Privacy Policy

Last updated: 15th January 2026

Introduction

IronStrategist B.V. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ironstrategist.pro or engage with our franchise services.

This policy applies to all personal data processing activities carried out by IronStrategist in connection with our gym franchise services and website operations.

Data Controller Information

The data controller responsible for your personal data is:

IronStrategist B.V.
Parkweg 179
9766 WG Groningen
Netherlands
Registration Number: NL95473821
VAT Number: NL009547382B01

Data Collection

We collect various types of information in connection with the services we provide, including personal data we collect directly from you and information we collect automatically when you use our website. The data we collect includes:

  • Personal identification information: Name, email address, phone number, postal address
  • Business information: Company details, investment capacity, business experience, preferred locations
  • Communication data: Records of correspondence, enquiry forms, meeting notes
  • Technical data: IP address, browser type, device information, website usage statistics
  • Marketing data: Communication preferences, marketing consent records

How We Use Your Information

We process your personal data for various purposes based on different legal grounds. How we use your information depends on the services you use and your relationship with us:

  • Franchise services: To evaluate franchise applications, provide consultations, and manage franchise relationships
  • Communication: To respond to enquiries, provide customer support, and send service-related communications
  • Marketing: To send promotional materials and franchise opportunity information (with your consent)
  • Website improvement: To analyse website usage and improve our online services
  • Legal compliance: To comply with applicable laws, regulations, and legal processes
  • Business operations: To manage our business relationships and maintain accurate records

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Consent: Where you have given clear consent for specific processing activities
  • Contract performance: To fulfil our contractual obligations or take steps before entering into a contract
  • Legitimate interests: To pursue our legitimate business interests, such as improving our services
  • Legal obligation: To comply with applicable laws and regulations

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal data to third parties without your consent, except in the following circumstances:

  • Service providers: Trusted third parties who assist us in operating our website and conducting business
  • Legal requirements: When disclosure is required by law or to protect our rights and safety
  • Business transfers: In connection with mergers, acquisitions, or asset sales
  • Professional advisers: Lawyers, accountants, and other professional service providers

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • European Commission adequacy decisions
  • Standard contractual clauses approved by the European Commission
  • Binding corporate rules or certification schemes

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Our data retention periods vary depending on the type of information and the purpose for processing:

  • Franchise enquiries: Up to 3 years from last contact
  • Active franchise relationships: For the duration of the relationship plus 7 years
  • Marketing communications: Until consent is withdrawn or contact becomes inactive
  • Website analytics: Up to 26 months
  • Legal compliance: As required by applicable laws

Your Rights

Under GDPR and applicable data protection laws, you have several rights regarding your personal data:

  • Right of access: Request copies of your personal data
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data in certain circumstances
  • Right to restrict processing: Request limitation of processing in specific situations
  • Right to data portability: Request transfer of your data in a structured format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent for consent-based processing at any time

To exercise any of these rights, please contact us using the contact information provided below.

Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and staff training
  • Secure data storage and backup procedures
  • Incident response and breach notification procedures

Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding privacy matters, please reach out using the following contact information:

Privacy Officer
IronStrategist B.V.
Email: privacy@ironstrategist.pro
Phone: +31 50 513 2810
Address: Parkweg 179, 9766 WG Groningen, Netherlands

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately.

Governing Law

This Privacy Policy is governed by and construed in accordance with Dutch law. The GDPR and other applicable European data protection laws also apply to our processing of your personal data.