Privacy Policy and Data Protection
GRIT+GRACE, as Data Controller, processes Members’ personal data in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”) and applicable Italian data protection legislation.
GRIT+GRACE has adopted a comprehensive Privacy Policy that describes in detail:
the categories of personal data collected;
the purposes and legal bases of processing;
the methods of processing and data retention periods;
the categories of recipients of the data;
any transfers outside the European Economic Area, where applicable;
the rights of data subjects under Articles 15–22 GDPR (including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent);
the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
The Privacy Policy is made easily accessible at all times on the Site, within the App, and at the studio reception desk. Members are required to read it carefully. The Privacy Policy forms an integral and essential part of these Terms and Conditions.
Use of Images (Photos/Videos):
The studio may occasionally produce photographic or video material within its premises for its institutional and promotional purposes (e.g., website, social media). The use of any image or video in which a Member is clearly recognizable is subject to the Member’s prior, free, and specific consent, which will be requested separately and is not a condition for membership or access to services. A Member may grant, deny, or withdraw their consent at any time by providing written notice to the studio, without any negative consequences.
Governing Law and Jurisdiction:
These Terms and the rights and obligations of the Parties hereunder shall be governed by, and construed and interpreted in accordance with, the laws of the Republic of Italy.
With reference to any controversy arising out in connection to this Agreement, the following shall apply:
(i) the parties will make reasonable efforts, for at least 30 (thirty) days, to settle in an amicable way any dispute that might arise between them in connection with this Agreement, including any dispute concerning its interpretation, validity, effectiveness, enforceability, performance, termination or rescission;
(ii) should any party consider not possible to reach an amicable settlement after expiration of the above 30 (thirty) days period, then the dispute shall be submitted to the exclusive jurisdiction of the Courts of Milan (Italy), without prejudice to mandatory consumer protections.
Amendments to the Terms and Conditions:
GRIT+GRACE reserves the right to amend, update, or supplement these Terms and Conditions at any time for legal, regulatory, organizational, operational, or business reasons. Members will be notified of any material changes by email and/or through notice on the Site or App at least 30 (thirty) days prior to the effective date of such changes. Changes that are merely formal, clarificatory, required by law, related to studio organization, scheduling, instructors, digital tools, or that do not materially affect Members’ contractual rights or obligations shall not entitle the Member to withdraw from the agreement.
Only in the event that the amendments materially and adversely affect the essential rights or obligations of the Member, the Member shall have the right to withdraw from any ongoing membership agreement by providing written notice within 15 (fifteen) days from receipt of the notification.
Withdrawl shall take effect from the date specified in the notice and shall not entitle the Member to any refund for services already rendered or already used. Any unused prepaid services shall be handled strictly in accordance with mandatory provisions of applicable law.
Continued use of the Services after the effective date of the amendments shall constitute full acceptance of the updated Terms.
PRIVACY POLICY:
1. Data Controller
The Data Controller responsible for the processing of personal data is:
GRIT AND GRACE SSD
Address: Via Cola di Rienzo 190, Rome, Italy
Email: hello@gritandgraceclub.com
Phone: 3349001366
Personal data are processed in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Italian data protection legislation, including Italian Legislative Decree 196/2003, as amended.
2. Categories of Personal Data Collected
The studio collects and processes personal data necessary to manage memberships, provide training services, ensure the safety of participants, and comply with legal and regulatory obligations.
Identification and Contact Data
During registration, the following personal data may be collected:
Name and surname
Date of birth
City or place of birth
Residential address
Email address
Telephone number
Italian Tax Identification Number (Codice Fiscale)
These data are required for client identification, administrative management, and compliance with applicable legal obligations.
Membership and Service Data
In order to manage participation in studio activities, the following information may be processed:
Membership registration information
Class bookings and attendance records
Payment and billing information
Communication between the client and the studio
Training-related information relevant to delivering the service
Health Data (Special Categories of Personal Data)
Under Italian regulations governing non-competitive sports activities, participants must provide a valid medical certificate confirming fitness for physical activity (certificato medico per attività sportiva non agonistica).
The studio may therefore process:
Medical certificates confirming fitness for sports participation
Health information voluntarily communicated by clients that may be relevant to safe participation in training activities (for example injuries, physical limitations, pregnancy, or other medical considerations)
Such information constitutes special categories of personal data under the GDPR and is processed with appropriate safeguards.
Health-related information is accessed only when necessary to ensure the safety of the participant during training sessions.
3. Purpose and Legal Basis for Processing
Personal data are processed for the following purposes:
Provision of Training Services
To:
Register clients and manage memberships
Allow clients to book and attend classes
Provide Lagree training sessions
Communicate information regarding schedules, services, or operational matters
Legal basis: performance of a contract.
Compliance with Legal Obligations
To:
Verify possession of the mandatory medical certificate required for sports participation
Fulfill administrative, accounting, and tax obligations under Italian law
Legal basis: legal obligation.
Protection of Client Health and Safety
To:
Allow trainers to adapt exercises based on the client’s physical condition
Prevent injuries and ensure safe training sessions
Legal basis: explicit consent and protection of the participant’s health and safety.
Marketing Communications (Optional)
With the client’s explicit consent, the studio may send communications regarding:
Studio updates
Promotions or special offers
Events and new services
Clients may withdraw consent at any time.
Legal basis: consent.
4. Membership Registration and Insurance Coverage
The studio operates as a Società Sportiva Dilettantistica (SSD) and is affiliated with Associazioni Sportive e Sociali Italiane (ASI), a recognized Italian sports promotion organization.
To participate in sports activities organized by the studio, clients must be registered as sports members (“tesserati”) with ASI.
For this purpose, the studio may transmit the minimum necessary personal data to ASI, which may include:
Name and surname
Date and place of birth
Residential address
Italian Tax Identification Number (Codice Fiscale)
Contact details where required
This data transmission is necessary in order to:
Register the client as a member (tesserato) of the affiliated sports organization
Activate sports insurance coverage required for participation in training activities
Comply with obligations applicable to amateur sports organizations in Italy
ASI processes such personal data as an independent data controller.
Further information about how ASI processes personal data can be consulted in its privacy documentation available at:
5. Methods of Data Collection
Personal data may be collected through:
• Membership registration forms
• Online booking or membership platforms
• Direct communications with the studio (email, phone, or in person)
• Medical certificates provided by the client
• Information voluntarily communicated by clients to trainers or staff
6. Access to Personal Data
Access to personal data is limited to authorized individuals who require such information to perform their duties.This may include:
Administrative staff responsible for managing memberships and bookings
Trainers and instructors who require relevant information to ensure safe and effective training sessions
Trainers have access only to information necessary for the safe delivery of training services.
7. Data Processors and Third Parties
Personal data may be processed by external service providers acting on behalf of the studio, including:
Booking and membership management platforms
Payment service providers
Professional advisors such as accountants or legal consultants
Sports organizations responsible for membership registration and insurance activation
These parties process personal data only where necessary and in accordance with contractual confidentiality and data protection obligations.
8. Data Security
The studio implements appropriate technical and organizational measures to protect personal data from:
Unauthorized access
Loss or destruction
Accidental disclosure
Unlawful processing
Such measures may include secure digital systems, restricted access to sensitive information, and confidentiality obligations for staff and instructors.
Particular care is taken in the handling of health-related information.
9. Data Retention
Personal data are retained only for the period necessary to fulfill the purposes for which they were collected.
Typical retention periods include:
Membership and client records: for the duration of the client relationship and a reasonable administrative period thereafter
Medical certificates: until their expiration or as required by applicable regulations
Accounting and billing records: up to 10 years in accordance with Italian tax legislation
Marketing communications: until consent is withdrawn
10. Rights of the Data Subject
Under the GDPR, clients have the right to:
Access their personal data
Request correction of inaccurate or incomplete information
Request deletion of their personal data where legally applicable
Request restriction of processing
Object to certain types of processing
Receive their personal data in a portable format where applicable
Withdraw consent at any time where processing is based on consent
Requests regarding personal data may be submitted to: hello@gritandgraceclub.com
Clients also have the right to lodge a complaint with the Italian supervisory authority:
Garante per la Protezione dei Dati Personali
11. Mandatory Nature of Data Provision
Providing certain personal data is necessary in order to:
Register as a client of the studio
Participate in training sessions
Obtain membership registration with the affiliated sports organization
Activate sports insurance coverage
Failure to provide such information may prevent the studio from providing the requested services.
12. Changes to This Policy
This Privacy Policy may be updated periodically to reflect changes in legal requirements or studio practices. The most recent version will always be made available through the studio’s official communication channels.
Booking, Cancellations and Waitlist
Account Requirement:
Members must create an Account through the App or Site, providing accurate and complete information. Members are responsible for the confidentiality of login credentials.
Booking & Cancellation Policy:
All classes must be prepaid and are subject to availability.
Cancellations must be made at least 12 hours prior to class start time.
Late cancellations (within 12 hours) and no-shows result in the loss of the class credit.
GRIT+GRACE reserves the right to modify instructors, schedules, or class formats when necessary.
Waitlist Policy
Waitlists are processed automatically up to 16 hours before class.
If a spot becomes available within 16 hours of class start, no automatic enrollment occurs; the spot is opened to all members for manual booking.
No-Show Policy
Failure to attend a booked class is considered a no-show.
No-shows result in the loss of the class credit.
