Privacy
policy.

Last updated: 20 May 2026

1. Data controller

The data controller responsible for your personal data is:

• Legal name: TERRAWOD FITNESS, S.L.
• Trade name: CrossFit La Mola
• Spanish VAT (CIF): ESB55446280
• Commercial Register: Barcelona, Folio 1, Sheet B 617456, Entry 1
• Address: Av. del Vallès 724C, 08227 Terrassa, Barcelona, Spain
• Email: info@crossfitlamola.com
• Phone: +34 699 19 65 31

No Data Protection Officer (DPO) has been designated, as this is not a legal obligation in our case. For any questions regarding your data, you can contact us directly at the address indicated.

2. Purpose of processing

We collect and process your personal data for the following purposes:

• Managing your registration and participation in classes
• Responding to your inquiries and information requests
• Sending communications related to our services (schedules, changes, events)
• Managing fee collection and billing
• Anonymously measuring website audience (Google Analytics, with your consent)
• Complying with applicable legal obligations

3. Legal basis

The legal basis for processing your data is:

• Contract performance (art. 6.1.b GDPR): when you sign up as a member
• Consent (art. 6.1.a GDPR): when you send us an inquiry, subscribe to newsletter, consent to image use, or accept analytics cookies
• Explicit consent (art. 9.2.a GDPR): for processing health data relevant to sports practice
• Legitimate interest (art. 6.1.f GDPR): to send you information about our services
• Legal obligation (art. 6.1.c GDPR): to comply with tax and accounting regulations

4. Data we collect

We may collect the following categories of data:

• Identification data: name, surname, ID number
• Contact data: phone, email, address
• Special categories (art. 9 GDPR): health data relevant to sports practice (injuries, medical conditions). Processed with explicit consent, exclusively to ensure your safety during training.
• Images and videos during activities, only with your explicit consent
• Bank details for payment management (we never store full card numbers; managed by our bank or payment gateway)
• Anonymous browsing data via Google Analytics (only with consent)

5. Data retention

We will keep your data while you maintain your relationship with us. Once terminated, data will be kept for the legally established periods:

• Tax and accounting data: 6 years (Spanish Commercial Code art. 30)
• Contractual data: 5 years
• Health data: deleted when you cease to be a member, unless longer legal term applies
• Anonymous browsing data (Google Analytics): 14 months

6. Recipients and international transfers

Your data will not be shared with third parties, except:

• Banking entities for payment management
• Public administrations when legally required (Tax Agency, Social Security)
• Technology service providers (Vercel hosting, Formspree email, Aimharder booking) with data processing agreements

International transfer: If you consent to analytics cookies, Google Analytics (Google LLC, California, USA) may transfer data to the United States. Google adheres to the EU-U.S. Data Privacy Framework, considered by the European Commission as providing an adequate level of protection (Decision 2023/1795). You can revoke this consent at any time from the "Manage cookies" link in the footer.

7. Your rights

Under the GDPR (EU Regulation 2016/679) and Spanish LOPDGDD (Organic Law 3/2018), you have the right to:

• Access: know what data we hold about you
• Rectification: correct inaccurate data
• Erasure ("right to be forgotten"): request the deletion of your data
• Objection: object to certain processing
• Restriction: restrict processing in certain cases
• Portability: receive your data in a structured electronic format
• Withdraw consent: at any time, without retroactive effects
• Not be subject to automated decisions: not applicable, we do not perform automated profiling

To exercise these rights, contact us at info@crossfitlamola.com indicating the right you wish to exercise and attaching a copy of your ID or equivalent document to verify your identity.

You can also file a complaint with the Spanish Data Protection Agency (www.aepd.es) if you consider that the processing does not comply with regulations.

8. Security

We apply appropriate technical and organizational measures to protect your data against unauthorized access, loss, or destruction (HTTPS encryption, access control, backups).

9. Changes to this policy

We may update this privacy policy. The date of the last update appears at the beginning of the document. Any significant changes will be communicated through our website or by email.