We are the data controller – how can you contact us?
This Privacy Police explains how we use any personal data we collect about you and your rights in relation to the information. “Personal data” means any information that identifies you as an individual or is capable of identifying you as an individual. For the purpose of applicable data protection laws, including the General Data Protection Regulation (the “GDPR”), the data controller is Diverge Fitness with email address firstname.lastname@example.org.
Purpose and legal basis for processing your personal data
We use the personal data we collect from and about you for the following purposes:
- to set up and manage your online account.
- to provide our services to you
- to provide you with information about our products and services (provided you have either consented to this or we by other means are allowed to reach out to you for marketing purposes).
- to process your payments, keep internal records and manage our relationship with you.
- to notify you of any changes to our services that may affect you.
The legal bases for which we collect, use, transfer or disclose your personal data include:
- the performance of our contract obligations with you (see article 6(1)(b) of the GDPR).
- our legitimate interests (see article 6(1)(f) of the GDPR), which include: improving our offerings as a business; personalizing our services and interactions with you, to better meet your needs as a customer; and detecting and preventing fraud.
- compliance with our legal obligations.
- to the extent we send you information on our products and services for marketing purposes, we will either ask for your consent (in accordance with article 6(1)(a) of the GDPR) before processing your information in this way or process your personal data based on our legitimate interests (in accordance with article 6(1)(f) of the GDPR – the legitimate interests are stated above).
Pictures that you choose to share with Diverge Fitness are used by us solely for tracking your progress and will never be shared on our website or social media unless you give your explicit consent hereto.
In order for us to be able to deliver customized meal- and workout plans to you, we may process certain health data provided by you, including information on allergens, information that might reveal obesity or specific injuries or other relevant information related to your physical or mental health status.
The legal basis for our processing of your health information is Article 9 (2) a) cf. Article 6 (1) b) of the GDPR, which means that we will ask you for your explicit consent to allow us to process your health data prior to you becoming a client with us.
You may at any time withdraw your consent to us processing your health data. However, you should be aware that if we are prevented from processing relevant personal data, including information on any allergens, information that might reveal obesity or specific injuries or other relevant information related to your physical or mental health status, we will not be able to provide you with our services (customized meal- and workout plans based on your unique needs).
Categories of personal information
This Privacy police covers all personal data collected and used by us.
This includes your: name, age, postal address, email address, phone number, credit card number, information on your body and wellbeing including height, weight (including information on obesity), body statistics, workouts, mood, meals, nutrition and general health and wellbeing, that you decide to disclose to us on this website or through the use of our app, as well as any pictures that you choose to share with us.
Third Parties, including processing by Zenfit ApS
Access to your personal data is only provided to carefully selected third parties, including:
- Our service providers who help us to provide our services to you, such as our infrastructure and IT service providers. These include Zenfit ApS
- Our payment platform that handles transactions so that you can buy our products
Our website may, from time to time, contain links to and from the websites of our partners, or affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we have no control over how they may use your personal data.
Time limits for keeping personal data
Your personal data will only be stored for as long as necessary for the purposes for which they were collected.
When we no longer need to use your information, we will remove it from our systems and records and / or take steps to promptly anonymise it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
As a general rule, we erase or anonymise your personal data 12 (twelve) months after your last activity.
Third country data transfers
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA and who work for us or for one of our service providers.
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice and applicable data protection laws, including, where relevant, entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA receiving the personal data.
The right to withdraw consent
You may at any time withdraw your consent to us processing your health data. For more information see “Purpose and legal basis for processing our personal data” above.
Right of access
You have the right to inspect the information we process about you and how we process your data.
Right to correct inaccurate information
You have the right to have inaccurate information about you corrected.
Right of erasure
In certain cases you have the right to request erasure of information about you before our general deletion time occurs.
Right to restriction of processing
In some cases you have the right to request restriction of processing. If you have this right, we will only be able to process your information – except for storage – with your consent or for the purpose of determining, enforcing or defending legal claims, or for protecting a person or important public interest.
Right to object
In some cases you have the right to object to our otherwise legitimate processing of your personal information. You can also object to the processing of your information for direct marketing.
Right to data portability
You may, in certain cases, have the right to receive your personal information in a structured, commonly used and machine-readable format and have these personal data transferred to another controller without hindrance.
If you wish to exercise one or more of the above rights, please contact us with your request at email@example.com
Compliant to your local data protection authority
You have the right to lodge a complaint to your local data protection authority if you are dissatisfied with the way in which we process your personal information. Contact information for your local can be found here: List of data protection authorities