Data Protection Notice
Aspria Holdings BV
Contents
1. Statement of Intent
At Aspria, your privacy and the security of your personal data is very important to us. We want to transparently explain:
- Why we process your personal data and how we do that, including what we do to protect it.
- The controls and choices you have around when and how you choose to share your personal data.
- Your rights and who to contact if you have any concerns.
We endeavour to implement and maintain the highest standards with regard to Data Protection and adopt policies in line with the EU GDPR & UK GDPR. We do not sell your personal information and we do not share it with third parties for those third parties' own business interests.
2. Contact Us
Aspria Holdings BV is the Data Controller operating across Belgium, Germany and Italy.
Aspria Holdings BV
Luna ArenA, Herikerbergweg 238, 1101 CM Amsterdam
Registered office: Hill Place House, 55A High Street, Wimbledon, London, SW19 5BA, United Kingdom
Tel: +44 20 8944 4087
Email: info@aspria.com
Web: www.aspria.com
CEO & Founder: Brian Morris · Chamber of Commerce Amsterdam: 33287052 · VAT: GB 977120508
Data Protection Officer
Email: dataprotection@aspria.com
Tel: +49 (0)30 890 6888 0
Post: Aspria Holdings BV, c/o Aspria Berlin GmbH, Karlsruher Str. 20, 10711 Berlin, Germany — Attn: Data Protection Officer
Club Entities
Belgium
Aspria Club SA
Aspria City SA
Aspria La Rasante S.A.
Rue Sombre 56, B-1200 Bruxelles
Germany
Aspria Alstertal GmbH, Rehagen 20, 22339 Hamburg
Aspria Berlin GmbH, Karlsruher Straße 20, 10711 Berlin
Aspria Hamburg City GmbH & Co. KG
Aspria Hannover GmbH
Italy
Aspria Club Milano S.P.A., Via Cascina Bellaria 19, 20153 Milano
Aspresso Roma SRL., Via Marco Polo 127, 00154 Roma
Tennis Club Ambrosiano SSDRL, Via Feltre 33, 20134 Milano
Data Protection Authorities
If you believe we have not addressed your concerns, contact your local Data Protection Authority:
- Belgium: dataprotectionauthority.be
- Germany — Berlin: datenschutz-berlin.de
- Germany — Hamburg: datenschutz-hamburg.de
- Germany — Niedersachsen: lfd.niedersachsen.de
- Italy: garanteprivacy.it
- The Netherlands: autoriteitpersoonsgegevens.nl
- UK — Information Commissioner's Office: ico.org.uk
3. Why We Process Your Personal Data
We provide various services based upon your relationship with us — for example as a club member, hotel visitor, or website visitor. The lawful basis under GDPR is one of: Consent, Contract, Legal Obligation, or Legitimate Interest. When we process special category data we will only do so where we have a lawful exemption such as your explicit consent.
4. Your Rights
- Right of access — You have the right to ask us for copies of your personal information.
- Right to rectification — You have the right to ask us to rectify inaccurate or incomplete personal information.
- Right to erasure — You have the right to ask us to erase your personal information in certain circumstances.
- Right to restriction of processing — You have the right to ask us to restrict processing in certain circumstances.
- Right to object — You have the right to object to processing. If we process on the basis of consent you can withdraw it at any time.
- Right to data portability — You have the right to ask that we transfer your personal information to another organisation or to you.
To exercise any of these rights please contact us at dataprotection@aspria.com. There is no charge. We aim to respond within one month. To learn more about your rights visit your local Data Protection Authority listed in Section 2.
5. Data Purposes — Personal Data We Process & Why
5.1 General — All Data Subjects
| Purpose | Data Category | Examples | Lawful Basis |
|---|---|---|---|
| Fulfil a query or administer services | Contact Data, Correspondence Data | Email address, telephone number, query details | Legitimate Interest |
5.2 Website Users
| Purpose | Data Category | Examples | Lawful Basis |
|---|---|---|---|
| Marketing | Contact Data | Email, name, mobile, main club | Consent |
| Website analytics & email effectiveness | Usage Data | Pages visited, emails opened | Consent |
| Customer service & technical support | Technical Data | IP address, browser type, OS, referrer URL | Legitimate Interest |
5.3 Membership / Booking Data
| Purpose | Data Category | Examples | Lawful Basis |
|---|---|---|---|
| Activity & transactional data | Transactional Data | Membership number, type, classes | Contract |
| Financial obligations | Financial Data | Bank details, transactions | Contract |
| Service communications | Communication Data | Email, name, phone, address | Contract |
| Commercial messages | Communication Data | Email, name, phone, address | Consent |
| Security / CCTV | Video Records | Video, entry/exit date & time | Legitimate Interest |
| Feedback collection | Communication Data | Email, name, membership type | Legitimate Interest |
| COVID-19 tracking | Tracking Data | Name, email, address, date & time of visit | Legal Obligation |
5.4 Children's Data
Where we process children's personal data we only do this with the consent of their guardian(s) for the purpose of membership/guest access and to ensure the safety and security of the children. Health data such as allergies is processed only to fulfil legal obligations and for the benefit of the children.
5.5 Health Data
Where we collect health data (e.g. weight, fitness metrics) we only do so on the basis of explicit consent for health questionnaires, health checks, and training plans. Where required by applicable law (e.g. COVID-19 regulations) we process health data on the basis of legal obligation.
5.6 App Users (myAspria)
We process Customer Account Data and App Usage Data via the myAspria App. Further detail on data collected at point of download is available at:
- Apple App Store: apps.apple.com — myAspria
- Google Play Store: play.google.com — myAspria
6. How We Manage & Store Your Personal Information
We implement robust technical and organisational measures including pseudonymisation, encryption, and access and retention policies. We limit access to your personal data to employees and contractors who need to know, and we regularly assess our measures to ensure they remain appropriate.
Where personal data collected within the EU is transferred to third parties in other countries we ensure compliance via GDPR adequacy agreements and EU Commission-approved Standard Contractual Clauses. All third-party data processors are contracted to process data only as instructed and to hold it securely for the period we specify. Access is granted on the principle of least privilege (PoLP). All Aspria staff receive regular Data Protection awareness briefings.
7. Data Retention / Deletion
We keep your personal data only as long as necessary to provide our service and for legitimate business purposes such as legal compliance, fraud prevention, and dispute resolution. You may request deletion by contacting dataprotection@aspria.com, unless we are legally required to retain certain data.
8. Cookies and Related Technologies
Cookies are small text files stored by your browser. On your first visit we ask for your consent and provide options to adjust what is collected. Cookies can be deleted via your browser settings; deactivating them may restrict website functionality.
| Provider | Category | Purpose |
|---|---|---|
| De-Bug Bear | Performance | Website performance optimisation |
| Lead generation / social | Tracking effectiveness of Facebook advertising (anonymised) | |
| Google Analytics & AdWords | Analytics / Advertising | Website usage reports; conversion tracking (anonymised) |
| HotJar | Analytics | User behaviour analytics — IP stored in anonymised form only |
| HubSpot | Lead generation / email | Visitor tracking, contact de-duplication, session management |
| Lead generation / social | Tracking effectiveness of LinkedIn advertising (anonymised) | |
| Supermetrics | Analytics | Connecting digital data sources for social media reporting |
| Vimeo | Video hosting | Video playback and anonymised view analytics |
| YouTube | Video hosting | Video playback and anonymised view analytics |
| Lead generation / social | Tracking effectiveness of Xing advertising (anonymised) |
9. Third Party Websites
Our app and website may contain links to third-party websites. If you click an external link you are leaving our service — we do not control and are not responsible for the privacy practices of third parties. Any personal data you provide to them will not be covered by this Notice.
10. Changes to this Notice
This Data Protection Notice was last updated on 15 October 2021. You can print or save a copy for your records. Continued use of our services following any update constitutes acceptance of the revised Notice.