At Virtuagym (referred to as “we”, “our”, “us” and “Virtuagym”) we recognize the importance of protecting your personal information and are committed to processing it responsibly and in compliance with applicable US and European information protection laws.
This Privacy Statement is designed to inform you on our privacy practices that apply to personal information we process for and about our clients, end-users, prospects and other individuals that visit our websites, social media pages, use our cloud-based application (“Service”) or use one of our other services that redirect you to this Privacy Statement.
Virtuagym can act as a controller and processor of your Information.
In this Privacy Statement, the following terms will have the meaning set out below.
- “Privacy Statement”: Refers to this policy.
- “Service”: Virtuagym’s flexible white-label web and mobile app technology solution offering a wide array of functionalities in the field of activity tracking, nutrition, mental vitality, progress tracking, coaching, booking, membership management and billing.
- “Client”: A business or entity that engages in a business relationship by using, or showing interest in the Service.
- “End-User”: Any individual that does not act in the name of a business or entity and visits our website visits our social media pages, uses the Service or uses one of our other services that redirect to this Privacy Statement.
- “Information”: Any information that might be related to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, for example by reference to an identifier such as a name, email address or identification number. A natural person is not a company.
- “Personal Information”: Any information that is related to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, for example by reference to an identifier such as a name, email address or identification number. A natural person is not a company.
- “Process”: Any operation or set of operations which is performed on Personal Information or on sets of Personal Information, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Which Personal Information We Collect and Why
We may collect your Personal Information as a Client or End-User for multiple purposes, such as the following:
Access and use of websites and other online services
When entering one of our websites or our applications we will Process your Information in order to provide you with the required access for the operation of the website, and for us to comply with security and legal requirements in relation to operating our site, such as passwords, IP addresses and browser settings. We also Process Information regarding your interactions with our websites in order to provide you with the best website experience. We, among others, Process your preferences and settings and collect statistics that help us improve our websites and services.
Responding to your request for information, order or support
We process Personal Information that is necessary to fulfill your request. For instance, we collect your name and contact information to be able to contact you and to provide you with support. Furthermore, we collect Information like details about your request and your agreement with us, invoicing statuses, and requests for you to rate your satisfaction while working with us. Such Information is Processed for administrative purposes, defending our rights, and in connection with our relationship with you.
Your use of the Service
We Process Information that you enter into the Service, as well as Information about your use of the Service, in order to enable our Clients and us to provide their services, for example; coaching, personal training, teaching, corporate health and wellness services, in the best possible way. We also Process this Information to improve the quality of the Service and to implement appropriate measures designed to ensure the security and confidentiality of your Information. One of many results of Processing this Information is that we can tailor our interactions with you, inform you on the overall use of the Service and develop and improve the Service.
Contacting employees of our Clients, prospects, partners and suppliers
In our relationship with our Clients, prospects, partners and suppliers, they also provide us with business contact information that might include Personal Information. The purpose of Processing this Information can, for example, be for contract management, fulfillment, delivery of the Service or any of our other services, provision of support, invoicing and management of the services or the relationship.
We register individuals visiting our sites and locations and use camera supervision for reasons of security and safety of persons and belongings, as well as for regulatory purposes. We reserve the right to outsource the services under this section to one of our partners.
More detailed information on what Information we Process can be found under ‘Information Retention’.
When an end-user connects with Google Fit we will use this to access the end-user's weight, height and activity data. This data will be stored as Personal Information on Virtuagym's servers. We use this data to increase the usability of our service so end-users do not have to enter this data manually and calories can be calculated more accurately.
We will Process your Personal Information for as long as is required to fulfill the purposes for which the Information is Processed or for other valid reasons, for example; to comply with our legal obligations, resolve disputes, or enforce our agreements.
If you are a Client, your Information, and the Information you are responsible for, will be Processed for as long as our agreement is effective. After the agreement ends, the retention periods will come into effect. Retention periods vary based on the type and classification of Information. At the end of the retention period, your Information will automatically be anonymised.
As a Client and you can make a request for an End-User during the time that our agreement is in effect.
If you are an End-User, your Information will be processed as long as your account is activated. Deactivation by an End-User can be done as stipulated below. After deactivation, the retention periods will come into effect. At the end of the retention period, your Information will automatically be anonymised.
- If you are an End-User engaging with us via one of our Clients, for example; a professional like a coach, personal trainer, teacher, gym owner or corporate health and wellness provider, deactivating your account can be done by the Client in the Service, and;
- If you are an End-User that engages with us directly, your account will be deactivated automatically after 12 months of inactivity.
As an End-User both of the above situations can be applicable. After your account is deactivated, retention periods will come into effect. Again, these vary based on the type and classification of the Information. At the end of the retention period, your Information will automatically be anonymised.
Sharing of Information
In Service privacy settings;
For optimal use of the Service we advise you to provide Information in the Service, but it is your choice whether you want to do so. Commonly shared data in the Service is first name, last name, email address, preferred language, age, length, weight, sex and place of residence. Furthermore, the Service offers you the opportunity to limit the sharing of your Information in the Service. You can change your privacy settings in the Service by going to your account settings and clicking on “privacy”. Furthermore, as a user of the Service, you can decide not to show your real name on your profile, which makes you anonymous to other users.
As a global organization, we may share Information with our subsidiaries and transfer it to countries in the world where we do business.
Between Virtuagym controlled subsidiaries we only grant access to Personal Information on a need-to-know basis, necessary for the purposes for which such access is granted.
Third-party service providers
In some cases, we share Information with our third-party service providers to collect, store, analyze and otherwise Process Personal Information on our behalf. We use these third parties for a variety of reasons, like for the purpose of providing support to all of our Clients and End-Users and hosting and storing Information. Furthermore, we use them for administrative purposes, as well as for marketing and sales purposes. Ultimately, third-party service providers enable us to provide the best Service and fulfill your requests. It goes without saying that when selecting third-party service providers we take into account how they secure and handle Information.
Some of our Third-party service providers operate from outside the European Economic Area. Therefore, your Information may be transferred outside of Europe. Whenever this happens, appropriate security assessments are performed to ensure an adequate level of protection of your Information.
Compliance with laws and law enforcement
In certain situations, we might be required to disclose your Information in response to lawful requests from government agencies pursuant to judicial proceedings, court order, or legal process. We may also disclose Information to defend against legal claims and if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Service Agreement, or as otherwise required by law.
Merger and acquisition
If we decide to sell, buy, merge or otherwise reorganize businesses in some countries, such a transaction may involve the disclosure of Information. We will require appropriate protection for Information in these types of transactions.
As an End-User you, by law, have the right to: I) request access to your Personal Information, II) request correction of the Personal Information that we Process, III) request erasure of your Personal Information, IV) object to processing of your Personal Information, V) request restriction of processing your Personal Information, VI) request a copy of your Personal Information VII) withdraw previously given consent to use your data.
Please be aware that by not sharing, correcting, erasing, objecting to processing, restricting of processing and withdrawing previously given consent of your Information may partially or fully reduce access to functionalities of the Service and our other services, like support and marketing activities.
Exercising your rights
Please carefully decide which of the below situations is applicable to you. Both situations can be applicable to you.
- If you are an End-User engaging with us via one of our Clients, for example; a professional like a coach, personal trainer, teacher, gym owner or corporate health and wellness provider, you can contact this Client in order to exercise your rights as this client is controlling (part of) your Personal information and;
- If you are an End-User that engages with us directly and you which to exercise any of the rights described. Please contact email@example.com as in this case we are controlling (part of) your Personal Information.
When exercising one of your rights, as well as in any other interaction, we can require specific information or actions from you to confirm your identity. This is a security measure to ensure that Personal Information is not disclosed to any person that has no right to receive your Personal Information.
If you would like to make a complaint regarding this Privacy Statement or our practices in relation to your Personal Information, please contact us at firstname.lastname@example.org.
If you are dissatisfied with our handling of a complaint or you do not agree with the resolution that we propose, you can make a complaint to your local data protection supervisory authority, which for the Netherlands, is the Autoriteit Persoonsgegevens.
We recognize and take our responsibility to protect your Information you entrust to us. By implementing reasonable security measures and using security technologies and organizational procedures, we aim to safeguard your Information from loss, misuse or unauthorized access. For example, we use secured servers, firewalls, encrypt Information and limit access to Personal Information by employees.
Changes to this Privacy Statement
Our services, including the Service, are continuously evolving and these services may change from time to time without prior notice to you. For this reason, we reserve the right to add to or otherwise modify this Privacy Statement and will notify you when any significant changes to this Privacy Statement are made. We will indicate at the top or bottom of the Privacy Statement when the Privacy Statement was updated last.
The new Privacy Agreement will be effective upon posting. By continuing to access or make use of the Service or any of our other services, after the changes become effective, you agree to be bound by the revised Privacy Statement.
How to contact us
If you have any questions regarding this Privacy Statement, you can contact us via email at email@example.com.
Last modified on 17 June 2021