Fitnessguru Privacy Policy
At a glance
Why does Fitnessguru collect and process personal data?
A better customer experience
With the help of your personal data you get a personalized experience when shopping at Fitnessguru.
Safety first
Your data is always protected by us and we do our utmost to make you feel safe with how we handle your data.
You decide
No spam or anything unnecessary. We only retain your data for as long as we have to, then we delete it.
1. Introduction
At Fitnessguru, we protect your privacy and always strive for a high level of data protection. This Privacy Policy explains how we collect and use your personal data and also describes your rights and how you can enforce them. It is important that you review and understand the privacy policy. Our goal is to make you feel safe in our processing of your personal data and you are always welcome to contact us if you have any questions.
What is personal information and what is processing of personal data?
Personal data is any kind of information that can be directly or indirectly attributed to a currently living physical person, a so called data subject. For example, images and sound recordings that are processed in a computer can be personal data even if no names are mentioned. Encrypted data and various kinds of electronic identities (eg IP addresses) are personal data if they can be linked to natural persons. Any action taken with personal data is processing, regardless of whether it is performed automated or not. Examples of common processing are collection, registration, organization, structuring, storage, processing, transfer, and deletion.
Who is responsible for the personal information we collect?
Fitnessguru Sweden AB, org. no. 556801-0069, with address Optimusvägen 12D, 194 34 Upplands Väsby, is the personal data controller for the company's processing of personal data.
2. WHAT DOES FITNESSGURU USE YOUR PERSONAL DATA FOR?
Below you can read about what Fitnessguru uses your personal data for and why.
2.1. TO MAKE IT POSSIBLE FOR YOU TO MANAGE YOUR SERVICES AND FOLLOW YOUR PURCHASES
When you use our services (such as body check) or shop at Fitnessguru, a customer account is generated for you.
2.2. FOR MANAGING ORDERS
Which includes:
- Delivery (including notifications and contact regarding delivery).
- Identification and age control.
- Payment processing (including analysis of possible payment solutions, which may include checking payment history and obtaining credit reports). Address check against registries.
- Handling of complaints & returns
We handle the following information:
- Name
- Personal identity number (if applicable)
- Contact information (eg address, email and phone number)
- Payment History
- Payment Information
- Credit information from credit reporting agencies
- Purchase information (eg which item has been ordered or if the product is to be delivered to another address)
Legal basis: Completion of the purchase agreement. The collection of your personal data is required in order for us to be able to fulfill our obligations under the purchase agreement. If the information is not provided, our commitments cannot be fulfilled and we are therefore forced to deny you the purchase.
Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter in order to be able to handle any complaints, returns, and warranty cases.
2.3. TO COMPLETE THE COMPANY'S LEGAL OBLIGATIONS
Necessary management for fulfilling the company's legal obligations under statutory requirements, court rulings or government decisions (such as the Accounting Act, the Money Laundering Act or the rules on product liability and product safety, which may require the creation of communication and information to the public and customers about product alarms and product recalls in, for example, a defect or hazardous product).
We process for this purpose;
- Name
- Personal identity number
- Contact information (eg address, email and phone number)
- Payment History
- Payment Information
- Your correspondence
- Information about time of purchase, place of purchase, eventual error / complaint
Legal basis: Legal obligation. This collection of your personal data is required by law. If the data is not provided, our legal obligation cannot be fulfilled and we are therefore forced to deny you the purchase.
Storage period: Until the purchase has been completed (including delivery and payment) and for a period of 36 months thereafter, or up to seven years for data processed under the Accounting Act.
2.4. FOR MANAGING CUSTOMER SERVICES
Which includes:
- Communication and answering of any questions to customer service (by email, phone, or via digital channels, including social media).
- Investigation of any complaints and support cases (including technical support).
- Questions and advice on and before purchase, questions about products, return handling, change of order and similar cases.
We deal with the following information;
- Name
- Personal Identity Number
- Contact information (eg address, email and phone number)
- Your correspondence
- Purchase information (time, place of purchase, possible errors / complaints)
- Body check data
- Health data (eg allergic reactions and health conditions you tell us about)
Legal basis: Legitimate interest, and explicit consent in cases where we treat sensitive data. The treatment is necessary to satisfy our and your legitimate interest in managing customer service matters.
Storage period: 36 months after the customer service case is completed.
2.5. TO EXPLORE, DEVELOP AND IMPROVE OUR SERVICES, PRODUCTS AND SYSTEMS FOR THE CUSTOMER COLLECTIVE IN LARGE AND OFFER YOU A PERSONAL AND RELEVANT EXPERIENCE IN OUR OFFERINGS OF SERVICES AND PRODUCTS
- Adaptation of services to become more user-friendly (for example, changing the user interface to simplify the flow of information or to highlight functions often used by customers in our digital channels).
