The types of personal data processed
- personal data: e.g. first and family name, date of birth, car licence plate number, photo
- contact information: phone number, e-mail address
- security camera footage – if you visit our premises that for security reasons have been equipped with video or other electronic or digital surveillance systems or devices
- training history
- bank account number
- cost of goods and services, and payment information (purchase history)
- information concerning personal preferences. Generally, we collect the information directly from you if you join our sports club, book a training class or send a request through our website or social media channels, by phone or e-mail, or purchase services directly on site.
The purpose of personal data processing
We use your data for the provision of the sports and/or other services you have ordered, for managing the orders of customers, for performing our legal obligations and for general business purposes such as:
- personal data – we need this information to verify your identity, which in turn is needed to ensure the provision of the service to the person actually ordering it
- contact information – we need this information to contact you
- bank account number is used to refund any payments to the customer
- information concerning personal preferences – if we ask this information or you provide this information to us voluntarily, we use it to provide you a better service tailored to your needs and interests. If you do not fill in the registration card, we will not be able to issue you a loyalty card for the sports club and provide this service.
We rely on different legal bases for the processing of your personal data:
- the need to establish a contractual relationship with you or to comply with the agreement concluded with you
- your consent – if we rely on your consent when processing the personal data, please remember that you have the right to withdraw your consent at any time
- the need to exercise our legitimate interests, including corporate governance and the implementation of general business activities; detection of violations of law and fraud
- the need to protect the vital interests of you or any other person (e.g. by disclosing your data to an ambulance employee in the event of an accident)
- any other statutory basis.
Who we share your data with
- our subsidiaries and related companies: we can share your personal data with our subsidiaries or related companies, all located in the European Union
- service providers: like many other companies, we can order data processing services such as IT and consulting services from trusted third-party service providers
- public authorities and government agencies: we can share data with authorities when we are legally required to share data or when sharing of data is necessary to protect our rights
- professional advisers, etc.: we can share your information with professional advisers such as coaches, auditors, lawyers, accountants and other persons providing counselling services
- third parties in relation to company transactions: From time to time, we may share your data with a third party in the framework of a corporate transaction, such as a sale of the company or part of it, to another company. Similarly, in the framework of the restructuring of the company, the creation of a joint venture, merger or other transfer of assets or shares of the company. If we share your data with the above parties, we will ensure the protection of your data in our data-processing agreement between such persons and us. We will not store or send your personal data outside the European Economic Area or countries for which there is no protection adequacy decision pursuant to Article 25 (6) of Directive 95/46/EC or its successor document pursuant to Article 45 (1) of Regulation (EU) 2016/679.
How long we store your data
We will store your data for as long as necessary to meet the various data processing objectives. The company adheres to the following criteria for the storage of personal data:
- as long as it is necessary to store the personal data in order to provide services. If a person has a customer account or a customer card at the company, we will store the personal data for the entire account/card validity period or for as long as they are needed for the provision of the services to the person
- if the company has a statutory, contractual or similar obligation to store the personal data of the person, then as long as it is necessary to fulfil such an obligation
- after the termination of the contractual relationship, we will retain certain data for as long as the person (data subject) or the company itself has the right to file claims against the other party under the agreement; e.g. we will retain the registration card’s data for 2 years after the filling in of the card. We will only store credit card data until the proper fulfilment of our service agreement. If you have given us your consent to receive direct marketing materials, we will keep your contact information until you have withdrawn the consent.
What are your rights regarding your data?
As a data subject, you have the following rights:
- right to access the data – you have the right to know which data is stored about you and how it is processed
- right to rectification – you have the right to request the rectification of the personal data concerning you if the data are incorrect or incomplete
- right to data deletion ("right to be forgotten") – you have the right, in certain cases, to require that we erase your personal data (for example, if we no longer need it, if you withdraw your consent to the processing of your personal data, etc.)
- right to restrict processing – in certain cases, you have right to prohibit or restrict the processing of your personal data for a certain period (e.g. if you have objected to data processing)
- right to object – in light of a particular situation, you have the right to object to the processing of your personal data when your data are processed based on our legitimate interest or in the public interest. Objections may be filed at any time for the processing of personal data for direct marketing purposes
- right to transfer the data – you have the right to require the transfer, in a machine-readable form, of the data provided by us to you. You can also request data transfer directly to another controller, but only if it is technically feasible. The transfer right applies only to the data that we process with your consent or to perform the agreement with you
- automatic decision-making (including profiling) – if we have informed you that we use automated decision-making based on automated processing (including profiling) that results in legal consequences for you or has a significant effect on you, then you may require that the decision is not made solely on the basis of automated processing.
If you have any questions regarding the information in the policy or you wish to file an application to exercise the rights of the data subject, please contact us at the e-mail address firstname.lastname@example.org.
Meriton Hotels AS is the controller of personal data, we forward the personal data necessary for making payments to the authorized processor Maksekeskus AS.
We will do our best to address your requests and wishes in good time and free of charge, except in cases where this would be associated with a disproportionate cost. If you are not happy with the answer provided by us, you will be able to appeal to the Data Protection Inspectorate.