Privacy Policy

Introduction

Vitron B.V. ("we", "our", or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal training services, visit our website vitron.top, or interact with us.

As the Data Controller, Vitron is responsible for determining the purposes and means of processing your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

Data Collection

The data we collect includes personal information that you provide directly to us, information we collect automatically when you use our services, and information we may receive from third parties. This includes:

• Contact Information: Name, email address, phone number, postal address
• Health and Fitness Data: Medical history, fitness goals, physical measurements, workout performance data
• Payment Information: Billing address, payment method details (processed securely by our payment providers)
• Communication Records: Records of our communications with you, including emails, phone calls, and messages
• Website Usage Data: IP address, browser type, device information, pages visited, time spent on our website
• Cookie Data: Information collected through cookies and similar tracking technologies

How We Use Your Information

We explain how we use your information for various purposes related to providing our personal training services and improving our business operations. The use of your data is based on several legal grounds under GDPR:

• Service Delivery: To provide personal training services, create customised workout plans, and track your progress
• Communication: To respond to your inquiries, send appointment reminders, and provide customer support
• Payment Processing: To process payments and manage billing for our services
• Health and Safety: To ensure safe training practices and accommodate any health conditions or limitations
• Service Improvement: To analyse and improve our services, develop new programmes, and enhance user experience
• Marketing: To send you information about our services, promotions, and fitness tips (only with your consent)
• Legal Compliance: To comply with legal obligations and protect our legal rights

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to perform our contract with you for personal training services
• Legitimate Interest: For business operations, service improvement, and fraud prevention
• Consent: For marketing communications and non-essential cookies (you can withdraw consent at any time)
• Legal Obligation: To comply with applicable laws and regulations
• Vital Interest: To protect health and safety in emergency situations

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: With trusted third-party providers who assist us in operating our business (payment processors, scheduling software, etc.)
• Healthcare Professionals: With your explicit consent, we may share relevant health information with healthcare providers
• Legal Requirements: When required by law, court order, or to protect our legal rights
• Business Transfers: In the event of a merger, acquisition, or sale of our business
• Emergency Situations: To protect health, safety, or prevent harm

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations:

• Active Clients: During the duration of our service relationship and for up to 3 years after termination
• Health Records: Retained for 7 years as required by healthcare regulations
• Financial Records: Retained for 7 years for tax and accounting purposes
• Marketing Data: Until you withdraw consent or request deletion
• Website Data: Analytics data is anonymised after 26 months

Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interest or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing based on consent
• Right to Lodge a Complaint: File a complaint with a supervisory authority

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure payment processing through certified providers
• Regular backups and disaster recovery procedures

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. For detailed information about our use of cookies, please refer to our Cookie Policy.

International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal data, please contact us using the following information:

Supervisory Authority

If you believe we have not handled your personal data in accordance with applicable laws, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):