Privacy Policy

Introduction

withpavilm B.V. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website withpavilm.live, use our services, or interact with us.

This policy applies to all users of our services and website visitors. By using our services or website, you consent to the data practices described in this policy.

Data Controller

For the purposes of the General Data Protection Regulation (GDPR), withpavilm B.V. is the data controller. Our contact details are:

Data Collection

The data we collect includes personal information that you voluntarily provide to us when you register for our services, make inquiries, or interact with our website. We may collect the following types of information:

Personal Information

• Name and contact information (email address, phone number, postal address)
• Date of birth and age
• Health and fitness information (medical history, fitness goals, dietary requirements)
• Payment information (processed securely through third-party payment processors)
• Emergency contact information
• Photos and videos (for progress tracking and marketing, with your consent)

Technical Information

• IP address and device information
• Browser type and version
• Website usage data and analytics
• Cookies and similar tracking technologies

How We Use Your Information

We explain how we use your information to provide and improve our services, communicate with you, and fulfil our legal obligations. The use of your data is based on the following legal grounds under GDPR:

Service Provision (Contract Performance)

• Providing fitness training and coaching services
• Creating personalised workout and nutrition plans
• Scheduling appointments and managing bookings
• Processing payments and managing memberships
• Tracking your progress and providing feedback

Legitimate Interests

• Improving our services and website functionality
• Sending service-related communications
• Conducting analytics to understand user behaviour
• Ensuring the security of our systems and services

Consent

• Marketing communications (you can opt-out at any time)
• Use of photos/videos for marketing purposes
• Non-essential cookies and tracking

Legal Compliance

• Compliance with health and safety regulations
• Tax and accounting requirements
• Responding to legal requests and court orders

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: We may share data with trusted third-party service providers who assist us in operating our business (e.g., payment processors, email services, analytics providers)
• Legal Requirements: We may disclose information when required by law or to protect our rights, property, or safety
• Emergency Situations: We may share emergency contact information with medical professionals if necessary
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes. Our retention periods are as follows:

• Active Members: We retain data for the duration of your membership plus 2 years
• Former Members: We retain essential data for up to 7 years for legal and tax compliance
• Marketing Data: We retain marketing consent and related data until you withdraw consent or 3 years of inactivity
• Website Analytics: We retain website usage data for up to 26 months
• Health Data: We retain health and fitness data for up to 7 years or as required by law

After the retention period expires, we securely delete or anonymise your personal data.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data in certain circumstances
• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Data Portability: You can request your data in a portable format
• Right to Object: You can object to certain types of data processing
• Right to Withdraw Consent: You can withdraw consent for data processing based on consent

To exercise any of these rights, please contact us at privacy@withpavilm.live. We will respond to your request within 30 days.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure data storage and backup procedures
• Regular monitoring for security breaches

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

International Data Transfers

We primarily process your data within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules or certification schemes

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not provide any personal information to us. If we become aware that we have collected personal data from a child under 16, we will delete such information promptly.

For individuals aged 16-18, we require parental or guardian consent before providing our services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification (if we have your email address)
• Providing notice through our services

The updated policy will be effective from the date specified in the "Last updated" section. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority

If you believe we have not handled your personal data in accordance with this policy or applicable law, you have the right to lodge a complaint with the relevant supervisory authority: