Privacy Policy

Last updated: 15th January 2026

Introduction

This Privacy Policy explains how brandarchitect S.L. ("we", "our", or "us") collects, uses, and protects your personal information when you use our fitness services, visit our website, or interact with us. We are committed to protecting your privacy and ensuring transparency about how we handle your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

Data Controller Information

brandarchitect S.L. is the data controller for the personal information we collect and process. Our contact details are:

  • Company: brandarchitect S.L.
  • Registration Number: B58294061
  • VAT Number: ESB73920615
  • Address: Calle Cervantes 119, 48957 Bilbao, Basque Country, Spain
  • Email: privacy@brandarchitect.pro
  • Phone: +34 941 407 443

Data Collection

We collect personal information in various ways when you interact with our services. The data we collect includes information you provide directly to us, information collected automatically through our website and services, and information from third-party sources when applicable.

The types of personal data we collect may include:

  • Contact information (name, email address, phone number, postal address)
  • Account information (username, password, preferences)
  • Fitness and health information (fitness goals, health conditions, progress data)
  • Payment information (billing details, transaction history)
  • Technical information (IP address, browser type, device information)
  • Usage information (website activity, service usage patterns)
  • Communication records (emails, phone calls, chat messages)

How We Use Your Information

We use your personal data for various purposes based on legitimate business interests, contractual necessity, legal obligations, and your consent. Our primary use of your data is to provide and improve our fitness services, communicate with you, and ensure the security of our systems.

Specifically, we use of your data for the following purposes:

  • Providing fitness services, personal training, and group classes
  • Managing your membership and account
  • Processing payments and managing billing
  • Communicating about services, appointments, and updates
  • Personalising your fitness experience and recommendations
  • Monitoring and improving our services
  • Ensuring facility security and safety
  • Complying with legal and regulatory requirements
  • Marketing and promotional activities (with your consent)

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to perform our fitness services contract with you
  • Legitimate Interests: Processing for our legitimate business interests, such as improving services and ensuring security
  • Legal Obligation: Processing required to comply with legal requirements
  • Consent: Processing based on your explicit consent, particularly for marketing communications
  • Vital Interests: Processing necessary to protect health and safety in emergency situations

Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your data with trusted service providers who assist us in operating our business, such as payment processors, technology providers, and professional advisors. All third parties are contractually bound to protect your information and use it only for the specified purposes.

Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this privacy policy, comply with legal obligations, resolve disputes, and enforce our agreements. Generally, we keep membership data for the duration of your membership plus seven years for financial and legal compliance purposes. Marketing data is retained until you withdraw consent or for a maximum of three years from last interaction. We regularly review and securely delete data that is no longer necessary.

Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data. These rights ensure you maintain control over your information and how it is processed by our organisation.

Your rights include:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Request transfer of your data to another organisation
  • Right to Object: Object to processing based on legitimate interests or for marketing purposes
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse website usage, and provide personalised content. For detailed information about our use of cookies, including the types of cookies we use and how to manage your preferences, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection practices. While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we need to transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission, to protect your information to the same standard required within the EEA.

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal data, please reach out to us using the contact information below.

To contact us about privacy matters, you can email us at privacy@brandarchitect.pro or call us at +34 941 407 443. You can also write to us at our registered address: brandarchitect S.L., Calle Cervantes 119, 48957 Bilbao, Basque Country, Spain.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with applicable data protection laws. In Spain, the supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD).