PRIVACY POLICY

BASIC INFORMATION ON DATA PROTECTION

DATA CONTROLLER

SPORTS & LEISURE MANAGEMENT, S.L., with registered offices at Rambla Guipúscoa 23 -25 bajos, 08018 Barcelona, and Value Added Tax Id. No. B-66785130 (hereinafter, CET10).

FOR WHAT DO WE MAINLY PROCESS YOUR DATA?

Typical contractual purposes:

  • To subscribe the activities of the CET10 network.
  • To manage the centres and/or subscribed activities.
  • To identify you and manage your registration and access to your account and profile of the website/app.
  • To process, manage and complete the provision of services, as well as to subscribe the CET10 activities.

Purposes that require your consent:

  • Advertising and market research activities regarding the initiatives and services of CET10 organisations and partners are always linked with the sector of sports, education, recreation, and social issues.
  • To disclose personal data to companies of the CET10 Group, as well as to partners that are necessary to carry out the commercial actions on your activities and general or customised services, by any means.

In the event that you do not authorise the processing of your data for the above purposes, this will not affect the maintenance or fulfilment of your contractual relationship with CET10.

Purposes based on legitimate interest:

  • To manage the queries made through the different contact forms or by email.
  • To carry out commercial activities, both general and those adapted to your marketing profile and/or offer you CET10 products or services which may be of interest to you, taking into account those you have already subscribed to in the past.
  • Management of possible claims or legal actions related to the provision of the service.
  • To carry out opinion and satisfaction surveys related to the subscribed activities and services.

LEGITIMACY

Contractual relationship, compliance with a legal obligation, legitimate interest and consent. In the detailed information you can see the different purposes and the legitimation criteria for each of them.

RECIPIENTS

The data is disclosed to organisations of the CET10 Group, as well as to partners that are strictly necessary to carry out the subscribed sports services and activities or for promotional activities if you consent them.

RIGHTS

Access, rectification, suppression, opposition, restriction of processing, portability, not to be subject to automated individual decisions, revoke the consent provided, and file a complaint with the competent supervisory authority (in Spain, the Spanish Data Protection Agency).

DETAILED INFORMATION ABOUT DATA PROTECTION

1. Data Controller The data controller of the User’s data is the company SPORTS & LEISURE MANAGEMENT, S.L., with registered offices at Rambla Guipúscoa 23 -25 baixos, 08018 Barcelona, and Value Added Tax Id. No. B-66785130 (hereinafter, CET10). For any issue, doubt or clarification regarding this Privacy Policy or the data processing performed by CET10, you can contact us through the email address [email protected].

2. General information: description of the information contained in the privacy policy

For each of the different data processing performed by CET10, you will find in this Privacy Policy a table identifying the following information:

a) The purposes of the processing of your personal data, that is, the reason why CET10 processes your personal data.

b) The legal bases that allow CET10 to process your data for each of the indicated purposes.

c) The possible transfer of your data to third parties, as well as the reason of said transfer. On the other hand, those in charge of the processing of CET10, that is, the service providers who have to access your personal data for the development of their functions, may have access to your personal data. The service providers who access your personal data, in general, are professionals of the information and technology systems industry.

d) The existence of international data transfers.

e) The period of storage of data you provide us. We also inform you that your data will be blocked for the purpose of dealing with any judicial, administrative or tax claims during the legal terms resulting from the applicable legislation.

3. Detailed information about the data processing

The following are the various purposes for which CET10 processes them:

A) Processing carried out for the contract: it is necessary for signing the contract or for the provision of the services that you request from us. We will process your data to inform you about the CET10’s products and services, for the purpose of acquiring them, as well as to maintain and fulfil the contract.

B) Processing carried out with your consent: provided that you have given your consent by ticking the box on the form that we make available to you.

    1. Carrying out commercial activities:
      1.1. We will process your data in order to carry out commercial activities, both general or tailored, to offer you products and/or services different from those you may have taken out with CET10, to include you in loyalty programmes and participate in special offers organised by CET10. These commercial activities may be carried out by any means, including electronically (email, SMS, social media, mobile applications, etc.). This authorisation will continue until the interested person does not revoke its consent, even after your relationship with CET10 has ended.
      1.2. We will process your data in order to carry out commercial activities, both general or tailored, to offer you products and/or services from companies related to CET10 group or third-party partners. These commercial activities may be carried out by any means, including electronically (email, SMS, social media, mobile applications, etc.). This authorisation will continue until the interested person does not revoke its consent, even after your relationship with CET10 has ended.
    2. Disclosure of data
      we will disclose your data to companies of the CET10 group, as well as to partner companies that are necessary to carry out the provision of services (for example, sports centres, campuses, schools, insurance organisations), to companies in order for them to carry out commercial activities, both general or tailored, concerning their products and services. These commercial activities may be carried out by any means, both physically and electronically (email, SMS, social media, mobile applications, etc.).

