This page describes how We/On processes the personal data of interested parties (customers, potential customers, members, contact persons and candidates).
https://www.weonclub.com is the website of Weon 2024 SL, with Tax ID B-09658477, domiciled at Avda. Diagonal, 622 2º1ªB- 08021 BARCELONA. Registered in the Commercial Registry of Madrid.
This Privacy Policy applies to the following Clubs:
We/On BALMES at C/Balmes, 44 – 46, L´Eixample, 08007, Barcelona
We/On URQUINAONA at C/d´Ausiàs Marc, 9 – 11, L´Eixample, 08010, Barcelona
We/On LA MORALEJA at Avda. de Bruselas, 21, 28100, Madrid
We/On PALACIO DE HIELO at C/ de Silvano, 77, Hortaleza, 28043, Madrid.
We/On MONTECARMENO at C/Monasterio de Arlanza, 20, Local 21, Fuencarral-El Pardo 28949 Madrid
belonging to Weon 2024, SL, domiciled at Avda. Diagonal, 622 2º1ªB- 08021 BARCELONA. Registered in the Commercial Registry of Barcelona.
We/On AQUA SANTANDER at C/ Cisneros, 67, 39007 Santander
We/On PALACIO SANTA ANA at C/ Plaza del Ángel 6, 28012 Madrid
belonging to LLEFISA, SL and domiciled at Plaza del Ángel, 6-28012 Madrid. Registered in the Commercial Registry of Madrid.
We/On TORRE EMPERADOR, Cinco Torres Business Area, Pº de la Castellana, 259D, 28046 Madrid
We/On TORRE DE CRISTAL, Paseo de la Castellana, 33, 28046-Madrid
belonging to SANCO BAY, SL, with Tax ID B-60383502 and fiscal domicile at Paseo de la Castellana, 259D- 28046 Madrid. Registered in the Commercial Registry of Madrid.
1. INTRODUCTION
The purpose of this Privacy Policy is to present the rules related to the protection of personal data that We/On processes as data controller. These rules have been drafted in accordance with the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, «GDPR») and Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights, as well as other regulations that apply to the processing activities carried out by We/On.
The concepts and references related to the protection of personal data used in this document have the meaning given in art. 4 of the GDPR.
2. GENERAL PRINCIPLES ON THE PROTECTION OF PERSONAL DATA.
In accordance with Article 5 of the GDPR, We/On guarantees that personal data are:
processed lawfully, fairly and in a transparent manner;
collected for specified, explicit and legitimate purposes, and not processed in any manner incompatible with those purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
accurate and, if necessary, kept up to date;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
3. PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA.
We/On, when acting as data controller, collects personal data to serve the following purposes:
Management of contractual or pre-contractual relationships
Purposes: to carry out any communication prior to signing up as a member and during the phase of purchasing services by the customer, to conduct satisfaction surveys, or to attend to customer questions and suggestions through the telephone service or through the online channel.
Legal basis: application of pre-contractual measures (online reservation) at the request of the interested party or the execution of the contract finally signed with the membership registration.
For conducting satisfaction surveys, the basis of legitimacy will be We/On's legitimate interest in having the necessary information to evaluate the quality of the service provided.
Data processed: name and surname, email address, telephone number.
Retention period: In case of contracting the services, we will keep your data for as long as the contractual relationship lasts and, in any case, during the period legally provided for in the applicable tax regulations at any given time. For this purpose, they will be kept for a maximum period of 5 years after the end of the contractual relationship.
No automated decisions will be made nor will profiles be created with such data.
No international data transfers are made.
Management of requests and petitions through forms completed on the website
Purposes: to attend to information and reservation requests made by interested parties and, where appropriate, to carry out statistical analysis.
Legal basis: application of pre-contractual measures at the request of the interested party or We/On's legitimate interest in analyzing the number of requests and interactions made on the website in order to know its performance.
Data processed: name and surname, email address, telephone number.
Retention period: we will keep your data for three years from when you made the request or information request, unless you have requested its deletion; for statistical analysis they will be kept anonymized indefinitely.
No automated decisions will be made nor will profiles be created with such data.
No international data transfers are made.
Data collected as a result of member registration
Purposes: to manage access to the facilities as a member and inherent purposes, such as the management and collection of receipts, participation in events and master classes, as well as to send you information regarding the activities carried out by the club, such as welcome gifts, changes in payment methods, transfers, collection of returned receipts, purchase of additional services, occasional promotions.
In order to protect the safety of people accessing the center and their belongings, as well as the facilities themselves, an access system has been adopted using a single-use QR code and a personal wristband that complements the use of the QR code. The QR code and wristband must act to be able to enter and exit the center respectively.
It will always be possible to use as an alternative means of access the presentation of your ID or passport to the club reception staff at each of their accesses, who will validate your condition as an active member in the center management program and proceed to a manual opening of the turnstile, without this compromising your condition as a member.
The purpose of this access record is to facilitate the verification and accreditation of member status to prevent access by unauthorized persons.
These are necessary service conditions for the security of the proper functioning of the clubs and the identification of members to avoid fraudulent actions. If none of the visual identification and/or identity verification systems for access to the clubs are accepted, the club will not be able to provide services to the member, nor allow their access to the facilities.
Legal basis: the signing of the member regulations and We/On's legitimate interest in having the traceability of the records made in its products, guaranteeing user navigation and the proper functioning thereof.
Data processed: name and surname, ID, postal and/or email address, telephone number, credit card number, bank account, image.
Retention period: we will keep your data while you are a club member and up to 5 years after you cancel your membership, in compliance with tax regulations; and contact data will be kept as long as you have not exercised the right to deletion. Likewise, the data of members who have exercised the right to deletion will be kept blocked for two years to avoid fraud (benefits and first registration offers) in subsequent registrations at other We/On clubs.
No automated decisions will be made nor will profiles be created with such data.
No international data transfers are made.
Commercial communications
Purposes: to make commercial communications about We/On products and services through telephone calls, sending emails, SMS, WhatsApp, emails or similar technologies. These communications will be made solely for the purpose of maintaining commercial and advertising relationships with members, customers and potential customers of the clubs.
On the other hand, the data of web users may be used to carry out analytical studies on the use of We/On websites, provided that cookies have been accepted.Legal basis: We/On's legitimate interest in generating interest and promoting the contracting of its products and services to members, customers and potential customers who have authorized it. Otherwise, the consent of the interested party will be requested.
For communications made through sending email messages, the recipient will be provided with the possibility of unsubscribing from such communications in the emails that are sent.
For web analytics activities, the basis of legitimacy will be the consent given by accepting cookies. You can find more information about the use of cookies in the Cookie Policy.
Data processed: name and surname, email address, telephone number.
Retention period: in case of accepting the sending of commercial communications, we will keep your data for three years from when you gave consent, unless you have requested its deletion.
No automated decisions will be made nor will profiles be created with such data.
No international data transfers are made.
Selection processes
Purposes: to carry out the necessary tasks for the correct management of present and/or future selection processes.
Legal basis: the request for pre-contractual measures at the request of the candidate who voluntarily chooses to participate in the selection processes.
Data processed: name and surname, contact data, academic data, professional data.
Retention period: your data will remain active in We/On's candidate database for 2 years from when you provided us with your resume, if an agreement is reached with the candidate, they may remain indefinitely. Once the period is met, they will be destroyed.
No automated decisions will be made nor will profiles be created with such data.
No international data transfers are made.
4. SECURITY AND NOTIFICATION OF BREACHES IN THE SECURITY OF PERSONAL DATA.
We/On has adopted technical and organizational measures to ensure a level of security appropriate to the risks inherent to the processing.
All We/On workers and collaborators are subject to an information security policy to ensure an adequate level of GDPR compliance and information security.
In accordance with articles 33 and 34 of the GDPR, personal data breaches will be notified to the competent supervisory authority and, if necessary, to the interested parties affected by it.
5. RIGHTS OF INTERESTED PARTIES
In accordance with the conditions established in articles 15 to 22 of the GDPR, interested parties have the right to:
access their personal data processed by We/On;
request the rectification, deletion or limitation of the processing of personal data carried out by We/On;
in certain circumstances, object to the processing of their personal data;
request the portability of their personal data;
withdraw their consent when it is the legal basis for processing.
Any request related to these rights must be made by sending an email to the address dpo@weonclub.com , attaching proof of identity.
In addition, an "unsubscribe" link is included in all commercial communications made by email.
At all times, the interested party has the right to object to processing carried out on the basis of legitimate interest.
In any case, We/On reminds you that you can file a complaint with the competent supervisory authority in case of disagreement.
6. INFORMATION THAT MUST BE PROVIDED TO INTERESTED PARTIES:
When collecting personal data, We/On undertakes to provide interested parties with at least the following information, as far as possible and regardless of the processing carried out:
the contact information of the controller and its Data Protection Officer;
the purposes of processing and legal bases;
where appropriate, the possible recipients of the data;
where appropriate, transfers of data to third countries;
the period of time for which the data will be kept;
the possibility of requesting the exercise of their rights, which may be applied in accordance with applicable legislation;
the right to file a complaint with the competent supervisory authority.
7. INTERNATIONAL DATA TRANSFERS.
We/On does not process personal data outside the European Union.
8. RECIPIENTS OF PERSONAL DATA
We/On may share personal data with the following recipients only under the conditions of this document and/or the applicable contract:
Service providers
We/On may share personal data with third parties that provide services:
on behalf of We/On, as part of the execution of the contract with the customer (hosting, consulting, subcontracting, etc.) and in accordance with its terms;
to help We/On comply with the financial and administrative conditions of the contract (debt collection, invoicing, etc.)
to send marketing communications on behalf of We/On.
In the case of using ancillary platforms to We/On, such as MyWellnes from Technogym Traiding, SA with Tax ID A62301338 and domiciled at Calle de la Selva, P.I. Mas Blau El Prat de Llobregat, 10-12 EDIF. AVANT BCN - PLT BJ, 08820 El Prat de Llobregat, 08820, please note that it has its own registration, maintenance and cancellation policy, with each user being responsible for the data provided to it, as well as the activation and deactivation of applications. We/On will not be responsible at any time for the data entered on these platforms by the user nor for compliance with security measures or the exercise of corresponding rights.
We/On Group Companies
We/On may share personal data with We/On Group companies for the purposes described in this privacy policy, if necessary for its application, or for internal administrative purposes.
Public authorities
In certain situations, We/On may be obliged to disclose personal data in response to a request from an authority, a subpoena or any other legal request in accordance with applicable legislation.
In such cases, We/On will disclose the necessary data, in particular, when it considers in good faith that disclosure is necessary to protect its rights, guarantee its security or that of others, investigate fraud, theft or comply with a legal obligation.
9. DATA RETENTION.
The personal data provided will be kept for the period determined based on the following criteria: (i) duration of the legal relationship and attention to any responsibilities derived from said relationship; (ii) legal obligation to retain according to different applicable regulations; and, (iii) request for deletion by the interested party in cases where appropriate. You can request more information about retention periods by contacting us at dpo@weonclub.com
10. AWARENESS OF WE/ON PERSONNEL
All We/On workers and collaborators undergo awareness training on the protection of personal data.
In addition, We/On makes all necessary efforts to raise awareness among its workers of the correct application of data protection protocols and information confidentiality. General or specific awareness training may be carried out for those workers who regularly deal with personal data of members.
11. GOVERNANCE OF PERSONAL DATA PROTECTION
To have optimal control of personal data protection, We/On has a governance model dedicated to it. In this sense, it has appointed an external Data Protection Officer who can be contacted at dpo@weonclub.com and who are in charge of governance tasks.
If you have any questions related to this privacy policy, send an email to the following address: dpo@weonclub.com
12. CHANGES TO THE PRIVACY POLICY.
We/On reserves the right to modify this Policy to adapt it to legislative or jurisprudential developments that may be applicable, as well as to sector practices. In such cases, We/On will announce on this page the changes introduced with reasonable advance notice before their implementation, indicating at all times the date of the new version.
We encourage you to periodically review this privacy policy available at https://www.weonclub.com