The company WeAreAllFitLovers, Lda, headquartered at Centro de Negócios Ideia Atlântico Cx. 155, 4719-005 Braga, with VAT number 513 778 306, holder of the commercial brand publicly recognized as OnVirtualGym, has developed a Privacy and Information Security Policy to assist in the development of its activity under the General Data Protection Regulation, which was approved by the European Union Regulation 2016/679 and national legal standards relating to the current Data Protection Law and constitutional norms.
WeAreAllFitLovers, Lda is committed to complying with the General Data Protection Regulation (GDPR), ensuring the protection of personal data and strengthening the trust relationship with the user.
These rules apply to the company’s relationships with all its customers, suppliers, and workers, as individuals, as well as to subcontracted companies to fulfill all the functions necessary for its activity.
Personal Information we collect
We collect personal information that is necessary for the operation of our applications. Without collecting this data, WeAreAllFitLovers, Lda would not be able to offer the value associated with the use of its applications by gyms. It should be noted that WeAreAllFitLovers, Lda only collects and stores personal data to the minimum necessary.
Therefore, the data we collect relates to the gym, as a company, as well as to the professionals of the gyms (Managers, Personal Trainers, Coordinators, Nutritionists, and Sales Representatives) and gym customers. To better clarify the information we collect in each of these two sections, we will divide the information by the following topics:
Camera, Gallery: During the use of the mobile application, the system may request access to the customer’s local files (gallery) or camera on their mobile device in order to take photos and send them by message, edit their profile, among other things. These accesses are completely optional on the part of the customer and serve solely and exclusively to bring more value to the customer in using our mobile application, as well as improving communication between the customer and gym professionals;
Special Data: Gym professionals, for the execution of their services, may request customer information such as weight, height, measurements, family history, medical history, among others. We emphasize that WeAreAllFitLovers, Lda only processes customer data to the extent that it is inserted by gym professionals or through the deliberate registration of the customer through the mobile application. The use of the mobile application by the customer is, of course, optional;
Notifications: the customer and gym professionals can communicate through the notification system present in the mobile application, and sending information through this means by both parties is completely optional;
Questionnaires: The gym may communicate questionnaires to gather important information about the provision of its services to its customers, and answering these questionnaires is optional on the part of the customer;
Internet and Other Electronic Activity Information: Here we collect some information automatically through cookies or other methods and services related to: IP address, browser, operating system of your mobile device, and the date and time you used our applications, in order to know precisely how you are using our applications, as well as accessing our web services. We collect this information to provide better support to all our customers, improve our services and communications, and manage the level of access to requested information;
Data Required from the Gym as a Company: This gym data as a company is indispensable to us because it allows us to have the necessary billing information so that we can regularly fulfill the contractual relationship between the gym and WeAreAllFitLovers, Lda. The data we require from the gym as a company is necessary for us to comply with our tax obligations, such as: name, NIF, headquarters, email, and mobile phone number. In order to collect the monthly fee for our service by direct debit, we ask the gym for its IBAN and use a subcontractor for this purpose;
Gym professional information: all data entered by gym professionals is stored and processed. With this record, we can identify the professional’s position in the gym and from there allow access to the appropriate areas and clients within the application. Professionals are asked for information such as: email, name, mobile phone number, username, and password. In addition to this information, professionals have the option to enter more personal data, such as: photograph, address, NIF, among others, if they wish to have a more complete profile.
How We Use Your Personal Information
We use your personal information for various legitimate purposes of WeAreAllFitLovers, Lda, which may relate in the case of the gym, as a company, to a legal obligation basis, for billing or execution of the contract, or in the case of gym clients to provide information that allows the client to access their Training Plan, Meal Plan, Class Schedule, among others.
Technical support: in order to provide you with more efficient technical support, we need to access some of your personal data, such as: name, email, or telephone contact. This way, we can recognize the professional or the client who uses our services and carry out the necessary analysis in resolving the issues they report to us;
Billing and Invoicing: in order to comply with our legal obligations, we need to collect some information from the gym, such as: the company name, address, NIF, and in addition to this data, the IBAN with which we will collect the monthly fee for providing our services. WeAreAllFitLovers, Lda has no further interest in billing and collection data beyond these two purposes;
Provision of our service: we use personal data, both from gym professionals and clients, so that we can provide our service in accordance with the scope of the contractual relationship established between WeAreAllFitLovers, Lda and the gym;text-align: justify;”>Marketing: we may use your personal data to send emails, notifications, SMS, phone calls or postal correspondence, always with your express consent, and you may refuse these communications at any time;
Security: we use your data to analyze suspicious or fraudulent behaviors;
Development of our services: in order to optimize our services, we need to analyze the behavior of the use of our software by gym professionals and clients. With these analyzes, we can discover functionalities that are not being used by users and that should be improved or eliminated due to low adherence, or even identify “bugs” in our software that need to be corrected as soon as possible to make the user experience more enjoyable.
What are the rights of gym professionals
The gym professional, as the holder of personal data, has the right to request, through our support line (firstname.lastname@example.org) and under the terms provided by applicable law, access, rectification, erasure, total or partial limitation of treatment, and the right to portability of personal data in a structured, commonly used and machine-readable format.
Right of access: the holder of personal data that we collect and store has the right to access the information that concerns him or her, as well as to be informed about the purposes of the processing of his or her personal data or even in which categories we process his or her personal data;
Right of rectification: the holder of personal data that we collect and store has the right to request and obtain the rectification of his or her personal data that are inaccurate or incomplete by requesting the rectification directly from our software or by sending an email to our support line (email@example.com);
Right of erasure: the holder of personal data that we collect and store has the right to erasure of his or her personal data, without undue delay. For more information, please contact our support line (firstname.lastname@example.org) or see the section “How long do we store your Personal Data?”;
Right of total or partial limitation of treatment: if a professional objects to
Right to limit or control the processing of your personal data
If you wish to limit or control the processing of your personal data, you have the right to do so by contacting our support line (email@example.com) if applicable.
Right to data portability: The data subject whose personal data we collect and store has the right to receive all information concerning them in a digital and reusable format that has been provided by the professional.
What are the rights of gym customers?
We recognize and assist gyms in fulfilling their customers’ rights, but we emphasize that WeAreAllFitLovers, Lda is a subcontractor of the gym where the customer is registered and, as such, what we do is implement all technical and administrative measures to comply with the GDPR. However, it is the gym’s responsibility to obtain consent when processing personal data based on that foundation and to guarantee their customers’ rights to access, rectification, opposition, erasure, portability, and limitation of the customer’s processing. Thus, it is the gym’s responsibility to ensure that its customers have access to all rights and to provide the necessary information for the proper compliance with the GDPR.
How long do we store your personal data?
Given the legal relevance or the duration of the contract between WeAreAllFitLovers, Lda and the gym, personal data may need to be stored for different periods of time. In general, after the user’s deletion request, the data is encrypted and securely stored for the legally required period for the retention of tax data, which is 10 (ten) years, according to Article 130(1) of Decree-Law 442-B/88, as amended by Law No. 7-A/2016 of March 30. After this period, all such data is permanently deleted from our servers.
In accordance with the Data Protection Law, the customer or user, based on the consent given, may contact WeAreAllFitLovers, Lda (see ‘Contacts’)” to withdraw this consent for the present data processing without compromising the lawfulness of the processing previously carried out. The company provides free access, provided it is duly justified, to the personal data collected. The company will respect and comply with requests for deletion of customers’ personal data whenever the processing of data is based on the data subject’s consent or is necessary for the performance of obligations arising from the exercise of specific rights of the data controller or of the data subject, and there are legitimate interests pursued by the data controller or by third parties.
With whom do we share personal data (Subcontractors)?
We want to emphasize the fact that we do not sell or share information about your personal data with marketing companies. What we need, always within the scope of our service provision, is to share some of your personal data with third parties, unrelated to our services, so that we can collect the monthly fee, provide our technical support, or advertise our services. We take care to limit the sharing of this information to the minimum necessary, while maintaining the efficiency of our operations.
Email marketing: for our email sending, gym questionnaires, articles from our blog, among others, we use SendGrid, which is a specialist in mass email sending;
Billing information: we need to share the gym’s IBAN with our bank so that we can debit the monthly fee for the provision of our services;
Traffic analysis: in order to be able to analyze the traffic generated on our domains (website, blog, gym subdomains) or mobile applications with precision, we use Google Analytics;
Advertising: we use tools such as Google Ads and Facebook Ads to advertise our services on Facebook and Google. We also use the LinkedIn social network as a means of increasing our network of contacts and sharing our services;
Data storage and processing: the storage, processing, and safeguarding of your personal data is done with the maximum security by our hosting and computing company, which is Portuguese;
Technical support: we use a Ticket Management platform, Jira Service Management, which allows us to exchange emails with customers within the scope of technical support, as well as to organize the work of our support team;
Security of our services
The security of our services is one of our top priorities. To this end, we regularly analyze vulnerabilities in our platforms and servers, so that we can ensure the correction of bugs using the latest encryption, surveillance, and auditing techniques from specialists. These measures can be seen in our registration process where we request a registration code and require some complexity in creating the username and password. In order to keep communication with our services secure, we use SSL certificates.
If you believe that the GDPR has been violated, you can file a complaint with the National Data Protection Commission.
To the attention of the Data Protection Officer.
Ideia Atlântico Business Center, P.O. Box 155
Centro de Negócios Ideia Atlântico
9h – 18h