Orangetheory Fitness’ personoplysninger

Global Fitness Enterprises ApS (CVR: 40633197) and its subsidiaries are the data controllers for your personal data. Contact information:

• Email, address, and phone number: Your local studio’s contact information can be found on the website.
• Headquarters: Prags Boulevard 80, 2300 Copenhagen S.

We process your data to manage your membership and provide you with the best possible training experience. This includes, but is not limited to, registration, payment, marketing, termination, and possible debt collection.

Processing of your personal data is based on:

• Article 6(1)(a) of the GDPR: Consent for one or more specific purposes.
• Article 6(1)(b): Necessary processing for the performance of a contract to which the data subject is party.
• Article 6(1)(c): Necessary processing to comply with a legal obligation.
• Article 6(1)(f): Processing necessary for legitimate interests, unless overridden by the rights of the data subject.
• Article 9(2)(f): Necessary for legal claims or when courts are acting in a judicial capacity.
• Sections 8(3–5) of the Danish Data Protection Act: Processing of criminal data by businesses.
• Section 11(2)(2) and Article 7: Processing of CPR number by consent.
• The rules in the Danish CCTV Surveillance Act.

We only process the data necessary for you to have a training membership with us. For most members, this includes non-sensitive data such as contact details, membership details, training logs, payment information, account numbers, video surveillance, and purchase information.

Additionally, with your consent, we may process data for unique identification. If members commit criminal acts, we may process such data for police reporting and legal proceedings. For members using the InBody Scanner, sensitive health data may be processed with consent.

To support your membership, we may share or entrust your personal data to our partners such as banks, payment service providers, insurance companies, social media platforms, marketing agencies, lawyers, debt collectors, consultants, or data processors.

We retain your personal data for the following periods:

• Membership data: Termination of membership + 3 years
• CCTV: Time of recording + up to 4 weeks
• Insurance cases: Case closure + 3 years
• Financial transactions: Last transaction + 5 years
• Blacklisting: End of blacklist period + 10 years
• Optional training services: Termination of membership + 2 years or until withdrawal of consent
• Marketing: Until withdrawal of consent
• Debt: Termination of membership + end of debt relationship + 3 years

Under the GDPR, you have several rights regarding our processing of your personal data. To exercise these rights, please contact us via our website. These rights include:

• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to object
• Right to data portability

More information can be found at www.datatilsynet.dk.

You have the right to file a complaint with the Danish Data Protection Agency.