HomeKnowledge base › Sauna and wellness
Wellness

Sauna and wellness: destroying customer data

Customer cards and intake forms of a sauna and wellness centre ready for confidential destruction

A sauna or wellness centre processes more sensitive data than it seems. Alongside member and customer data and payment data, you often record health questions and treatment preferences, from blood pressure and pregnancy to skin complaints and injuries. Part falls under the tax retention obligation, part is special-category personal data that asks for extra care. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially with a certificate.

The quick answer: the invoicing falls under the tax seven years, member and customer data you keep no longer than necessary for the membership. Health questions and treatment preferences are sensitive and you clear them out as soon as possible. Cameras belong only outside the changing and sauna rooms. What may go disappears confidentially and with a certificate.

Which data a wellness centre processes

The administration of a sauna or spa runs wider than just names and addresses. You manage memberships and subscriptions, appointments for massages and treatments, payment data and direct-debit mandates, and for many treatments also a short health questionnaire. That last category makes it special. As soon as you ask about heart and blood pressure, pregnancy, medication or skin conditions, you process health data, and that is special-category personal data.

So treat the data per type. A payment record has a different status than an intake form with health questions. If you make that distinction, you keep exactly what you must and clear out the rest on time. You see the same approach at related sectors such as beauty salons and gyms and fitness clubs, which likewise work with memberships and health questions.

Retention periods by part

The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the membership or the treatment.

PartStarting pointPeriod
Invoicing and administrationTax retention obligation7 years
Subscription and direct-debit mandateUntil end and taxpurpose-bound + 7 years
Member and customer dataStorage limitationwhile a member, then clear out
Massage and treatment appointmentsUntil settlementpurpose-bound
Health questions and preferencesSpecial, storage limitationas briefly as possible
Entrance camera footageSecuritya few weeks

Use this as a guideline, not a substitute for your own assessment. More detail per document type is in the GDPR retention periods cheatsheet and in the guide on how long you keep documents.

Health questions and treatment preferences

For a safe massage, a sauna visit after an operation or a heat treatment, you sometimes ask about a customer's health. That is sensible, but it makes the data sensitive. A note about pregnancy, a heart condition, an allergy or a recent injury falls under special-category personal data, and those deserve extra protection. Collect only what is needed for the treatment, use it only for that and clear it out once the purpose is met.

Do not keep such an intake form for years in case the customer comes back. On a next visit you ask the question again, because a health situation changes. Keep the health questions recognisably separate from the ordinary administration, so you can clear them out in a targeted way without having to keep the whole customer card.

Subscriptions, payment data and appointments

Memberships and subscriptions bring payment data and direct-debit mandates with them. Those fall under the seven-year tax administration, counted from the end of the financial year. The customer card itself you keep while someone is a member. Once a membership ends and there is no outstanding payment or dispute, the ground to keep the personal data lapses and you clear out the card. Single appointments for massages and treatments you keep until they are settled, after which they disappear.

Cameras only outside the changing and sauna rooms

Security at the entrance or reception can be legitimate, but in a wellness centre the limits are sharp. In changing rooms, shower rooms and sauna rooms no camera may hang, because there image capture intrudes too deeply on privacy. Cameras are allowed only outside those rooms, with a clearly stated purpose and a short retention period of usually a few weeks. After that you erase the footage. How you set a retention period for footage and destroy the recordings is in the guide on keeping and destroying CCTV footage.

How to handle it in 6 steps

  1. Split the data into administration, subscription, customer card and health questions.
  2. Limit health questions to what a safe treatment requires.
  3. Keep intake forms separate and clear them out once the purpose is met.
  4. Keep the administration seven years and the rest purpose-bound.
  5. Collect what may go in sealed containers, not in the paper bin.
  6. Have it destroyed confidentially with a certificate and record it in your register.

Destroy confidentially with a certificate

Customer and health data is destroyed confidentially, because it contains identity, payment and health information. Paper intake forms, expired customer cards and old data carriers travel sealed and stay that way until destruction, so the chain is closed. An old reception computer or a backup with member records belongs with it too.

Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.

Customer data to be destroyed?

Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.

Request a quote

Common mistakes

  • Keeping intake forms for years. A health situation changes, so ask again on a new visit.
  • Treating health questions as ordinary paper. Those need extra care and separate storage.
  • A camera in the changing or sauna room. That is not allowed, however well meant.
  • Keeping customer cards of former members. After the membership the purpose lapses.
  • Throwing away unshredded. A health questionnaire on the street is a reportable data breach.

Frequently asked questions

How long does a sauna or wellness centre keep member and customer data?

The invoicing and payment data fall under the seven-year tax retention obligation. Member and customer data and appointments you keep no longer than necessary for the membership and its settlement. Once a membership ends and there are no open matters, you clear out the customer card.

Are health questions and treatment preferences special-category personal data?

Often yes. A question about heart and blood pressure, pregnancy, skin complaints or injuries touches on health, and that is special-category personal data. Collect only what is needed for a safe treatment, keep it separate and clear it out once the purpose is met.

May I place cameras in the changing room or sauna?

No. In changing rooms, shower rooms and sauna rooms no camera may hang, as that intrudes too deeply on privacy. Cameras are allowed only outside those rooms, at an entrance or reception, with a short retention period of usually a few weeks.

How do I destroy customer data in line with the GDPR?

Confidentially and with a certificate of destruction. Paper intake forms and old data carriers travel sealed and stay that way until destruction. You record the destruction in your record of processing as proof.

Conclusion

A sauna or wellness centre works with identity, payment and health data of every customer, between the tax retention obligation and the GDPR. Keep the administration seven years, keep member and customer data while someone is a member and be restrained with health questions and treatment preferences. Cameras belong only outside the changing and sauna rooms with a short period. What may go you have destroyed confidentially with a certificate as proof. That way you protect your customers' data and meet the GDPR.

Read also: cinemas and theatres: destroying visitor data, theme parks: destroying visitor data, casinos and arcades: destroying customer data and the GDPR retention periods cheatsheet.


Have customer data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.