Privacy Notice
We at DanielStadlerFitness (“we”, “us”, “our”) respect your concerns about privacy.
This Privacy Notice explains how we use any personal data we collect about you and your rights in
relation to the information. “Personal data” means any information that identifies you as an individual
or is capable of identifying you as an individual.
For the purpose of applicable data protection laws, including the General Data Protection Regulation
(the “GDPR”), the data controller is Daniel Stadler, an entrepreneur registered in Hungary . Our
email address is danielstadlerfitness@gmail.com.
Information covered by this Privacy Notice
This Privacy Notice covers all personal data collected and used by us.
This includes your name, age, postal address, email address, phone number, credit card number,
details of the preferences you express to us, your comments and questions, and technical information
from the devices you use to access our website. It also includes information on your body and
wellbeing, including height, weight (including information on obesity), body statistics, workouts, mood,
meals, nutrition and general health and wellbeing, that you decide to disclose to us on this website or
through the use of our app or that is generated by the app, as well as any pictures that you choose to
share with us.
Summarizing overview
Please refer to the summarizing overview below setting out the purposes, legal basis as well as
applicable retention periods pertaining to the various processing activities as described in the sections
above.
| Processing purposes | Legal basis | Retention period |
|---|---|---|
| Management of your account | Article 6(1)(b) of the GDPR | 36 months after your last |
| Delivery of coaching services | Articles 6(1)(b) of the GDPR | 36 months after your last |
| and for health data, the legal basis is also article 9(2)(a) of the GDPR | activity – for health data and uploaded pictures, the period is instead 6 months | |
|---|---|---|
| Marketing purposes, targeting our | Article 6(1)(a) and Article | 6 months after your last |
| Payment purposes | Article 6(1)(b) of the GDPR | 60 months after your last |
| Mandatory recordkeeping | Article 6(1)(c) of the GDPR | 60 months after your last |
Personal Data we obtain
We (and our service providers) collect this personal data from you when you:
• purchase products or services from us, including a coaching subscription.
• submit any information through this website.
• create an account with us, or otherwise sign up for our services.
• opt in to or otherwise receive marketing from us or our representatives.
• choose to participate in our customer feedback surveys.
• communicate with us via third-party social media websites.
• contact us, correspond with us, or otherwise provide information to us.
When you visit our website and/or app, we (and our service providers) may use cookies (please see
our cookie policy separately on our website) and other technologies to automatically collect the
following information on you:
• technical information, including your IP address, your login information, browser type and
version, device identifier, location and time zone setting, browser plug-in types and versions,
operating system and platform, page response times and download errors.
• information about your visit, including the websites you visit before and after our website and
products you viewed or searched for.
• length of visits to certain pages, page interaction information (such as scrolling, clicks and
mouseovers) and methods used to browse away from the page.
Within our app you may choose to:
• record a fitness activity, for example a run. You must first allow the app to access your
location. Then the app will access your location data from the moment you start recording the
activity until the moment you stop the recording. To ensure that your full activity is recorded,
we need to continue to access the location data if the app is in the background during the
activity. You can remove the permission at any time by adjusting your device settings.
• import your history of fitness activities from Apple Health or Google Fit. You must first allow
the app to access your data from these sources. We will then use Google APIs to receive the
information. Our use of information received from Google APIs will adhere to Google API
Services User Data Policy, including the Limited Use requirements.You can remove the
permission at any time by adjusting your app settings.
While you are generally free to choose to what extent you share your personal data with us, please
note that opting to not share such personal data may limit our ability to provide our service and our
performance of the contract you have entered with us.
How we use the information we obtain
We use the personal data we collect from and about you for the following purposes:
• to set up and manage your online account.
• to provide our services to you, which may include
• designing tailored meal and workout plans.
• monitoring changes or adaptations in your body to improve your coaching cycle, and
to combine information we receive and collect (e.g. from updates you provide on
your body transformation) to provide you with a more personalised experience and
to make informed decisions about future coaching to best facilitate your
improvement. This also provides vital statistics which we use to better understand
the efficacy of different approaches to dieting and workouts.
• a history of your fitness activities, including (where eligible) duration, distance,
speed, activity type and heart rate, as well as an overview of your fitness
progression.
• access to the chat functionality, including a group chat with other clients, where you
may post and communicate.
• to provide you with information about our products and services (provided you have either
consented to this or we by other means are allowed to reach out to you for marketing
purposes) and by using your information to target our product to your needs (based on a
profiling of you and your activities).
• to send you invitations to participate in customer satisfaction surveys.
• to process your payments.
• to notify you of any changes to our services that may affect you.
• to comply with our legal obligations to keep internal (financial) records.
The legal bases for which we collect, use, transfer or disclose your personal data include:
• the performance of our contract obligations with you (see article 6(1)(b) of the GDPR).
• our legitimate interests (see article 6(1)(f) of the GDPR), which include: improving our offerings
as a business; personalising our services and interactions with you, including profiling, to
better meet your needs as a customer and target our product to your needs; and detecting
and preventing fraud.
• compliance with our legal obligations (see article 6(1)(c) of the GDPR).
• to the extent we send you information on our products and services for marketing purposes,
we will either ask for your consent (in accordance with article 6(1)(a) of the GDPR) before
processing your information in this way or process your personal data based on our legitimate
interests (in accordance with article 6(1)(f) of the GDPR – the legitimate interests are stated
above).
Pictures that you choose to share with Daniel Stadler are used by us solely for tracking your progress
and will never be shared on our website or social media unless you give your explicit consent hereto.
The use of consent for processing of your health data
In order for us to be able to deliver customized meal- and workout plans to you, we may process
certain health data provided by you, including information on allergens, information that might reveal
obesity or specific injuries or other relevant information related to your physical or mental health
status. In addition to the legal bases described above, the legal basis for our processing of your health
information is Article 9 (2) (a) of the GDPR, which means that we will ask you for your explicit consent
to allow us to process your health data prior to you becoming a client with us. Further, you may choose
to make certain information public yourself e.g. by sharing personal information with us directly or to
other people through the group chat. In this case, the legal basis is Article 9, (2) e) cf. Article 6 (1) b) of
the GDPR.
You may at any time withdraw your consent to us processing your health data. However, you should be
aware that if we are prevented from processing relevant personal data, including information on any
allergens, information that might reveal obesity or specific injuries or other relevant information related
to your physical or mental health status, we will not be able to provide you with our services (e.g.
coaching as well as customized meal- and workout plans based on your unique needs).
Third Parties, including processing by MyfitnessPal App
The security of your personal data is extremely important to us. We do not sell your personal data to
any third parties, and we never will.
Access to your personal data is only provided to carefully selected third parties, including:
• our service providers who help us to provide our services to you, such as our infrastructure
and IT service providers. These include MyfitnessPal and PayPal, who support our
business by providing technical infrastructure services, analysing product performance,
providing technical assistance and facilitating payments. We note therefore that MyfitnessPal
may process your personal data as data processor on behalf of us. However, MyfitnessPal
may also act as an independent data controller in limited cases. You can read
more about MyfitnessPal processing of your personal data as data controller (including
cookies) here: https://www.myfitnesspal.com/privacy-policy. You can read more about PayPal’s
processing of your personal data as a data processor here: https://www.paypal.com/myaccount/privacy/privacyhub
• our regulators, law enforcement agencies or other public authorities and organisations if we
are required to disclose your personal data by law.
• potential buyers and their advisors in case of a business transfer, such as in connection with a
reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the
receiving party agrees to treat your personal data in a manner consistent with this Privacy
Notice.
Our website may, from time to time, contain links to and from the websites of our partners, or
affiliates. If you follow a link to any of these websites, please note that these websites have their own
privacy notices and that we have no control over how they may use your personal data. You should
check the privacy notices of third party websites before you submit any personal data to them.
How long we retain your personal data for
Your personal data will only be stored for as long as necessary for the purposes for which they were
collected and only to the extent permitted by applicable laws. When we no longer need to use your
information, we will remove it from our systems and records and / or take steps to promptly anonymise
it so that you can no longer be identified from it (unless we need to keep your information to comply
with legal or regulatory obligations to which we are subject).
We adhere to the retention periods listed in the below table. As a general rule, we erase or anonymise
your personal data according to the time limits stated below unless it is necessary that we continue to
store them.
| Processing purposes | Retention period |
|---|---|
| Management of your account | 36 months after your last activity |
| Delivery of coaching services | 36 months after your last activity |
| Marketing purposes, targeting our product to your | 6 months after your last activity |
| Mandatory recordkeeping including payments | 60 months after the end of the fiscal |
Any health information as well as uploaded body images will however always be deleted 6 months
after your last activity.
Third country data transfers
The personal data that we collect from you may be transferred to, and stored at, a destination outside
the European Economic Area (“EEA”), which does not offer an equivalent level of protection of the
personal data to that guaranteed within the EEA. It may also be processed by staff operating outside
the EEA and who work for us or for one of our service providers.
The countries outside the EEA where personal data about you may be transferred and stored include
USA.
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in
accordance with this Privacy Notice and applicable data protection laws, including, where relevant,
entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA
receiving the personal data in accordance with Article 46(2)(c) of the GDPR. You can find a copy of the
EU standard contractual clauses by clicking here.
Keeping your information secure
We have implemented technical and organisational security measures in order to safeguard personal
data in our custody and control. Such measures we have implemented include, limiting access to
personal data only to employees and authorised service providers who need to know such information
for the purposes described in this Privacy Notice, as well as other technical, administrative and
physical safeguards.
To provide you with increased security, certain personal data stored in your online account is only
accessible via your username and password. You are responsible for maintaining the confidentiality of
your online account credentials, and we strongly recommend that you do not disclose your online
account username or password to anyone. We will never ask you for your password in any unsolicited
communication. Please notify us immediately (see “Contact us” section below) of any unauthorised
use of your online account credentials or any other suspected breach of security.
Your Personal Data Rights
You have various rights in connection with our processing of your personal data:
• Access. You have the right to request a copy of the personal data we are processing about
you, which we will provide back to you in electronic form.
• Rectification. You have the right for any incomplete or inaccurate personal data that we
process about you to be rectified.
• Deletion. You have the right to request that we delete personal data that we process about
you, except we are not obligated to do so if we need to retain such data in order to comply
with a legal obligation or to establish, exercise or defend legal claims.
• Restriction. You have the right to restrict our processing of your personal data where you
believe such data to be inaccurate, our processing is unlawful or that we no longer need to
process such data for a particular purpose. Where we are not able to delete the data due to a
legal or other obligation or because you do not wish for us to delete it, we would mark stored
personal data with the aim of limiting particular processing for particular purposes in
accordance with your request, or otherwise restrict its processing.
• Objection. Where the legal justification for our processing of your personal data is our
legitimate interest, you have the right to object to such processing on grounds relating to your
particular situation. We will abide by your request unless we have compelling legitimate
grounds for the processing which override your interests and rights, or if we need to continue
to process the data for the establishment, exercise or defence of a legal claim.
• Withdrawing Consent. Where we process certain personal data on the basis of your consent,
you have the right to withdraw your consent, including with regard to direct marketing. In
relation to the consequences of your withdrawal of consent for us to process your health data,
please see above under “The use of consent for processing of your health data”.
If you wish to exercise one or more of the above rights, please contact us with your request at
danielstadlerfitness@gmail.com, and include your name, email and postal address, as well as your
specific request and any other information we may need in order to provide or otherwise process your
request.
In some situations, we may impose limitations on your rights, as permitted by law. Before we can
provide you with any information or correct any inaccuracies, where there are reasonable grounds for
doubting your identity, we may ask you to verify your identity and/or provide other details to help us
respond to your request. Nonetheless, verification of identity shall be carried out by cross-checking
information we already hold from you. For the exercise of your rights, please contact us using the
contact information provided below in the “How to Contact Us” section.
In all cases, you have a right to file a complaint with the local data protection authority if you believe
that we have not complied with applicable data protection laws. If you reside in the EU or EEA, you can
find the contact details of your local data protection authority by clicking on this link.
How to contact us
If you have any questions about this Privacy Notice and/or about the privacy policies and practices of
our service providers, please contact us at danielstadlerfitness@gmail.com.
