Utviklingen står aldri stille. Vi står aldri stille - og det bør heller ikke du. Navnet vårt forplikter, og vi tar det bunnalvorlig. Derfor er vi på en felles reise om å hjelpe deg med å ta din indre og ytre sunnhet til nye høyder uansett kjønn, alder eller mål. Produktene våre er ikke "kun til kvinner" eller "utivklet til topatleter", for når produkter utvikles på bakgrunn av vitenskapelige resultater, er effekten alltid konsistent. Les mer.
Why does Fitnessguru collect and process personal data?
A better customer experienceWith the help of your personal data you get a personalized experience when shopping at Fitnessguru.
Safety firstYour data is always protected by us and we do our utmost to make you feel safe with how we handle your data.
You decideNo spam or anything unnecessary. We only retain your data for as long as we have to, then we delete it.
What is personal information and what is processing of personal data?
Personal data is any kind of information that can be directly or indirectly attributed to a currently living physical person, a so called data subject. For example, images and sound recordings that are processed in a computer can be personal data even if no names are mentioned. Encrypted data and various kinds of electronic identities (eg IP addresses) are personal data if they can be linked to natural persons. Any action taken with personal data is processing, regardless of whether it is performed automated or not. Examples of common processing are collection, registration, organization, structuring, storage, processing, transfer, and deletion.
Who is responsible for the personal information we collect?
Fitnessguru Sweden AB, org. no. 556801-0069, with address Optimusvägen 12D, 194 34 Upplands Väsby, is the personal data controller for the company's processing of personal data.
Below you can read about what Fitnessguru uses your personal data for and why.
2.1. TO MAKE IT POSSIBLE FOR YOU TO MANAGE YOUR SERVICES AND FOLLOW YOUR PURCHASES
When you use our services (such as body check) or shop at Fitnessguru, a customer account is generated for you.
2.2. FOR MANAGING ORDERS
We handle the following information:
Legal basis: Completion of the purchase agreement. The collection of your personal data is required in order for us to be able to fulfill our obligations under the purchase agreement. If the information is not provided, our commitments cannot be fulfilled and we are therefore forced to deny you the purchase.
Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter in order to be able to handle any complaints, returns, and warranty cases.
2.3. TO COMPLETE THE COMPANY'S LEGAL OBLIGATIONS
Necessary management for fulfilling the company's legal obligations under statutory requirements, court rulings or government decisions (such as the Accounting Act, the Money Laundering Act or the rules on product liability and product safety, which may require the creation of communication and information to the public and customers about product alarms and product recalls in, for example, a defect or hazardous product).
We process for this purpose;
Legal basis: Legal obligation. This collection of your personal data is required by law. If the data is not provided, our legal obligation cannot be fulfilled and we are therefore forced to deny you the purchase.
Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter, or up to seven years for data processed under the Accounting Act.
2.4. FOR MANAGING CUSTOMER SERVICES
We deal with the following information;
Legal basis: Legitimate interest, and explicit consent in cases where we treat sensitive data. The treatment is necessary to satisfy our and your legitimate interest in managing customer service matters.
Storage period: 36 months after the customer service case is completed.
2.5. TO EXPLORE, DEVELOP AND IMPROVE OUR SERVICES, PRODUCTS AND SYSTEMS FOR THE CUSTOMER COLLECTIVE IN LARGE AND OFFER YOU A PERSONAL AND RELEVANT EXPERIENCE IN OUR OFFERINGS OF SERVICES AND PRODUCTS
Analyzes of the information we collect for the purpose. Based on the information we collect (for example, purchase history, age, and gender), you are sorted into a customer group (so-called customer segment) for which analyzes are then made at an aggregated level using de-identified or pseudonymized data, without any connection to you as an individual. The insights from the analysis form the basis for which products are being developed.
We therefore process:
Legal basis: By legitimate interest. The processing is necessary to satisfy our and our customers' legitimate interest in evaluating, developing and improving our services, products, and systems. By agreement, in the case of data you provided via the body check test and explicit consent in the case of sensitive personal data.
Storage period: From collection and for a period of 36 months thereafter.
2.6. TO PREVENT ABUSE OF A SERVICE OR TO PREVENT, PREVENT AND EXAMINE CRIMES AGAINST THE COMPANY AND CUSTOMERS
Prevention and investigation of any fraud or other law violations. Prevention of junk mail, phishing, harassment or other measures that are prohibited by law or our purchase or service conditions. Protection and improvement of our IT environment against attacks and infringements.
For this purpose, we process:
Legal basis: Compliance with legal obligation (if any) or legitimate interest. If there is no legal obligation, the processing is necessary to meet our legitimate interest in preventing abuse of a service or in preventing and investigating crimes against the company.
2.7. TO OFFER CUSTOMERS A PERSONAL BODY CHECK CONSULTATION AND ADVICE
Recommendation of products based on the user's needs and wishes and information on how they should be used for the desired end result. Personalized consultation by phone, chat or email. Marketing of products based on the customer's needs and wishes.
For this we process:
Legal basis: Completion of the consultation agreement and explicit consent for cases where users provide sensitive information about themselves. Balancing interest for marketing, it is in both Fitnessguru's and the user's interest that users buy products that fit them. Follow-up of recommendations over time.
Storage period: 60 months from the collection.
2.8. FOR RECRUITMENT AND STAFF ADMINISTRATION
Treatment of job application and possible new employment. Termination of employment. Administration of any rehabilitation and discrimination cases.
Legal grounds: Legitimate interest in pursuing or terminating recruitment processes and, where appropriate, retaining information as security in discrimination cases or the like. Express consent in cases where sensitive information may occur.
Storage period: 60 months from the collection or the end of the recruitment process.
2.9. TO FOLLOW UP REFERENCES ON RECRUITMENT
If someone has provided contact information for references during the recruitment process, we will save only names, phone numbers and email addresses to them. We keep the data until the recruitment process is completed.
From which sources do we retrieve your personal data?
In addition to the information you provide yourself to us, or which we collect from you based on your purchases and how you use our services, we may also collect personal data from someone else (so-called third party). The information we collect from third parties is as follows:
Who can we share your personal data with?
Personal Data Assistants. In cases where it is necessary for us to be able to offer our services, we share your personal data with companies that are so-called personal data assistants for us. A personal data assistant is a company that processes the information on our behalf and according to our instructions. We have personal data assistants who help us with:
1) Transports (logistics companies and freight forwarders)2) Payment solutions (card-redeeming companies, banks and other payment service providers)3) Marketing (print, social media, media agencies or advertising agencies)4) IT-services (companies that handle the necessary operations, technical support andmaintenance of our IT solutions)
When your personal data is shared with personal data assistants, it only happens for purposes that are consistent with the purposes for which we have collected the information (for example, in order to fulfill our obligations under the purchase agreement). We verify all personal data assistants to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all personal data assistants, through which they guarantee the security of the personal data processed and undertake to comply with our security requirements, as well as limitations and requirements regarding international transfer of personal data.
Companies that are independently responsible for personal data. We also share your personal data with certain companies that are independently responsible for personal data. The fact that the company is independently responsible for personal data means that it is not we who control how the information provided to the company is to be processed. Independent data controllers with whom we share your personal information are:
1) Government authorities (the police, the tax authorities or other authorities) if we are obliged to do so by law or in case of suspicion of crime2) Companies that provide general goods transport (logistics companies and freight forwarders)3) Companies that offer payment solutions (card-redeeming companies, banks and other payment service providers)
Klarna and the processing of personal data
When purchasing with invoice, Klarna Bank AB will treat your personal data as the personal data controller. The personal data is processed, among other things, for the fulfillment of the agreement, as well as for carrying out identification and credit control via external and internal databases. For more detailed information about Klarna's processing of personal data and your rights in connection with the processing see: https://www.klarna.com/uk/privacy-policy/
Where do we process your personal information?
We always strive to ensure that your personal information is processed within the EU / EEA and that all our own IT systems are located within the EU / EEA. In the case of system support and maintenance, however, we may have to transfer the information to a country outside the EU / EEA, for example if we share your personal information with a personal data assistant who, either himself or through a subcontractor, is established or stores information in a country outside the EU / EEA. In these cases, the assistant may only access the information that is relevant for the purpose (for example, log files).
Regardless of in which country your personal data is processed, we take all reasonable legal, technical and organizational measures to ensure that the level of protection is the same as in the EU / EEA. In cases where personal data is processed outside the EU / EEA, the level of protection is guaranteed either by a decision of the EU Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate protection measures. Examples of appropriate safeguards are the approved code of conduct in the recipient country, standard contract clauses, binding internal rules or Privacy Shield. If you would like to receive a copy of the protective measures that have been taken or information about where these have been made available, you are welcome to contact us.
For how long do we save your personal data?
We never save your personal information beyond what is necessary for each purpose. See more about the specific storage periods under each purpose.
What do you have rights as registered?Right to access (so-called registry extract). We are always open and transparent about how we process your personal data and if you want to gain a deeper insight into which personal data we are dealing with you, you can request access to the data. The information is provided in the form of a registry extract with the purpose, categories of personal data, categories of recipients, storage periods, information on where the information has been collected and the existence of automated decision making.
Keep in mind that if we receive an access request, we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person with authority to access it.
Keep in mind that we may have the right to refuse your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from accounting and tax legislation, banking and money laundering legislation, but also from consumer law legislation. It may also happen that the processing is necessary for us to be able to establish, enforce or defend against legal claims. Should we be prevented from meeting a request for deletion, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.
Right to limitation. You have the right to request that our processing of your personal data be limited. If you dispute that the personal information we process is correct, you may request a limited processing during the time we need to verify whether the personal data is correct. If we no longer need the personal data for the stated purposes, but you do need them in order to determine, enforce or defend legal claims, you may request limited processing of the information with us. This means that you can request that we do not delete your information. If you have objected to a balance of interest of legitimate interest that we have made as a legitimate basis for a purpose, you may request limited treatment during the time we need to verify whether our legitimate interests outweigh your interest in getting the information deleted.If the treatment has been restricted according to one of the above situations, we may only, in addition to the actual storage, process the data to determine, enforce or defend legal claims, to protect someone else's rights or if you have given your consent.
The right to object to certain types of treatment. You always have the right to avoid direct marketing and to object to all processing of personal data based on a balance of interests.
Legitimate interest: In cases where we use balancing of interests as a legal basis for a purpose, you have the opportunity to object to the treatment. In order to be able to continue processing your personal data after such an objection, we need to be able to show a compelling justified reason for the current treatment that weighs heavier than your interests, rights or freedoms. Otherwise, we may only process the data to determine, exercise or defend legal claims.
Direct Marketing (including analysis performed for direct marketing purposes): You have the opportunity to object to your personal data being processed for direct marketing purposes. The objection also includes the analysis of personal data (so-called profiling) that are performed for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (for example via mail, email and SMS). Marketing measures where you, as a customer, have actively chosen to use one of our services or otherwise sought us out to know more about our services are not counted as direct marketing (for example, product recommendations).
If you object to direct marketing, we will cease processing your personal data for that purpose as well as cease all types of direct marketing efforts. You can change this by changing the settings on the deregistration link in marketing mailing or by contacting customer service.
Right to data portability. If our right to process your personal data is based on either your consent or the fulfillment of an agreement with you, you have the right to request that the information that concerns you and which you have submitted to us is transferred to another data controller (so-called data portability). One prerequisite for data portability is that the transmission is technically possible and that it can be automated.
How do we handle personal identity numbers?
We will only process your personal identity number when it is clearly justified with regard to the purpose, necessary for secure identification or if there is any other considerate reason. We always minimize the use of your social security number as much as possible by, if it is sufficient, instead use your birth date.
How is your personal data protected?
We use IT systems to protect privacy, privacy and access to personal information. We have taken special precautions to protect your personal information from unlawful or unauthorized processing (such as illegal access, loss, destruction or damage). Only those individuals who actually need to process your personal data in order to fulfill our stated purposes have access to it.
What are cookies and how do we use them?
Cookies are a small text file consisting of letters and numbers that are sent from our web server and stored on your browser or device. At Fitnessguru we use the following cookies:
1) Session cookies (a temporary cookie that ends when you close your browser or device)2) Permanent cookies (cookies that remain on your computer until you delete them or they expire)3) First-party cookies (cookies set by the site you visit)4) Third-party cookies (cookies set by a third party's website. These are used primarily for analysis, such as by Google Analytics)5) Similar techniques (techniques that store information in your browser or in your device in a manner similar to cookies)
Yes! Your browser or device allows you to change the settings for the use and scope of cookies. Go to the settings for your browser or device to learn more about adjusting the settings for cookies. Examples of things you can adjust are blocking all cookies, only accepting first-party cookies or deleting cookies when you shut down your browser. Keep in mind that some of our services may not work if you block or delete cookies. You can read more about cookies in general at the National Post and Telecom Agency's website, pts.se.
What does it mean that the DPA is the supervisory authority?
The Swedish Data Protection Authority is responsible for monitoring the application of the legislation, and anyone who considers that a company handles personal data incorrectly can submit a complaint to the DPA.
How do you contact us for questions about data protection?