Privacy Policy
Last Updated: 10 June 2025
At ONNI, we prioritize your privacy and comply with the EU General Data Protection Regulation (GDPR) and Luxembourg data protection laws. This policy explains how we collect, use, and protect your personal data.
1. Data Controller
Onnea SCS
9 Montée de Clausen, L-1343 Luxembourg
Email: info@onni.lu
For specific services (e.g., events), we may collaborate with instructors or partners who act as independent data controllers.
2. Data We Collect & Why
Purpose | Data Collected | Legal Basis |
Account & Bookings | Name, email, phone, payment details, DoB | Contractual necessity |
Health & Safety | Emergency contact, health notes | Legitimate interest (safety) |
Marketing* | Email, name | Consent / Legitimate interest |
Website Analytics | IP address, browser type, cookies | Consent (for non-essential) |
Events & Promotions | Registration details | Legitimate interest |
Opt out anytime via email or unsubscribe links.
3. Your Rights
Under GDPR, you may:
- Access, correct, or delete your data.
- Withdraw consent (e.g., marketing).
- Object to processing (e.g., analytics).
- Request portability of your data.
To exercise these rights, contact us at info@onni.lu. We respond within 30 days.
4. Data Retention
We retain data only as long as necessary:
- Bookings & payments: 10 years (Luxembourg tax law).
- Inactive accounts: 3 years.
- Health data: Deleted after 1 year of last activity.
5. Data Security & Sharing
- Hosting: Hostinger (GDPR-compliant).
- Third Parties: Only shared with:
- Payment processors (e.g., Stripe).
- Event partners (under strict agreements).
- Legal authorities if required.
We never sell your data.
6. Cookies
We use:
- Essential cookies (for website functionality).
- Analytics cookies (with consent).
Manage preferences via our Cookie Banner or browser settings.
7. Updates & Complaints
- Policy changes will be posted on www.onni.lu
- Complaints may be filed with the Luxembourg CNPD: cnpd.public.lu
Contact Us:
For questions, email info@onni.lu