Privacy Policy

Last updated: 1st January 2026

BrightImperium B.V. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

Data Controller Information

The data controller for your personal information is:

Data Collection

We collect personal data that you voluntarily provide to us when you:

• Register for membership or services
• Fill out contact forms on our website
• Subscribe to our newsletters or communications
• Participate in our fitness programmes
• Visit our facility and use our services
• Contact us for support or enquiries

The types of personal data we collect may include:

• Contact information (name, email address, phone number, postal address)
• Identification information (date of birth, government ID for membership verification)
• Health and fitness information (medical conditions, fitness goals, emergency contacts)
• Payment information (billing address, payment method details)
• Usage data (website interactions, facility access records, class attendance)
• Communications (emails, messages, feedback, and support requests)

How We Use Your Information

We use of your data is based on legitimate interests, contractual necessity, and your consent where required. We use your personal information to:

• Provide and maintain our fitness services and programmes
• Process membership registrations and payments
• Communicate with you about our services, schedules, and updates
• Ensure the safety and security of our facilities and members
• Improve our services and develop new programmes
• Send marketing communications (with your consent)
• Comply with legal obligations and regulatory requirements
• Respond to your enquiries and provide customer support

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• With service providers who assist us in operating our business (payment processors, email services, analytics providers)
• With healthcare providers when necessary for your safety or emergency situations
• When required by law or to protect our legal rights
• In connection with a business transfer or merger (with appropriate safeguards)
• With your explicit consent for specific purposes

Your Rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us at [email protected] or +31 769318462. We will respond to your request within one month.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Membership data is typically retained for the duration of your membership plus seven years for legal and tax purposes. Marketing data is retained until you unsubscribe or withdraw consent. Website usage data is typically retained for up to two years for analytics purposes.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, access controls, and regular security assessments. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or other approved transfer mechanisms under GDPR.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent. If you believe we have inadvertently collected such information, please contact us immediately so we can delete it.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your EU member state.

This Privacy Policy is governed by Dutch law and the General Data Protection Regulation (GDPR).