Heat Lab Privacy and Cookie Policy

Last updated: 29 March 2026

This Privacy and Cookie Policy explains how Heat Lab NL C.V., trading as Heat Lab, collects, uses, stores, shares, and protects personal data.

Company name: Heat Lab NL C.V.

Chamber of Commerce number: 98905112

Registered address: Oeverpad 163, 1068PH Amsterdam

Operating address: MS Tarnweg 10, 1033SK, Amsterdam Noord

Website: https://www.heat-lab.nl/

Email: Emil@heat-lab.nl

Heat Lab is the controller of the personal data described in this Policy.

1. What personal data we collect

Depending on how you interact with Heat Lab, we may collect and process the following categories of personal data:

first and last name

email address

phone number

billing or address details

account or profile details in Bsport

booking details, attendance history, credits, punch cards, gift cards, and purchase history

payment related information processed through Stripe or another payment provider

communications you send to us by email, forms, social media, or customer support channels

website usage data

IP address, browser type, device information, cookie identifiers, and similar online identifiers

preferences and interests where you choose to share them

complaint, support, and incident information

Heat Lab does not request health data as a standard part of booking. If you voluntarily disclose medical or other sensitive information, Heat Lab will only process that information where necessary and lawful, for example to respond to a safety issue or handle your request.

2. Children

Heat Lab’s services are not intended for children under 16 without the required parental or guardian involvement where applicable.

If you believe that Heat Lab has collected personal data from a child in a way that is not permitted, please contact Emil@heat-lab.nl and Heat Lab will investigate and, where appropriate, delete the information.

3. Why we process your personal data and the legal basis

Heat Lab only processes personal data where there is a valid legal basis under applicable data protection law.

A. To perform a contract with you

Heat Lab processes personal data to:

create and manage bookings, profiles, credits, punch cards, and gift cards

process payments

send confirmations, invoices, reminders, and booking related messages

provide access to sessions, events, and other purchased services

manage rescheduling, cancellations, no shows, and customer support

B. To comply with legal obligations

Heat Lab may process personal data to:

maintain accounting and tax records

comply with consumer law obligations

respond to lawful requests from authorities

meet fraud prevention, safety, or regulatory requirements

C. For legitimate interests

Where appropriate and balanced against your rights, Heat Lab may process personal data to:

operate, secure, and improve its website, services, and booking flows

prevent fraud, abuse of offers, chargebacks, misuse of guest privileges, or unsafe behavior

manage disputes, incidents, legal claims, and complaints

maintain internal business administration and reporting

send service related communications necessary for the customer relationship

D. Based on consent

Where required, Heat Lab relies on your consent to:

Send newsletters or marketing communications

Place non essential cookies or similar technologies

Use certain analytics, advertising, and tracking tools

Measure campaign performance and build relevant marketing audiences

You can withdraw consent at any time. Withdrawal does not affect processing carried out before consent was withdrawn.

4. Booking platform and payment provider

Heat Lab uses Bsport to manage bookings, customer profiles, attendance, credits, and related customer administration.

Heat Lab uses Stripe or another available payment method at checkout to process payments. Payment card data is processed by the relevant payment provider in accordance with that provider’s own privacy and security terms.

Heat Lab only receives the information reasonably necessary to confirm payment, manage the booking, and administer the customer relationship.

5. Website, analytics, and advertising tools

Heat Lab’s website is hosted on Squarespace.

Heat Lab may use the following categories of third party tools and integrations:

Squarespace for website hosting and site functionality

Bsport booking widgets and related booking integrations

Stripe payment tools

Google Analytics for website measurement and analytics

Meta Pixel for advertising measurement, audience building, and campaign attribution

Instagram embeds or related social media integrations

Other booking widgets, embedded media, forms, or plugins used on the website from time to time

These tools may collect information about your visit, device, browser, actions on the site, and interactions with booking or checkout flows, subject to your consent where required.

6. How long we keep personal data

Heat Lab does not keep personal data longer than necessary for the purposes described in this Policy.

In general:

Customer account, booking, attendance, and transaction data may be retained for as long as Needed to administer the customer relationship and then for the applicable legal retention period

Accounting and tax records may be retained for as long as required by law

Marketing consent records may be retained until consent is withdrawn or the customer unsubscribes, plus a limited period needed to demonstrate compliance

Support requests, complaints, and incident records may be retained as long as reasonably necessary to handle the matter and any follow up

Cookie and analytics data may be retained for the period configured in the relevant tools

Where possible, Heat Lab will delete or anonymize data when it is no longer needed.

