Privacy Policy

Introduction

BrightLibrarium B.V. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website, use our services, or interact with our fitness training centre.

Data Controller Information

The data controller for your personal information is:

Data Collection

The data we collect includes personal information that you voluntarily provide to us and information that is automatically collected when you use our website and services. We collect the following types of personal data:

• Contact information (name, email address, phone number, postal address)
• Fitness and health information (fitness goals, medical conditions relevant to training, dietary requirements)
• Payment information (billing details, payment card information)
• Website usage data (IP address, browser type, pages visited, time spent on site)
• Communication records (emails, phone calls, messages through our contact forms)
• Marketing preferences and consent records

How We Use Your Information

We use of your data for the following purposes, based on legitimate business interests and your consent where required:

• To provide and deliver our fitness training services and programmes
• To communicate with you about your bookings, appointments, and training schedules
• To process payments and manage your account
• To personalise your training experience and provide tailored fitness guidance
• To send you relevant marketing communications (with your consent)
• To improve our website, services, and customer experience
• To comply with legal obligations and protect our legitimate business interests
• To ensure the safety and security of our facilities and members

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Third Parties

We do not sell your personal information to third parties. We may share your information with:

• Service providers who assist us in operating our business (payment processors, email service providers, analytics providers)
• Professional advisors (lawyers, accountants, auditors)
• Regulatory authorities when required by law
• Emergency services if necessary for health and safety reasons

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and protect our legitimate business interests. Generally, we retain customer data for seven years after your last interaction with us, unless a longer retention period is required by law or you request earlier deletion of your data.

Your Rights

Under the General Data Protection Regulation (GDPR) and applicable privacy laws, you have the following rights regarding your personal data:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data to another service provider
• Right to object: Object to processing of your data for marketing purposes
• Right to withdraw consent: Withdraw your consent for data processing at any time

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption of sensitive data, secure data storage, regular security assessments, and staff training on data protection principles.

International Data Transfers

Your personal data is primarily processed within the European Union. If we need to transfer your data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.