Privacy Policy

Last Updated: January 2026

lucidvault B.V. ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your information when you visit our website or use our services.

Data Controller Information

lucidvault B.V. acts as the data controller for the personal data we collect. Our registered office is located at Berkenlaan 146, 1374 WP Almere, Flevoland, Netherlands. Registration Number: NL97493852, VAT Number: NL009749385B01.

Data Collection

The data we collect includes information you provide directly to us and information collected automatically when you use our website and services:

• Personal Information: Name, email address, phone number, and fitness-related information when you contact us or book services
• Website Usage Data: IP address, browser type, pages visited, time spent on pages, and referral sources
• Cookies and Tracking: We use cookies for website functionality, analytics, and advertising purposes
• Communication Records: Records of your communications with us, including emails and phone calls
• Health Information: Fitness assessments, health questionnaires, and training progress data (with your explicit consent)

How We Use Your Information

We use your personal data for the following purposes, based on legitimate business interests and legal obligations:

• Service Provision: To provide personal training services, schedule appointments, and deliver fitness programmes
• Communication: To respond to your enquiries, send appointment reminders, and provide customer support
• Website Improvement: To analyse website usage and improve our online services and user experience
• Marketing: To send you relevant information about our services (with your consent) and personalised advertisements
• Legal Compliance: To comply with legal obligations and protect our legitimate business interests
• Health and Safety: To ensure safe training practices and maintain health records as required

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please see our Cookie Policy.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: For marketing communications and non-essential cookies
• Contract Performance: To provide our fitness services and fulfil our contractual obligations
• Legitimate Interests: For business operations, website analytics, and service improvement
• Legal Obligation: To comply with applicable laws and regulations

Data Sharing and Third Parties

We do not sell your personal data. We may share your information with:

• Service Providers: Third-party companies that help us operate our business (e.g., payment processors, email services)
• Analytics Providers: Google Analytics and similar services to understand website usage
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with any merger, sale, or transfer of our business

Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this policy. Specifically, we retain client records for 7 years after the end of our business relationship, website analytics data for 26 months, and marketing consent records until withdrawn. Health and fitness data is retained for 10 years as required by professional standards. We regularly review and delete data that is no longer necessary.

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses, or other approved mechanisms under GDPR.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us about data protection matters, please reach out to us:

Supervisory Authority

If you believe we have not handled your personal data in accordance with this policy or applicable law, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.