Privacy Policy
The Club
Last updated: April 23, 2026
1. Introduction
This privacy policy ("Privacy Policy") explains how Väo Factory OÜ (operating under the brand "The Club"; hereinafter "The Club", "we") collects, uses, shares, and protects your personal data when you use our website https://theclub.ee and related services (collectively the "Services").
Väo Factory OÜ is the controller of the personal data described in this Privacy Policy. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Estonian Personal Data Protection Act.
By using the Services, you confirm that you have read and understood this Privacy Policy. If you do not agree, please do not use the Services.
For questions, contact us at info@theclub.ee.
The Estonian-language version of this Privacy Policy prevails in case of discrepancies.
2. Data Controller
The controller of your personal data is:
Väo Factory OÜ
Registry code: 12185654
VAT number: EE102750614
Voolu tn 6-1, Nõmme district, Tallinn, Harju county, 11613, Estonia
Email: info@theclub.ee
3. Personal Data We Collect
3.1 Data You Provide
We collect personal data you provide directly, for example when joining the waiting list, creating an account, purchasing a membership, or contacting us:
name;
email address;
phone number;
billing information (for membership purchases);
other information you voluntarily provide.
3.2 Automatically Collected Data
When you use our website, we automatically collect certain technical and usage data via cookies and similar technologies:
IP address;
browser type and version, device type, operating system;
pages visited, clicks, scroll behavior, and session recordings (provider: PostHog);
referring URL and navigation paths;
date and time of visit;
approximate geographic location based on IP address.
3.3 Payment Data
When processing payments, we transmit the data necessary to execute the payment (name, contact details, order amount) to the authorized processor Maksekeskus AS (registry code 12268475).
Maksekeskus AS processes data securely in accordance with the PCI DSS standard. Card data is stored only by Maksekeskus AS — we do not have access to your bank or card details.
3.4 Data from Third Parties
We may receive limited personal data from marketing partners, social media platforms, and public sources to improve our marketing activities.
3.5 Special Categories of Personal Data
We do not collect or process special categories of personal data (e.g. health data, biometric data).
If you voluntarily share health-related information with us (e.g. injuries, conditions), we process it only with your explicit consent and solely to ensure your safety during training. You may withdraw consent at any time.
4. Purposes and Legal Bases for Processing
We process personal data only where we have a legal basis under GDPR Article 6:
Performance of a contract (Art. 6(1)(b)) — managing memberships, processing payments, delivering services;
Legal obligation (Art. 6(1)(c)) — accounting and tax compliance;
Legitimate interest (Art. 6(1)(f)) — website security, fraud prevention, service improvement;
Consent (Art. 6(1)(a)) — marketing cookies, newsletters, voluntarily shared health information.
5. Cookies and Tracking Technologies
We use cookies and similar technologies (e.g. pixels and web beacons) to analyze and improve the website experience.
Essential cookies. Required for the website to function; no consent required.
Analytics cookies. Used to analyze usage (e.g. PostHog, Google Analytics). Includes session recordings. Used only with consent.
Marketing cookies. Used for advertising performance and targeting (e.g. Meta Pixel). Used only with consent.
You can manage cookie preferences via the cookie banner or your browser settings.
6. Data Sharing
We do not sell personal data.
We may share data with authorized processors:
payment intermediary: Maksekeskus AS;
hosting and cloud providers;
analytics services (PostHog, Google Analytics);
marketing and communication providers;
accounting and legal advisors.
We may also disclose data:
in the event of a merger or sale;
under legal obligation;
to protect rights, security, or property.
7. Data Transfers Outside the EEA
When data is transferred outside the EEA, we ensure safeguards such as:
European Commission adequacy decisions;
Standard Contractual Clauses (SCCs);
additional security measures where necessary.
8. Data Retention
We retain personal data only as long as necessary:
membership data — contract duration + 3 years;
accounting data — 7 years;
marketing data — until consent is withdrawn;
analytics data — up to 14 months.
Data is securely deleted or anonymized when no longer needed.
9. Your Rights
You have the right to:
access your data;
correct inaccurate data;
request deletion;
restrict processing;
data portability;
object to processing;
withdraw consent at any time;
file a complaint.
Contact: info@theclub.ee (response within 30 days).
9.1 Filing a Complaint
You may contact:
Andmekaitse Inspektsioon
Tatari 39, 10134 Tallinn, Estonia
Email: info@aki.ee
Website: https://www.aki.ee
10. Data Security
We implement technical and organizational security measures, including encryption (TLS), access controls, secure hosting, and regular reviews.
Payment security is ensured via Maksekeskus AS (PCI DSS compliant).
11. Children’s Privacy
Services are intended for users aged at least 14.
We do not knowingly collect data from children under 14. If such data is identified, it will be deleted promptly.
12. Do-Not-Track Signals
Our website does not automatically respond to Do-Not-Track signals. Tracking can be managed via cookie settings.
13. Changes to this Policy
We may update this Privacy Policy. Material changes will be communicated at least 30 days in advance.
14. Contact
Väo Factory OÜ (The Club)
Voolu tn 6-1, Nõmme district, Tallinn, Harju county, 11613, Estonia
Email: info@theclub.ee