We’re home to 133 Clubs across the UK and Europe. Enter a town, city or postcode to find your nearest club.
Information acc. to Art. 12, 13, 14 GDPR on the processing of personal data of members data of members, guests and interested parties
1. Controller for the processing of data
Meridian Spa & Fitness Germany GmbH
Wandsbeker Zollstraße 87-89
22041 Hamburg
Tel: +49 40 65 89-0
Fax: +49 40 6589-29000
You can also contact our data protection officer at the above address or at: datenschutz@meridianspa.de.
2. Categories of data processed and their origin
The categories of personal data processed include:
• Master data (surname, first name)
• Contact details (address, e-mail address, telephone number)
• Bank details and payment information
• Visiting times and booked courses
• Pictures and, if applicable, video recordings (see separate information)
• Proof of your company affiliation, if applicable
• Proof of age or studies, if applicable
We may also process special categories of personal data, in particular health data, if you share these with us. We receive the aforementioned data directly from you when you enter your data in the application form, as part of the conclusion of your membership contract or as proof of the requirements for beneficiary membership.
3. Purpose and legal basis of data processing
The purpose of collecting and processing your personal data is to prepare and conclude the contract with you, to fulfil and manage the contract, to manage members, to send you information about our offers and to respond to your enquiries when you contact us. The primary legal basis for this is Art. 6 para. 1 s. 1 lit. b and lit. a GDPR. In addition, we process your data to protect our legitimate interests or the legitimate interests of third parties in accordance with Art. 6 para. 1 s. 1 lit. f GDPR and to fulfil our legal obligations in accordance with Art. 6 para. 1 s. 1 lit. c GDPR.
Our legitimate interests lie, for example, in:
• the optimisation of our offers and capacity utilisation
• the assertion/exercise of legal claims as well as the defence against claims or demands
• the avoidance of damage and/or liability
• the optimisation of contract management and billing
• the exercise of our domiciliary rights
• ensuring internal compliance
You give your consent for the following processing purposes, for example:
• Sending you our monthly newsletter
• Sending information about events, promotions and service offers as well as advertising via the channel you have selected
4. Disclosure of personal data
We transfer your personal data to third parties who need it to fulfil our contractual and legal obligations in connection with the performance of the contract. We also transfer the data within the Group on the basis of our legitimate interest pursuant to Art. 6 para. 1 s. 1 lit. f GDPR in order to organise internal administration more efficiently as part of the Group's internal shared services. We sometimes use external service providers to fulfil our contractual and legal obligations and to assert, exercise or defend legal claims. In addition, we use other service providers to process your data on our behalf, with whom the necessary order processing contracts have been concluded. Within the framework of the contractual relationship, your personal data may therefore be passed on to, among others - but not conclusively:
• IT or other service providers
• Payment and billing service providers
• Lawyers or debt collection service providers
If you have given us your consent, your data will also be transmitted to a service provider for sending the newsletter.
5. Transfer of personal data to a third country
Your personal data is provided within the Group on the basis of our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, as described above, in order to increase the efficiency of administration as part of shared services. We also transfer the data within the Group to David Lloyd Leisure Limited (UK) as the Group headquarters. In cases in which we transfer personal data within the Group outside the EU, the transfer only takes place if the third country has been confirmed by the EU Commission as having an adequate level of data protection, which is the case for the UK, or if other appropriate data protection guarantees (in particular EU standard contractual clauses) are in place.
6. Rights of the data subject
You have the following rights with regard to your personal data: • Right of access (Art. 15 GDPR),
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR),
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR).
7. Right to withdraw consent
In cases in which the processing of your data is based on consent given to us, you have the right to withdraw your consent at any time and without giving reasons. You can send this cancellation in writing, ideally by e-mail, to the contact named under point 1. However, your revocation is only valid from the point in time at which you express it and therefore has no retroactive effect in the past. The processing of your data up to this point in time remains lawful.
8. Right to lodge a complaint
You have the right to lodge a complaint with any data protection supervisory authority. The data protection supervisory authority responsible for us is the following: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit Ludwig-Erhard-Str. 22, 7. OG 20459 Hamburg
9. Duration of data retention
In any case, your personal data will be stored for the duration of the contract and for the duration of the fulfilment of the purpose and then generally deleted. After fulfilment of the contract, however, your personal data will be stored for as long as we are legally obliged to do so. These legal obligations regularly result from statutory obligations to provide evidence and retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods are up to ten years. In addition, we may retain personal data for the period during which claims can be asserted against us. The statutory limitation period may be three or up to thirty years.
10. Profiling / Scoring
We do not use automated processing to make a decision - including profiling - on the establishment, performance or termination of a contractual relationship