Privacy Policy

1. Introduction

Vitality Lab Gym ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you visit our website (your-domain.com) or use our services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable privacy laws. By using our website and services, you consent to the practices described in this policy.

2. Data Controller

Vitality Lab Gym is the data controller responsible for your personal information. If you have any questions about this privacy policy or our data practices, please contact us using the details provided in Section 13.

3. Information We Collect

We collect and process the following types of personal data:

3.1 Information You Provide Directly

• Membership Information: Name, date of birth, gender, address, phone number, email address
• Payment Information: Billing address, payment card details (processed securely through third-party payment processors)
• Health Information: Medical conditions, fitness goals, emergency contact details (with your explicit consent)
• Account Credentials: Username, password (encrypted), and profile preferences
• Communication Data: Information from emails, contact forms, surveys, and feedback

3.2 Information Collected Automatically

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent on site, referring URLs, clickstream data
• Location Data: Approximate geographic location based on IP address
• Cookies and Tracking: Data collected through cookies and similar technologies (see Section 6)

3.3 Information from Third Parties

• Analytics providers (e.g., Google Analytics)
• Social media platforms (if you connect your accounts)
• Payment processors
• Marketing and advertising partners

4. How We Use Your Information

We process your personal data for the following purposes:

4.1 Service Delivery

• Process and manage your gym membership
• Provide access to facilities and services
• Process payments and maintain billing records
• Communicate about your membership, bookings, and classes
• Provide customer support and respond to inquiries

4.2 Legal Compliance

• Comply with legal obligations and regulations
• Maintain health and safety records
• Prevent fraud and ensure security
• Enforce our terms and conditions

4.3 Business Operations

• Improve and optimize our website and services
• Conduct analytics and research
• Manage and protect our IT infrastructure
• Administer promotions and contests

4.4 Marketing (with your consent)

• Send promotional emails about new services, special offers, and events
• Personalize your experience and show relevant content
• Conduct targeted advertising campaigns

4.5 Legal Basis for Processing

We process your data based on:

• Contractual Necessity: To fulfill our membership agreement with you
• Consent: Where you have given explicit permission (e.g., marketing communications)
• Legitimate Interests: To operate and improve our business (balanced against your rights)
• Legal Obligation: To comply with laws and regulations

5. Data Sharing and Disclosure

We may share your personal information with:

5.1 Service Providers

• Payment processors and financial institutions
• IT service providers and hosting companies
• Email marketing platforms
• Customer relationship management (CRM) systems
• Analytics and advertising providers

5.2 Business Transfers

If we undergo a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner.

5.3 Legal Requirements

We may disclose your information to comply with legal obligations, court orders, or to protect our rights and safety.

5.4 With Your Consent

We may share data with third parties when you provide explicit consent.

Important: We do not sell your personal data to third parties for their marketing purposes.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website.

6.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality (e.g., login, security)
• Performance Cookies: Collect data about site usage (e.g., Google Analytics)
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Track your online activity for advertising purposes

6.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality. To opt out of analytics tracking, you can use browser extensions or visit:

• Google Analytics Opt-out: tools.google.com/dlpage/gaoptout

6.3 Do Not Track Signals

Our website does not currently respond to "Do Not Track" browser signals, but you can manage tracking preferences through cookie settings.

7. Third-Party Services

Our website may integrate with third-party services that have their own privacy policies:

• Google Analytics: Web analytics service (privacy policy: policies.google.com/privacy)
• Payment Processors: Stripe, PayPal, or similar services for secure payment processing
• Social Media: Facebook, Instagram, Twitter integration for social sharing
• Email Services: Mailchimp or similar platforms for newsletters
• Map Services: Google Maps for location information

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Secure password encryption and hashing
• Regular security audits and vulnerability assessments
• Access controls and employee training
• Secure backup and disaster recovery procedures
• Firewall protection and intrusion detection systems

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Active Membership: Throughout your membership period and for operational purposes
• Financial Records: 7 years (or as required by tax and accounting regulations)
• Health Information: As required by healthcare regulations and liability requirements
• Marketing Data: Until you withdraw consent or request deletion
• Website Analytics: Typically 26 months (Google Analytics default)

After the retention period, we securely delete or anonymize your data. You may request earlier deletion subject to legal requirements.

10. Your Privacy Rights

Under GDPR and other privacy laws, you have the following rights:

10.1 Right of Access

Request a copy of the personal data we hold about you.

10.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal obligations.

10.4 Right to Restrict Processing

Request limitation on how we process your data in certain circumstances.

10.5 Right to Data Portability

Receive your data in a structured, commonly used format and transfer it to another controller.

10.6 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

10.7 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

10.8 Right to Lodge a Complaint

File a complaint with your local data protection authority if you believe your rights have been violated.

To exercise your rights, contact us using the details in Section 13.

11. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16 without parental consent. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

For members aged 16-18, we may require parental or guardian consent for certain services and data processing activities.

12. International Data Transfers

Your personal data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for data transfers to approved countries
• Binding Corporate Rules for transfers within our organization

By using our services, you consent to the transfer of your data as described in this policy.

13. Contact Information

For questions, concerns, or requests regarding this privacy policy or our data practices, please contact our Data Protection Officer:

We will respond to your inquiry within 30 days as required by GDPR.

14. Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or prominent notice on our website
• Obtain your consent if required by law

We encourage you to review this policy regularly to stay informed about how we protect your personal data.

15. Additional Information for Specific Regions

15.1 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising CCPA rights

We do not sell personal information.

15.2 EEA and UK Residents

If you are located in the European Economic Area (EEA) or United Kingdom, you benefit from the rights described in Section 10 under GDPR and UK GDPR.

16. Your Consent

By using our website and services, you acknowledge that you have read, understood, and agree to this privacy policy. If you do not agree with this policy, please do not use our website or services.

For processing activities that require explicit consent (such as marketing communications or health data processing), we will obtain your separate, informed consent.