DATA PROTECTION POLICY
Trusted for over 30 years, the team behind Aspria has always undertaken to serve its members with integrity, respect and professionalism. These high standards of privacy ensure our members feel safe, secure and supported. They also ensure that we can enhance our members’ Health & Wellbeing experience at our Clubs and provide them with an unmatched level of quality. It’s just one more reason why they stay with us longer than any other club company.
We therefore process your personal data solely in accordance with statutory provisions: Art. 12 and 13 EU GDPR.
1. OBJECTIVE AND CONTROLLER
2. COLLECTION, PROCESSING AND USE OF PERSONAL DATA
3. COLLECTION OF PERSONAL DATA THROUGH USE OF THE CONTACT FORM
4. COLLECTION OF PERSONAL DATA FOR INSELBEACHCLUB.COM
5. PROCESSING PERSONAL DATA FOR CONTRACTUAL PURPOSES & MY.ASPRIA.COM
6. INCLUSION OF THIRD-PARTY SERVICES AND CONTENT
7. ELECTRONIC MESSAGES
8. USE OF COOKIES
9. ANALYSIS SERVICES (GOOGLE ANALYTICS)
10. YOUR RIGHTS (PURSUANT TO EU GDPR)
11. DATA SECURITY
12. AMENDMENTS TO DATA PROTECTION POLICY
1. OBJECTIVE AND CONTROLLER
1.1. This Data Protection Policy lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. It applies to all products and services, and instances where we collect your personal data and cookies used in our websites.
1.2. This Data Protection Policy applies to personal information processed by or on behalf of Aspria Holdings BV, Luna ArenA, Herikerbergweg 238, 1101 CM Amsterdam, PO BOX 23393, Brian Morris (CEO), http://www.aspria.com/en/legal, the controller responsible for data protection (hereinafter referred to as “Aspria”).
You can contact the Data Protection Officer responsible for data processing at the following address:
Aspria Holdings BV
c/o Aspria Berlin GmbH
Karlsruher Str. 20
10711 Berlin
Germany
Data Protection Officer
Tel: +49 (0)30 890 6888 0
Fax: +49 (0)30 890 6888 90
E-Mail: dataprotection@aspria.com
Any data subject can contact our Data Protection Officer at any time in the event of any queries or issues regarding data protection.
2. COLLECTION, PROCESSING AND USE OF PERSONAL DATA
Personal data includes all data relating to you as a person, e.g. name, address, email address, telephone number and user behaviour.
2.1. The user’s personal data is used for the following purposes:
provision of our servicing, maintenance and user services while visiting our website.
guaranteeing effective customer service and technical support.
technical and commercial messages relating to our services
for insurance reasons, security measures for the benefit of our guests and collecting feedback as well as marketing measures in our legitimate interests on the basis of Art. 6 para. 1 f) GDPR
promotional messaging relating to Aspria by email, SMS or telephone on the basis of given consent
providing and billing our services on the basis of Art. 6 para. 1 b) GDPR
2.2. Your personal data will be processed by the companies within Aspria Group (subsidiaries of the responsible entity) and therefore also outside the EU.
2.3. We will only forward your data to third parties if this is necessary for essential business purposes (e.g. conducting bank transactions) or is otherwise necessary in order to fulfil our contractual obligations to users.
Furthermore, for contractual electronic communications.
Processing is fulfilled by a service provider from outside the EU. The service provider guarantees an adequate level of protection (by use of standard contractual data protection clauses, which have been approved by the European Commission to safeguard the transfer of information collecting from the European Economic Area and Switzerland) and has completed an Data Processing Agreement with Aspria.
2.4. Personal data will be deleted in accordance with the deletion plan, provided it has fulfilled its purpose and there are no retention obligations countering such deletion.
3. COLLECTION OF PERSONAL DATA THROUGH USE OF THE CONTACT FORM
3.1. We will save data you disclose when making contact with us through the use of a contact form (your email address, name and, where applicable, telephone number) as well as the origination of your search (organic search engine, pay per click advertising, direct link, third party websites) for the purpose of responding to your queries and business purposes.
3.2. Processing is fulfilled by a service provider from outside the EU. The service provider guarantees an adequate level of protection (by use of standard contractual data protection clauses, which have been approved by the European Commission to safeguard the transfer of information collecting from the European Economic Area and Switzerland) and has completed an Data Processing Agreement with Aspria.
3.3. Any data provided in this way will be deleted after 12 months or is subject to restricted processing, where statutory retention obligations exist. Or if you request an earlier deletion/restriction from the contact to find under “Your Rights”.
4. COLLECTION OF PERSONAL DATA FOR INSELBEACHCLUB.COM
4.1. If using the website purely for information purposes, i.e. if you do not use any contact forms or transfer information to us in any other way, we will only collect personal data that your browser transfers to our server. If you would like to view our website, we will collect the data that we require for technical purposes in order to show you our website and to ensure stability and security (the legal basis for this is set out in Art. 6 (1) sentence 1 lit. f GDPR), for example:
- name of the website viewed
- IP address
- date and time of enquiry
- time zone difference from GMT
- requested provider
- report on successful viewing
- content of request (specific page)
- access status/http status code
- data volume transferred
- the page visited previously (referrer URL)
- browser type and version
- user’s operating system
4.2. We use the protocol data without attributing it to the user’s person or creating any other form of profile in accordance with the statutory provisions, only for statistical evaluations in connection with our operations, security and optimising our offer. However, we reserve the right to review the protocol data at a later point in time in the event of legitimate indications of suspected unlawful use.
4.3. We delete these “server log files” after 3 months or restrict their processing, where statutory retention obligations exist.
4.4. Processing is fulfilled by a service provider from outside the EU. The service provider guarantees an adequate level of protection (by use of standard contractual data protection clauses, which have been approved by the European Commission to safeguard the transfer of information collecting from the European Economic Area and Switzerland) and has completed an Data Processing Agreement with Aspria.
5. PROCESSING PERSONAL DATA FOR CONTRACTUAL PURPOSES & MY.ASPRIA.COM
5.1. The club collects the following data provided by members themselves in order to fulfil their contract: Name, Address, Telephone/ mobile numbers, E-mail address, Preferred language, Date of birth, Place of birth, Gender, Nationality, Marital status, Bank account data, Club entry data.
5.2. Members’ personal data will be processed for the purpose of fulfilling the contract on the basis of Art. 6 para. 1 b) GDPR and collecting feedback as well as marketing measures in our legitimate interests to improve our performance & service as a benefit to our members on the basis of Art. 6 para. 1 f) GDPR.
In addition, an account will be set up for you on the “myASPRIA” portal, which is exclusive to Aspria members and keeps you up to date with the latest events at your club (access using your email address and your membership number).
5.3. Data processing is exclusively carried out by those persons who are required to do so in order to fulfil the contract.
You may lodge an objection at any time to the processing of your data for myASPRIA or collecting feedback. Please send any such objection by post or email to the contact details set out under point 11.
5.4 Personal data will be deleted in accordance with the deletion plan, provided it has fulfilled its purpose and there are no retention obligations countering such deletion.
5.5 We will only forward your data to third parties if this is necessary for essential account business purposes (e.g. conducting bank transactions or sending invoices by post) or is otherwise necessary in order to fulfil our contractual obligations to users.
Furthermore, for contractual electronic communications.
Processing is fulfilled by a service provider from outside the EU. The service provider guarantees an adequate level of protection (by use of standard contractual data protection clauses, which have been approved by the European Commission to safeguard the transfer of information collecting from the European Economic Area and Switzerland) and has completed an Data Processing Agreement with Aspria.
6. INCLUSION OF THIRD-PARTY SERVICES AND CONTENT
6.1. We have incorporated YouTube and Vimeo in our online offer, which are stored on http://www.YouTube.com and https://vimeo.com/ and can be played directly from our website. These are incorporated in “expanded data protection mode”, i.e. none of your data, as the user, is transferred to YouTube or Vimeo if you do not play the videos. The data set out in section 5.1 is only transferred when you play the videos. We have no influence over this data transmission.
6.2. We have incorporated content from the following third-party suppliers on our website: (YouTube, map material from Google Maps, RSS feeds or graphics from other websites). When visiting our website, the third-party supplier receives information that you have called up on the corresponding subpages of our website. In addition, the data indicated under section 4.1 of this policy is also transferred.
This occurs irrespective of whether the third-party supplier provides a user account to which you are logged in, or whether no user account exists. If you are logged in with the plug-in supplier, these data is attributed directly to your account. If you do not wish for this data to be attributed to your profile with the plug-in supplier, then you need to log out before activating the content.
In addition, you have the right to object to the creation of user profiles; to exercise this right you need to approach the relevant plug-in supplier.
7. ELECTRONIC MESSAGES
7.1. We send newsletters, emails and other electronic messages with information, articles from our Health & Wellbeing experts as well as exclusive offers (hereinafter "newsletters") only with the consent of the recipient.
7.2. If you would like to receive newsletters, we will require your email address or mobile telephone number and information allowing us to check that you are the holder of such and consent to receiving the newsletters.
7.3. Processing is fulfilled by a service provider from outside the EU. The service provider guarantees an adequate level of protection (by use of standard contractual data protection clauses, which have been approved by the European Commission to safeguard the transfer of information collecting from the European Economic Area and Switzerland) and has completed an Data Processing Agreement with Aspria.
7.4. Furthermore, opting to receive newsletters will be recorded so that the opt-in process can be suitably documented in accordance with the legal requirements. This includes, in particular, recording the opt-in/confirmation time.
7.5. Your consent to saving the data, email address or mobile telephone number plus its use for sending the newsletter-content can be withdrawn at any time.
This withdrawal can be made via a link in any e-mails or by an option in the SMS content.
8. USE OF COOKIES
8.1. Cookies are pieces of information that are transferred from our web server to your web browser and are stored there for future visits to our site. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and are saved by your browser.
The cookies on our website do not collect any personal data. Our website can be viewed without cookies. If you do not want cookies to be stored on your computer, please deactivate the corresponding option in your browser’s system settings. Saved cookies can be deleted in your browser’s system settings. Cookies provide an optimum website experience and deactivating cookies may restrict the function of the website.
8.2. There is also an option to manage a large number of online advert cookies from companies via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices.
9. ANALYSIS SERVICES (GOOGLE ANALYTICS)
9.1. Google Analytics
9.1.1. This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer and enable the use of the website to be analysed. The information generated by the cookie on the use of this website is generally transferred to a Google server in the USA where it is stored.
9.1.2. We would like to point out that a code anonymiser is used on the Google Analytics website to ensure an anonymised version of IP addresses. This means that only an abbreviated form of your IP address is used by Google within the EU member states or other signatory states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA where it will be abbreviated. Google will use this information, on behalf of the website operator, to analyse your use of the website, create reports on the website activities and provide additional services for the purpose of compiling reports about the website activities and to provide website operators with further services connected with website usage and internet usage. The IP address transferred by your browser in connection with Google Analytics is not merged with other Google data.
9.1.3. You can prevent cookies being saved by setting your browser software accordingly; however, we would point out that, as a result, you may not always be able to use all functionalities of this website in full. You can also prevent Google from recording and processing data generated by the cookie and relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
10. YOUR RIGHTS (PURSUANT TO EU GDPR)
You have a right of access, rectification, deletion, restriction of processing and portability in regard to the data provided to us and to object to its processing pursuant to the EU General Data Protection Regulation.
You have the right to request from us, at any time, information on the data we have stored on you, and its origin, recipients or categories of recipients to whom this data is forwarded and the purpose for it being saved.
Where you have given your consent to the use of data, you may withdraw this consent at any time with effect for the future.
Please send all requests for information, deletion and rectification, requests for access, portability or objections to data processing by email or by post to our Data Protection Officer at the following address:
Aspria Holdings BV
c/o Aspria Berlin GmbH
Karlsruher Str. 20
10711 Berlin
Germany
Data Protection Officer
Tel: +49 (0)30 890 6888 0
Fax: +49 (0)30 890 6888 90
Email: dataprotection@aspria.com
Should you be of the opinion that the processing of your data infringes your right to data protection, or your data protection entitlements have been infringed in any other way, please submit any complaints to the for you relevant data protection supervisory authority.
11. DATA SECURITY
We undertake up-to-date technical and organisational measures to ensure security when processing data, in particular to protect your personal data from risks during transfer or from becoming available to third parties.
These measures are aligned with the current state of the art, the requirement for protection of personal data and risks to your rights and freedoms.
12. AMENDMENTS TO DATA PROTECTION POLICY
12.1. We reserve the right to amend the Data Protection Policy in order to adapt it to a change in the legal basis, or in the event of changes in our service or data processing.
12.2. Users are therefore asked to familiarise themselves with its content on a regular basis, in particular when they communicate personal data again.
Data Protection Policy valid at: August 2020