HOW WE USE PERSONAL DATA
Administration of memberships. In order to register you as a member with us, and in order for us to be able to invoice and manage your membership, we process name, national ID number, contact information, photo, membership type and your communication with us. If you have a membership via a company agreement or via a partner, we will also process information regarding your employer / the partner through which you have your membership. If you have a student membership, we will also process information regarding your place of study.
Exercise follow-up. In order to manage and follow-up your exercise with us, we will register your exercise history, i.e., your visits to our fitness centres, your enrolment and withdrawal from group sessions, your participation in group sessions, your use of personal trainer and your general use of our exercise services. If you choose to share such information with us, we will also process information regarding your health, such as physical injuries or illnesses.
Online exercise. In order to manage and follow-up use of our web-based services, we will register your login details (username/password), your searches, your previous playbacks and the favourites that you save.
App functions. In order to offer relevant functionalities, we process data regarding use of social functions, your exercise and preference choices you personally make in the app. We also use functionalities that are offered by Google or Apple, that you choose to activate (e.g., location or Bluetooth).
Exercise-related services. If you use MiniSATS, we will register that you have children. If you use our exercise-related services, such as physiotherapy, massage, dietary guidance or lifestyle courses, we will process data about you that are necessary for these services, such as health, weight, habits, needs and preferences.
Purchases. If you make purchases in our online shop, or if you make purchases at one of our fitness centres which you link to your membership, we will, for bookkeeping purposes, process information regarding your purchases, i.e., what you purchased, the time of the purchase and the amount.
Rewards. We will use your exercise history to include you in our SATS Reward program, where you will be rewarded for exercising at SATS. The reward program is based on how long you have been a SATS member and how often you exercise at SATS.
Product development. In order to evaluate, improve and optimise our exercise services, we will be able to process your responses to member surveys, as well as analyse statistics of your use of our exercise services in order to understand our members’ needs and preferences.
Studies. Occasionally, we recruit members for studies, surveys or other research conducted by third parties. Participation is always voluntary. Unless you consent thereto, we will not gain access to information from such studies at the individual level, but we may gain access to the results at an aggregated level.
Camera surveillance. For security purposes, we have Camera surveillance at our centres.
SATS safety regulations and rules of conduct follow-up. In order to ensure a pleasant and including atmosphere in our centres we have safety regulations and rules of conduct. Breach of these rules may in certain cases lead to exclusion from out centres. We will process personal data related to any breaches of our safety regulations and rules of conduct, including data necessary to enforce a possible exclusion. We require a basis for the lawfulness of processing pursuant to the GDPR for our processing of personal data. For administration of memberships, online exercise, app functions and exercise-related services, the basis is that this is necessary to fulfil our agreement with you. For purchases, the necessity is to fulfil a legal obligation. For product development, it is our legitimate interest in improvement and innovation.* For exercise follow-up, it is our legitimate interest in administrating and following up your exercise.* For rewards, it is our legitimate interest in offering you rewards and keeping you motivated.* For studies, it is our legitimate interest to contribute to research and public information.* For camera surveillance, it is our legitimate interest to prevent dangerous situations and safeguard considerations for the safety of our employees and members.* For our safety regulations and rules of conduct follow-up it is our legitimate interest in ensuring the safety for our members and employees.* If it is necessary for us to process special categories of personal data (sensitive personal data) in order to provide you with our services, the basis for lawful processing is your consent, which you give via the Membership Terms and Conditions (GDPR, Article 6, no. 1 (a) and Article 7, no. 4).*When we process data for purposes related to our legitimate interests, we have assessed that the processing is necessary and that your interests and/or rights and freedoms do not outweigh our legitimate interest. If you want to read our legitimate interest assessment, you can contact us at firstname.lastname@example.org.
We may also process personal data for other purposes if you consent thereto. If so, you may at any time withdraw your consent by contacting us at email@example.com.
We may also process personal data for other compatible purposes, e.g., bookkeeping, for the handling of disputes and legal proceedings and in case of acquisitions, mergers or similar transactions.
HOW WE CONDUCT MARKETING
We wish to keep our members informed of our services and provide good offers. Therefore, we will occasionally send you a newsletter and marketing by email, if you have consented to receive newsletters and marketing communications. We may adapt such communication based on where or in what manner you have exercised, so that it becomes more relevant for you.
The personal data we process for the purpose of sending newsletters and marketing is email address, name and phone number. The purpose of the processing is to keep you informed on our services and provide good offers. We process your personal data on the basis of your consent.
If you no longer wish to receive marketing, you can use the unsubscribe link in the marketing correspondence you receive or visit “Min Side” (“My Page”) on our website or app. Please note that you cannot unsubscribe from distribution of information that is not for marketing purposes.
HOW WE PROCESS INFORMATION ON SOCIAL MEDIA
If you visit our social media pages, we will be able to view your reactions (uploads, likes, comments etc.). We will also have access to anonymised statistics, in order to gain insight into the use of our pages on social media. For the processing of such data, we have a joint processing liability with the social media in question. The basis for our lawful processing of possible personal data in this connection is our legitimate interest in having a page on the social media and having insight into how it is used. Please note that even if you delete your account or stop following us on the social media, your reactions may still be accessible on our page.
WITH WHOM WE SHARE PERSONAL DATA
We will process your personal data confidentially. However, we need to share personal data with other undertakings in order to perform the purposes that are mentioned above in a good manner:
Group companies. We share data internally in the SATS Group for administrative purposes.
Suppliers. We share information with suppliers that assist us in the provision of our services, e.g., IT suppliers. We have data processing agreements with our suppliers in order to ensure that the data are processed in a sound manner and not used for other purposes.
Other members. If you have activated social functions in our app, we will share information about your with your friends, e.g., what exercise sessions you have participated in.
We may also share information with the authorities if it is necessary to fulfil our legal obligations or to protect SATS or third parties against crime.. Furthermore, we may share information about you with others, if you consent thereto.
HOW LONG DO WE STORE THE PERSONAL DATA
We store personal data about you for as long as it is necessary for the purposes that are mentioned above. Thereafter, we erase them. Unless you otherwise give your consent, this mainly involves the following:
Data regarding administration of memberships will be erased no later than six months after the membership was terminated.
Data regarding exercise history and data regarding online exercise will be erased no later than six months after the membership was terminated.
Data regarding your own exercise in the app will be erased when you personally make such a request, though, irrespectively, no later than six months after the membership has been terminated. We do not store location data beyond the end of a session.
Data regarding exercise-related services are continuously erased.
Data regarding purchases are erased after five years in accordance with the Norwegian Bookkeeping Act.
Data regarding rewards will be erased no later than six months after the membership was terminated.
Data that are used for product development are erased in that we anonymise them as soon as possible.
Data that are used for recruitment to studies are erased shortly after the recruitment has occurred.
Data regarding camera surveillance are erased no later than one week after the recordings were made, unless it is likely that the recordings will need to be used or surrendered to the police.
Data regarding breach of our safety regulations and rules of conduct are erased after the end of the exclusion period and the connected trial period. The length of the exclusion period depends on the severity of the breach. Data for sending newsletters and marketing is stored for as long as you consent to us sending you newsletters and marketing.
We may choose to anonymise the data instead of erasing them, i.e., that we store the data, without it any longer being possible to connect them to you as an individual.
YOUR PRIVACY RIGHTS
You have several rights pursuant to the GDPR. Contact us at firstname.lastname@example.org if you wish to exercise your rights listed below, or if you have other questions, comments or would like to receive more information regarding our processing of personal data. We will respond to your enquiry as soon as possible, typically within one month. Please note that there are several exceptions and limitations to these privacy rights that may entail that we are not always able or willing to allow you to exercise them.
Right of access and information. You may request to be informed whether we are processing personal data concerning you and, if so, to receive a copy of it, together with some further information on the purposes of the processing, the categories of personal data to which the processing relates, the recipients to whom the personal data have been or will be disclosed, the retention period and the existence of the right to request rectification and erasure, to request limitation and to object to processing. You also have the right to be informed of the right to lodge a complaint with the Swedish Data Protection Authority and of the source of the personal data, as well as of the existence of automated decision-making together with certain additional information.
Right to rectification. If you believe that the personal data concerning you is inaccurate or incomplete, you can request that the data be corrected or completed.
Right to object. When we process personal data based on our legitimate interest, you have the right to object to the processing at any time. If we cannot demonstrate that there are compelling legitimate grounds to continue processing the data, we must cease processing. You also have the right to object to our processing of personal data for marketing purposes. If you object to such processing, we must cease processing.
Right to withdraw consent. Where we process personal data on the basis of your consent, you can withdraw this consent at any time. We are then obliged to stop processing your personal data on the basis of your consent.
Right to limitation. In certain cases, for example if you have objected to our processing of your personal data, contested the accuracy of the personal data or if the processing of personal data is unlawful, you have the possibility to request the restriction of the processing of your personal data. By requesting a restriction, you have the possibility, at least for a certain period of time, to stop us from using the data other than for the defence of legal claims, for example. You can also prevent us from erasing the data, for example if you need the data to claim damages.
Right to erasure. You have the right to have your personal data erased if we no longer need the personal data for the purposes for which it was collected or processed, you withdraw your consent, you object to the processing and there are no legitimate grounds for further processing, your personal data has been processed unlawfully or we are required by law to erase your personal data.
Right to data portability. You have the right to obtain your personal data in a structured, commonly used and machine-readable format and to transfer it to another controller (data portability).
The Swedish Data Protection Authority has compiled a more detailed description of these rights, which may be accessed via the following link: https://www.imy.se/verksamhet/dataskydd/det-har-galler-enligt-gdpr/de-registrerades-rattigheter/.
If you disagree with the manner in which we process your personal data, you may submit a complaint to the Swedish Data Protection Authority. We would appreciate it if you contact us first, so that we can clarify any misunderstandings.
This policy was last updated on 23.05.2023.