Privacy Policy

Last updated: December 2024

Data Controller

centurlqaq B.V. is the data controller responsible for your personal information. Our contact details are:

Data Collection

The data we collect includes personal information that you provide to us directly and information we collect automatically when you use our services. We collect this information to provide you with our CrossFit training services and to improve your experience at our facility.

Specifically, the data we collect includes:

• Personal Information: Name, email address, phone number, date of birth, emergency contact information
• Health Information: Medical conditions, injuries, fitness level, health questionnaire responses
• Membership Information: Membership type, payment information, class attendance records
• Communication Data: Messages, emails, and other communications with us
• Technical Data: IP address, browser type, device information when visiting our website
• Usage Data: How you use our services, facility access records, class participation

How We Use Your Information

We explain how we use your information to provide and improve our CrossFit training services. The use of your data is essential for delivering safe, effective, and personalised fitness training.

We use your information for the following purposes:

• Service Provision: To provide CrossFit training services, manage your membership, and ensure your safety during workouts
• Health and Safety: To assess your fitness level, accommodate medical conditions, and provide appropriate modifications
• Communication: To contact you about classes, schedule changes, promotions, and important facility updates
• Payment Processing: To process membership fees and other payments for our services
• Legal Compliance: To comply with legal obligations and protect our legitimate interests
• Improvement: To improve our services, develop new programs, and enhance your experience

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our membership agreement with you
• Consent: Where you have given explicit consent for specific processing activities
• Legitimate Interests: For our legitimate business interests, such as improving services and ensuring facility security
• Legal Obligation: To comply with legal requirements and regulations
• Vital Interests: To protect your health and safety during training activities

Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: With trusted third parties who assist us in operating our business (payment processors, software providers)
• Emergency Situations: With emergency services or medical professionals if your health or safety is at risk
• Legal Requirements: When required by law, court order, or government regulations
• Business Transfers: In the event of a merger, acquisition, or sale of our business assets

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Specifically:

• Active Members: We retain your data while you maintain an active membership with us
• Former Members: We retain essential data for 7 years after membership termination for legal and tax purposes
• Health Information: Retained for 10 years or as required by healthcare regulations
• Marketing Data: Retained until you withdraw consent or request deletion
• Website Data: Technical data is typically retained for 24 months

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data in certain circumstances
• Restriction: Request limitation of processing in specific situations
• Portability: Request transfer of your data to another service provider
• Objection: Object to processing based on legitimate interests or for marketing purposes
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure storage systems with access controls
• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Staff training on data protection and confidentiality
• Physical security measures at our facility

Cookies and Website Data

Our website uses cookies and similar technologies to improve your browsing experience and analyse website usage. For detailed information about our cookie practices, please see our Cookie Policy.

You can control cookie settings through your browser preferences, though this may affect website functionality.

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us about your personal data, please contact us using the following information:

We will respond to your requests within one month of receipt. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).