Privacy Policy

Introduction

Lunar Catalyst B.V. ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, use our services, or interact with our fitness club located at Berkenlaan 48, 1354 BW Almere, Netherlands.

As the data controller, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws in the European Union and Netherlands.

Data We Collect

The types of personal data we collect depend on how you interact with our services. We collect the following categories of personal information:

Personal Identification Information

• Full name and contact details (email address, phone number, postal address)
• Date of birth and age verification information
• Emergency contact information
• Government-issued identification numbers (for membership verification)

Health and Fitness Information

• Health questionnaires and medical history relevant to fitness activities
• Fitness assessments and body composition data
• Workout preferences and fitness goals
• Personal training session notes and progress tracking

Membership and Payment Information

• Membership type, start date, and billing information
• Payment method details and transaction history
• Class bookings and facility usage records

Technical and Website Data

• IP address, browser type, and device information
• Website usage data, pages visited, and interaction patterns
• Cookie preferences and tracking consent

How We Use Your Information

We process your personal data for specific, legitimate purposes based on lawful grounds under GDPR. Here's how we use your data and the legal basis for each purpose:

Service Provision (Contract Performance)

• Processing membership applications and managing your gym membership
• Providing access to fitness facilities and equipment
• Delivering personal training services and group fitness classes
• Processing payments and managing billing

Safety and Legal Compliance (Legal Obligation)

• Ensuring health and safety compliance within our facilities
• Meeting regulatory requirements for fitness service providers
• Maintaining accurate records for tax and accounting purposes

Legitimate Business Interests

• Improving our services and facilities based on member feedback
• Analysing usage patterns to optimise class schedules and equipment
• Preventing fraud and ensuring facility security
• Communicating important updates about our services

Marketing Communications (Consent)

With your explicit consent, we may use your contact information to send you marketing communications about new services, special offers, and fitness-related content that may interest you. You can withdraw this consent at any time.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

Our website uses various types of cookies including necessary cookies for basic functionality, analytics cookies to understand website performance, and marketing cookies for personalised advertising. For detailed information about our cookie usage, please refer to our Cookie Policy.

Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share your information only in the following circumstances:

• Service Providers: We work with trusted third-party service providers who assist us in operating our business, such as payment processors, cloud storage providers, and marketing platforms
• Legal Requirements: We may disclose your information if required by law, court order, or to protect our rights and safety
• Emergency Situations: We may share relevant health information with emergency services if necessary for your safety
• Business Transfers: In the event of a merger, acquisition, or sale of our business, your information may be transferred to the new entity

All third-party service providers are required to maintain appropriate security measures and use your data only for the specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with our legal obligations:

• Active Membership Data: Retained for the duration of your membership plus 3 years for service history and potential re-enrollment
• Financial Records: Retained for 7 years in accordance with Dutch tax and accounting regulations
• Health and Safety Records: Retained for 7 years to comply with health and safety regulations
• Marketing Consent: Retained until you withdraw consent or for 3 years of inactivity
• Website Analytics: Typically retained for 26 months in accordance with Google Analytics settings

After the retention period expires, we securely delete or anonymise your personal data in accordance with our data retention schedule.

Your Rights

Under GDPR and Dutch data protection law, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training on data protection
• Secure payment processing through PCI DSS compliant providers
• Regular backups and disaster recovery procedures

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protection measures.

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses approved by the European Commission
• Certification schemes or codes of conduct

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are under 16, please do not provide any personal information through our website or services. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

For minors aged 16-18, we require parental consent before processing their personal data for membership services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this policy.

For significant changes that affect your rights, we may provide additional notice through email or prominent website notifications. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, please contact us using the following information:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable data protection laws.

Supervisory Authority

If you have concerns about our data processing practices that we cannot resolve, you have the right to contact our supervisory authority: