Latest update may 24, 2018

HDD Holding B.V. with email address info@hddgroup.com, hereafter referred to as the Data Controller, states as follows:

The Data Controller complies with the requirements of the General Data Protection Regulation (GDPR) and handles its client data confidentially. Personal details of clients, applicants, assessors, instructors, trainers, and visitors of our websites and events are secured and handled with the greatest care.

HDD Holding represents Les Mills B.V., FitCo B.V. en Studion B.V. with regard to privacy.

Purposes of the use of your personal data
You can leave personal data on the Data Controller’s websites, via email or telephone for the following reasons:

• You log in to one of our client portals
• You send us a contact request
• You register for our newsletter
• You order a product or service from us
• You register for an event

We use this data to:

• Process your payment
• Process your order
• Contact you by phone or email if this is necessary to perform our services
• Inform you of any changes to our services and products
• Deliver goods and services to you
• Send you, after your purchase, a voucher for a subsequent purchase
• Ask you questions about our services and products
• Inform you about events

During events we take photos and make videos of our visitors. When you register for an event, we will ask your permission to use these images on social media and/or in other marketing communications.

The Data Controller will not use the data you supplied for purposes other than those for which you entered these details. When you register for the newsletter, your details are entered into our contact database. This means you may also receive other mail, and not just news reports, from us. For example, an invitation to an event we are organising.

Nature of the personal data
The data we store about you are contact details:

name, (email) address, telephone number, and the organisation you work for. We explicitly do not collect any sensitive details about your health, criminal record, or country of birth. In some cases, additional personal information about date of birth, gender, weight, and clothing size is recorded.

Automated decision-making
The Data Controller does not rely on automated processing to take decisions about matters which could have (significant) consequences for the individual. Automated decisions are those taken by computer programmes or systems without any human intervention (by an employee of the Data Controller, for example).

Provision of personal data to third parties
The Data Controller shares your personal data with various third parties if this is required for the performance of the agreement, and to comply with legal obligations. To ensure an equivalent level of security and confidentiality of your data, we conclude a Data Processing Agreement with companies that process your data at our request. The Data Controller remains responsible for this processing. The Data Controller also provides your personal data to other third parties. We only do this with your express permission.

How long we store personal data
The Data Controller does not store your personal data any longer than strictly necessary to achieve the purposes for which your data is collected. We use the following retention periods for the following (types) of personal data:

Contacts: 3 years after last contact

Financial client data: 7 years after last delivery, as this is the statutory retention period requirement for financial data.

Access and modification
You can always ask your Data Controller to provide access to the data stored about you. You can also modify or delete this data. To do so, send an email to the abovementioned email address.

Cookies
Our website uses JavaScript and cookies to a limited extent. Cookies are small text files with information about, for example, your browsing behaviour. The use of cookies enables us to assess how our site is being used and how it can be further improved. To this end, we use Google Analytics. We also use cookies that are necessary for the proper functioning of the website, for example, at the login portal for clients.

Consent
The Data Controller only uses cookies on its websites if you have given your consent. Moreover, you can set your browser so that it will not accept any cookies at all.

Links to other websites
Our web pages include links to external websites. The Data Controller is not responsible for the privacy and cookie policies that apply to the websites of third parties.

Complaints
If you have a complaint about how we have handled your personal data, we ask you to first talk to us about it. If you remain dissatisfied, you can contact the Dutch Data Protection Authority via https://autoriteitpersoonsgegevens.nl/nl/contact-met-de-autoriteit-persoonsgegevens/tip-ons who can then decide whether to start an investigation into the Data Controller.