Information on the processing of personal data pursuant to and for the purposes of art. 13 of the EU Regulation no. 679/2016.
1. Processing and Data Controller.
Buddyfit is a paid physical training support service.
The Buddyfit platform is accessible to Users via the website and applications for mobile devices and other devices and is managed by the company Buddyfit S.r.l. (with registered office in Genoa, Piazza Borgo Pila 39, and email address firstname.lastname@example.org).
The data controller you can contact is Buddyfit S.r.l. (email address email@example.com). The Data Controller of personal data, pursuant to and for the purposes of art. 13 of the European Regulation 2016/679 (GDPR) and other provisions in force, you are required to provide some information regarding the use of your personal data.
2. Personal data processed
The Data Controller processes the personal data of the users of the Buddyfit Platform and therefore of both the Users who use the Platform to train, and the Trainers who use the Platform to provide their services. These natural persons are also identified below as "Data Subjects", in accordance with the definitions in current legislation. Below we briefly explain what data we use and for what purposes.
Identity data, including: name (first name, surname), date of birth, email address, gender, profile picture, preferred language, IP address, social media identifiers and information received through your Facebook or Google accounts. We use this data to verify your identity, for service provision, for payments and for messaging on the Platform.
Contact details, including: your telephone number, shipping and billing address, email address, social media and any other communication channels you have used to contact us for the purpose of obtaining further information. We use this data to contact you for different reasons depending on the purpose.
Trainer data: in relation to the Trainers, the additional data provided by the latter in their profile or otherwise communicated to Buddyfit for use for the purposes of the services or the Platform and therefore the data on their skills and experiences, on their CV, are processed and on the type and characteristics of the services offered. This information is processed for the purpose of promoting the services and therefore is made public with the awareness of the Trainer and in his commercial interest. The purpose is to allow the Trainer to be known by the potential customer and to sell their services within the Platform. The images, audio and videos made under the contract between Buddyfit and the Trainer are also dealt with.
Location data including: physical address. We use this data to manage our products and adapt your experience with the products themselves to your geographical area, possibly put Users and Trainers in contact within the Platform, as well as for billing.
Measurements including: age, weight, height and hypothetical body fat percentage (which you provide us). We use this data to manage our products and offer you training solutions tailored to you.
Communication data: within the Platform it is possible to send messages to other subjects (for example between Trainer and User or in the public chat of the Buddyfit Class). The data is then managed within the chat for the purpose of providing the service and reading the previous messages by users. Buddyfit recommends not transmitting sensitive data within messages. The name provided by the user will be displayed next to the message.
Payment data: for purchases made by Users on the platform, for payments by Trainers and for Buddyfit payments in favour of Trainers, some personal data are necessarily processed including, in addition to contact data, the tax code, the billing address and possibly some payment data. The purpose is to allow payments to be made. Buddyfit does not have access to the complete credit card number (and does not process it in any way); it is managed directly by the service provider.
Purchase information, including: payment service provider, subscription duration, price, currency. We use payment service providers to process payments. While we do not store credit card information, we do store the payment identification number which is issued by the respective provider (e.g. Apple, Google, Stripe) and may be assigned to you. We use it to process your payments.
Device and usage information, including: data about your device or browser that gives us suggestions about your browsing habits or your use of devices. Device information is collected through our apps and your browsing data is collected from our cookies, tags and pixels. The data collected by monitoring services such as Adjust, Google Analytics, Foogle Firebase, Facebook Analytics and the Facebook pixel are then processed. This information includes, but is not limited to: IP address, date and time of the visit, duration of sessions on our website and on the App, volume of data transmitted, the reference URL (if you have reached our website via another website or an advertisement), the pages visited on our website, the type of browser (including language and version of the browser software) and add-ons, device identifier and characteristics, type of device, versions, operating system. This is often necessary for purposes related to network security, as well as for the owner's needs related to tracking the use of the service and for the development and improvements of the services.
Preference and physique data, including: preferred language, access position, units of measurement (distance, weight, temperature), personal goals and motivation (e.g. weight loss goal, toning or gaining mass and strength), information about your current athletic state and the state you want to achieve (including the information you provide us on weight and body fat), your comments on workouts (e.g. when you indicate that the workout was too demanding or too mild). We use this data to provide you, with automated tools, our personalised training programme service based on your information, to provide you with our service that allows you to get in touch with a trusted Trainer, and to allow you to monitor your results and track your workouts by viewing your activity history.
Activity and achievement data, including: data regarding your fitness activities, training program information (e.g. start date, alignment program, associated fitness activities), information about your workouts (e.g. start times and end of workout, type of activity, sport category), hypothetical calories consumed, your comments on workouts (e.g. when you indicate that the workout was too demanding or too mild). We use this data to manage our products, to help you improve your performance goals and experience as a User, as well as to identify the most suitable products for you based on your training patterns. We use this data to provide you, with automated tools, our personalised training programme service based on your information, to provide you with our service that allows you to get in touch with a trusted Trainer, and to allow you to monitor your results and track your workouts by viewing your activity history.
Images you upload to the platform, including: profile picture and images uploaded for progress tracking. We use this data only if you decide to provide it to us (you are under no circumstances obliged to do so). The profile picture will only be visible to you and your Trusted Trainer if you choose to connect to one. If you provide us with progress images, we store them for the sole purpose of allowing you to monitor your progress within the app; only you will be able to see the progress images.
3. Images and videos uploaded by Users and Trainers.
Among the Buddyfit services there is the possibility to upload your own images and videos. Users can upload such content to communicate the activity and progress to the Trainer who assists them or to monitor their own progress over time. The contents of Users are visible only to Users themselves and their associated Trainer.
The Trainer can upload images and videos to show their services or to show exercises or other information to Users. The images and videos uploaded by the Trainer may be public on the Platform or visible by numerous subjects depending on the purpose.
The data subject can at any time provide for the deletion of these images from the Buddyfit databases or request the deletion if the conditions are met.
Protection of uploaded images: Buddyfit offers a high level of computer protection against unwanted access to the images saved on its databases but (unless otherwise required by law) it assumes no responsibility for the case in which third parties are able to access the images in unpredictable and such ways which cannot reasonably be avoided. Furthermore, it is the responsibility of data subjects to keep confidential their profile access credentials as they allow access to images and other information. Buddyfit assumes no responsibility in case of unwanted access to the profile and contents through the correct credentials.
Prohibition of uploading images of third parties, prohibited or offensive images or nude images: It is absolutely forbidden for the User and the Trainer to upload images of other people or to upload images whose use or possession is prohibited by law or which are offensive and in any case it is forbidden to insert nude images.
Regardless of whether this gives rise to a crime, it is generally forbidden to upload content of a pornographic, sexual, violent, racist, seditious, discriminatory, unsuitable for minors, offensive and/or defamatory nature.
When posting your content, you are required to comply with all applicable laws and regulations.
The User and the Trainer are also required to refrain from violating the rights of third parties. This applies in particular to the personal rights of third parties and to the intellectual property rights of third parties (e.g. copyright and trademark rights). In particular, users must respect the necessary rights for uploading images.
The visualisation of the images by Buddyfit and its employees and collaborators is limited according to the privacy legislation and therefore no moderation activity is carried out. The only activity of Buddyfit consists, using computer methods, in saving the images and making them available to the same User or Trainer who uploaded them.
We are authorised at any time and without notice, to delete or remove illegal content or content that violates the above principles. In case of violation of the principles set out above, we reserve the right to warn you or temporarily block your profile or cancel the contract of use for just cause in compliance with this clause.
Responsibility of Users and Trainers in the use of images. By uploading images, Users or Trainers assume all responsibility for them, exonerate Buddyfit from any responsibility towards them and expressly releases Buddyfit from any liability towards third parties.
User or Trainers are obliged to indemnify Buddyfit for all requests from third parties following a violation of their rights by Users or Trainers themselves in relation to uploaded content. Users or Trainers are also required to bear the costs of all legal actions in which Buddyfit may be involved in relation to the aforementioned requests, including all court costs and legal fees to the maximum extent permitted by law, unless their liability for such violations has been expressly excluded.
In the event that a request is submitted by a third party, the User or the Trainer must provide Buddyfit, in a timely and accurate manner, all the information available to the User or the Trainer themselves that may be necessary to verify the request and prepare a defensive action. This provision does not affect further claims for damages that Buddyfit may eventually make against the User or the Trainer.
4. Purpose of processing
Personal data are processed by the Data Controller for the purposes described above and therefore to:
Manage the Platform and provide the service to Users, and therefore to authenticate your access to an account, verify your Subscription, provide you with training schedules, participate in classes, use all the functions of the Platform including the chat, access the your preferences and goals, monitor and track workouts and results to allow you to follow your activities, your statistics and your progress.
Manage messaging services within the Platform, among the Buddyfit services there are also communication tools within the Platform such as the chat with the trusted Trainer (for example if the User connects to a Trainer) or the public chat during the Classes which allows the User to write messages that are displayed by the other Users of the Class and by the Trainer. The name (entered during registration or subsequently modified) of the User who sent the message will be displayed in the public chat and will be visible to the Trainer and other Users.
Manage purchases and payments and therefore manage payment operations both in credit and debit, both for the purchases of the Users on the Platform, and for the subscriptions of Users and Trainer and payments to the Trainers. The data necessary for accounting, billing and tax management purposes are also managed.
Customer support, and therefore to carry out investigations, respond to your requests, and resolve complaints and service problems, e.g. to contact you following a question you put to our customer support team.
Fulfilment related to the execution of the contractual relationship, and therefore to process the payment and activation of the Subscription, to manage the administrative, accounting, civil and fiscal obligations.
Serve business and research and development needs, and therefore to manage our business needs, including the creation (in anonymous and aggregate form) of statistics on the use of our services also divided by age, place and other, to monitor, analyse and improve the use of our products; we use, always in anonymous and/r aggregate form, all data relating to training and progress in order to improve our Products and to develop and train our automated algorithms; as well as to protect the safety or integrity of the products themselves and their performance and functionality. For example, we analyse user behaviour and research how our products are used and process Data, including public feedback, to conduct research for the further development of our Products and our software and algorithms, to in order to offer you and others a better, more intuitive and personalised experience, and to support the growth and engagement of users in our Products.
General marketing. We process Data to provide you with (personalised) marketing material about online products and services. Trainer data may be used for the purpose of promoting the Trainer's services.
Marketing and communications via email/push message. Your email address communicated when registering with Buddyfit will be used to provide you with communications, promotions and information on the Buddyfit service. With your consent, we may send you personalised marketing emails or push messages with information on health and fitness topics, as well as related and unrelated products.
5. Legal basis of processing
The legal basis of the processing is represented by the need to execute the contract (Article 6.1.b of the GDPR), by the consent expressed during the registration phase (Article 6.1.a of the GDPR), by the pursuit of the legitimate interests of the Data Controller relating to management of their economic activity (Article 6.1.f of the GDPR), by the pursuit of the legitimate interests of the data subject to use the services (Article 6.1.f of the GDPR) and by the applicable legal obligations (Article 6.1.c of the GDPR).
6. Data provided by the data subject and data collected during the training activity
The provision of data is necessary for the provision of the service of the owner, and in some cases to comply with the law and to protect the legitimate interests of the Data Controller. Therefore, failure, partial or incorrect provision of such personal data will result in the objective impossibility for the Data Controller to establish or regularly conduct the contractual relationship.
Most of the Personal Data are recorded by us when Data Subjects themselves communicate them spontaneously, for example when they get in touch with us, especially when registering a Buddyfit account, when placing an order or activating a subscription when interacting with the Platform, when using the chat, when uploading photos or entering or editing information or requesting information. Some data is collected during the exercises in order to provide the training activity tracking service.