In the event that you do not authorise the processing of your data for the above purposes, this will not affect the maintenance or fulfilment of your contractual relationship with CET10.

C) Processing carried out for legitimate reasons:

    • To manage the queries made through the different contact forms, the website chatbot or by email.
    • To carry out commercial activities, both general and those adapted to your marketing profile and/or offer you CET10 products or services which may be of interest to you, taking into account those you have already subscribed to in the past. The commercial activities may be carried out by any means, including electronically (email, SMS, social media, mobile applications, etc.).
    • Management of possible claims or legal actions related to the provision of the service.
    • To carry out opinion and satisfaction surveys related to the subscribed services.

You may submit an objection to any of the above processing procedures on the basis of legitimate interest. To do so, you must send an email to [email protected], “Ref.: Data Protection” and explain the reason for your objection.

D) Processing carried out to comply with a legal obligation: 

we will process your data to comply with any applicable legal and tax obligations. Where necessary, these processing activities will exist even after the end of the contractual relationship.

4. How do we obtain your data?

CET10 obtains your data from the following sources:

    • The information that you provide us when you subscribe to our services with us, both directly and indirectly. Some examples are: Through inquiries, transactions, customer registration and to book our activities and campus..
    • Cookies.

In particular, the data that we will process includes the following categories:

a) Identification data and contact details: name, surname, image, photo, identity card, foreigners ID. card or passport, nationality, date of birth, address, telephone and mobile number, email address.

b) Access keys to the CET10 customer account.

c) Financial information: bank account, IBAN code.

d) Information regarding the provision of the subscribed services and products: operation carried out, place, date, device used, operation user, operation description/reference, booking details.

e) Communication data with CET10: phone calls, emails, chatbot and any other media made available to you at all times, and commercial communication data, as well as the data you provide us through satisfaction surveys.

f) We collect certain information from cookies related to your browsing. When you visit any of our websites, we collect the necessary data to enable you to use them (usage data). This includes your IP address and data about the start, end and subject of your use of the website/App, as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to users’ needs. This data is always deleted as soon as it is no longer required. For information on the processing and purposes, please see our Cookies Policy.

Regarding inquiries made through the forms available on the website/app (e.g. contact, customer registration, events or courses registration, spring campus, booking forms, etc.), it is sometimes allowed to explain the reason of the disclosure. Please note that personal inquiries cannot be answered in this section except those strictly established by current legislation. Under no circumstances will data of special categories (such as health data) be disclosed. In the event of doing so, the user exempts CET10 from any liability. If inappropriate content or queries are sent, CET10 will remove them.

5. How long will CET10 keep your data for?

We will process your personal data as long as it is necessary for the purpose for which it was collected. If you cancel all contracts, you can:

  • Continue to consent to commercial activities: we will process your data for the commercial activities to which you have consented.
  • Revoke your consent to carry out commercial activities: We will cancel your data by blocking it. As a result of this blocking, CET10 will not have access to your data and will only process it to make it available to the competent Public Authorities, Judges and Courts or the Public Prosecutor’s Office, for the purpose of dealing with any possible liabilities related to the processing of the data, in particular for the exercise and defence of claims before the Spanish Data Protection Agency. We will keep your data blocked for the periods provided for in the applicable regulations or, where appropriate, in the contractual relationship with CET10, and will physically delete your data after these periods have elapsed.

CET10 will keep the data duly blocked, without giving it any use, while it may be necessary for the exercise or defence of legal claims or may derive some type of judicial, legal or contractual liability from the processing, which must be attended to and for which its recovery is necessary. Once the deadline has expired, the user’s personal data will be destroyed.

6. Disclosure of personal data

We disclose your personal data to:

  1. CET10 Group companies for these purposes:
    • To carry out commercial activities for its products and services, both general and tailored to your marketing profile.
    • To acquire products or services from these organisations.
    • To comply with legal obligations.

2. Public bodies, Tax Agency, Judges and Courts and, in general, any appropriate authorities, when CET10 is legally obliged to provide it.

3. Partner companies with the following purposes: to carry out commercial activities for its products and services, both general and tailored to your marketing profile. To acquire products and/or services from these organisations.

4. CET10 also collaborate with some third-party service providers who have access to your personal data and who process such data in the name and on behalf of CET10 as a result of their provision of services (coaches, facilities, campsites, etc.).

Finally, the user’s data may be processed and disclosed during preparatory and review actions prior and subsequent to business operations of any nature, including but not limited to mergers, spin-offs, global assignments of assets and liabilities, contributions or transfers of business or branch of business activity, or any operations of business and/or company restructuring of a similar nature, and/or replacement of the activity set out in business regulations; and within the framework of the aforementioned business operations.

Furthermore, we inform you that CET10 has entered into corresponding data processing agreements with all our partners that are necessary to perform the subscribed service or product, who guarantee that they process the data in accordance with the instructions of CET10 and they fully meet the applicable regulations on data protection.

7. Third party data If at any time you provide CET10 with third-party data, you are responsible for obtaining their prior consent to disclose it and undertake to transfer the information contained in this clause to them, exempting CET10 from any responsibility in this regard. Nevertheless, CET10 may carry out the verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.
8. Updating of data By providing us with your data by email, you guarantee that this is true, accurate, complete and updated, so that the information in the CET10’s files and processing systems is at all times up to date and does not contain any errors. In this sense, you are the solely responsible for the damages that may be caused directly or indirectly as a consequence of the breach of such obligation.

9. Security of data

CET10 has taken the necessary technical and organisational measures, taking into account the state of the art, costs of implementation, nature, scope, context, and purpose of the processing, as well as the risks of variable probability and severity for the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data, and the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

All our employees, partners and all people involved in the processing of personal data are obliged to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as other relevant laws on data protection and confidential handling of personal data.

To protect the personal information of our users we use a secure method of transmission (Secure Socket Layer – SSL). SSL encryption guarantees a complete and encrypted transmission of your data. Notwithstanding the foregoing, technical security in an environment like Internet is not impregnable and misconduct by third parties may occur, although CET10 may make all its best efforts through its available means to prevent such actions.

If you become aware of a technical vulnerability affecting CET10 services, please send us an email, REF.: Data Protection, at [email protected].

10. International Data Transfer

The personal data of the user that we keep will be processed exclusively in member states of the EU or the European Economic Area (“EEA”), respectively. However, if the data processing is carried out by a provider located in a country outside the EEA, CET10 will ensure that it is a country with a level of protection comparable to that of the European Union (European Commission adequacy decisions). If the data processing is carried out in a country without the corresponding data protection laws, the processing will be protected by international contracts and standard contractual clauses in accordance with European requirements, or based on other appropriate guarantees established by law.

If you want, we can provide you with information on the appropriate guarantees, as well as the option to obtain a copy of them, upon request.

11. Cookies

If you visit our websites, the information may be stored in the form of a cookie on your local device. Cookies are small text files that are sent from a web server to your browser and stored on your own device. This allows us to recognise you when you visit the website/app repeatedly. This way we can ensure better site functionality and, for example, prevent you having to log in repeatedly, by keeping the cookie selection accepted by the user for a period of less than 24 months. For further information about the cookies we use, please see our Cookies Policy.

12. Data collection by third parties (social media)

Our website contains links to social media operators (e.g. Facebook, Blog, LinkedIn, Instagram, Youtube, etc.). These social media are operated exclusively by third parties, so CET10 does not exercise any control over them nor assumes any liability for the accessed information. If you follow the links, the information may be transmitted on to these third parties. In order to understand the purpose and scope of collection of your data by social media and subsequent local processing, as well as your rights and how to protect your privacy, you should see the respective privacy policies of the operators themselves. CET10 will not be responsible for any action taken by, or the contents of, these websites.

Unless CET10 has authorised it in advance and in writing, you cannot insert a link, hyperlink, framing or similar link on the Website.

13. Exercise of rights

You can exercise your rights of access, portability, rectification, suppression, restriction, opposition and not to be the subject to a decision based solely on automated processing. You can also revoke the consent given for your data processing at any time.

To exercise these rights, please request it expressly at the address: Ref. Data Protection – CET10, Rambla Guipúscoa 23 -25 bajos, 08018 Barcelona (Spain) or by sending an email at [email protected] and attaching in any case a copy of an official document proving your identity.

You can also file a complaint with the Spanish Data Protection Agency, if you consider that we have not treated you correctly. You have the necessary information on the website aepd.es.