.png)
Privacy Statement - Innate
Version: 02 May 2025
At The Synergy Healthcare B.V., trading as Club Innate ("Club Innate", "we", "us", or "our"), we highly value the protection of your personal data. This Privacy Statement applies globally and adheres to the strictest standards of international privacy legislation, including but not limited to the GDPR (EU), CCPA/CPRA (USA), LGPD (Brazil), PIPEDA (Canada), POPIA (South Africa), APPI (Japan), PIPL (China), Privacy Act (Australia), and other applicable national regulations.
Who is responsible for your data?
Data Controller: The Synergy Healthcare B.V. - Club Innate
Wapenrustlaan 11, 7321 DL Apeldoorn, The Netherlands
KvK: 78557674 | VAT: NL861449459B01 | ✉ legal@clubinnate.com
What data do we collect?
We may process the following categories of personal data:
- Identification details (name, date of birth, email address)
- Account credentials (username, password)
- Health information (only with your voluntary and explicit consent)
- Payment and invoicing information
- Technical identifiers (IP address, cookies, log files)
- Behavioural and preference data (click patterns, subscriptions, purchase history)
- Location data (when using our app or GPS-enabled services)
- Communication records (support requests, correspondence)
- Data of minors (only with parental or guardian consent, in line with COPPA, GDPR, LGPD, etc.)
Purpose and legal grounds for processing
We process your data for:
- Contract performance (platform access, product purchases)
- Compliance with legal obligations (accounting, tax retention)
- Legitimate interests (security, analytics, marketing improvement)
- Your explicit consent (newsletters, tracking, health advice, sensitive data)
Legal bases align with:
- GDPR (EU)
- CCPA/CPRA (USA)
- LGPD (Brazil)
- PIPL (China)
- APPI (Japan)
- Privacy Act (Australia)
- POPIA (South Africa)
- Other applicable national privacy laws
Cookies and tracking technologies
We use cookies, pixels, and comparable technologies to optimise user experience, personalise content, display advertisements, and measure performance.
You will be informed on your first visit and can set your preferences through our cookie banner. Full details can be found in our Cookie Policy.
Email marketing, profiling, and automated decision-making
We send personalised communications based on your consent. You may withdraw consent at any time.
Automated decision-making and profiling are employed to tailor content to your preferences, behaviour, and interactions with our platform. Where legally mandated (e.g., in the EU, South Korea, Japan), human oversight is ensured.
Third-party sharing
We only share your data with:
- Contracted processors (IT services, logistics, payment providers)
- Legal authorities where legally required
- International partners with adequate safeguards (e.g., SCCs, BCRs)
We do not sell your personal data to third parties.
International data transfers
Your data may be transferred outside the European Economic Area (EEA). Club Innate uses:
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules (BCRs)
- Local data centres where required by law (e.g., China, Russia, India)
- Local representatives where required (e.g., South Korea, Saudi Arabia)
Transfers are performed in strict compliance with Articles 44-49 GDPR.
Data security
We maintain state-of-the-art technical and organisational security measures, including encryption, access restrictions, secure connections, logging, segmentation of sensitive data, and comprehensive incident response procedures.
Your rights
You have the right to:
- Access your personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Restrict processing
- Object to processing
- Data portability
- Withdraw your consent
We respect region-specific rights, including:
- GDPR (EU)
- CCPA (opt-out and "do not sell" rights - USA)
- PIPL (China): prior consent and sensitive data protection
- APPI (Japan), LGPD (Brazil), POPIA (South Africa)
- COPPA (USA): protection of minors under 13
You may submit requests free of charge via legal@clubinnate.com.
Data retention periods
Data is retained only as long as necessary for the intended purpose and in accordance with statutory requirements:
- Account and transaction data: 7 years
- Health data: up to 5 years after last interaction
- Marketing data: 2 years after last contact
Local adaptations and applicable law
Club Innate complies with local privacy laws. Deviations are respected unless they contradict this Privacy Statement's core principles.
Primary governing law: Dutch law. Mandatory national laws take precedence in other jurisdictions.
Complaints and supervisory authorities
For complaints, contact legal@clubinnate.com. You also have the right to contact your national supervisory authority, such as:
- Netherlands: Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
- EU: One-Stop-Shop mechanism
- USA: Federal Trade Commission (FTC)
- South Africa: Information Regulator
- Canada: Office of the Privacy Commissioner
- Japan: Personal Information Protection Commission (PPC)
- China: Cyberspace Administration of China (CAC)
- Australia: Office of the Australian Information Commissioner (OAIC)
Policy updates
We reserve the right to amend this Privacy Statement. The latest version is always available on our website. You will be informed of material changes.
Additional protections
We comply with child protection laws in other relevant jurisdictions, such as South Korea, Thailand, and Indonesia.
Access restrictions from high-risk jurisdictions
We restrict or block platform access from jurisdictions lacking adequate data protection or where laws or circumstances present excessive risk to data subjects' rights. This includes, but is not limited to: China, Russia, Iran, North Korea, Syria, and Venezuela. For other high-risk regions, additional safeguards apply per Articles 44-49 GDPR.
Security evaluation and legislative monitoring
We regularly review and strengthen our technical and organisational safeguards in line with international obligations.
We closely monitor global privacy developments, including the EU AI Act and ePrivacy Regulation, and update this policy accordingly.