Some data necessary for the creation of the profile can also be collected via Facebook or Google accounts. If you register a Buddyfit account via your social media login details, we will receive the following information:
From Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, "Facebook"): full name, email address, gender, date of birth, profile picture.
From Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA, "Google"): First and last name, email address, gender, date of birth and profile picture.
For more information on the processing and protection of personal data by Facebook and on the related settings, you can consult the "Data Policy" (https://www.facebook.com/about/privacy/update) and the "Conditions of use "(https://www.facebook.com/legal/terms) of Facebook. Current conditions governing the aforementioned option of accessing or registering via Facebook are also listed here. Per maggiori informazioni sul trattamento e la protezione dei dati personali da parte di Google e sulle relative impostazioni, è possibile consultare la relativa pagina (https://policies.google.com/privacy) e i Termini di servizio (https://policies.google.com/terms) di Google. The current conditions governing the aforementioned option of accessing or registering via Google are also listed here.
7. Access permissions and data sharing with apps and devices
We need these access possibilities and information for the purpose of the technical functionality of our apps and the provision of the services offered with the app and the Platform in general, in particular to be able to access the camera or photos and to send push notifications. During the installation procedure and/or before first use, we request permission to access the individual functions and information and we will access these functions only to the extent that the Data Subject gives their consent. You can manually lock the access rights in the settings according to the respective operating system. How to proceed is indicated in the manufacturer's instructions for each OS device. However, keep in mind that in the absence of the relevant authorisation, the use of the app will be limited or impossible. Before the first use of the app, permissions are requested for the purposes illustrated.
Buddyfit uses Apple's HealthKit tool (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA), which is the Apple Device Health App, which provides a central repository for health and fitness data on iPhone and Apple Watch and, with the explicit consent of the data subject, allows apps to communicate with HealthKit to access and share such data.
Depending on your settings, data may be transferred from Buddyfit to HealthKit and vice versa.
The data are processed in any case in the manner and for the purposes described in this statement.
Buddyfit and its statistical service providers may analyse engagement data for research purposes, in order to offer a personalised experience and to motivate engagement in healthy habits.
You can choose whether to activate the data exchange between Buddyfit and HealthKit by accepting when requested or by selecting your preferences in the Buddyfit settings. You can also choose to enable sharing of some data and not others. You can prevent Buddyfit from accessing your data at any time by changing the settings on your mobile device.
Functions similar to Healthkit could be implemented for other devices and in particular through the Google Fit function for Android devices.
Buddyfit may have features that include using wearable devices such as smartwatches.
8. Processing methods
The Data is processed in accordance with the General Data Protection Regulation (Reg. EU 2016/679, hereinafter also GDPR), as well as with the additional legal provisions in force including the Privacy Code (Legislative Decree 96/2003) and the Legislative Decree 101/2018.
Personal data is used only to the extent necessary to fulfil and perform our services or for other purposes as described in this statement.
The processing of personal data is based on principles of correctness, lawfulness and transparency. The processing can be carried out using manual, paper, electronic and IT tools with methods strictly related to the purposes for which the data are processed and in any case in compliance with the provisions of art. 32 GDPR regarding security measures and through the use of suitable procedures that avoid the risk of loss, unauthorised access, illicit use and dissemination.
The Data Controller does process data in a manner that consist of automated decision-making processes that produce legal effects concerning the Data Controller or that significantly affects the Data Controller in a similar way. The data are used and processed in a computerised and automated way only for the creation of the training plan. Some profiling activities can be carried out for the purpose of sending emails and communications.
9. Data recipients
The personal data processed by the Data Controller will not be disclosed, i.e. it will not be disclosed to indeterminate subjects, in any possible form.
The Data Controller will be able to access the data. In particular, based on the roles assigned and tasks performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the Data Controller.
In the event that the User sends a message in the public chat of the Class, the message and the name of the User will be visible to the Trainer and to all other Users of the Class.
They may also be communicated, within the strictly necessary limits, to external subjects who collaborate with the Data Controller who will assume, depending on the case, the role of data processors or independent data controllers; these subjects include: auditing firms, law firms, payment or video communication service providers, server provider, database service provider, email and newsletter service providers, call centre service providers, banks and credit institutions, as well as all subjects entitled to access it by virtue of the provisions of the law, regulations, community regulations.
We will share Data with third parties if necessary, for the purposes, or following a request from a national authority, or following a court ruling, or if required by law, or if necessary to investigate and defend against third-party requests or allegations, or to exercise and protect the rights and safety of Buddyfit, our members and staff; or if you have (explicitly) given your consent.
10. Sharing data with the Trainer and his/her role.
Only in the event that the User decides to connect his/her profile with a trusted Trainer, he/she will be able to access the data necessary to carry out his activity (the Trainer will not be able to access your images, except for the profile image) and will operate as autonomous data controller.
The Trainer will be able to interact with you through the platform and, modify training plans and create personalised training plans. Buddyfit assumes no responsibility for the validity and correctness of the changes made by the Trainer.
In relation to the processing of User data to which the Trainer has access, the latter is required to manage them in accordance with this document and further agreements with Buddyfit as well as in compliance with the GDPR and other privacy regulations. The Trainer is solely responsible for managing the data to which he/she has access, Buddyfit has entered into an agreement with the Trainer under which he/she undertakes to process the data in a compliant manner and Buddyfit cannot in any case be held responsible for a any unlawful processing by the latter.
Only in case of specific and expressed consent from the User, the connected Trainer will be able to access the images to be uploaded by the User in order to be able to evaluate the progress and needs of the User according to the training.
11. Data transfer
The data may be transferred outside the European Union, in particular to the USA. This transfer will in any case take place in the presence of legal conditions or on the basis of an adequacy decision adopted by the European Commission.
12. Storage of data
The Data Controller keeps and processes personal data for the time necessary to fulfil the indicated purposes and as long as there is a contractual and/or legitimate interest relationship. Subsequently, personal data will be stored – and not processed further – for the time established by the current provisions on civil and fiscal matters.
We store the data of the data subject for the time required for the fulfilment of the intended purpose and/or until the data subject cancels his account or until the retention terms established by law make it necessary to archive. Finally, in accordance with the law, the data is deleted or its processing restricted.
We are required to keep your data for as long as you have an account with us. If the data subject residing in the EU stops using our services without requesting to delete your information, we will keep the data for 25 months after the last interaction with any point of contact.
If the data subject decides to delete your account, all data on his account held by Buddyfit will be removed, with the exception of the following: Data necessary for the fulfilment of contractual obligations or compliance with the conservation obligations required by law they will not be eliminated, but minimised to the extent necessary.
A request for deletion does not affect the Data, if their storage is required by law or for other specific purposes.
13. Information on the sending of newsletters and commercial communications.
For the purposes of the operation and use of the platform, the Data Controller will use the data provided by registered users to send communications relating to the products and services offered, fitness news and other information communications, newsletters, promotional communications, including commercial ones (referring to services similar to those to which the data subject has signed up) with automated methods of contact by email or via push notifications.
In relation to this processing, the indications referred to in this information are valid with the addition of the following clarifications:
1) The Data Subject, by registering on Buddyfit and providing his contact details, gives his consent to the sending of such communications. The processing referred to in this paragraph does not require the explicit consent of the data subject as the sending of these communications is necessary for the purpose of providing the service or is authorised pursuant to the fourth paragraph of art. 130 of the Privacy Code.
2) In case of consent of the data subject, other commercial communications not included among those indicated above could also be sent
3) The possibility is reserved for the data subject to oppose this processing by using the appropriate page on the platform to choose which notifications to receive or by contacting the Data Controller at the email address indicated above. The data subject is however informed that the refusal to receive such communications could compromise the experience of using the Services.
