Privacy Policy

Interval Plus CrossFit ("we", "us", or "our") is committed to protecting your privacy and personal data in full compliance with the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL) and its implementing regulations.

This Privacy Policy explains how we collect, use, store, disclose, and safeguard your personal information when you visit our website, use our services, or visit our facilities in the Kingdom of Saudi Arabia.

By accessing or using our services, you provide your explicit consent to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access our services. You have the right to withdraw your consent at any time by contacting us.

Under the PDPL, we process your personal data based on one or more of the following lawful bases:

Consent: You have given clear and explicit consent for us to process your personal data for specific purposes, such as marketing communications and the use of non-essential cookies.

Contractual Necessity: Processing is necessary to fulfill our contractual obligations to you, such as managing your membership, processing payments, and providing coaching services.

Legal Obligation: Processing is necessary to comply with applicable laws and regulations in the Kingdom of Saudi Arabia.

Legitimate Interest: Processing is necessary for our legitimate business interests, such as improving our services and ensuring the security of our facilities, provided these interests do not override your fundamental rights and freedoms.

We collect personal information that you voluntarily provide to us when you register for a membership, book a free trial, subscribe to our newsletter, or contact us. This may include your full name, email address, phone number, date of birth, nationality, and emergency contact information.

When you visit our website, we automatically collect certain technical information through cookies and similar tracking technologies. This includes your IP address, browser type, device information, operating system, pages visited, time spent on pages, and referral URLs.

For payment processing, we do not store your credit card or banking details on our servers. All payment transactions are securely processed by our licensed third-party payment providers in accordance with Saudi Arabian Central Bank (SAMA) regulations.

We use the information we collect to: provide, operate, and maintain our services; process your membership registration and payments; communicate with you about programs, events, and promotions; improve our website and services; ensure the safety and security of our facilities; and comply with legal obligations under Saudi law.

Your contact information may be used to send you marketing communications about new programs, special events, and member achievements, provided you have given your explicit consent. You may withdraw your consent and opt out of these communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

We use analytics cookies to understand how visitors interact with our website, which helps us improve user experience and optimize our services. Marketing cookies may be used to deliver personalized advertisements relevant to your interests.

We do not sell, trade, or rent your personal information to third parties. We may share your information only with trusted third-party service providers who assist us in operating our business, such as payment processors, cloud hosting providers, and email marketing platforms, provided those parties agree to maintain the confidentiality and security of your data in compliance with PDPL requirements.

We may also disclose your information when required by law, to comply with a legal obligation, protect our rights, or respond to lawful requests from public authorities in the Kingdom of Saudi Arabia, including the Saudi Data and Artificial Intelligence Authority (SDAIA).

All third-party processors with whom we share personal data are bound by data processing agreements that ensure they process your data only on our behalf and in accordance with PDPL standards.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements under Saudi law.

Membership and account data is retained for the duration of your active membership plus three (3) years after termination, to comply with contractual obligations and legal requirements.

Marketing and communication data is retained until you withdraw your consent or request deletion. Technical and analytics data collected via cookies is retained in accordance with the specific retention periods described in our Cookie Policy.

When personal data is no longer required, we will securely delete or anonymize it in accordance with PDPL guidelines.

Your personal data is primarily stored and processed within the Kingdom of Saudi Arabia. In limited circumstances, we may transfer your data to service providers located outside Saudi Arabia, such as cloud hosting or email service providers.

Any cross-border transfer of personal data will be conducted in strict compliance with PDPL requirements. We ensure that the recipient country provides an adequate level of data protection, or that appropriate safeguards (such as standard contractual clauses approved by SDAIA) are in place.

We will not transfer your personal data to any country that does not meet the data protection adequacy standards set by the Saudi Data and Artificial Intelligence Authority (SDAIA).

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and staff training on data protection.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Saudi Data and Artificial Intelligence Authority (SDAIA) within seventy-two (72) hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Under the PDPL, you have the following rights regarding your personal data:

Right to Access: You have the right to request access to the personal data we hold about you and receive a copy of it.

Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.

Right to Erasure (Deletion): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent.

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.

Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.

Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or based on legitimate interests.

Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of your rights under the PDPL, please contact our Data Protection Officer using the contact information provided at the end of this Privacy Policy.

We will respond to your request within thirty (30) days of receiving it. If your request is complex or we receive multiple requests from you, this period may be extended by an additional thirty (30) days. We will inform you of any such extension within the initial thirty-day period.

We may need to verify your identity before processing your request to ensure the security of your personal data. This may require you to provide proof of identification.

There is no fee for exercising your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

We use cookies and similar tracking technologies to collect information about your browsing behavior, preferences, and device. Cookies are small text files stored on your device that help us provide a better user experience.

We classify cookies into the following categories: Essential Cookies (required for the website to function and cannot be disabled); Analytics Cookies (help us understand how visitors interact with our website); and Marketing Cookies (used to deliver personalized advertisements and measure their effectiveness).

When you first visit our website, we will request your explicit consent before placing any non-essential cookies on your device. You can manage your cookie preferences at any time through our Cookie Settings, accessible via the cookie banner or by contacting us.

You can also instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you disable essential cookies, some portions of our services may not function properly.

Our services are not intended for individuals under the age of fifteen (15) without the consent of a parent or legal guardian. Under PDPL, the processing of personal data belonging to children under 15 requires explicit consent from the parent or guardian.

If we become aware that we have collected personal data from a child under 15 without verified parental consent, we will take steps to delete that information as quickly as possible. If you believe we might have any information from or about a child under 15, please contact us immediately.

We have appointed a Data Protection Officer (DPO) to oversee compliance with the PDPL and to serve as your point of contact for any data protection concerns. Our DPO is responsible for monitoring our data protection practices, handling data subject requests, and cooperating with the Saudi Data and Artificial Intelligence Authority (SDAIA).

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. We will notify you of any material changes by posting the updated Privacy Policy on this page with a revised "Last Updated" date.

For significant changes that affect your rights or how we process your data, we will provide additional notice, such as an email notification or a prominent banner on our website. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer at: