About
Offer
Memberships
Culture
Contact

Book your class

Discover classes

Ready to move, strengthen, and restore? Our seamless booking system makes it easy to reserve your spot in any class or private session.

info@thriom.com

Via Carlo Poma 1, 20129  Milano

Privacy policy

THRIOM

1. Data Controller

THRIOM S.r.l., with registered office at Via Carlo Poma 1, 20129 Milano (MI), Italy (“THRIOM” or the “Data Controller”), is responsible for the processing of personal data as described in this Privacy Policy.

Contact details
Website: www.thriom.com
Address: Via Carlo Poma 1, 20129 Milano (MI), Italy
Email: info@thriom.com

If you have any questions about this Privacy Policy or about how your personal data is processed, you may contact us using the details above.

2. Personal Data We Process

THRIOM processes personal data that you provide to us directly and/or that is generated through your use of our services.

The categories of personal data we may process include:

  • First and last name
  • Address details
  • Telephone number
  • Email address
  • Date of birth
  • Payment and transaction details (limited to what is strictly necessary)
  • Health-related information voluntarily provided by you (e.g. medical notes for membership freezes, contraindications for recovery services, injury information shared with trainers)

We do not collect more data than is necessary for the purposes described below.

3. Purposes and Legal Bases for Processing

THRIOM processes personal data only where a lawful basis exists, in accordance with the General Data Protection Regulation (GDPR) and the Italian Privacy Code (Legislative Decree 196/2003, as amended).

  • To manage bookings, memberships, purchases, and payments
  • To provide access to classes, personal training sessions, workshops, and recovery services
  • To comply with accounting, tax, and consumer protection laws
  • To manage and improve studio operations
  • To ensure the safety and security of our facilities, including through video surveillance systems where applicable
  • To send newsletters, marketing communications, and event invitations
  • To process optional health-related information in order to adapt services to your individual needs

You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Video Surveillance (CCTV)

THRIOM S.r.l. operates a limited video surveillance system within its premises for security and safety purposes only. Cameras are installed exclusively in common areas, such as the entrance and customer lounge areas.

Video surveillance is carried out in accordance with applicable data protection legislation and is based on THRIOM’s legitimate interest in protecting individuals and property (Article 6(1)(f) GDPR).

Cameras are positioned in a proportionate manner and are never installed in private or sensitive areas, including bathrooms, changing rooms, and showers.

Recorded images:

  • are accessed only by authorised personnel,
  • are not used for profiling or marketing purposes, and
  • are retained for a limited period, generally not exceeding 48 hours, unless extended retention is required in connection with security incidents or lawful requests from competent authorities.

Clear and visible signage is displayed at the entrance of the premises to inform visitors of the presence of video surveillance.

5. Automated Decision-Making

THRIOM does not carry out automated decision-making processes, including profiling, that produce legal effects or similarly significantly affect individuals.

6. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, including legal obligations.

In particular:

  • Client account and contact data: up to 5 years after the last interaction
  • Payment and accounting records: 10 years, as required by Italian law
  • Health-related information: deleted as soon as it is no longer necessary for the requested service
  • Video surveillance recordings: maximum 48 hours, unless required for investigations

7. Sharing of Personal Data

Personal data may be shared only where necessary and appropriate:

  • With service providers (e.g. booking systems, payment processors, IT providers) acting as data processors under written agreements
  • With independent professionals (e.g. physiotherapists operating within the premises) only if you book services directly with them
  • With public authorities where required by law

THRIOM does not sell personal data or disclose it to third parties for commercial purposes.

8. Cookies and Similar Technologies

Our website uses cookies and similar technologies necessary for its operation and for analytical purposes.
Further details are available in our dedicated Cookie Policy.

9. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Request rectification of inaccurate or incomplete data
  • Request erasure of your data where legally possible
  • Restrict processing in certain circumstances
  • Request data portability
  • Object to processing based on legitimate interests or direct marketing
  • Withdraw consent at any time, where applicable

To exercise your rights, please contact us at info@thriom.com.

For security reasons, we may request proof of identity (with non-essential information redacted). We will respond within one month of receiving your request.

10. Complaints

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali):
www.garanteprivacy.it

11. Data Security

THRIOM implements appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction.

If you suspect a data breach or misuse of your personal data, please contact us immediately at info@thriom.com.

12. Updates to This Privacy Policy

This Privacy Policy may be updated from time to time. The most recent version will always be published on our website, together with the date of the latest revision.