nextwaystep

Privacy Policy

Last updated: December 2024

This Privacy Policy explains how nextwaystep B.V. ("we," "our," or "us") collects, uses, and protects your personal information when you use our wellness services and website. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).

Data Controller

nextwaystep B.V. is the data controller for the personal information we collect about you. Our registered office is located at Molenweg 248, 5677 XW Eindhoven, Netherlands. Registration number: 91520467, VAT number: NL879451203B01.

Data Collection and Information We Gather

The data we collect includes personal information such as your name, email address, phone number, address, health information, fitness goals, and payment details when you:

  • Register for our services or membership
  • Book appointments or classes
  • Contact us through our website or phone
  • Participate in our wellness programs
  • Use our facilities and equipment
  • Subscribe to our newsletter or marketing communications
  • Visit our website (through cookies and similar technologies)

How We Use Your Information

We explain how we use your information for the following purposes:

  • Providing our wellness services and managing your membership
  • Scheduling and managing appointments and classes
  • Processing payments and maintaining billing records
  • Communicating with you about our services and programs
  • Ensuring your safety and health during our programs
  • Improving our services and developing new programs
  • Complying with legal obligations and health regulations
  • Marketing our services (with your consent)

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract performance: To provide our wellness services and fulfill our contractual obligations
  • Legitimate interests: To improve our services, ensure facility safety, and manage our business operations
  • Consent: For marketing communications and non-essential cookies
  • Legal obligation: To comply with health and safety regulations and tax requirements
  • Vital interests: To protect your health and safety in emergency situations

Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Healthcare professionals (with your consent) for wellness program purposes
  • Payment processors for billing and membership management
  • Technology service providers who support our operations
  • Legal authorities when required by law or to protect safety
  • Professional advisors such as lawyers and accountants

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Specifically, we keep membership records for 7 years after termination, health information for 10 years, and marketing preferences until you opt out. Financial records are retained according to tax law requirements.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your data (subject to legal obligations)
  • Restriction: Request limitation of processing in certain circumstances
  • Portability: Request transfer of your data to another service provider
  • Objection: Object to processing based on legitimate interests or for marketing
  • Withdraw consent: Withdraw consent for consent-based processing

Cookies and Website Data

Our website uses cookies and similar technologies to improve your browsing experience, analyze website traffic, and personalize content. You can manage your cookie preferences through your browser settings or our cookie consent tool. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption of sensitive data, secure storage systems, access controls, and regular security assessments.

International Data Transfers

Your personal data is primarily processed within the European Union. If we need to transfer data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by email. Your continued use of our services after such notification constitutes acceptance of the updated policy.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us about data protection matters, please contact us at:

nextwaystep B.V.

Molenweg 248, 5677 XW Eindhoven, Netherlands

Email: privacy@nextwaystep.world

Phone: +31 30 344 6060

General contact: contact@nextwaystep.world

Supervisory Authority

If you believe we have not addressed your data protection concerns adequately, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the supervisory authority in your EU member state.

Important: This Privacy Policy is governed by Dutch law and the GDPR. By using our services, you acknowledge that you have read and understood this policy.