House of Fitness BV
Effective Date: August 6, 2025

House of Fitness BV (hereinafter referred to as "we," "us," or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and share your personal data when you interact with our services, including personal training, crossfit, bootcamp, corporate fitness, events, health checks, online training videos, our website, and app. We operate in compliance with the General Data Protection Regulation (GDPR, known as AVG in Dutch) and other applicable data protection laws.

As the data controller, House of Fitness BV is responsible for your personal data. Our contact details are:

• Address: Rhoneweg 25, 1043 AH Amsterdam

• Email: info@houseoffitness.nl

• Phone: +31 6 17681683

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website with the revised effective date. We encourage you to review this policy periodically.

1. What Personal Data Do We Collect?

We collect personal data that you provide to us directly or that is generated through your use of our services. This includes:

• Identification and Contact Information: Name, address, email address, phone number, date of birth, and gender.

• Health and Fitness Data: Information from intake forms, anamnesis questionnaires, or health checks, such as weight, height, medical conditions, fitness goals, and any relevant health history (e.g., injuries or allergies). This may include special category data (sensitive personal data) under GDPR, which we process with your explicit consent.

• Payment Information: Bank details, payment card information, or other financial data for processing memberships, training packages, or events.

• Usage Data: Details about your participation in activities, training sessions attended, and feedback provided.

• Technical Data: IP address, browser type, device information, and usage patterns when you visit our website or app (collected via cookies or similar technologies).

• Marketing Preferences: Information about your consent to receive communications from us.

We may also collect data indirectly, such as from third-party partners (e.g., payment processors) or publicly available sources, but only where necessary and lawful.

If you are under 18 years old, we require consent from a parent or legal guardian before processing your data.

2. How Do We Collect Your Data?

We collect your data in the following ways:

• Directly from You: When you register for membership, complete an intake or anamnesis form, book a session, make a payment, contact us via email/phone, or provide feedback.

• Automatically: Through our website or app (e.g., via cookies for analytics and functionality) or during gym visits (e.g., access logs).

• From Third Parties: From service providers (e.g., payment gateways) or if you connect via social media.

3. Why Do We Process Your Data (Purposes and Legal Basis)?

We process your personal data for specific purposes, based on legal grounds under GDPR:

• To Provide and Manage Services (Legal Basis: Performance of a Contract): To process your membership, schedule training sessions, create personalized fitness plans, and ensure safe participation based on your health data.

• Administrative Purposes (Legal Basis: Performance of a Contract or Legitimate Interests): To handle billing, communications, and record-keeping.

• Health and Safety (Legal Basis: Explicit Consent for Special Category Data): To assess fitness suitability and provide tailored advice using health data from intake forms.

• Marketing and Promotions (Legal Basis: Consent): To send you information about our services, events, or offers (e.g., via email). You can withdraw consent at any time.

• Improvement and Analytics (Legal Basis: Legitimate Interests): To analyze usage patterns, improve our website/app, and enhance services.

• Legal Compliance (Legal Basis: Legal Obligation): To fulfill regulatory requirements, such as tax reporting or responding to authorities.

• Security and Fraud Prevention (Legal Basis: Legitimate Interests): To protect our systems and prevent misuse.

We do not use your data for automated decision-making that significantly affects you.

4. Who Do We Share Your Data With?

We do not sell or rent your personal data. We may share it with:

• Service Providers: Trusted third parties (e.g., payment processors, IT providers, or trainers) who assist us, bound by data protection agreements.

• Partners: For joint events or services, only with your consent.

• Legal Authorities: If required by law, such as for investigations or compliance.

• Within Our Group: If applicable, with affiliated companies for administrative purposes.

All recipients are required to handle your data securely and only for the specified purposes. We do not transfer data outside the EEA without adequate safeguards (e.g., Standard Contractual Clauses).

5. How Do We Store and Secure Your Data?

We store your data securely in servers in the Netherlands/EU with appropriate technical and organizational measures, including encryption, access controls, and regular security audits.

Retention Periods:

• Membership and health data: Kept for the duration of your agreement plus 7 years (for legal/tax purposes) or until you request deletion.

• Marketing data: Until you withdraw consent.

• Technical data: Up to 2 years for analytics.

Once no longer needed, data is securely deleted or anonymized.

6. Your Data Protection Rights

Under GDPR, you have the following rights:

• Right to Access: Request copies of your data.

• Right to Rectification: Correct inaccurate or incomplete data.

• Right to Erasure ("Right to be Forgotten"): Request deletion under certain conditions.

• Right to Restrict Processing: Limit how we use your data.

• Right to Object: Oppose processing based on legitimate interests or for marketing.

• Right to Data Portability: Receive your data in a transferable format.

• Right to Withdraw Consent: At any time, without affecting prior processing.

• Right to Lodge a Complaint: With the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at www.autoriteitpersoonsgegevens.nl.

To exercise these rights, contact us at info@houseoffitness.nl or +31 6 17681683. We will respond within one month (extendable if complex). We may require identity verification.

7. Cookies and Similar Technologies

Our website and app use cookies for functionality, analytics, and marketing. Types include:

• Essential Cookies: For site operation.

• Analytical Cookies: To track usage (e.g., Google Analytics).

• Marketing Cookies: For personalized ads.

You can manage cookies via your browser settings or our cookie banner. For details, see our Cookie Policy [Link if separate].

8. Links to Other Websites

Our site may contain links to third-party sites. We are not responsible for their privacy practices—review their policies.

9. Children’s Privacy

Our services are not directed at children under 16. If we discover we have collected such data without parental consent, we will delete it.

10. Contact Us

For questions, requests, or concerns about this Privacy Policy or your data, contact our Data Protection Officer at:

• Email: info@houseoffitness.nl

• Address: Rhoneweg 25, 1043 AH Amsterdam

• Phone: +31 6 17681683

If you believe we have not handled your data appropriately, you can complain to the Autoriteit Persoonsgegevens.