Privacy Policy

Introduction

CrystalAlluvium B.V. ("we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website, use our services, or interact with our fitness centre located at Berkenlaan 5, 1097 ZE Amsterdam, North Holland, Netherlands.

Data Controller Information

CrystalAlluvium B.V. acts as the data controller for the personal information we process. Our company is registered in the Netherlands under registration number NL72836419. You can contact us regarding privacy matters at [email protected] or by phone at +31 202277103.

Data Collection

We collect various types of information to provide and improve our services. The data we collect includes:

Information You Provide Directly

• Contact Information: Name, email address, phone number, and postal address when you enquire about our services or become a member
• Membership Information: Personal details required for membership registration, emergency contacts, and health-related information relevant to fitness activities
• Payment Information: Billing details and payment card information for membership fees and services
• Communication Records: Information from your correspondence with us, including emails, phone calls, and in-person conversations
• Health and Fitness Data: Information about your fitness goals, health conditions, dietary preferences, and progress tracking data

Information We Collect Automatically

• Website Usage Data: IP address, browser type, device information, pages visited, and time spent on our website
• Facility Usage: Access records, class attendance, and equipment usage patterns
• Cookies and Tracking Technologies: Data collected through cookies and similar technologies as described in our Cookie Policy

How We Use Your Information

We use your personal data for legitimate business purposes and to fulfil our contractual obligations. How we use your information includes:

• Service Provision: To provide fitness services, process membership applications, manage your account, and deliver personalised training programmes
• Communication: To respond to enquiries, send service updates, appointment reminders, and important facility notifications
• Payment Processing: To process membership fees, personal training sessions, and other service payments
• Health and Safety: To ensure the safety of all members and staff, maintain emergency contact information, and accommodate health-related needs
• Service Improvement: To analyse usage patterns, improve our facilities and services, and develop new programmes
• Marketing: To send promotional materials about our services, special offers, and fitness-related content (with your consent where required)
• Legal Compliance: To comply with applicable laws, regulations, and legal obligations

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary for membership agreements and service delivery
• Legitimate Interest: For business operations, facility management, and service improvement
• Consent: For marketing communications and certain optional services
• Legal Obligation: For compliance with health and safety regulations and tax requirements
• Vital Interest: For emergency situations and health-related safety measures

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please review our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

• Service Providers: With trusted third-party vendors who assist in providing our services (payment processors, software providers, cleaning services)
• Professional Partners: With certified nutritionists, physiotherapists, or medical professionals involved in your care (with your consent)
• Legal Requirements: When required by law, regulation, or legal process
• Emergency Situations: To protect health and safety in emergency circumstances
• Business Transfers: In connection with any merger, acquisition, or sale of business assets

International Data Transfers

Your personal data is primarily processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

• Access: Request copies of your personal data
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data in certain circumstances
• Restriction: Request limitation of processing in specific situations
• Portability: Request transfer of your data to another service provider
• Objection: Object to processing based on legitimate interest or for direct marketing
• Withdraw Consent: Withdraw consent for processing that relies on your consent

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month and may request identity verification.

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law. Generally, we retain member data for the duration of membership plus seven years for financial and legal compliance purposes. Marketing consent data is retained until you withdraw consent or we determine it's no longer relevant.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments. However, no method of transmission over the internet is completely secure.

Children's Privacy

Our services are primarily directed at adults. We do not knowingly collect personal information from children under 16 without parental consent. If we become aware that we have collected such information, we will take steps to delete it promptly.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting the updated policy on our website and, where appropriate, through other communication channels.

Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Supervisory Authority

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.