Privacy policy

This Privacy Policy provides you with information about how and why we process personal data regarding our members. SATS Norway AS (“SATS” or “we”) operates the chain of fitness centres, SATS. We are the Data Controller for the data that are processed in connection with this undertaking.

HOW WE USE PERSONAL DATA

Administration of memberships. In order to register you as a member with us, and in order for us to be able to invoice and manage your membership, we process name, national ID number, contact information, photo, membership type and your communication with us. If you have a membership via a company agreement or via a partner, we will also process information regarding your employer / the partner through which you have your membership. If you have a student membership, we will also process information regarding your place of study.

Exercise follow-up. In order to manager and follow-up your exercise with us, we will register your exercise history, i.e., your visits to our fitness centres, your enrolment and withdrawal from group sessions, your participation in group sessions, your use of personal trainer and your general use of our exercise services. If you choose to share such information with us, we will also process information regarding your health, such as physical injuries or illnesses.

Online exercise. In order to manage and follow-up use of our web-based services, we will also register your login details (username/password), your searches, your previous playbacks and the favourites that you save.

App functions. In order to offer relevant functionalities, we process data regarding use of social functions, your exercise and preference choices you personally make in the app. We also use functionalities that are offered by Google or Apple, that you choose to activate (e.g., location or Bluetooth).

Exercise-related services. If you use MiniSATS, we will register that you have children. If you use our exercise-related services, such as physiotherapy, massage, dietary guidance or lifestyle courses, we will process data about you that are necessary for these services, such as health, weight, habits, needs and preferences.

Purchases. If you make purchases in our online shop, or if you make purchases at one of our fitness centres which you link to your membership, we will, for bookkeeping purposes, process information regarding your purchases, i.e., what you purchased, the time of the purchase and the amount.

Rewards. In order to adapt your membership and our communication and marketing, we will use your exercise history to place you in a membership level.

Product development. In order to evaluate, improve and optimise our exercise services, we will be able to process your responses to member surveys, as well as analyse statistics of your use of our exercise services in order to understand our members’ needs and preferences.

Studies. Occasionally, we recruit members for studies, surveys or other research conducted by third parties. Participation is always voluntary. Unless you consent thereto, we will not gain access to information from such studies at the individual level, but we may gain access to the results at an aggregated level.

Video surveillance. For security purposes, we have video surveillance at our centres.

We require a basis for the lawfulness of processing pursuant to the GDPR for our processing of personal data. For administration of memberships, exercise follow-up, online exercise, app functions and exercise-related services, the basis is that this is necessary to fulfil our agreement with you. For purchases, the necessity is to fulfil a legal obligation. For product development, it is our legitimate interest in improvement and innovation. For studies, it is our legitimate interest to contribute to research and public information. For video surveillance, it is the need to prevent dangerous situations and safeguard considerations for the safety of our employees and members. If it is necessary for us to process special categories of personal data (sensitive personal data) in order to provide you with our services, the basis for lawful processing is your consent, which you give via the Membership Terms and Conditions (GDPR, Article 6, no. 1 (a) and Article 7, no. 4).

We may also process personal data for other purposes if you consent thereto. If so, you may at any time withdraw your consent.

We may also process personal data for other compatible purposes, e.g., bookkeeping, for the handling of disputes and legal proceedings and in case of acquisitions, mergers or similar transactions.

HOW WE CONDUCT MARKETING

We wish to keep our members informed of our services and provide good offers. Therefore, we will occasionally send you a newsletter and marketing, e.g., by email. We may adapt such communication based on where or in what manner you have exercised, so that it becomes more relevant for you. If you no longer wish to receive marketing, you can use the unsubscribe link in the marketing correspondence you receive or visit “Min Side” (“My Page”) on our website or app. Please note that you cannot unsubscribe from distribution of information that is not for marketing purposes.

HOW WE PROCESS INFORMATION ON SOCIAL MEDIA

If you visit our social media pages, we will be able to view your reactions (uploads, likes, comments etc.). We will also have access to anonymised statistics, in order to gain insight into the use of our pages on social media. For the processing of such data, we have a joint processing liability with the social media in question. The basis for our lawful processing of possible personal data in this connection is our legitimate interest in having a page on the social media and having insight into how it is used. Please note that even if you delete your account or stop following us on the social media, your reactions may still be accessible on our page.

WITH WHOM WE SHARE PERSONAL DATA

We will process your personal data confidentially. However, we need to share personal data with other undertakings in order to perform the purposes that are mentioned above in a good manner:

Group companies. We share data internally in the SATS Group for administrative purposes.

Suppliers. We share information with suppliers that assist us in the provision of our services, e.g., IT suppliers. We have data processing agreements with our suppliers in order to ensure that the data are processed in a sound manner and not used for other purposes.

Other members. If you have activated social functions in our app, we will share information about your with your friends, e.g., what exercise sessions you have participated in.

We may also share information with the authorities if we are ordered to do so. Furthermore, we may share information about you with others, if you consent thereto.

HOW LONG DO WE STORE THE PERSONAL DATA

We store personal data about you for as long as it is necessary for the purposes that are mentioned above. Thereafter, we erase them. Unless you otherwise give your consent, this mainly involves the following:

  • Data regarding administration of memberships will be erased no later than six months after the membership was terminated.
  • Data regarding exercise history and data regarding online exercise will be erased no later than six months after the membership was terminated.
  • Data regarding own exercise in the app will be erased when you personally make such a request, though, irrespectively, no later than six months after the membership has been terminated. We do not store location data beyond the end of a session.
  • Data regarding exercise-related services are continuously erased.
  • Data regarding purchases are erased after five years in accordance with the Norwegian Bookkeeping Act.
  • Data that are used for product development are erased in that we anonymise them as soon as possible.
  • Data that are used for recruitment to studies are erased shortly after the recruitment has occurred.
  • Data regarding video surveillance are erased no later than one week after the recordings were made, unless it is likely that the recordings will need to be used or surrendered to the police.

We may choose to anonymise the data instead of erasing them, i.e., that we store the data, without it any longer being possible to connect them to you as an individual.

YOUR PRIVACY RIGHTS

You have several rights pursuant to the privacy regulatory framework, including the right to demand access, rectification, erasure, limitation, data reporting and objecting to our processing of data about you. Contact us if you wish to invoke your rights. We will respond to your enquiry as soon as possible, typically within one month. Please note that there are several exceptions and limitations to these privacy rights that may entail that we are unable or unwilling to allow you to exercise them.

If you disagree with the manner in which we process your personal data, you may submit a complaint to the Norwegian Data Protection Authority. We would appreciate it if you contact us first, so that we can clarify any misunderstandings.

You may send enquiries to privacy@sats.no if you wish to exercise your rights, or if you have other questions, comments or would like to receive more information regarding our processing of personal data.

Cookies
If you visit our website, we will use cookies. More information about this can be found in our Cookies Policy.

Changes
We may update this Privacy Policy, if needed, e.g., if we launch new products or make changes to existing products. You will be notified if we make significant changes. You can always find the most recent version of our Privacy Policy on our website.