Data Protection Notice

1. Statement of intent

At Aspria, your privacy and the security of your personal data is very important to us.

We want to transparently explain:

  • Why we process your personal data and how we do that including what we do to protect it.
  • The controls and choices you have around when and how you choose to share your personal data.
  • Your rights and who to contact if you have any concerns.

We endeavour to implement and maintain the highest standards with regard to Data Protection and adopt policies in line with the highest level of compliance – the EU GDPR & UK GDPR.

We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.

2. Contact Us

Aspria Holdings BV are the Data Controller who operate across various European markets (Belgium, Germany & Italy) and are registered with:

Aspria Holdings BV

Luna ArenA, Herikerbergweg 238
1101 CM Amsterdam
PO BOX 23393 

whose registered office is located at:
Hill Place House
55A High Street
Wimbledon
London, SW19 5BA
United Kingdom

Tel: +44 20 8944 4087

Mail: info@aspria.com

Website: www.aspria.com

CEO and Founder: Brian Morris

Legal form: Aspria Holdings BV

Registered office of the company: Amsterdam

Register court: Chamber of Commerce, Amsterdam, company number 33287052

VAT reg. No: GB 977120508

If you need to contact us you can chose to do that via our Data Protection Officer  

 

  • Post – Address: 

Aspria Holdings BV 

c/o Aspria Berlin GmbH 

Karlsruher Str. 20 

10711 Berlin 

Germany 

Attn: Data Protection Officer 

If you have any concerns regarding how we are processing your personal data we’d like the opportunity to address them – Please contact us via dataprotection@aspria.com 

If you believe we have not addressed your concerns you can contact your local Data Protection Authority 

3. Why we process your Personal Data

We provide various services and offers based upon the relationship you have with us - Aspria Holdings BV.  

For example, this could be: 

  • A member of one of our clubs 
  • A visitor or booking a hotel stay  
  • A website visitor 

The Personal Data we process will vary according to the services you subscribe to and the functionality you use. As in order to provide various services we process personal data. 

The lawful basis we process data under GDPR is either: 

  • Consent 
  • Contract 
  • Legal Obligation 
  • Legitimate interest 

There are two further grounds – vital interest & public interest, but we only process data under one of these lawful basis when required. 

When we need to process what is classed as special category data e.g. data revealing racial or ethnic origin etc. we will only do so if we have a lawful exemption such as your explicit consent. 

4. Giving you choice and control – Your Rights

We aim to process data in line with the principles of fair and transparent processing. This Data Protection Notice is aimed at informing you of our purposes of processing Personal Data and your rights. 

We aim to supplement this by highlighting to you at points where we request / collect personal data in a timely manner and appropriate format. 

You have various rights to understand the processing of Personal Data we conduct and to control how we use your data dependent upon the lawful basis the including: 

  • Your right of access - You have the right to ask us for copies of your personal information. 
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances. If we are processing on the basis of consent you can withdraw your consent at any time. 
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

4.1 To learn more about these right please visit

4.2 Exercising your rights

Please contact us at dataprotection@aspria.com or by post if you wish to make a request.  

You are not required to pay any charge for exercising your rights.  

If you make a request, the designated period to respond to you is one month but we aim try to respond to you as quickly as feasible. 

We regularly review the methods we adopt to support and facilitate your data rights. 

5. Data Purposes : Personal Data we process & Why

We process personal information when you use our products and services based upon the relationship you have with us.

5.1 Generic Processing - All Data Subjects

When you communicate with us we process: 

  • Contact Data - Personal information about people so that we can communicate with you and to administer correspondence with you e.g. information you provide e.g. Your email address. 
  • Correspondence Data - Information relating to our correspondence with you e.g. relating to your query. 

To fulfil a query, request for services and/or to administer our services

  • Contact Data 
  • Correspondence Data
  • Email Address
  • Telephone Number
  • General Query

Legitimate Interest - General business communication

5.2 Website Users

When you visit a website in addition to General communication data we also process:  

  • Marketing Data - Personal information you provide to us so that we can keep you updated of products and services relating to our services.  
  • Website Usage Data - Information of how you use or interact with our services through our website. This enables us to analyse the website performance & improve its effectiveness. 

Marketing Data

  • Contact Data
  • Email Address
  • Name
  • Mobile Number
  • Main Club

Consent

Website Analytics & email Effectiveness

  • Pages visited etc.
  • Pages visited
  • Emails opened 

Consent

Guaranteeing effective customer service and technical support

  • Technical Data
  • IP address
  • Date and time of enquiry
  • Time zone 
  • Requested provider
  • The page visited previously (referrer URL)
  • Browser type and version
  • Operating system

Legitimate Interest

We offer the ability to withdraw your consent / unsubscribe in all our emails but please contact us if you wish to withdraw your consentor exerciseyourrightto object to Direct Marketing. 

5.3 Membership / Booking Data

When you join our one of our clubs or transact as with us we process: 

  • Activity Data – so we can provide you with a service or product.  
  • Financial Data - to fulfill contractual obligations or confirm booked services.

Activity Data

  • Transactional Data
  • Membership number
  • Membership type
  • Classes

Contractual

Financial Data

  • Financial Information
  • Bank details
  • Financial transactions 

Contractual

Service messages related to membership

  • Communication Data
  • Email address
  • Name
  • Home Club
  • Phone number
  • Postal address

Contractual

Commercial Messages

  • Communication Data
  • Email address
  • Name
  • Home Club
  • Phone number
  • Postal address

Consent

Insurance reasons, security measures for the benefit of members, guests, staff & visitors

  • Video records
  • Video (CCTV)
  • Entry date & time
  • Exit date & time

Legitimate Interest

Collecting Feedback

  • Communication Data
  • Email address
  • Name
  • Home Club
  • Membership Type

Legitimate Interest

COVID-19 tracking regulations

  • Tracking Data
  • Name
  • Email address
  • Address
  • Phone number
  • Date & time of visit

Legal obligations

5.4 Children’s Data

  • Where we process children’s personal data, we only do this with the consent of their guardian(s) for the purpose of being guest and/or member, and to ensure to follow safety & security of the children. 
  • Where we process children's health data, such as like allergies, we only do this to apply legal obligations and for the benefit of the children. 

Activity Data

  • Transactional Data
  • Membership number 
  • Membership type 
  • Classes 

Contractual

Technical messages and communications
(ofGuardian(s))

  • Communication Data
  • Email address 
  • Name 
  • Home Club 

Contractual

Guardian(s) contacts

  • Communication Data
  • Email address 
  • Name 
  • Phone number 

Contractual

Medical Status 

  • Health Data
  • Allergies

Legal Obligations

Physical Health Status

  • Health Data
  • Heart condition 
  • High blood pressure 

Consent

Insurance reasons, security measures for the benefit of our members, guests, staff & visitors

  • Video
  • Video (CCTV) 
  • Entry date & time 
  • Exit date & time 

Legitimate Interest

Collecting Feedback 

  • Communication Data
  • Email address 
  • Name 
  • Home Club 
  • Membership type 

Legitimate Interest

5.5 Health Data 

  • Where we collect health data of our members, such as weight... etc. - we only do this on the basis of given consent, for the purpose of health questionnaires, health checks, to create training plans and monitor training activities for the benefit of the member. 
  • Where we process personal health data such as vaccination status, infection recovery status and/or SARS-CoV-2 Test status according to the current local regulations of the government, we only do this on the basis of our legal obligations and for the purpose of measures against the pandemic situation (Covid-19/Corona). 
  • Same applies to personal data of guest, visitors and others entering our facilities for the purpose of tracking in case of Covid-19 infections and on the basis of our legal obligations. 