7. Sharing personal data

Heat Lab may share personal data with service providers and partners who help operate the business, including:

Bsport

Stripe and other payment providers

Squarespace

Google

Meta

newsletter, CRM, automation, analytics, support, or communications providers

accountants, insurers, legal advisers, and other professional advisers

authorities or regulators where disclosure is legally required

Heat Lab does not sell personal data.

Where third parties process personal data on Heat Lab’s behalf, Heat Lab seeks to ensure that appropriate contractual safeguards are in place.

8. International transfers

Some service providers used by Heat Lab may process personal data outside the European Economic Area.

Where required, Heat Lab will ensure that an appropriate legal transfer mechanism is in place, such as an adequacy decision or approved contractual safeguards.

9. Security

Heat Lab takes reasonable technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration, or disclosure.

No system is completely secure, but Heat Lab works to protect personal data in a manner appropriate to the nature of the information processed.

10. Your rights

Subject to the conditions and limits of applicable law, you may have the right to:

access your personal data

correct inaccurate personal data

request deletion of your personal data

restrict processing

object to certain processing

receive your data in a portable format where applicable

withdraw consent where processing is based on consent

lodge a complaint with the Dutch Data Protection Authority

To exercise your rights, contact Emil@heat-lab.nl.

Heat Lab may ask for reasonable proof of identity before responding to your request.

11. Direct marketing

If you subscribe to Heat Lab newsletters or marketing communications, Heat Lab may send you updates about sessions, openings, offers, events, and related news.

You can unsubscribe at any time by using the unsubscribe link in the message or by contacting Heat Lab directly.

Heat Lab may still send non promotional service messages relating to your bookings, purchases, account, or customer relationship.

12. Cookies and similar technologies

Heat Lab’s website may use cookies, pixels, local storage, scripts, SDKs, tags, and similar technologies.

These technologies may be used for the following purposes:

to make the website function properly

to remember your preferences and consent settings

to support security and fraud prevention

to analyze traffic and visitor behavior

to measure booking flow performance

to improve content, usability, and conversion

to measure advertising effectiveness

to create audiences and support relevant advertising

Strictly necessary cookies

These cookies are necessary for core website functions, security, consent management, and booking functionality. They do not require consent where allowed by law.

Analytics cookies

Heat Lab uses analytics tools such as Google Analytics and may also use analytics related tools through Squarespace or Bsport. These cookies and technologies help measure website traffic, visitor behavior, and booking performance.

Where required by law, Heat Lab will request consent before placing non essential analytics cookies.

Marketing and advertising cookies

Heat Lab uses marketing and advertising technologies such as Meta Pixel and may use related tracking through advertising platforms, social media integrations, or embedded services.

These technologies may be used to measure campaign performance, understand user journeys, create audiences, and show relevant advertising.

Where required by law, Heat Lab will request consent before placing non essential marketing cookies or similar technologies.

Embedded content and third party widgets

Instagram embeds, Bsport booking widgets, and other third party content or booking integrations may place cookies or process personal data.

Where required by law, Heat Lab will ask for consent before loading or enabling non essential third party technologies.

13. Cookie consent and managing preferences

When you first visit the Heat Lab website, you may be asked to set your cookie preferences for non essential cookies and tracking technologies.

You can change your preferences at any time through the cookie settings tool or cookie banner where available.

You can also manage or delete cookies through your browser settings. Please note that blocking some cookies may affect website functionality, including booking flows.

14. Third party websites and services

Heat Lab’s website or communications may contain links to third party websites, booking pages, payment pages, social media pages, embedded content, or external services.

Those third parties have their own privacy and cookie policies. Heat Lab is not responsible for their content, policies, or practices.

15. Complaints about privacy

If you have questions, concerns, or complaints about how Heat Lab handles personal data, please contact Emil@heat-lab.nl first.

You also have the right to lodge a complaint with the Dutch Data Protection Authority.

16. Changes to this Policy

Heat Lab may update this Privacy and Cookie Policy from time to time.

The latest version will always be published on the website with the updated date at the top.