the front of their reception desk, I caught myself second-guessing.
I connected the dots and thought: wait a minute.
Why? Why and how come they are allowed to have so many advantages and on top of that, the lowest price on the marketplace?
Monopoly Definition: A market structure characterized by a single seller, selling a unique product in the market. In a monopoly market, the seller faces no competition, as he is the sole seller of goods with no close substitute.
And then, I saw the two-door entrance, the fingerprint identification, contract printed out and put in front of the reception desk cameras were visible too. And when my friend told me they should take my photo and my fingerprint, when they are supposed to give me the membership card, I was like, what?! Why? Why do you need so much personal information to enter a gym? Can I trust this company with having my likeness in such a way?
Then the research started naturally in a more detailed-oriented way from the perspective of a user and UX designer. I began to recall when and where was the last time I provided such sensitive information. Was anyone else giving it away easily as to a gym? The last time giving my fingerprint and having my photo taken was when I renewed my passport, and the time before was when I created my ID card (not sure if this was required for my driving license). I also asked on my Instagram story about when was the last time they provided such information and to whom. The answers were:
No wonder since this personal data is classified as "special category data" under the GDPR, and the biggest risk is for the data controller, in this case, the gym. Going a stage further, explicit consent requires you to inform the data subject EXACTLY how their data will be processed by the activity, who runs the system (internal, or 3rd party supplier), how the data will be stored, how long you intend to keep it for and what the inherent risks are (if any) to this activity ie, if the data is breached, what are the implications for the individual? Also, are you able to demonstrate this is the most appropriate processing activity? Could it have been achieved by the activity of lesser risk?
Lots of questions and situations to consider:
What are the alternatives to keeping the 24/7 policy but also making sure that is not abused?
2. Gated Access Systems
3. Other solutions
4. Hybrid Door Access System - Hybrid door access systems are a combination of a traditional physical security barrier such as a gate with a cloud-based entry control system. Such systems suit gyms that require the use of different credential options such as key fobs and key cards.
All in all, there are other solutions to prevent the prohibited entry of unauthorised members. And, if you as a business owner decided to proceed and use this method for identification, make sure to provide reassurance to users that their privacy is being protected and respected.
Thank you for reading! Subscribe to my newsletter for more interesting articles. Have a great week! 🪄
I will check my availability and get back to you within 24 hours.