Physical Health Status

  • Health Data
  • Weight 
  • Size 
  • Heart condition 
  • High blood pressure 
  • Date of Birth 

Consent

Medical Status

  • Health Data
  • Medical certificate

Legal obligations

COVID-19 regulations

  • Health Data
  • Vaccination status 
  • Infection recovery status  
  • SARS-CoV-2 Test status 

Legal obligations

5.6 Further Cohorts of Data Subjects

When you contact us or are interest in any service of our clubs

Commercial messages relating to our services & marketing measures

  • Communication Data
  • Name 
  • Email address 
  • Phone number 
  • Postal address 
  • Ex-member contract details 
  • Main club 

Consent

We offer the ability to withdraw yourconsent / unsubscribein all our emails,but please contact us if you wish to withdraw your consent or exercise your right to object to Direct Marketing.

5.7 App Users

We process data based on two broad categories via the myAspria App for members: 

  • Customer Account Data - Personal information about customers. This is so that we can communicate with you and to administer your account if you subscribe to our services. 
  • App Usage Data - Information of how you use or interact with our services through our Applications. This data provides us with the ability to provide the personalised services to you.  

We ask for certain Customer Account Data information, such as your contact details, when you sign up for an account with us through our application. 

When you download our application various categories of data will be requested – Further detail regarding this is available at 

We use App Usage Data to provide services to you and to carry out necessary functions of our business. 

As a subscriber to, or when you visit our website, we collect some information automatically in order to help us analyse and report information on how you use our services in order to improve the functionality offered for users.  

Summary of Data Processing purposes: 

To fulfil a query, request for services and/or to administer our services

  • Customer Account Data 
  • Usage Data 
  • Subscription type 
  • Login Information 

Performance of a contract or agreement

To fulfil a query, request for services and/or to administer our services

  • Customer Account Data 
  • Usage Data 
  • Financial Information

Legal Obligation

Marketing messages about our products and services.

  • Customer Contact Data
  • Email Address 
  • Mobile Phone Number 

Consent

Segmentation and analysis of app use and website performance

  • Customer Account Data 
  • Usage Data 
  • Use of services 
  • Preferences 

Our Legitimate interest e.g. Business Performance

  • Leisure Club Day Visitor Data  
  • Hotel Guest Data  
  • Suppliers Data  
  • Staff and Contractors Data  

6. How we manage & store your personal information

We are committed to protecting our users’ personal data and to help protect the security of your personal data. 

In order to do this we: 

  • Implement robust technical and organisational measures including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems. 
  • Limit access to your personal data to employees, and any third parties who we contract need to know. 
  • Regularly assess our Technical and Organisational Measures to ensure they are appropriate. 

6.1 Data Recipients

We provide access for employees and contractors across the Aspria Group to Personal Data on the principle of least privilege (PoLP) - users are given the minimum levels of access – or permissions – needed to perform his/her job functions. 

All Aspria Holdings staff receive regular awareness briefings regarding the importance of Data Protection.  

6.2 Data Transfers

In order to carry out the activities specified in this Notice and enable global access to our services we store and distribute content and data in systems and data centres that we use around the world. 

For some activity personal data collected within the European Union and Switzerland is transferred to and processed by third parties located in an external country subject to privacy laws that are different from those in the country you live in. 

Where we need to do this either directly or through third party data processors we contract with, we  

  • ensure that the transfer of your personal data is carried out in accordance with applicable data protection laws e.g. for example we rely upon  
  • GDPR & UK GDPR mutual adequacy agreements for Transfer of Data internally within the Aspria Group 
  • Standard Contractual Clauses as approved by the EU Commission – we will have transferred all suppliers relying upon SCC’s to the new approved SCC’s by 27th December 2022  

In addition to the lawful transfer mechanism we conduct analysis of the effectiveness of the transfer mechanism to support your Rights and Freedoms with our processors.   

6.3 Who manages & processes data 

To provide our services we use third party data processors to provide elements of services for us. 

For our data processors we have contracts in place with them to ensure that they process the data provided to them only for the purposes we have instructed them to. We also specify that they implement specific data minimisation practices and that they will hold data securely and retain it for the period we instruct. 

In selecting suppliers and during the contract we regularly review and assess the third parties we use to ensure that they abide with the principles of the GDPR. 

7. Data Retention / Deletion

We keep your personal data only as long as: 

  • Necessary to provide you with our Service. 
  • And for legitimate and essential business purposes, such as maintaining the performance of the webapp, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. 

