This is the privacy statement of Basic-Fit and all its clubs and affiliates in the Netherlands, Belgium, Luxembourg, France, Spain and Germany.

Controller when it comes to the processing of personal data:
Our headquarters - Basic-Fit International BV
Wegalaan 60
2132 JC Hoofddorp
The Netherlands
Registered in the Dutch Trade Register of the Chamber of Commerce number 34314877

We will start this statement with an overview of contact details for the purpose of exercising your privacy rights. This is followed by a detailed explanation of the categories of personal data that we process and why and how we do this.

 

 1.  Contact details

What for

For who

Where to go

Privacy rights
Deletion
Rectification

Access

Data portability

Questions

Members
Customers


 

Contact us via:
• Customer Service (via website), or

chat with Ruby and let Ruby redirect you, or
send directly an email to
requestprivacy@basic-fit.com

We will take care of your request within 4 weeks max.

Fine for tailgating / access fraud.
File an objection against the fine.
Request for access to the photo of the turnstile.


Members

Request for access for the photo or to file an objection against the fine by sending an email to:
For the Netherlands:
remote.reply@basic-fit.nl
For Luxembourg/Belgium:
remote.reply@basic-fit.be
For France:
remote.reply@basic-fit.fr
For Spain:
remote.reply@basic-fit.es
For Germany: remote.reply@basic-fit.de

Incidents/offenders

When evidence is needed such as camera images or data from potential offenders or in case of serious incidents.

Police or other competent public institutions

 

The police or other competent public institutions can turn to:

For the Netherlands: remote.surveillance@basic-fit.nl
For Luxembourg/Belgium: remote.surveillance@basic-fit.be
For France: remote.surveillance@basic-fit.fr
For Spain: remote.surveillance@basic-fit.es

For Germany: remote.surveillance@basic-fit.de

Warning! On this email addresses, requests for images from members will not be answered! Members cannot request images of others such as potential perpetrators or offenders on the basis of the GDPR. When you are a victim, you should report to the police first, after which the police is authorized to request such information from us.

In case of GDPR related investigations, violations, questions or complaints.

Data Protection Authorities, members and customers.

Contact our Data Protection Officer via privacy@basic-fit.com

 

2. Categories of personal data

2.1 Membership data
When becoming a member of Basic-Fit, you will enter into a membership agreement. To offer you our fitness services, we need to process some personal data that you provide to us during the subscription process. It concerns your name, home address, telephone number, email address, bank account number, gender and date of birth. We will provide you your own membership number and Basic-Fit pass number.

During your membership we register your visits (check-in at the turnstile), your payments, your home club, your type of subscription and chosen extra’s like a Yanga. We also register our communication with you in case you contact us with questions or issues in relation to your membership.

2.2 My Basic-Fit
Basic-Fit offers its members an online environment in which you have access to your own personal data and membership details through login with your password. The data in My Basic-Fit shows the data as registered in our membership management system. You can approach My Basic-Fit via our website or via the Basic-Fit app. You can also adjust certain data or settings yourself any time.

2.3 Invite or refer a friend
When you are a premium member, you can bring a friend to the club. The main member is responsible for registering a friend in their My Basic-Fit account. The friend will then receive a QR-code for access, which is personal and not transferable to others. We will also request the email address of your friend, to be able to send important information on safety aspects and house rules prior to their visit. Friends can unsubscribe from our emails themselves. When the friend wants their data to be deleted, they should request the deletion from the main member. The main member then must remove the friend from the friends list in their My Basic-Fit account. For other subscriptions then Premium, you can only refer a friend to Basic-Fit by sending them an invitation link. The link will redirect the friend to the website of Basic-Fit to be able to subscribe for a day pass or membership.

2.4 Basic-Fit App
Our app is meant to support our members in their fitness journey, to offer a self-service tool to manage your membership and to inform our members about our clubs, services and products. Most data visible in the app, shows the data of your My Basic-Fit account. After activating an account, you can personalize the app as much as you want, depending on your own fitness goals and interests. If you do not want to personalize the app, you can just skip those questions. We can distinguish the following categories of personal data in our app:

1. Data to create an account and use the app
If you are a Basic-Fit member, you can easily install and login the app by providing your My Basic-Fit membership credentials. Your membership data, you normally see in My Basic-Fit, will automatically become visible on your app.
2. Data to achieve your sports goals and personalize your app
Our app can help you to achieve your sport goals if you want. Therefore, you can add some information like your height , weight, objectives, goals, interests, sport preferences and planned and concluded workouts. Your BMI will be automatically calculated. You can also use the Body analyzer (Smart Scale) in the club and the results will become automatically visible in your app.
3. Connect with your health app
You can connect your health app to our Basic Fit app to optimize your sports goals. In order to retrieve information from your health app, we require your permission in advance. The data from your health app will only be visible on the app on your own device. Basic-Fit will not use or store this data on its own systems.
4. Other optional extra’s
The app offers to upload a profile picture, which you can delete or change any time you want; this picture is also visible to your friends and online personal coach. It also offers a personal coaching dashboard, virtual lessons, recommended products/sport nutrition, recommended dietary tips and recipes. We also offer the option ‘club finder’, where you can give permission to use your location data. Basic-Fit does not store this location data.
5. Analytical data
We analyze the use of the app for improving its functionality and security and for personalization and marketing purposes. We analyze by use of a unique identifier, only interpretable for Basic-Fit, and do not use any user or device data for this purpose.  Basic-Fit uses Google analytics and concluded a Data Processing Agreement with Google in this respect. Device data like IMEI number is used by Google for identification purposes.
6. App security
Personalized (health) app data and data from the Body Analyzer is stored in pseudonymized form in a separate secured database. This data base itself, does not contain data that can be traced back to an individual. This data is not stored in our member management system and is only visible for the app user itself on its own device. All data traffic concerning the app is secured by means of encryption techniques.

2.5 Online coaching
App users can use to option of an online personal coach program of 12 weeks. You can choose a personal coach, who will guide you for 12 weeks in achieving your sports goals. This functionality is not yet operational in all countries. A chat function is available for the coaching. These chats are only intended for the online coaching period and will not be used for other purposes. The chat messages will be deleted 2 months after termination of the coaching period. Only when complaints arise about the coaching period chats can be kept a little longer, namely up to 2 months after the complaint has been handled.

2.6 Pass or QR code for access
We offer the possibility to grant access with a physical pass or a QR code on your own device. With the pass or QR code you can also use our Body analyzer, Kiosk terminals, massage chairs and Yanga machine. In order to make the QR code work properly, to make it secure and to avoid fraud (a QR code is personal and not transferable to anyone else) we process your device ID. A device ID is a string of numbers and letters that uniquely identifies a mobile device.

2.7 Body analyzer
In all our clubs you will find the Body analyzer. It is a special smart scale that measures multiple metrics: body weight and body composition like your fat mass, muscle mass, bone mass and body water. You first need to scan your pass or QR code to activate the Body analyzer. The results will be automatically visible on the Body Analyzer screen. In case you installed the Basic-Fit app, it will be automatically included in your app profile. The data of the Body analyzer is stored in a separated secured and pseudonymized database. This data base itself, does not contain data that can be traced back to an individual. Basic-Fit does not store this information in its member management system.

2.8 Marketing, sales and communication
During the subscription process, you can choose your marketing settings. During your membership at Basic-Fit, you can adjust your setting at any time through My Basic-Fit, the Basic-Fit app or the offered unsubscribe link in our communication. Based on your choices and settings, Basic-Fit will send you emails, SMS or notifications on your app.

When it comes to necessary information concerning your membership, home club, pricing etc., we do not communicate based on consent, but based on the proper execution of the agreement with our members and the importance of informing about certain matters.

For marketing and communication purposes, Basic-Fit uses personal data to select the correct target group, like home club, country, region etc. Basic-Fit does not engage in profiling that leads to automated decision-making.

2.9 Surveys
Sometimes we approach our members to join a survey to improve our services. This is always on a voluntary basis and only with the consent of the member. We also clearly indicate in advance whether it is an anonymous survey or not.

2.10 Camera protection
We have cameras in and around our clubs, but we use the images for limited security and safety purposes. We realize very well that camera protection also affects the privacy of our members and employees and therefore we monitor with the utmost care. For example, no camera protection takes place in changing rooms or sanitary facilities. Monitoring through the cameras only takes place reactively for alarm verification purposes. See our Regulation camera protection on our website to read more in detail how our safety system with cameras works.

2.11 Access fraud - tailgating
Basic Fit included in its General Terms and Conditions that it is not permitted to grant another person access to the club by letting him or her walk with you through the turnstile. A fine (the value of a day pass and additional administrative costs) will be charged for this. When access fraud repeatedly occurs, the membership can be terminated. Specially equipped cameras, placed at the turnstiles, count how many people walk through the turnstile at the same time. In case it counts more than one person, the images are always verified by an authorized employee to determine whether access fraud has occurred. The member (the membership pass owner) receives an email from us with the request to pay the fine. You always have the right to request for access to the relevant photo moment, but you are responsible yourself to take the privacy of the other person visible on the photo into account. That means you should never share this photo with others unless you have asked for permission. Upon request, the photo can also be sent anonymously (blurred faces). The photo will be automatically deleted after 28 days.

2.12 Official warnings or club bans
When members violate our house rules, cause nuisance, misbehave or put our employees or other members in danger, we can send the member an official warning or club ban. The club employee on duty reports time, location and details of the incident. Our customer service department assesses this report and checks whether additional research is required. For example, checking camera images or hearing bystanders. A warning or club ban will be sent to the member and the case will be registered in our member system.

2.13 Payment issues
When a member fails to pay the membership fees, payment reminders are initially sent by email. If there is no response, a reminder will follow by SMS on the telephone number specified by the member. If there is still no rectification or payment, the case will be transferred to the collection agency. At that moment, the collection agency becomes ‘data controller’ of the data we transferred to them, for the further handling of the case. The data will be processed and stored in accordance to the relevant procedures and regulations to which collection agencies are subject.

2.14 Social media
Basic-Fit uses social media such as Facebook, Twitter and Instagram with its own profile page. Through these channels you can follow Basic-Fit and respond to our communications and news feeds. The privacy policy of the relevant platform applies to this.
You can also contact us via the private message option for questions or problems concerning your membership, after you identified yourself sufficiently as our member. These private messages will be answered by our Customer Service or marketing experts via our own member system. That means we centralize all our communications via different channels in our member system. Information about your membership will only be communicated through the private message option chat and never through the public chat.

2.15 Analysis & (market) research
Basic-Fit only uses anonymized aggregated data when it comes to statistical analyses, management reports and market research purposes.
We can select certain target groups for marketing content based on data such as country, region, home club and type of membership. We want to achieve that members only receive content that is relevant for them.

2.16 Intercom calls
The intercom is intended only for assistance in case of emergencies or incidents in the club. A call through the intercoms with our 24/7 Intercom team, can be recorded for training purposes. It will be stored for a maximum of one month and you will be informed upfront by a message that the call will be recorded. When you call our intercom, our intercom agent can see you on camera via live connection. This offers the possibility to show your pass for identification, or in case of emergency, the intercom agent can monitor your direct surroundings for your security. Off course, you are allowed to cover the camera with your hand if you do not want to be visible for the intercom agent.

2.17 Website and cookies
You can read about what types of cookies Basic-Fit uses for its websites in the Basic-Fit Cookie statement on our website. In the cookie banner that shows up when you open our website, you can choose your own settings. Only necessary functional cookies are opt-in by default.

2.18 Advertisers
Basic-Fit offers companies the opportunity to advertise via digital screens in our clubs. In that case, we process the name and contact details of the point of contact of the concerned company. This only concerns business personal data and not private data. The data of this points of contacts will not be used for any other purpose.

 

3. What are our legal bases and purposes for processing?

We may only process your personal data if there is a legal basis for it based on Article 6 GDPR. We rely on the following principles:

Necessary data relating to the membership contract and the services we offer. The legal basis concerns article 6(1)(b) GDPR; “processing is necessary for the performance of a contract”.
• Additional data, like your height, weight, BMI, fitness goals, interests, only has the purpose to build a fitness profile of you in order to offer you tailored content and help you on your personal fitness journey. This processing is based on article 6(1)(a) GDPR: “the data subject has given consent to the processing.” This means you can easily skip these questions during installation of the Basic-Fit app or remove this data yourself.
• When it comes to our marketing and sales activities for our own products and services, the legal basis concerns Article 6(1)(f) GDPR: “for the purposes of the legitimate interests pursued by the controller”. We always offer the right to object against this by giving the possibility to opt-out during the subscription process or at any time via My Basic-Fit, the Basic-Fit app and unsubscribe links in our communications.  
• When it comes to our marketing and sales activities related to our partners and third parties, the legal basis concerns article 6(1)(a) GDPR: “the data subject has given consent to the processing.” These setting are opt-out by default, and you can opt-in for these yourself during subscription, via My Basic-Fit or the Basic-Fit app.

 

4. How do we safeguard your data?

Basic-Fit takes appropriate measures to protect personal data against loss, unauthorized access or modification, or any other form of unlawful processing. We do this through physical, technical, and organizational measures. The measures differ per system or data collection, depending on the specific risks. For example, data transfer between website, My Basic-Fit and the Basic-Fit app is encrypted. When it comes to organizational measures, we have an Information Security Management System, Internal Control Framework and GDPR compliance program in place. We also perform on a regular basis risk assessments, security testing, pen testing and audits.

 

5. Data retention

After termination of your membership, we will delete all your personal data and membership automatically after 2 years. You are able to access My Basic-Fit until 1 year after termination. The data from your app will be deleted automatically after 2 months after termination of your membership and the deletion of the app on your device. Data in relation to the payment of the membership are kept longer based on national tax law. This data is kept in pseudonymized form and may not be used for any other purpose.

 

6. Third parties or transfer outside EU

When Basic-Fit outsources processing to a processor, security and privacy standards are always assessed and a data protection agreement is concluded. Member data is not processed or stored outside the EU and never sold to third parties. Except for the use of Google Analytics, which is established in the USA, we use the Google Analytics privacy friendly settings and concluded the necessary ‘Standard Contractual Clauses’ provided by the European Commission.

 

7.  Complaints – Data Protection Authorities

If you have a complaint concerning your privacy, you should always first contact the data protection officer of Basic-Fit (see contact details par.1). When you feel your complaint is not being handled properly, you can also submit a complaint to the supervisory authority for data protection in your own country. Our leading supervisor is established in the Netherlands, because our Head Quarters is also established in the Netherlands and our data processing mainly takes place form there. See here an overview of all relevant data protection authorities.

Country

Data Protection Authority

The Netherlands

Autoriteit Persoonsgegevens
www.autoriteitpersoonsgegevens.nl

Belgium

Gegevensbeschermingsautoriteit / Autorité de protection des données
www.gegevensbeschermingsautoriteit.be
www.autoriteprotectiondonnees.be/citoyen

France

Commission Nationale de l'Informatique et des Libertés
www.cnil.fr

Luxembourg

Commission nationale pour la protection des données
www.cnpd.public.lu

Spain

Agencia Española de Protección de Datos
www.aepd.es

Germany

The main data protection authority in Germany is the Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
www.bfdi.bund.de

 

Or contact the regional data protection authorities in Germany:

• Baden-Wuerttemberg - www.baden-wuerttemberg.datenschutz.de
• Bavaria - www.datenschutz-bayern.de

• Berlin - www.datenschutz-berlin.de

• Brandenburg - www.lda.brandenburg.de

• Bremen - www.datenschutz.bremen.de

• Hamburg - www.datenschutz-hamburg.de

• Hesse - www.datenschutz.hessen.de

• Mecklenburg-Western Pomerania - www.datenschutz-mv.de

• Lower Saxony - www.lfd.niedersachsen.de

• North Rhine-Westphalia - www.ldi.nrw.de

• Rhineland-Palatinate - www.datenschutz.rlp.de

• Saarland - www.datenschutz.saarland.de

• Saxony - www.saechsdsb.de