Document Contents

1. Statement of intent
2. Contact Us
3. Why we process Personal Data
4. Giving you choice and control – Your Rights
   1. To learn more about these right please visit
   2. Exercising your rights
5. Data Purposes : Personal Data we process & Why
   1. Generic Processing - All Data Subjects
   2. Website Users
   3. Membership / Booking Data
   4. Children’s Data
   5. Health Data
   6. Further Cohorts of Data Subjects
   7. App Users
6. How we manage & store your personal information
   1. Data Recipients
   2. Data Transfers
   3. Who manages & processes data
7. Data Retention / Deletion
8. Cookies and related technologies
9. Third party websites

Changes to this Notice

1. 1. Statement of intent

At Aspria, your privacy and the security of your personal data is very important to us.

We want to transparently explain:

• Why we process your personal data and how we do that including what we do to protect it.
• The controls and choices you have around when and how you choose to share your personal data.
• Your rights and who to contact if you have any concerns.

We endeavour to implement and maintain the highest standards with regard to Data Protection and adopt policies in line with the highest level of compliance – the EU GDPR & UK GDPR.

We do not sell your end users’ personal information and we do not share your end users’ information with third parties for those third parties’ own business interests.

1. 2. Contact Us

Aspria Holdings BV are the Data Controller who operate across various European markets (Belgium, Germany & Italy) and are registered with:

Aspria Holdings BV

Luna ArenA, Herikerbergweg 238
1101 CM Amsterdam
PO BOX 23393 

whose registered office is located at:
Hill Place House
55A High Street
Wimbledon
London, SW19 5BA
United Kingdom

Tel: +44 20 8944 4087

Mail: info@aspria.com

Website: www.aspria.com

CEO and Founder: Brian Morris

Legal form: Aspria Holdings BV

Registered office of the company: Amsterdam

Register court: Chamber of Commerce, Amsterdam, company number 33287052

VAT reg. No: GB 977120508

Aspria Holdings BV

and their subsidiaries within the Aspria Group:

Belgium

• Aspria Club SA, Rue Sombre 56, B-1200 Bruxelles
• Aspria City SA, Rue Sombre 56, B-1200 Bruxelles
• Aspria La Rasante S.A., Rue Sombre 56, B-1200 Bruxelles

Germany

• Aspria Alstertal GmbH, Rehagen 20, 22339 Hamburg
• Aspria Berlin GmbH, Karlsruher Straße 20, 10711 Berlin
• Aspria Hamburg City GmbH & Co. KG, Karlsruher Straße 20, 10711 Berlin
• Aspria Hannover GmbH, Karlsruher Straße 20, 10711 Berlin

Italy

• Aspria Club Milano S.P.A., Via Cascina Bellaria 19, 20153 Milano

If you need to contact us you can chose to do that via our Data Protection Officer 

• email   dataprotection@aspria.com 
• Telephone: +49 (0)30 890 6888 0 

• Post – Address:

Aspria Holdings BV

c/o Aspria Berlin GmbH

Karlsruher Str. 20

10711 Berlin

Germany

Attn: Data Protection Officer

If you have any concerns regarding how we are processing your personal data we’d like the opportunity to address them – Please contact us via dataprotection@aspria.com

If you believe we have not addressed your concerns you can contact your local Data Protection Authority

• Belgium https://www.dataprotectionauthority.be/citizen
• Germany
• Berlin - https://www.datenschutz-berlin.de/
• Hamburg - https://datenschutz-hamburg.de/
• Niedersachsen - https://www.lfd.niedersachsen.de/
• Italy https://www.garanteprivacy.it/web/garante-privacy-en

• The Netherlands 
  • https://autoriteitpersoonsgegevens.nl/en
• UK : the Information Commissioners Office  
• https://ico.org.uk/your-data-matters/
• Or  https://ico.org.uk/make-a-complaint/your-personal-information-concerns/

1. 3. Why we process Personal Data

We provide various services and offers based upon the relationship you have with us - Aspria Holdings BV. 

For Example this could be

• A member of one of our clubs
• A visitor or booking a hotel stay 
• A website visitor

The Personal Data we process will vary according to the services you subscribe to and the functionality you use as in order to provide various services we process personal data.

The lawful basis we process data under GDPR is either

• Consent
• Contract
• Legal Obligation
• Legitimate interest

There are two further grounds – vital interest & public interest, but we only process data under one of these lawful basis when required.

When we need to process what is classed as special category data e.g. data revealing racial or ethnic origin etc. we will only do so if we have a lawful exemption such as your explicit consent.

1. 4. Giving you choice and control – Your Rights

We aim to process data in line with the principles of fair and transparent processing. This Data Protection Notice is aimed at informing you of our purposes of processing Personal Data and your rights.

We aim to supplement this by highlighting to you at points where we request / collect personal data in a timely manner and appropriate format.

You have various rights to understand the processing of Personal Data we conduct and to control how we use your data dependent upon the lawful basis the including:

• Your right of access - You have the right to ask us for copies of your personal information.
• Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
• Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances. If we are processing on the basis of consent you can withdraw your consent at any time.
• Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

1. 4.1 To learn more about these right please visit

Belgium

• https://www.dataprotectionauthority.be/citizen

Germany

• Berlin - https://www.datenschutz-berlin.de/
• Hamburg - https://datenschutz-hamburg.de/
• Niedersachsen - https://www.lfd.niedersachsen.de/

Italy

• https://www.garanteprivacy.it/web/garante-privacy-en

The Netherlands

• https://autoriteitpersoonsgegevens.nl/en

UK : the Information Commissioners Office  

• www.ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

1. 4.2 Exercising your rights

Please contact us at dataprotection@aspria.com or by post if you wish to make a request. 

You are not required to pay any charge for exercising your rights. 

If you make a request, the designated period to respond to you is one month but we aim try to respond to you as quickly as feasible.

We regularly review the methods we adopt to support and facilitate your data rights.

1. 5. Data Purposes : Personal Data we process & Why

We process personal information when you use our products and services based upon the relationship you have with us.

1. 5.1 Generic Processing - All Data Subjects

When you communicate with us we process :

• Contact Data - Personal information about people so that we can communicate with you and to administer correspondence with you e.g. information you provide e.g. Your email address.
• Correspondence Data - Information relating to our correspondence with you e.g. Relating to your query 

1. 5.2 Website Users

When you visit a website in addition to General communication data we also process:

• Marketing Data - Personal information you provide to us so that we can keep you updated of products and services relating to our services.
• Website Usage Data - Information of how you use or interact with our services through our website. This enables us to analyse the website performance & improve its effectiveness

We offer the ability to withdraw your consent / unsubscribe in all our emails, but please contact us if you wish to withdraw your consent or exercise your right to object to Direct Marketing.

1. 5.3 Membership / Booking Data

When you join our one of our clubs or transact as with us we process:

• Activity Data – so we can provide you with a service or product.
• Financial Data - we can keep you updated of products and services relating to our services.

1. 5.4 Children’s Data

• Where we process children’s personal data, we only do this with the consent of their guardian(s) for the purpose of being guest and/or member, and to ensure to follow safety & security of the children.
• Where we process children's health data, such as like allergies, we only do this to apply legal obligations and for the benefit of the children.

1. 5.5 Health Data

• Where we collect health data of our members, such as weight... etc. - we only do this on the basis of given consent, for the purpose of health questionnaires, health checks, to create training plans and monitor training activities for the benefit of the member.
• Where we process personal health data such as vaccination status, infection recovery status and/or SARS-CoV-2 Test status according to the current local regulations of the government, we only do this on the basis of our legal obligations and for the purpose of measures against the pandemic situation (Covid-19/Corona).
• Same applies to personal data of guest, visitors and others entering our facilities for the purpose of tracking in case of Covid-19 infections and on the basis of our legal obligations.

1. 5.6 Further Cohorts of Data Subjects

When you contact us or are interest in any service of our clubs

We offer the ability to withdraw your consent / unsubscribe in all our emails, but please contact us if you wish to withdraw your consent or exercise your right to object to Direct Marketing.

1. 5.7 App Users

We process data based on two broad categories via the myAspria App for members:

• Customer Account Data - Personal information about customers. This is so that we can communicate with you and to administer your account if you subscribe to our services.
• App Usage Data - Information of how you use or interact with our services through our Applications. This data provides us with the ability to provide the personalised services to you 

We ask for certain Customer Account Data information, such as your contact details, when you sign up for an account with us through our application.

