Privacy Policy
Last updated: 15 January 2026
Introduction
astralfoundry B.V. ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your information when you visit our website or use our fitness services.
We are registered in the Netherlands under company number NL31837296 and operate from Lindelaan 199, 4875 FI Breda, North Brabant.
Data Controller Information
astralfoundry B.V. is the data controller for the personal data we process. If you have any questions about this Privacy Policy or how we handle your data, you can contact us at:
- Email: privacy@astralfoundry.world
- Phone: +31 768088544
- Address: Lindelaan 199, 4875 FI Breda, North Brabant, Netherlands
Data Collection
We collect personal data that you provide to us directly and information that is collected automatically when you use our website and services. The data we collect includes:
Information You Provide
- Contact information (name, email address, phone number)
- Fitness goals and health information
- Payment and billing information
- Communication preferences
- Feedback and correspondence
Information Collected Automatically
- Website usage data and analytics
- Device information and IP address
- Browser type and operating system
- Pages visited and time spent on our website
- Referral sources and search terms
How We Use Your Information
We use your personal data for various purposes based on different legal grounds. Here's how we use your information and our legal basis for processing:
Service Provision (Contract Performance)
- Providing fitness training and nutrition services
- Creating personalised workout and meal plans
- Processing payments and managing memberships
- Communicating about your services and appointments
Legitimate Business Interests
- Improving our services and website functionality
- Analysing usage patterns and preferences
- Sending relevant marketing communications (with opt-out options)
- Protecting against fraud and ensuring security
Legal Compliance
- Meeting regulatory and legal requirements
- Responding to legal requests and court orders
- Maintaining records as required by law
Cookies and Tracking Technologies
We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.
For detailed information about the cookies we use, please see our Cookie Policy.
Types of Tracking Technologies
- Essential cookies for website functionality
- Analytics cookies (Google Analytics) for usage insights
- Marketing cookies for advertising and remarketing
- Functional cookies for personalised experiences
Data Sharing and Third Parties
We do not sell your personal data to third parties. We may share your information with trusted service providers who help us operate our business, including:
- Payment processors for secure transaction handling
- Analytics providers (Google Analytics) for website improvement
- Email service providers for communication
- Cloud storage providers for secure data storage
- Legal and professional advisors when required
All third-party providers are contractually bound to protect your data and use it only for the specified purposes.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy. Our retention periods are based on:
- Active membership: For the duration of your membership plus 3 years
- Financial records: 7 years as required by Dutch tax law
- Marketing communications: Until you unsubscribe or 3 years of inactivity
- Website analytics: 26 months (Google Analytics default)
- Legal compliance: As required by applicable laws
After the retention period expires, we securely delete or anonymise your personal data.
Your Rights
Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data:
Right of Access
You can request a copy of the personal data we hold about you and information about how we process it.
Right to Rectification
You can ask us to correct any inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data in certain circumstances.
Right to Restrict Processing
You can ask us to limit how we use your personal data in certain situations.
Right to Data Portability
You can request a copy of your personal data in a structured, machine-readable format.
Right to Object
You can object to processing based on legitimate interests or for marketing purposes.
To exercise any of these rights, please contact us at privacy@astralfoundry.world or +31 768088544.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and staff training
- Secure payment processing systems
- Regular backup and recovery procedures
While we strive to protect your personal data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.
International Data Transfers
We primarily process your data within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses approved by the European Commission
- Binding Corporate Rules for multinational companies
- Certification schemes and codes of conduct
Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.
For fitness services involving minors (16-18 years), we require parental consent and involvement in the programme design and monitoring.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes by:
- Posting the updated policy on our website
- Sending email notifications to registered users
- Displaying prominent notices on our website
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
astralfoundry B.V.
- Privacy Officer: privacy@astralfoundry.world
- Phone: +31 768088544
- Address: Lindelaan 199, 4875 FI Breda, North Brabant, Netherlands
- Business Hours: Monday - Friday: 9:00 - 18:00
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately.