HOW WE USE PERSONAL DATA
Administration of memberships. In order to register you as a member with us, and in order for us to be able to invoice and manage your membership, we process name, national ID number, contact information, photo, membership type and your communication with us. If you have a membership via a company agreement or via a partner, we will also process information regarding your employer / the partner through which you have your membership. If you have a student membership, we will also process information regarding your place of study.
Exercise follow-up. In order to manage and follow-up your exercise with us, we will register your exercise history, i.e., your visits to our fitness centers, your enrolment and withdrawal from group sessions, your participation in group sessions, your use of personal trainer and your general use of our exercise services. If you choose to share such information with us, we will also process information regarding your health, such as physical injuries or illnesses.
Online exercise. In order to manage and follow-up use of our web-based services, we will also register your login details (username/password), your searches, your previous playbacks and the favorites that you save.
App functions. In order to offer relevant functionalities, we process data regarding use of social functions, your exercise and preference choices you personally make in the app. We also use functionalities that are offered by Google or Apple, that you choose to activate (e.g., location or Bluetooth).
Exercise-related services. If you use MiniSATS, we will register that you have children. If you use our exercise-related services, such as physiotherapy, massage, dietary guidance or lifestyle courses, we will process data about you that are necessary for these services, such as health, weight, habits, needs and preferences.
Purchases. If you make purchases in our online shop, or if you make purchases at one of our fitness centers which you link to your membership, we will, for bookkeeping purposes, process information regarding your purchases, i.e., what you purchased, the time of the purchase and the amount.
Rewards. We will use your exercise history to include you in our SATS Reward program, where you will be rewarded for exercising at SATS. The reward program is based on how long you have been a SATS member and how often you exercise at SATS.
Product development. In order to evaluate, improve and optimize our exercise services, we will be able to process your responses to member surveys, as well as analyze statistics of your use of our exercise services in order to understand our members’ needs and preferences.
Studies. Occasionally, we recruit members for studies, surveys or other research conducted by third parties. Participation is always voluntary. Unless you consent thereto, we will not gain access to information from such studies at the individual level, but we may gain access to the results at an aggregated level.
Video surveillance. For security purposes, we have video surveillance at our centers.
SATS safety regulations and rules of conduct follow-up. In order to ensure a pleasant and including atmosphere in our centers we have safety regulations and rules of conduct. Breach of these rules may in certain cases lead to exclusion from out centers. We will process personal data related to any breaches of our safety regulations and rules of conduct, including data necessary to enforce a possible exclusion. We require a basis for the lawfulness of processing pursuant to the GDPR for our processing of personal data. For administration of memberships, online exercise, app functions and exercise-related services, the basis is that this is necessary to fulfil our agreement with you. For purchases, the necessity is to fulfil a legal obligation. For product development, it is our legitimate interest in improvement and innovation. For exercise follow-up, it is our legitimate interest in administrating and following up your exercise. For rewards, it is our legitimate interest in offering you rewards and keeping you motivated. For studies, it is our legitimate interest to contribute to research and public information. For video surveillance, it is the need to prevent dangerous situations and safeguard considerations for the safety of our employees and members. For our safety regulations and rules of conduct follow-up it is our legitimate interest in ensuring the safety for our members and employees. If it is necessary for us to process special categories of personal data (sensitive personal data) in order to provide you with our services, the basis for lawful processing is your consent, which you give via the Membership Terms and Conditions (GDPR, Article 6, no. 1 (a) and Article 7, no. 4).
We may also process personal data for other purposes if you consent thereto. If so, you may at any time withdraw your consent.
We may also process personal data for other compatible purposes, e.g., bookkeeping, for the handling of disputes and legal proceedings and in case of acquisitions, mergers or similar transactions.
HOW WE CONDUCT MARKETING
We wish to keep our members informed of our services and provide good offers. Therefore, we will occasionally send you a newsletter and marketing, e.g., by email. We may adapt such communication based on where or in what manner you have exercised, so that it becomes more relevant for you. If you no longer wish to receive marketing, you can use the unsubscribe link in the marketing correspondence you receive or visit “Min Side” (“My Page”) on our website or app. Please note that you cannot unsubscribe from distribution of information that is not for marketing purposes.
HOW WE PROCESS INFORMATION ON SOCIAL MEDIA
If you visit our social media pages, we will be able to view your reactions (uploads, likes, comments etc.). We will also have access to anonymized statistics, in order to gain insight into the use of our pages on social media. For the processing of such data, we have a joint processing liability with the social media in question. The basis for our lawful processing of possible personal data in this connection is our legitimate interest in having a page on the social media and having insight into how it is used. Please note that even if you delete your account or stop following us on the social media, your reactions may still be accessible on our page.
WITH WHOM WE SHARE PERSONAL DATA
We will process your personal data confidentially. However, we need to share personal data with other undertakings in order to perform the purposes that are mentioned above in a good manner:
Group companies. We share data internally in the SATS Group for administrative purposes.
Suppliers. We share information with suppliers that assist us in the provision of our services, e.g., IT suppliers. We have data processing agreements with our suppliers in order to ensure that the data are processed in a sound manner and not used for other purposes.
Other members. If you have activated social functions in our app, we will share information about your with your friends, e.g., what exercise sessions you have participated in.
We may also share information with the authorities if we are ordered to do so. Furthermore, we may share information about you with others, if you consent thereto.
HOW LONG DO WE STORE THE PERSONAL DATA
We store personal data about you for as long as it is necessary for the purposes that are mentioned above. Thereafter, we erase them. Unless you otherwise give your consent, this mainly involves the following:
Data regarding administration of memberships will be erased no later than six months after the membership was terminated.
Data regarding exercise history and data regarding online exercise will be erased no later than six months after the membership was terminated.
Data regarding your own exercise in the app will be erased when you personally make such a request, though, irrespectively, no later than six months after the membership has been terminated. We do not store location data beyond the end of a session.
Data regarding exercise-related services are continuously erased.
Data regarding purchases are erased after five years in accordance with the Norwegian Bookkeeping Act.
Data regarding rewards will be erased no later than six months after the membership was terminated.
Data that are used for product development are erased in that we anonymize them as soon as possible.
Data that are used for recruitment to studies are erased shortly after the recruitment has occurred.
Data regarding video surveillance are erased no later than one week after the recordings were made, unless it is likely that the recordings will need to be used or surrendered to the police.
Data regarding breach of our safety regulations and rules of conduct are erased after the end of the exclusion period and the connected trial period. The length of the exclusion period depends on the severity of the breach. We may choose to anonymize the data instead of erasing them, i.e., that we store the data, without it any longer being possible to connect them to you as an individual.
YOUR PRIVACY RIGHTS
You have several rights pursuant to the privacy regulatory framework, including the right to demand access, rectification, erasure, limitation, data reporting and objecting to our processing of data about you. Contact us if you wish to invoke your rights. We will respond to your enquiry as soon as possible, typically within one month. Please note that there are several exceptions and limitations to these privacy rights that may entail that we are unable or unwilling to allow you to exercise them.
If you disagree with the manner in which we process your personal data, you may submit a complaint to the Norwegian Data Protection Authority. We would appreciate it if you contact us first, so that we can clarify any misunderstandings.
You may send enquiries to firstname.lastname@example.org if you wish to exercise your rights, or if you have other questions, comments or would like to receive more information regarding our processing of personal data.