4) The data provided will be used with IT means for the sole purpose of providing the requested service and, for this reason, will be kept exclusively for the period in which it will be active, unless they are necessary for the other purposes indicated above.
5) For the purpose of sending communications only, the Data Controller uses profiling mechanisms, with differentiation based on the type of customer, the sectors of interest and the relevant elements. The consequence of this treatment is represented only by the sending of specific communications.
6) For the purpose of sending such communications, contact details and other useful information will be transmitted to suppliers of the newsletter service.
Our services use (for technical reasons, to improve services, for marketing purposes and to track the user experience) various tracking tools including Google Analytics, Google Firebase, Facebook Analytics, Pixel Facebook, Adjust, etc.
Cookies. This paragraph is intended to inform users of our website on how to manage their personal data by providing information relating to the processing of data through cookies.
Our website and our app automatically collect some data during user visits. These are data that are used in order to verify the correct functioning of the services.
The data collected with cookies includes: Internet Protocol (IP) address; type of browser used to connect to the website; date and time of the visit to the website; web page of origin; number of clicks.
This data is managed through cookies. Cookies are small text files that websites visited by users send to their devices, where they are stored and then retransmitted to these websites on subsequent visits. So-called "third party" cookies, however, are sent by a website other than the one the user is visiting.
Cookies allow our website to recognise the device and are intended to facilitate efficient navigation between pages.
All cookies other than technical ones are installed only following the consent expressed by the data subject. The first time you visit the website, accept this installation by clicking on the appropriate button on the short information banner on the landing page.
Our website uses technical cookies: they are those necessary for the management of thelogin functions, for the management of the game functions and in general for the operation of the website.
The use of these cookies does not provide for the collection of the consent of the data subject: everyone can disable them through the settings of their browser.
Below are the links to the help desk of the main browsers where you can find information on how to disable or delete cookies:
- Google Chrome: https://support.google.com/chrome/answer/95647?hl=it-IT
- Mozilla Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Clearly, blocking cookies will directly affect the browsing experience of the data subject on our website and could prevent the operation of the website, participation in games and the use of services.
Our website also uses third-party cookies, i.e. set by website managers or servers other than the Data Controller.
In particular, our website can incorporate social media buttons to share and comment on our news on your profiles in the Home page and in the pages dedicated to the news of the website.
Facebook (cookies): https://www.facebook.com/help/cookies/
Facebook (privacy): https://www.facebook.com/privacy/explanation
Our website includes components transmitted by Google Analytics and Google Firebase (the analytics services provided by Google). These cookies are used to analyse information on the behaviour of use of our website by the data subject (pages visited, time spent on the website, etc.). You can prevent the use of these cookies in your browser by installing a special add-on available at the following link https://tools.google.com/dlpage/gaoptout.
At this link https://support.google.com/analytics/answer/6004245?hl=it you will find further information on the use and management of data transmitted by Google Analytics.
The website also uses Google Adsense cookies necessary for the management of advertisements. For more information, you can visit the following link https://support.google.com/adsense/answer/1348695?hl=it.
The data collected through social platforms and other cookies may be shared with services located outside the European Union area.
Tracking pixels. Furthermore, with the help of marks on our pages we record so-called tracking pixels – e.g. each time our page is loaded, how often it is called up and clicked - always without any access and connection to the computer of the person concerned. We use the "tracking pixel" of Facebook Inc. (Menlo Park, California) to monitor user behaviour after the click on a Facebook ad and are redirected from the provider's website. This makes it possible to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous, i.e. the personal information of individual users is not displayed. However, taking into account the situation that has arisen, it is important to specify that the data are stored and processed by Facebook which could link the information to the relevant Facebook profile of the data subject and use it for its own promotional purposes, in accordance with the information on the processing of data. Facebook data, available at https://www.facebook.com/about/privacy/. The data subject can allow Facebook and its Trainers to propose advertisements even while not connected to the social network. For this purpose, a cookie may be stored on the computer of the data subject. You can object to the collection of your data by the Facebook pixel or the use of the same for the purpose of displaying Facebook advertisements, through the following address: https://www.facebook.com/settings?tab= ads.
Being certified for the purposes of the Privacy Shield, Facebook guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The legal basis for this processing is assured by Art. 6, paragraph 1, points b) and f) of the GDPR (i.e. the General Data Protection Regulation).
Email opening tracking. We remind you that we evaluate the behaviour of the data subject when reading emails with the help of so-called web beacons or tracking pixels. With this information integrated, we can create a user profile to personalise marketing emails/push messages. We collect data when you "Click" on our emails, or any links, and combine that data with your actions in the products. You can withdraw your consent to marketing emails and push messages at any time by clicking on the link at the end of the email or by changing your device's push message settings. We store tracking information as long as you are subscribed to our marketing emails.
15. Rights of the Data Subject.
The data subject, if the limitations provided by law do not apply, has the following rights:
1. Right to obtain from the Data Controller confirmation as to whether or not personal data concerning him/her is being processed and, in this case, the right to obtain access to the data and additional information listed in art. 15 GDPR;
2. Right to obtain from the Data Controller the correction of inaccurate personal data concerning him/her without undue delay; taking into account the purposes of the processing, the data subject also has the right to obtain the integration of incomplete personal data, also by providing an additional declaration;
3. Right to obtain from the Data Controller, without undue delay, the cancellation of personal data concerning him/her, where one of the reasons indicated by Article 17 of the GDPR exists;
4. Right to obtain from the Data Controller the limitation of processing when one of the hypotheses listed by Article 18 of the GDPR occurs; oppose the processing of personal data, when possible;
5. Right to receive personal data concerning him/her; right to transmit such data to another data controller without impediments by the Data Controller, if the provisions of art. 20 GDPR should apply.
Each data subject can exercise their rights by sending an email request to the Data Controller, to the email address indicated in this statement.
The data subject also has the right to lodge a complaint if he considers that the processing of personal data does not comply with the provisions of the law; this complaint can be made by registered letter with return receipt addressed to the Guarantor for the protection of personal data, Piazza Venezia, 11, 00187 Rome, or by certified email sent to firstname.lastname@example.org (or through the contacts indicated on the website of the Guarantor).
16. Specific information for trainers.
This information is fully applied to Trainers except as specified below.
Among the Trainer data that are processed, we remember in particular name and surname, tax code, VAT number, address of the place where the professional activity is carried out, billing address, payment data, any professional membership and registration number , email for billing, telephone number, images and videos uploaded, identity documents and any certifications communicated.
The Trainer's profile can be made public on the Platform and in this case the information entered is therefore public and accessible by all users of the Platform. Among the public information we remember: name, surname, area, reference gym, contact details, media, images, videos, any other information added by the Trainer himself for promotional purposes, features and details on the services offered, and everything necessary for the use of the services and functions of the Platform.
The Trainer's data are processed (as well as for the purposes and legal bases indicated above) mainly for the execution of the contractual relationship between the Data Controller and the Trainer described in the documents called "General Conditions for Trainer" and "Reserved Commercial Conditions for the Trainer".
For the purpose of promoting their profile and services, the Trainer can publish and show Users images of the results obtained by their customers. The Trainer will only use the images of its customers, committing to Buddyfit to obtain explicit written authorisations from the same, in a manner that complies with the privacy legislation and subject to the changes to the image necessary to make the subjects unrecognisable. In any case, the Trainer will not be able to use the images uploaded by the Users on the Buddyfit Platform but only those transmitted directly by the customers for this purpose with methods external to the Platform.
In the event of express consent from the Trainer, commercial communications and newsletters may also be sent for services not similar to those for which the Trainer has provided their data.
The Data Controller reserves the right to make changes to this information at any time, giving notice to the data subjects by publishing it on the platform and in any other ways required by law. The data subject who continues to use Buddyfit after the publication of the changes accepts these changes without reserve. We will notify you when we make material changes that you need to be aware of.