We will delete specific personal information you request unless we are legally allowed or required to maintain certain personal data – where it prevents us from carrying out necessary business functions, such as: 

  • If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute we will retain the necessary personal data until the issue is resolved; 
  • Where we need to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law; and/or, 
  • Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users. 

8. Cookies and related technologies

Cookies are pieces of information that are transferred from our web server to your web browser and are stored there for future visits to our site. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and are saved by your browser. 

The cookies on our website do not collect any personal data. Our website can be viewed without cookies. The first time you visit our website, we ask if you agree to store cookies and provide the option to adjust the type collected. 

Previously saved cookies can be deleted in your browser’s system settings. Cookies provide an optimum website experience and deactivating cookies may restrict the function of the website. 

De-Bug Bear

Website performance/optimisation

Used to identify opportunities for improved website performance and optimisations related to user device,speedand site experience.

Facebook

Lead generation/social networking

With its help, we can track users' actions after they've seen or clicked Facebook advertising in order to track the effectiveness of our Facebook advertising for statistical and market research purposes. The data collected in this way is anonymous for us, ie we do not see the personal data of individual users.

Google

Website Analytics & Adwords advertising

Analytics: These cookies are used to collect information about how visitors use our Site. We use the information to compile reports and to help us improve the Site. The cookies collect information in an anonymous form, including the number of visitors to the Site, where have come to the Site from and the pages they visited. If you do not allow these cookies we will not be able to include your visit in our statistics. Adwords: In the case of Google AdWords, each AdWords client receives a different cookie. Cookies cannot, therefore, be tracked across the websites of AdWord clients. The information obtained through conversion cookies serves to produce conversion statistics for AdWords clients who have opted for conversion tracking. AdWords clients see the total number of users who have clicked on their ad and been forwarded to a page with a conversion tracking tag. However, they do not receive any information enabling them to personally identify users.

HotJar

Website Analytics

Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device'sIP address (captured and stored only in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only).

HubSpot

Lead Generation / Email Communication

Cookie: _hstc
Name: HubSpot
Purpose:  The main cookie for tracking visitors. It contains the domain, uk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). Cookie: hubspotuk
Name: HubSpot
Purpose: This cookie is used to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when de-duplicating contacts. Cookie: _hssc
Name: HubSpot
Purpose:  This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstccookie. It contains the domain, viewCount(increments each page View in a session), and session start timestamp. Cookie: _hssrc
Name: HubSpot
Purpose: Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.

LinkedIn

Lead generation /social networking

With its help, we can track users' actions after they've seen or clicked LinkedIn advertising in order to track the effectiveness of our LinkedIn advertising for statistical and market research purposes. The data collected in this way is anonymous for us, ie we do not see the personal data of individual users.

Supermetrics

Website analytics

Main purpose of Supermetrics is to provide a connection between different Digital data sources, mainly for Social Media.

Vimeo 

Video Hosting

We embed videos from our official Vimeo channel. When you press play Vimeo will drop third party cookies to enable the video to play and to collect analytics data such as number of views and how long a viewer has watched the video. These cookies do not track individuals. 

YouTube 

Video Hosting

We embed videos from our official YouTube channel. When you press play YouTube will drop third party cookies to enable the video to play and to collect analytics data such as number of views and how long a viewer has watched the video. These cookies do not track individuals. 

Xing 

Lead generation/social networking

With its help, we can track users' actions after they've seen or clicked Xing advertising in order to track the effectiveness of our Xing advertising for statistical and market research purposes. The data collected in this way is anonymous for us, ie we do not see the personal data of individual users.

9. Third party websites

Through our app or our website links to third-party websites may be displayed.  

If you click on a link external to our Service, please understand that you are leaving our Service and we do not control or be held responsible for the privacy practices and content of any third parties.  

Any personal data you provide will not be covered by this Notice and we encourage you to their privacy notices to understand how they collect and process your personal data. 

10. Changes to this Notice

This Privacy Notice was last updated on 15.10.2021 and you can print a PDF copy of it for your Records.