Privacy Policy

Introduction

nexivo B.V. ("nexivo", "we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our fitness center, use our services, or interact with our website at nexivo.world.

As a company operating in the Netherlands and serving the European Union, we comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws. We are the Data Controller for the personal data we process.

Data Collection

The data we collect includes personal information you provide directly to us, information we collect automatically when you use our services, and information we receive from third parties. We collect this information to provide our fitness services, manage memberships, and improve your experience at nexivo.

Information You Provide

• Contact information (name, email address, phone number, postal address)
• Membership and account information
• Payment and billing information
• Health and fitness information (when voluntarily provided)
• Emergency contact information
• Communication preferences
• Feedback and survey responses

Information Collected Automatically

• Website usage data and analytics
• Device information and IP addresses
• Cookies and similar tracking technologies
• Facility access logs and usage patterns
• Security camera footage (in public areas only)

How We Use Your Information

We explain how we use your information to provide and improve our fitness services, manage your membership, and communicate with you. Our use of your data is based on legitimate business interests, contractual necessity, legal compliance, and your consent where required.

Primary Uses

• Providing fitness services and facility access
• Managing memberships and processing payments
• Scheduling and conducting personal training sessions
• Communicating about services, classes, and updates
• Ensuring facility security and safety
• Improving our services and customer experience
• Complying with legal obligations

Legal Basis for Processing

• Contract Performance: Processing necessary to fulfill our service agreement with you
• Legitimate Interest: Improving services, security, and business operations
• Legal Compliance: Meeting regulatory and legal requirements
• Consent: Marketing communications and optional data collection

Data Sharing and Disclosure

We do not sell your personal data. We may share your information with trusted service providers, business partners, and in certain legal circumstances as outlined below.

Service Providers

• Payment processors for membership and service fees
• IT service providers for website and system maintenance
• Professional services (legal, accounting, consulting)
• Marketing and communication platforms

Legal Requirements

We may disclose your information when required by law, to protect our rights, or to ensure the safety of our members and staff.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes. Our retention periods vary based on the type of data and legal requirements.

• Membership Data: Retained during membership and up to 7 years after termination for legal and financial purposes
• Marketing Data: Retained until you withdraw consent or up to 2 years of inactivity
• Website Analytics: Typically retained for 26 months
• Security Footage: Retained for 30 days unless required for investigation

Your Rights Under GDPR

As a data subject under GDPR, you have specific rights regarding your personal data. We are committed to facilitating the exercise of these rights.

To exercise these rights, please contact us using the information provided in the Contact section below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure payment processing systems
• Physical security measures at our facility

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and provide personalized content. For detailed information about our cookie practices, please see our Cookie Policy.

International Data Transfers

Your personal data is primarily processed within the European Union. When we transfer data outside the EU, we ensure appropriate safeguards are in place, including adequacy decisions, standard contractual clauses, or other approved mechanisms under GDPR.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, through other communication channels.

Contact Information

If you have questions about this Privacy Policy, want to exercise your rights, or need to contact us regarding data protection matters, please contact us using the following information:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately.