Last updated: December 2024
This privacy policy explains how commonqipj B.V. collects, uses, and protects your personal information when you use our spa membership and loyalty platform services. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).
commonqipj B.V. is the data controller responsible for your personal data. Our company is registered in the Netherlands under registration number A11021253, with VAT number NL448565825B01. Our registered address is Berkenlaan 248, 5019 SV Tilburg, North Brabant, Netherlands.
The data we collect includes personal information that you provide directly to us when using our spa membership platform, creating an account, booking services, or contacting us for support. This information may include your name, email address, phone number, postal address, date of birth, payment information, spa preferences, treatment history, and communication records.
We also automatically collect certain technical information when you use our website and platform, including your IP address, browser type, device information, usage patterns, and cookies data. This helps us improve our services and provide a better user experience.
Additionally, we may receive information about you from our spa partners when you use their services through our platform, including treatment details, visit history, and feedback.
Under GDPR, we process your personal data based on several legal grounds:
We explain how we use your information to provide and improve our spa membership platform services. Your data is used to create and manage your membership account, process spa bookings and payments, administer our loyalty rewards programme, and provide customer support.
We also use your information to personalise your spa experience by recommending treatments and services based on your preferences and history. Additionally, we may use your data for marketing purposes, including sending you newsletters, promotional offers, and updates about our services, subject to your consent and communication preferences.
Your information helps us improve our platform through analytics and research, ensure security and prevent fraud, and comply with legal and regulatory requirements.
We share your personal data only when necessary and in accordance with applicable data protection laws. We share relevant booking and contact information with our spa partners to facilitate your appointments and treatments. We also work with trusted service providers who help us operate our platform, process payments, provide customer support, and conduct marketing activities.
We may disclose your information if required by law, to protect our rights or safety, or in connection with a business transaction such as a merger or acquisition. We do not sell your personal data to third parties for their own marketing purposes.
We retain your personal data for as long as necessary to provide our services and fulfill the purposes outlined in this privacy policy. Account information and membership data are retained for the duration of your membership and for seven years after termination for legal and accounting purposes.
Treatment history and spa visit records are kept for three years to maintain service quality and support your ongoing wellness journey. Marketing consent and communication preferences are retained until you withdraw consent or request deletion.
Technical data and analytics information are typically retained for two years, while financial transaction records are kept for seven years to comply with legal requirements.
Under GDPR and other applicable data protection laws, you have several rights regarding your personal data:
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and provide personalized content. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes encryption of sensitive data, secure data transmission protocols, regular security assessments, and staff training on data protection.
While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard security practices.
Your personal data is primarily processed within the European Union. If we need to transfer your data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions by the European Commission or standard contractual clauses approved by the European Commission.
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 16 without appropriate parental consent. If you believe we have collected information from a child under 16, please contact us immediately.
We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Last updated" date at the top of this policy indicates when it was last revised.
If you have any questions about this privacy policy, want to exercise your rights, or need to contact us regarding data protection matters, please contact us using the following information:
Data Protection Officer
commonqipj B.V.
Berkenlaan 248
5019 SV Tilburg, North Brabant
Netherlands
Email: privacy@commonqipj.life
Phone: +31 706479458
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with applicable laws.