Privacy Policy
Last updated: 1st January 2026
Introduction
cobaltshift B.V. ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This privacy policy explains how we collect, use, store, and protect the data we collect from you when you visit our website, use our services, or interact with our gym facilities.
As a company registered in the Netherlands (Registration Number: NL64160529), we comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data Controller Information
cobaltshift B.V. is the data controller for the personal information we collect. Our contact details are:
- Company: cobaltshift B.V.
- Address: Parkweg 54, 4812 OC Breda, North Brabant, Netherlands
- Phone: +31 765677337
- Email: privacy@cobaltshift.top
- VAT Number: NL006416052B01
Data Collection
We collect various types of information to provide and improve our services. The data we collect includes:
Personal Information
- Name, email address, phone number, and postal address
- Date of birth and emergency contact information
- Payment and billing information
- Health and fitness information relevant to our services
- Photos and videos for marketing purposes (with consent)
Technical Information
- IP address, browser type, and device information
- Website usage data and analytics information
- Cookie data and tracking preferences
- Access logs and facility usage records
Facility Usage Data
- Membership access records and facility usage patterns
- Class bookings and attendance records
- Personal training session data
- Equipment usage and safety incident reports
How We Use Your Information
We use your personal data for various purposes based on different legal grounds. How we use your information includes:
Service Provision
- Processing membership applications and managing accounts
- Providing access to gym facilities and services
- Scheduling and conducting personal training sessions
- Managing class bookings and facility reservations
- Processing payments and managing billing
Communication and Support
- Responding to enquiries and providing customer support
- Sending important updates about our services
- Providing health and safety information
- Notifying you of schedule changes or facility updates
Marketing and Improvement
- Sending promotional materials and special offers (with consent)
- Conducting surveys and collecting feedback
- Analysing usage patterns to improve our services
- Developing new programmes and services
Cookies and Tracking Technologies
We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.
For detailed information about our use of cookies, please see our Cookie Policy.
Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Contract: Processing necessary for membership agreements and service provision
- Legitimate Interest: Analytics, security, and business improvement activities
- Consent: Marketing communications and non-essential cookies
- Legal Obligation: Compliance with health and safety regulations
- Vital Interest: Emergency situations and health incidents
Data Sharing and Third Parties
We may share your information with trusted third parties in the following circumstances:
- Payment processors for membership fees and service payments
- Technology providers for website analytics and customer management
- Marketing platforms for email communications (with consent)
- Legal authorities when required by law or to protect safety
- Professional advisors such as lawyers and accountants
- Emergency services in case of health incidents
Data Retention
We retain your personal data for different periods depending on the type of information and legal requirements:
- Membership data: For the duration of membership plus 7 years for financial records
- Health and safety records: 7 years from the date of creation
- Marketing data: Until consent is withdrawn or 3 years of inactivity
- Website analytics: 26 months from collection
- CCTV footage: 30 days unless required for incident investigation
After these periods, we securely delete or anonymise your data unless we have a legal obligation to retain it longer.
Your Rights
Under GDPR, you have several rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete information
- Right to Erasure: Request deletion of your data in certain circumstances
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for marketing or cookies
To exercise these rights, please contact us at privacy@cobaltshift.top or +31 765677337.
Data Security
We implement appropriate technical and organisational measures to protect your personal data:
- Encryption of sensitive data in transit and at rest
- Regular security assessments and vulnerability testing
- Access controls and staff training on data protection
- Secure backup and disaster recovery procedures
- Physical security measures at our facilities
- Regular software updates and security patches
International Data Transfers
We primarily process data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses approved by the European Commission.
Contact Information
If you have questions about this privacy policy or wish to exercise your rights, please contact us:
- Email: privacy@cobaltshift.top
- Phone: +31 765677337
- Post: cobaltshift B.V., Parkweg 54, 4812 OC Breda, Netherlands
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your data appropriately.
Changes to This Policy
We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through our website. Please review this policy regularly to stay informed about how we protect your privacy.
Governing Law
This privacy policy is governed by Dutch law and the General Data Protection Regulation (GDPR). Any disputes relating to this policy will be subject to the jurisdiction of the Dutch courts.