Privacy Policy

Introduction

orbitflare GmbH ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, process, and protect your personal information when you visit our website, use our services, or interact with our fitness centres.

We are the data controller responsible for your personal data and are committed to complying with the General Data Protection Regulation (GDPR) and all applicable data protection laws.

Data We Collect

We collect various types of personal data to provide you with our fitness services and improve your experience. The data we collect includes:

• Personal Identification Information: Name, email address, phone number, postal address, date of birth
• Membership Information: Membership type, payment details, fitness goals, health questionnaire responses
• Usage Data: Facility access records, class bookings, equipment usage, training session attendance
• Technical Data: IP address, browser type, device information, website usage statistics
• Communication Data: Records of correspondence, feedback, and support requests
• Marketing Preferences: Communication preferences and consent records

Data collection occurs when you register for membership, use our facilities, contact us, or interact with our website and services.

How We Use Your Information

We use your personal data for various purposes based on legal grounds including contract performance, legitimate interests, and consent. How we use your information includes:

• Service Provision: Processing memberships, providing access to facilities, managing bookings and classes
• Communication: Responding to enquiries, providing customer support, sending service-related notifications
• Safety and Security: Ensuring facility security, emergency contact procedures, health and safety compliance
• Improvement: Analysing usage patterns to improve our services, facilities, and customer experience
• Legal Compliance: Meeting regulatory requirements, processing payments, maintaining business records
• Marketing: Sending promotional materials and updates (only with your explicit consent)

We only use your data for the purposes stated and will not process your information for incompatible purposes without your consent.

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

Our website uses various types of cookies including:

• Necessary Cookies: Essential for website functionality and security
• Analytics Cookies: Google Analytics to understand website usage and improve performance
• Marketing Cookies: Google Ads for advertising and remarketing campaigns
• Functional Cookies: Remember your preferences and settings

For detailed information about our cookie usage, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information only in the following circumstances:

• Service Providers: Trusted third-party companies that help us operate our business (payment processors, IT support, cleaning services)
• Legal Requirements: When required by law, court order, or legal process
• Emergency Situations: To protect the safety of our members, staff, or the public
• Business Transfers: In connection with mergers, acquisitions, or asset sales (with appropriate safeguards)

All third-party service providers are contractually bound to protect your data and use it only for specified purposes.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Our data retention periods include:

• Active Membership Data: Retained for the duration of your membership plus 7 years for legal and tax purposes
• Marketing Data: Retained until you withdraw consent or for 3 years of inactivity
• Website Analytics: Retained for 26 months (Google Analytics default)
• CCTV Footage: Retained for 30 days unless required for security investigations
• Financial Records: Retained for 10 years as required by German tax law

After the retention period expires, we securely delete or anonymise your personal data in accordance with our data deletion procedures.

Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise these rights, please contact us using the contact information below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and updates
• Access controls and employee training
• Secure data centres and backup procedures
• Incident response and breach notification procedures

While we strive to protect your personal data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest security standards.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard contractual clauses
• Binding corporate rules
• Certification schemes

We will inform you of any international transfers and the safeguards in place to protect your data.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent. For members aged 16-18, we require parental consent for membership and data processing.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered members
• Displaying notices at our fitness centres

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

You also have the right to lodge a complaint with the relevant data protection authority if you believe we have not handled your personal data appropriately. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

Supervisory Authority

If you have concerns about our data processing practices, you may contact our supervisory authority: