The company WeAreAllFitLovers, Lda, headquartered at Centro de Negócios Ideia Atlântico Cx. 155, 4719-005 Braga, with VAT number 513 778 306, holder of the trademark publicly recognized as OnVirtualGym, has developed a Privacy and Information Security Policy to support the development of its activity under the terms of the General Data Protection Regulation, which was approved by European Union Regulation 2016/679 and by national legal provisions relating to the applicable Data Protection Law and constitutional norms.

WeAreAllFitLovers, Lda is committed to complying with the General Data Protection Regulation (GDPR), ensuring the protection of personal data and strengthening the relationship of trust that binds it to the user.

We care about your privacy and want to share with you everything we do with your personal data. Throughout WeAreAllFitLovers, Lda’s Privacy Policy, you can check what rights are available to you, what data we process and with whom we share it, the period for which we retain it, among much other information, binding partners, managers, employees and all collaborators who provide services, regarding the collection, processing and use of personal and sensitive data of their clients and of the workers themselves.

These rules apply to the company’s relationships with all its clients, suppliers and workers, as natural persons, as well as to companies subcontracted for the fulfillment of all functions necessary to its activity.

We emphasize that this Privacy Policy is mandatory in nature.

With the utmost respect for your right to privacy, by using our applications (Desktop and Mobile) and websites, you agree that we collect and use your personal data as described in this Privacy Policy. If you do not agree, please do not use our applications.

Personal Information We Collect

We collect personal information that is necessary for the operation of our applications. Without collecting this data, WeAreAllFitLovers, Lda would not be able to provide the value associated with the use of its applications by gyms. It should be noted that WeAreAllFitLovers, Lda limits itself to collecting and storing only the bare minimum of personal data.

As such, the data we collect concerns the gym as a company, as well as gym professionals (Managers, Personal Trainers, Coordinators, Nutritionists and Salespeople) and gym clients. To better clarify the information we collect in each of these two sections, we will divide the information into the following topics:

Client information: name, photo, email, mobile phone number, date of birth, gender, nationality, address and membership number (at the gym). In general, this information is communicated to us directly through the gym, which is responsible for processing the client’s personal data. This means that WeAreAllFitLovers, Lda is required to ensure a set of legally required measures, but it is not the responsibility of WeAreAllFitLovers, Lda to provide the information and guarantees required by the GDPR to gyms in their relationship with their clients. Some of this information is also entered directly by the client when logging into our applications or when editing their profile data, and all such data is stored and processed. This set of data we collect allows us to identify the client, give them access to all functionalities of the services requested at their gym, associate them with the professionals who will provide the gym’s service, and give them access to their training plans, meal plans, among others;

Camera, Gallery: during the use of the mobile application, the system may request the client’s permission to access local files (gallery) or the camera on their mobile device in order to take photos and send them via message, edit their profile, among others. These accesses are completely optional for the client and serve solely to bring more value to the client in using our mobile application, as well as to improve communication between the client and gym professionals;

Special data: in order to perform their services, gym professionals may request from the client information such as: weight, height, measurements, family history, medical history, among others. We emphasize that WeAreAllFitLovers, Lda only processes clients’ data insofar as it is entered by gym professionals or through the client’s deliberate registration via the mobile application. The use of the mobile application by the client is, of course, optional;

Notifications: the client and gym professionals may communicate through the notification system in the mobile application, and sending information through this channel is entirely optional for both parties;

Surveys: the gym may send surveys with the aim of collecting important information about the provision of its services to its clients, and responding to these surveys is optional for the client;

Internet and other electronic activity information: here we automatically collect some information through cookies or other methods and services regarding: IP, browser, operating system of your mobile device and the date and time you used our applications, so that we know precisely how you are using our applications, as well as accessing our web services. We collect this information so that we can provide better support to all our clients, improve our services and communications, and manage the level of access to the requested information;

Data required from the gym, as a company: this data from the gym as a company is indispensable because it allows us to have the billing information necessary for us to regularly fulfill the contractual relationship between the gym and WeAreAllFitLovers, Lda. The data we require from the gym as a company is necessary for us to comply with our tax obligations, such as: name, VAT number, registered office, email and mobile phone number. In order to collect the monthly fee for our service by direct debit, we request the gym’s IBAN and use a subcontractor for this purpose;

Gym professionals’ information: all data entered by gym professionals is stored and processed. With this record, we can identify the professional’s role in the gym and from there allow the appropriate access to areas and clients within the application. Professionals are asked for data such as: email, name, mobile phone number, username and password. In addition to this information, on an optional basis, professionals have the possibility of entering more personal data, such as: photo, address, VAT number, among others, if they wish to have a more complete profile.

How We Use Your Personal Information

We use your personal information for various legitimate purposes of WeAreAllFitLovers, Lda which may concern, in the case of the gym as a company, a legal obligation basis, for billing or contract performance, or in the case of gym clients, to provide the information that allows the client to access their Training Plan, Meal Plan, Class Schedule, among others.

Technical support: to provide you with more effective technical support we need to access some of your personal data, such as: name, email or phone contact. In this way, we can recognize the professional or client using our services and carry out the necessary analysis to resolve the problems reported to us;

Billing and collection: in order to comply with our legal obligations, we need to collect some information from the gym, such as: company name, address, VAT number and, in addition to this data, the IBAN with which we will collect the monthly fee for the provision of our services. WeAreAllFitLovers, Lda has no further interest in billing and collection data beyond these two purposes;

Provision of our service: we use the personal data of both professionals and gym clients so that we can provide our service taking into account the scope of the contractual relationship established between WeAreAllFitLovers, Lda and the gym;

Marketing: we may use your personal data to send emails, notifications, SMS, make phone contact or send postal correspondence, always with your express consent, and you may freely refuse these communications at any time;

Security: we use your data to analyze suspicious or fraudulent behavior;

Development of our services: to optimize our services, we need to analyze how our software is used by gym professionals and clients. With these analyses, we can discover features that are not being used by users and that should be improved or removed due to low adoption, or we may identify bugs in our software that must be fixed as soon as possible to make the user experience as pleasant as possible.

What Are the Rights of Gym Professionals

The gym professional, as the data subject, has the right to request, through our support line (suporte@onvirtualgym.com) and under the terms provided for in applicable law, access, rectification, erasure, total or partial restriction of processing and the right to data portability in a structured, commonly used and machine-readable format.

Right of access: the data subject whose personal data we collect and store has the right to access the information concerning them, as well as to be informed about the purposes of processing their personal data and even which categories of personal data we process;

Right to rectification: the data subject whose personal data we collect and store has the right to request and obtain the rectification of their personal data that is inaccurate or incomplete, by requesting rectification directly from our software or by sending an email to our support line (suporte@onvirtualgym.com);

Right to erasure: the data subject whose personal data we collect and store has the right to have their personal data erased without undue delay. For more information, contact our support line (suporte@onvirtualgym.com) or see the section “How long do we store your Personal Data?”;

Right to total or partial restriction of processing: if a professional objects to or restricts the processing of their personal data, they have the right to do so, where applicable, by contacting our support line (suporte@onvirtualgym.com);

Right to portability: the data subject whose personal data we collect and store has the right to receive, in a digital and reusable format, all information concerning them that was entered by the professional.

What Are the Rights of Gym Clients

We acknowledge and assist gyms in enabling their clients’ rights, but we emphasize that WeAreAllFitLovers, Lda is a subcontractor of the gym where the client is registered and, as such, what we do is implement all technical and administrative measures to comply with the GDPR. However, it is the responsibility of the gym to collect consent when the processing of personal data is carried out on that basis and thus ensure its clients’ rights to access, rectification, objection, erasure, portability and restriction of the client’s processing. Therefore, it is the gym’s responsibility to guarantee its clients access to all rights, as well as to provide the information necessary for the proper compliance with the rules of the GDPR.

How Long Do We Store Your Personal Data?

Given the legal relevance or the duration of the contract between WeAreAllFitLovers, Lda and the gym, personal data may need to be stored for different periods of time. In general terms, after the user’s deletion request, the data is encrypted and securely stored for the legally required period for the retention of tax data, which is 10 (ten) years, in accordance with Article 130(1) of Decree-Law 442-B/88, as amended by Law No. 7-A/2016 of March 30. After this period, all such data is permanently deleted from our servers.

In accordance with the Data Protection Law, the client or user, based on the consent given, may contact WeAreAllFitLovers, Lda (see “Contacts”) in order to withdraw that consent for the current processing of data without compromising the lawfulness of the processing previously carried out. The company provides free access, where duly justified, to the personal data collected. The company will respect and comply with requests for the erasure of clients’ personal data whenever processing is based on the data subject’s consent, or is necessary for compliance with obligations or the exercise of specific rights of the controller or the data subject, and there are legitimate interests pursued by the controller or by third parties.

With Whom Do We Share Personal Data (Subcontractors)?

We want to highlight that we do not sell or share information about your personal data with marketing companies. What we need, always within the scope of our service provision, is to share some of your personal data with third parties outside our services so that we can collect the monthly fee, provide our technical support or advertise our services. We take care to limit the sharing of this information to the minimum possible while maintaining the efficiency of our operations.

Email marketing: for our sending of emails, gym surveys, blog articles, among others, we use SendGrid, which specializes in sending mass emails;

Billing information: we need to share the gym’s IBAN with our bank so that we can make the direct debit of the monthly fee for the provision of our services;

Traffic analysis: to accurately analyze the traffic generated on our domains (website, blog, gym subdomains) or mobile applications, we use Google Analytics;

Advertising: we use tools such as Google Ads and Facebook Ads to advertise our services on Facebook and Google. We also use the LinkedIn social network as a way to expand our network of contacts and share our services;

Data storage and processing: the storage, processing and safeguarding of your personal data is carried out with maximum security by our Portuguese hosting and computing provider;

Technical support: we use a Ticket Management platform, Jira Service Management, which allows us to exchange emails with clients in the context of technical support, as well as organize the work of our support team;

Security and audits: whenever necessary, your personal data may be accessed within the scope of independent quality control and security audits of our services. To ensure the security of our services, we use tools to detect and correct errors or potential system vulnerabilities.

If you would like more information about our subcontractors, please send us an email to dpo@onvirtualgym.com or to our technical support line: suporte@onvirtualgym.com.

Security of Our Services

The security of our services is at the top of our priorities. To this end, we regularly analyze vulnerabilities in our platforms and respective servers so that we can ensure the correction of bugs, using the most current encryption, monitoring and specialist auditing techniques. These measures can be seen in our registration process where we request a registration code and require some complexity in creating a username and password. To keep communication with our services secure, we use SSL certificates.

Privacy Policy Updates

WeAreAllFitLovers, Lda’s Privacy Policy is subject to constant and periodic review. Due to the constant legal evolution, case law and recommendations issued by supervisory authorities, or even changes to our business model, the company reserves the right to make any changes to this Privacy Policy. Therefore, we recommend that the user regularly consult this page to stay informed about all changes made.

If you believe the GDPR has been violated, you may file a complaint with the Portuguese Data Protection Authority (Comissão Nacional de Proteção de Dados).

Contacts

If you have read our Privacy Policy and still have any questions, you can contact us at:

Email:

dpo@onvirtualgym.com

Mail:

WeAreAllFitLovers, Lda

Attn: Data Protection Officer.

Centro de Negócios Ideia Atlântico, Cx 155

4719-005

Braga