When you download our application various categories of data will be requested – Further detail regarding this is available at

• Apple Store reference to privacy info on store –
  https://apps.apple.com/il/app/myaspria/id1471530478 
• Google Play Store reference to privacy info on store - https://play.google.com/store/apps/details?id=com.technogym.mywellness.myaspria&hl=en_US&gl=US

We use App Usage Data to provide services to you and to carry out necessary functions of our business.

As a subscriber to, or when you visit our website, we collect some information automatically in order to help us analyse and report information on how you use our services in order to improve the functionality offered for users. 

Summary of Data Processing purposes:

• Leisure Club Day Visitor Data
• Hotel Guest Data
• Suppliers Data
• Staff and Contractors Data

1. 6. How we manage & store your personal information

We are committed to protecting our users’ personal data and to help protect the security of your personal data.

In order to do this we:

• Implement robust technical and organisational measures including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
• Limit access to your personal data to employees, and any third parties who we contract need to know.
• Regularly assess our Technical and Organisational Measures to ensure they are appropriate.

1. 6.1 Data Recipients

We provide access for employees and contractors across the Aspria Group to Personal Data on the principle of least privilege (PoLP) - users are given the minimum levels of access – or permissions – needed to perform his/her job functions.

All Aspria Holdings staff receive regular awareness briefings regarding the importance of Data Protection. 

1. 6.2 Data Transfers

In order to carry out the activities specified in this Notice and enable global access to our services we store and distribute content and data in systems and data centres that we use around the world.

For some activity personal data collected within the European Union and Switzerland is transferred to and processed by third parties located in an external country subject to privacy laws that are different from those in the country you live in.

Where we need to do this either directly or through third party data processors we contract with, we 

• ensure that the transfer of your personal data is carried out in accordance with applicable data protection laws e.g. for example we rely upon 
  • GDPR & UK GDPR mutual adequacy agreements for Transfer of Data internally within the Aspria Group
  • Standard Contractual Clauses as approved by the EU Commission – we will have transferred all suppliers relying upon SCC’s to the new approved SCC’s by 27^th December 2022 

In addition to the lawful transfer mechanism we conduct analysis of the effectiveness of the transfer mechanism to support your Rights and Freedoms with our processors.

1. 6.3 Who manages & processes

To provide our services we use third party data processors to provide elements of services for us.

For our data processors we have contracts in place with them to ensure that they process the data provided to them only for the purposes we have instructed them to. We also specify that they implement specific data minimisation practices and that they will hold data securely and retain it for the period we instruct.

In selecting suppliers and during the contract we regularly review and assess the third parties we use to ensure that they abide with the principles of the GDPR.

1. 7. Data Retention / Deletion

We keep your personal data only as long as:

• Necessary to provide you with our Service.
• And for legitimate and essential business purposes, such as maintaining the performance of the webapp, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes.

We will delete specific personal information you request unless we are legally allowed or required to maintain certain personal data – where it prevents us from carrying out necessary business functions, such as:

• If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute we will retain the necessary personal data until the issue is resolved;
• Where we need to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law; and/or,
• Where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our users.

1. 8. Cookies and related technologies

Cookies are pieces of information that are transferred from our web server to your web browser and are stored there for future visits to our site. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and are saved by your browser.

The cookies on our website do not collect any personal data. Our website can be viewed without cookies. The first time you visit our website, we ask if you agree to store cookies and provide the option to adjust the type collected.

Previously saved cookies can be deleted in your browser’s system settings. Cookies provide an optimum website experience and deactivating cookies may restrict the function of the website.

1. 9. Third party websites

Through our app or our website links to third-party websites may be displayed.

If you click on a link external to our Service, please understand that you are leaving our Service and we do not control or be held responsible for the privacy practices and content of any third parties. 

Any personal data you provide will not be covered by this Notice and we encourage you to their privacy notices to understand how they collect and process your personal data.

1. Changes to this Notice

This Privacy Notice was last updated on 15.10.2021 and you can print a PDF copy of it for your Records.