Privacy Policy

Last updated: December 2024

givesdsf B.V. ("we," "our," or "us") operates the givesdsf.life website and wellness studio services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Data Controller

givesdsf B.V. is the data controller for the personal data we process. You can contact us using the contact information provided at the end of this policy.

Data Collection

The data we collect includes personal information such as your name, email address, phone number, fitness goals, health information, and any other information you voluntarily provide when using our services or contacting us. We also collect technical information about your device and how you interact with our website through cookies and similar technologies.

Information We Collect Automatically

• IP address and device information
• Browser type and version
• Pages visited and time spent on our website
• Referring website addresses
• Cookie and tracking data

Information You Provide

• Contact information (name, email, phone number)
• Membership and account details
• Health and fitness information
• Communication preferences
• Payment information (processed securely by third parties)

How We Use Your Information

We explain how we use your information in this section. Your personal data is processed for the following purposes under the legal basis indicated:

• Service Provision: To provide wellness and fitness services (Legal basis: Contract performance)
• Communication: To respond to inquiries and provide customer support (Legal basis: Contract performance and legitimate interests)
• Health and Safety: To ensure safe use of our facilities and services (Legal basis: Legal obligation and vital interests)
• Marketing: To send promotional materials with your consent (Legal basis: Consent)
• Legal Compliance: To comply with applicable laws and regulations (Legal basis: Legal obligation)
• Business Operations: To manage our business and improve our services (Legal basis: Legitimate interests)

Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on one or more of the following legal bases:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of a contract with you
• Legal obligation: Processing is necessary for compliance with a legal obligation
• Vital interests: Processing is necessary to protect someone's life
• Legitimate interests: Processing is necessary for our legitimate interests

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• With service providers who assist in our business operations
• When required by law or to protect rights and safety
• In connection with a business transfer or merger
• With your explicit consent

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. Generally, we retain:

• Member data for the duration of membership plus 7 years for legal compliance
• Health and safety records for 7 years
• Marketing communications data until you opt out
• Website analytics data for 26 months

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request limitation of processing
• Right to data portability: Request transfer of your data
• Right to object: Object to processing of your personal data
• Right to withdraw consent: Withdraw consent at any time

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and staff training.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience on our website. For detailed information about our use of cookies, please refer to our Cookie Policy.

Third-Party Services

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new privacy policy on our website and updating the "Last updated" date.

Contact Information

If you have any questions about this privacy policy or wish to exercise your rights, please contact us at:

Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable data protection laws.