Skip to main contentorganic-down

Privacy Policy SiS Sports Center

1. Why do we process personal data?

SiS Sports Center is one of Stavanger’s largest and most comprehensive fitness centers, with a sports hall and climbing center. For you to be able to use our facilities, it is necessary for us to process some personal data about you. This privacy policy is intended to give you information about why, on what legal basis, and for how long we process your personal data. You can also read about the rights you have as a registered individual in section 6.

If you are unsure about anything, or have questions or comments related to this privacy policy, please contact us. You can find the contact information at the bottom of section 7.

2. What is personal data and a legal basis for processing?

Personal data is any information and assessments that can be linked to you as an individual. This can, for example, be your name, email address, national identity number and address. It can also be a photo or video recording, purchase and payment history, or which training sessions you have attended. As long as the information or assessment can be traced back to you, it is considered personal data.

As a company, we are subject to a number of obligations under the law when we process your personal data. This includes, among other things, that we are required to have a legal basis for doing anything at all with your personal data. Under the General Data Protection Regulation, which is to be understood as Regulation (EU) 2016/679, hereinafter referred to as the GDPR, there are six different legal bases for processing under Article 6.

The processing must either be based on consent (GDPR Art. 6(1)(a)) or be necessary for the performance of a contract (GDPR Art. 6(1)(b)), a legal obligation (GDPR Art. 6(1)(c)), the protection of vital interests (GDPR Art. 6(1)(c)), the performance of a task carried out in the public interest or in the exercise of official authority (GDPR Art. 6(1)(e)), or the pursuit of legitimate interests (GDPR Art. 6(1)(f)).

3. Membership

3.1 Entering into membership

When you become a member of SiS Sports Center, we need to process a number of personal data about you in order to enter into the membership agreement. This includes personal data such as name, email address, phone number, date of birth, and gender. Depending on which subscription you choose, we may also process information such as whether you are a student, a former student, or who your employer is.

For members under the age of 16, we will also process information related to you as the guardian, which will include name, address, mobile number, email address, date of birth, and gender.

When you purchase a membership, a user account linked to you is created in our systems. All the personal data you have provided and that is processed during the membership is collected there. Our legal basis for processing this data is GDPR art. 6 (1) letter b, contract.

3.2 Administration of the membership

In order to be able to send you an invoice, it is necessary for us to use the personal data name, address and type of membership. The purpose of this processing is to collect payment for the chosen subscription. In the event of non-payment, the personal data will be sent to the debt collection agency Remind AS. These processing activities are carried out to fulfill the agreement with you, so the legal basis for the processing is GDPR art. 6 (1) letter b.

We offer a range of services that you can use when you are a member. If you want to book a squash court or a training session, we use your personal data to register your booking. Furthermore, we will often need to contact you with important messages related to your membership, such as changes to opening hours or if a session you have signed up for is cancelled. The legal basis for this processing is the agreement we have entered into with you, and thus GDPR art. 6 (1) letter b.

3.3 Access Control

To ensure that it is you as the member who is using SiS Sports Center, we register a portrait photograph of you that is linked to your user profile. This is only used to verify that the correct person is visiting the center. Furthermore, we store an ID number linked to the tag or card you use for access. We do this to give you access to the center and to fulfill our agreement with you. The legal basis for this processing is therefore GDPR art. 6 (1) letter b.

3.4 Training history

You will have the opportunity to see all previous visits and classes you have attended in our systems. This will give you an overview of your training history at SiS Sports Center. Providing this feature is a legitimate interest we have in offering you a training log. We consider this to be an advantage for you as a member. The legal basis for storing and providing an overview of training history is GDPR art. 6 (1) letter f.

3.5 Climbing Course

You can book climbing courses with us. In that case, we process the personal data name, email, phone number and address in order to secure your registration and issue an invoice for the course. If you pass the skills test associated with the climbing course, your name will be forwarded to the Norwegian Climbing Association, which issues the relevant card. The legal basis for this processing is the agreement we enter into with you for the climbing course, pursuant to GDPR Article 6(1)(b).

3.6 How long do we process your membership information?

Membership information is stored for a certain period after your membership has ended. This storage is done to ensure that if you change your mind, you will have a simple process for reopening your membership. This is a legitimate interest we have, namely to make it easy for customers to return to us. The legal basis for this storage is GDPR art. 6 (1) letter f.

We are legally required to store certain other personal data even after your membership has ended. This applies to invoice information, which we must keep for 5 years, and the membership agreement, which we must keep for 3.5 years in accordance with Section 13 of the Bookkeeping Act.

3.7 Suspended members

When a person is banned from SiS Sports Center, their member profile in our systems will show that they no longer have access to the center. This is a legitimate interest we have, namely to ensure effective enforcement of our rules. We store the member profile with the note about the ban only for a limited period. Separate assessments are made in each case to determine whether there are valid reasons for continued storage. The legal basis for processing personal data related to banned members is GDPR Article 6(1)(f).

4. Rent center

SiS Sports Center works for a clean training environment in cooperation with Anti-Doping Norway. Therefore, all our members are obligated under the membership agreement to act in accordance with the center’s interests and purpose of being a doping- and drug-free environment. If you want to read more about the Clean Center program, you can do sohere.

If there is suspicion of the use of doping substances from the doping list, SiS Sports Center will conduct a conversation with you. The legal basis for processing in connection with these conversations is the membership agreement and thus GDPR art. 6 (1) letter b. No personal data is stored in connection with this conversation.

If a doping test is required, you will sign an agreement stating that you allow the sample to be taken by Anti-Doping Norway. We store this contract until the membership ends and for a maximum of 1 year. The test itself is carried out with the assistance of Anti-Doping Norway, and measures have been implemented to safeguard privacy in the process, including procedures laid down by the World Anti-Doping Agency. The legal basis for this processing is GDPR art. 6 (1) letter b, contract. We do not store information about positive tests in our systems. Personal data may be shared with the police if doping use is uncovered.

In connection with the processing, SiS Sports Center will process health data and possibly information about criminal offences, meaning that special categories of personal data will be processed pursuant to GDPR Article 9. We have obtained permission from the Norwegian Data Protection Authority to process this type of personal data on specified conditions in accordance with Section 7 of the Personal Data Act. The license is anchored in national law in Section 6 of the Regulations on transitional rules for the processing of personal data. The exception in GDPR Article 9(2)(g) is therefore fulfilled.

There is strict access control related to the processing of personal data in connection with the clean center, and only the director of SiS Sports Center and the person responsible for anti-doping have access.

5. Visitors

5.1 Climbing course

If you are not a member of SiS Sportssenter, you can register for our climbing course via our website. We process the personal data name, email, phone number and address in order to secure your registration and issue an invoice for the course. The legal basis for this processing is the agreement we enter into with you for the climbing course, and is therefore grounded in GDPR art. 6 (1) letter b. The personal data collected in connection with registration is stored for 1 year before it is deleted from our systems. Invoice information is kept for 5 years in accordance with the Norwegian Bookkeeping Act § 13.

5.2 Squash

If you want to rent a squash court, we need to collect some of your personal data in order to reserve the court. We then register your name and phone number in our systems. The processing is carried out to fulfill the agreement to give you access to the court, meaning the legal basis for processing is GDPR Art. 6(1)(b). The personal data related to this processing is anonymized on the 1st of every month.

6. Video Surveillance

For security reasons, we have video surveillance. The cameras are located at the reception, in the squash courts, in the sports hall, and at the staff entrance.

We have strict, written procedures related to the use of video surveillance. Only the general manager and the IT manager have access to the recordings, and this can only happen if they are connected to the same network as the camera systems. Login should only occur if there is suspicion of criminal activity. The video surveillance is a legitimate interest we have as a company, so the legal basis for processing is GDPR Art. 6 (1) letter f. As a general rule, the recordings are stored for 7 days before they are automatically deleted.

In the investigation of criminal acts or accidents, video surveillance recordings are provided to the police in accordance with the Regulation on Camera Surveillance in Enterprises, and the legal basis for processing will then be GDPR Article 6(1)(c). If it is likely that recordings will be disclosed to the police, the recordings are stored for up to 30 days.

7. Your rights

You can always contact us if you would like more information about how we process your personal data or if you have any questions related to this.

When we process your personal data, you will also have a number of rights that you can exercise at any time, which you can find more information about here.

7.1 Right to information and access

You are entitled to receive information about how your personal data is processed, and this privacy policy is intended to provide that information. If you wish, you can contact us to access all the personal data we have registered about you in our systems. Furthermore, you may request a copy of all the personal data we have recorded.

7.2 Right to withdraw consent

If the legal basis we have for processing your personal data is consent, you are free to withdraw this at any time. You do not need to provide a reason for why you wish to withdraw your consent.

7.3 Right to rectification/correction

You have the right to have incorrect personal data about you corrected/rectified. You also have the right to have incomplete personal data about you supplemented. If you believe that we have registered incorrect or incomplete personal data about you, please contact us. It is important that you explain and, if possible, document why you believe the personal data is incorrect or incomplete.

7.4 Right to erasure

If you wish to have your personal data deleted, please contact us. It is important that you explain why you want the personal data to be deleted and, if possible, also specify which personal data you want us to delete. We will then assess whether the conditions for requesting deletion are met. Some personal data we are legally required to process, for example under the Accounting Act, and therefore we are not able to delete it.

7.5 Right to object

You have the right to object to the processing of your personal data when the legal basis for the processing is, among other things, grounded in GDPR Article 6(1)(f). If we conclude that you are entitled to object, we will stop processing your personal data, and you will also be able to request that it be deleted.

7.6 Right to restriction

In certain cases, you may have the right to request that the processing of your personal data be restricted. Restriction of personal data means that the data will still be stored, but that the possibilities for further processing are limited. If you believe that the personal data is incorrect or incomplete, or have submitted an objection to the processing (see the section on the right to object), you have the right to request that the processing of your personal data be temporarily restricted. This means that the processing is limited until we have, if applicable, corrected your personal data or assessed whether your objection is justified.

7.7 Right to complain about the processing

If you believe that we have not processed personal data in a correct and lawful manner, or if you believe that we have not been able to uphold your rights, you have the option to lodge a complaint about the processing. You can find information on how to contact us below in section 8.

You also have the option of submitting your complaint to the Norwegian Data Protection Authority. The Data Protection Authority is responsible for ensuring that Norwegian organizations comply with the provisions of the Personal Data Act and the GDPR when processing personal data.

You can find up-to-date information on how to contact the Norwegian Data Protection Authority at www.datatilsynet.no .

8. Contact information

If you wish to contact us regarding this privacy policy, please send an email to sletting@sissportssenter.no.

Last updated: 17 June 2026
Privacy Policy SiS Sports Center | SiS Sportssenter