- Development of documentation for the purpose of improving goods and logistics flows (for example by being able to forecast purchases, inventories and deliveries).
- Development of documentation for developing and improving our range.
- Development of documentation to develop and improve our resource efficiency from an environmental and sustainability perspective (for example, by making purchasing and planning deliveries more efficiently).
- Creation of documentation for the purpose of planning new and possible deployment of warehouses or selecting 3PL-partners.
- Give our customers the opportunity to influence and review our range.
- Development of documentation to improve IT systems in order to generally improve the security of the company and our visitors / customers.
Analyzes of the information we collect for the purpose. Based on the information we collect (for example, purchase history, age, and gender), you are sorted into a customer group (so-called customer segment) for which analyzes are then made at an aggregated level using de-identified or pseudonymized data, without any connection to you as an individual. The insights from the analysis form the basis for which products are being developed.
We therefore process:
- Age
- Sex
- E-mail address
- Place of residence
- Correspondence and feedback regarding our services and products
- Purchase and user-generated data (eg clicks and visit history)
- The information you provided via body check test
- Customer satisfaction survey and questionnaires
- Technical data regarding devices used and its settings (for example, language setting, IP address, browser settings, time zone, operating system, screen resolution and platform)
- Information about how you interacted with us, ie. how you used the service, login method, where and how long different pages were visited, response times, download errors, how to reach and leave the service etc.
- Information on how to use our websites via "cookies". You can read more about what cookies are and how we use them here.
Legal basis: By legitimate interest. The processing is necessary to satisfy our and our customers' legitimate interest in evaluating, developing and improving our services, products, and systems. By agreement, in the case of data you provided via the body check test and explicit consent in the case of sensitive personal data.
Storage period: From collection and for a period of 36 months thereafter.
2.6. TO PREVENT ABUSE OF A SERVICE OR TO PREVENT, PREVENT AND EXAMINE CRIMES AGAINST THE COMPANY AND CUSTOMERS
Prevention and investigation of any fraud or other law violations. Prevention of junk mail, phishing, harassment or other measures that are prohibited by law or our purchase or service conditions. Protection and improvement of our IT environment against attacks and infringements.
For this purpose, we process:
- Personal identity number
- Purchase and user-generated data (for example, click and visitor history)
- Technical data regarding devices used and its settings (for example, language setting, IP address, browser settings, time zone, operating system, screen resolution, and platform)
- Information on how our digital services are used
Legal basis: Compliance with legal obligation (if any) or legitimate interest. If there is no legal obligation, the processing is necessary to meet our legitimate interest in preventing abuse of a service or in preventing and investigating crimes against the company.
Storage period: From collection and for a period of 36 months thereafter.
2.7. TO OFFER CUSTOMERS A PERSONAL BODY CHECK CONSULTATION AND ADVICE
Recommendation of products based on the user's needs and wishes and information on how they should be used for the desired end result. Personalized consultation by phone, chat or email. Marketing of products based on the customer's needs and wishes.
For this we process:
- Name
- Contact information (eg address, email and phone number)
- Sex
- Approximate age
- Purchase information
- Fitness goals
- Pictures, in case the user chooses this
- Health data from body check test
Legal basis: Completion of the consultation agreement and explicit consent for cases where users provide sensitive information about themselves. Balancing interest for marketing, it is in both Fitnessguru's and the user's interest that users buy products that fit them. Follow-up of recommendations over time.
Storage period: 60 months from the collection.
2.8. FOR RECRUITMENT AND STAFF ADMINISTRATION
Treatment of job application and possible new employment. Termination of employment. Administration of any rehabilitation and discrimination cases.
- CV
- Name
- Phone number
- E-mail address
- Physical address
- Image that the candidate himself posted (optional)
- Personal identification number
- Personal letter where medical history or the like might be included
- Mail exchange between HR and the candidate
- Notes from HR regarding interviews
- Test results from work samples linked to the service
- Contact information for references
Legal grounds: Legitimate interest in pursuing or terminating recruitment processes and, where appropriate, retaining information as security in discrimination cases or the like. Express consent in cases where sensitive information may occur.
Storage period: 60 months from the collection or the end of the recruitment process.
2.9. TO FOLLOW UP REFERENCES ON RECRUITMENT
If someone has provided contact information for references during the recruitment process, we will save only names, phone numbers and email addresses to them. We keep the data until the recruitment process is completed.
3. WHAT SOURCES ARE FITNESSGURU COLLECTING YOUR PERSONAL DATA FROM?
From which sources do we retrieve your personal data?
In addition to the information you provide yourself to us, or which we collect from you based on your purchases and how you use our services, we may also collect personal data from someone else (so-called third party). The information we collect from third parties is as follows:
- Address information from public registers to be sure we have the right address information for you
- Credit rating information from credit rating agencies, banks or disclosure companies
4. WHO HAS ACCESS / PROCESSES YOUR PERSONAL DATA?
Who can we share your personal data with?
Personal Data Assistants. In cases where it is necessary for us to be able to offer our services, we share your personal data with companies that are so-called personal data assistants for us. A personal data assistant is a company that processes the information on our behalf and according to our instructions. We have personal data assistants who help us with:
1) Transports (logistics companies and freight forwarders)
2) Payment solutions (card-redeeming companies, banks and other payment service providers)
3) Marketing (print, social media, media agencies or advertising agencies)
4) IT-services (companies that handle the necessary operations, technical support and
maintenance of our IT solutions)
When your personal data is shared with personal data assistants, it only happens for purposes that are consistent with the purposes for which we have collected the information (for example, in order to fulfill our obligations under the purchase agreement). We verify all personal data assistants to ensure that they can provide sufficient guarantees regarding the security and confidentiality of personal data. We have written agreements with all personal data assistants, through which they guarantee the security of the personal data processed and undertake to comply with our security requirements, as well as limitations and requirements regarding international transfer of personal data.
Companies that are independently responsible for personal data. We also share your personal data with certain companies that are independently responsible for personal data. The fact that the company is independently responsible for personal data means that it is not we who control how the information provided to the company is to be processed. Independent data controllers with whom we share your personal information are:
1) Government authorities (the police, the tax authorities or other authorities) if we are obliged to do so by law or in case of suspicion of crime
2) Companies that provide general goods transport (logistics companies and freight forwarders)
3) Companies that offer payment solutions (card-redeeming companies, banks and other payment service providers)
When your personal data is shared with a company that is independently responsible for personal data, that company applies its privacy policy and personal data processing policies.
Klarna and the processing of personal data
When purchasing with invoice, Klarna Bank AB will treat your personal data as the personal data controller. The personal data is processed, among other things, for the fulfillment of the agreement, as well as for carrying out identification and credit control via external and internal databases. For more detailed information about Klarna's processing of personal data and your rights in connection with the processing see: https://www.klarna.com/uk/privacy-policy/
Where do we process your personal information?
We always strive to ensure that your personal information is processed within the EU / EEA and that all our own IT systems are located within the EU / EEA. In the case of system support and maintenance, however, we may have to transfer the information to a country outside the EU / EEA, for example if we share your personal information with a personal data assistant who, either himself or through a subcontractor, is established or stores information in a country outside the EU / EEA. In these cases, the assistant may only access the information that is relevant for the purpose (for example, log files).
Regardless of in which country your personal data is processed, we take all reasonable legal, technical and organizational measures to ensure that the level of protection is the same as in the EU / EEA. In cases where personal data is processed outside the EU / EEA, the level of protection is guaranteed either by a decision of the EU Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate protection measures. Examples of appropriate safeguards are the approved code of conduct in the recipient country, standard contract clauses, binding internal rules or Privacy Shield. If you would like to receive a copy of the protective measures that have been taken or information about where these have been made available, you are welcome to contact us.
For how long do we save your personal data?
We never save your personal information beyond what is necessary for each purpose. See more about the specific storage periods under each purpose.
5. YOUR RIGHTS & CONSENT
What do you have rights as registered?
Right to access (so-called registry extract). We are always open and transparent about how we process your personal data and if you want to gain a deeper insight into which personal data we are dealing with you, you can request access to the data. The information is provided in the form of a registry extract with the purpose, categories of personal data, categories of recipients, storage periods, information on where the information has been collected and the existence of automated decision making.
Keep in mind that if we receive an access request, we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person with authority to access it.
- Right to correction. You can request that your personal data be corrected if the information is incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data.
- You have the right at any time to withdraw a consent you have given us. For example, consent to send newsletters.
- Right to erase. You can request the deletion of personal information we are holding about you if:
- The data are no longer necessary for the purposes for which they were collected or processed
- You object to a balance of interests we have made based on legitimate interest and your reason for objection weighs heavier than our legitimate interest.
- You object to processing for direct marketing purposes
- The personal data is processed in an illegal manner
- The personal data must be erased in order to fulfill a legal obligation we are subject to
- Personal data has been collected from a child (under the age of 13) for whom you have parental responsibility and the collection has taken place in connection with the provision of information society services (eg social media)
Keep in mind that we may have the right to refuse your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from accounting and tax legislation, banking and money laundering legislation, but also from consumer law legislation. It may also happen that the processing is necessary for us to be able to establish, enforce or defend against legal claims. Should we be prevented from meeting a request for deletion, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.
Right to limitation. You have the right to request that our processing of your personal data be limited. If you dispute that the personal information we process is correct, you may request a limited processing during the time we need to verify whether the personal data is correct. If we no longer need the personal data for the stated purposes, but you do need them in order to determine, enforce or defend legal claims, you may request limited processing of the information with us. This means that you can request that we do not delete your information. If you have objected to a balance of interest of legitimate interest that we have made as a legitimate basis for a purpose, you may request limited treatment during the time we need to verify whether our legitimate interests outweigh your interest in getting the information deleted.
If the treatment has been restricted according to one of the above situations, we may only, in addition to the actual storage, process the data to determine, enforce or defend legal claims, to protect someone else's rights or if you have given your consent.
The right to object to certain types of treatment. You always have the right to avoid direct marketing and to object to all processing of personal data based on a balance of interests.
Legitimate interest: In cases where we use balancing of interests as a legal basis for a purpose, you have the opportunity to object to the treatment. In order to be able to continue processing your personal data after such an objection, we need to be able to show a compelling justified reason for the current treatment that weighs heavier than your interests, rights or freedoms. Otherwise, we may only process the data to determine, exercise or defend legal claims.
Direct Marketing (including analysis performed for direct marketing purposes): You have the opportunity to object to your personal data being processed for direct marketing purposes. The objection also includes the analysis of personal data (so-called profiling) that are performed for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (for example via mail, email and SMS). Marketing measures where you, as a customer, have actively chosen to use one of our services or otherwise sought us out to know more about our services are not counted as direct marketing (for example, product recommendations).
If you object to direct marketing, we will cease processing your personal data for that purpose as well as cease all types of direct marketing efforts. You can change this by changing the settings on the deregistration link in marketing mailing or by contacting customer service.
Right to data portability. If our right to process your personal data is based on either your consent or the fulfillment of an agreement with you, you have the right to request that the information that concerns you and which you have submitted to us is transferred to another data controller (so-called data portability). One prerequisite for data portability is that the transmission is technically possible and that it can be automated.
6. HOW DOES FITNESSGURU HANDLE PERSONAL IDENTITY NUMBERS & DATA?
How do we handle personal identity numbers?
We will only process your personal identity number when it is clearly justified with regard to the purpose, necessary for secure identification or if there is any other considerate reason. We always minimize the use of your social security number as much as possible by, if it is sufficient, instead use your birth date.
How is your personal data protected?
We use IT systems to protect privacy, privacy and access to personal information. We have taken special precautions to protect your personal information from unlawful or unauthorized processing (such as illegal access, loss, destruction or damage). Only those individuals who actually need to process your personal data in order to fulfill our stated purposes have access to it.
7. COOKIES
What are cookies and how do we use them?
Cookies are a small text file consisting of letters and numbers that are sent from our web server and stored on your browser or device. At Fitnessguru we use the following cookies:
1) Session cookies (a temporary cookie that ends when you close your browser or device)
2) Permanent cookies (cookies that remain on your computer until you delete them or they expire)
3) First-party cookies (cookies set by the site you visit)
4) Third-party cookies (cookies set by a third party's website. These are used primarily for analysis, such as by Google Analytics)
5) Similar techniques (techniques that store information in your browser or in your device in a manner similar to cookies)
The cookies we use normally improve the services we offer. Some of our services, such as shopping, require cookies to function properly, while others improve the quality of services for you. We use cookies for overall analytical information regarding your use of our services and for saving functional settings such as language and other tasks. We also use cookies to be able to direct relevant marketing to you.
Can you control the use of cookies yourself?
Yes! Your browser or device allows you to change the settings for the use and scope of cookies. Go to the settings for your browser or device to learn more about adjusting the settings for cookies. Examples of things you can adjust are blocking all cookies, only accepting first-party cookies or deleting cookies when you shut down your browser. Keep in mind that some of our services may not work if you block or delete cookies. You can read more about cookies in general at the National Post and Telecom Agency's website, pts.se.
8. SWEDISH DATA PROTECTION AUTHORITY (DPA)
What does it mean that the DPA is the supervisory authority?
The Swedish Data Protection Authority is responsible for monitoring the application of the legislation, and anyone who considers that a company handles personal data incorrectly can submit a complaint to the DPA.
9. DO YOU HAVE QUESTIONS ABOUT DATA PROTECTION?
How do you contact us for questions about data protection?
You can always ask your customer service question at [email protected].
We may make changes to our privacy policy. The latest version of the privacy policy is always available here on the website. For updates that are crucial to our processing of personal data (for example, change of specified purposes or categories of personal data) or updates that are not critical to the treatment but which can be of crucial importance to you, you will receive information at Fitnessguru. see and via email (if you have entered your email address) well in advance of the updates. When we make available information about updates, we will also explain the meaning of the updates and how they can affect you.