Privacy Policy

1. Introduction

CipherPilotium B.V. ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with our wellness centre located at Schoolstraat 30, 4891 ET Breda, North Brabant, Netherlands.

This policy applies to all personal data processing activities carried out by CipherPilotium in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch data protection laws.

2. Data Controller Information

CipherPilotium B.V. acts as the data controller for your personal information. Our contact details are:

3. Data Collection

We collect various types of personal data when you interact with our services. The data we collect includes information you provide directly to us, information collected automatically through our website and services, and information received from third parties where you have consented to such sharing.

3.1 Information You Provide

• Contact information (name, email address, phone number, postal address)
• Account registration details and login credentials
• Membership and subscription information
• Health and fitness information relevant to our services
• Payment and billing information
• Communication preferences and marketing consent
• Feedback, reviews, and correspondence with us

3.2 Automatically Collected Information

• Website usage data and analytics information
• Device information (IP address, browser type, operating system)
• Cookies and tracking technologies data
• Access logs and security monitoring data

4. How We Use Your Information

We process your personal data for various purposes based on different legal grounds under GDPR. How we use your information depends on the services you use and your relationship with CipherPilotium.

4.1 Service Provision

• Providing access to our wellness centre and fitness facilities
• Delivering personalised training and wellness programmes
• Processing membership applications and managing accounts
• Scheduling appointments and managing bookings
• Processing payments and managing billing

4.2 Communication and Support

• Responding to enquiries and providing customer support
• Sending service-related notifications and updates
• Providing information about our programmes and services
• Conducting member satisfaction surveys and feedback collection

4.3 Marketing and Advertising

With your consent, we may use your information for marketing purposes, including sending promotional materials about our services, special offers, and wellness tips. We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website traffic, and support our marketing efforts. We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services.

For detailed information about the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With service providers who assist us in operating our business (payment processors, IT support, marketing platforms)
• When required by law, legal process, or government authorities
• To protect our rights, property, or safety, or that of our members and staff
• In connection with a business transfer, merger, or acquisition
• With your explicit consent for specific purposes

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on the type of data and the purpose for which it was collected.

• Membership and account data: Retained for the duration of your membership plus 7 years for legal and tax purposes
• Marketing communications: Until you withdraw consent or request deletion
• Website analytics data: Typically retained for 26 months
• Financial records: Retained for 7 years in accordance with Dutch law

8. Your Rights

Under GDPR and Dutch data protection law, you have several rights regarding your personal data. These rights include the ability to access, correct, delete, or restrict the processing of your information.

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data under certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data to another organisation
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include encryption, access controls, regular security assessments, and staff training on data protection principles.

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining industry-standard security practices.

10. International Data Transfers

Your personal data is primarily processed within the European Union. If we transfer your data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or certification schemes approved by the European Commission.

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

12. Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us using the following contact information:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your data protection rights have been violated.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and, where required by law, by sending you a direct notification. Your continued use of our services after such changes constitutes acceptance of the updated Privacy Policy.