Buddyfit is a paid service supporting physical training. The "Buddyfit" platform is accessible to Users via website and applications for mobile devices and other devices and is managed by Buddyfit S.r.l. (with registered office in Genoa, Piazza Borgo Pila 39, and email address: privacy@buddyfit.club) and Gymondo GmbH (with registered office in Berlin, Ritterstraße 12, and email address: privacy@gymondo.de).
The joint controllers of data processing whom you may contact are Buddyfit S.r.l. (email address: privacy@buddyfit.club) and Gymondo GmbH (email address: privacy@gymondo.de). The Joint Controllers of personal data processing, pursuant to Article 13 of European Regulation 2016/679 (GDPR) and Legislative Decree No. 196/2003 as amended and other applicable provisions, are required to provide certain information regarding the use of your personal data.
Buddyfit S.r.l has appointed Lawyer Giacomo Berrino as DPO (Data Protection Officer) who can be contacted at the following email address: dpo@buddyfit.club
Gymondo GmbH has appointed Thomas Weber as DPO (Data Protection Officer) who can be contacted at the following email address: weber@isico-datenschutz.de

The Joint Controllers process the personal data of users of the Buddyfit Platform, including Users who use the Platform for training and Customers who use the Platform for purchasing physical products such as clothing, training equipment, and possibly accessories and objects of any kind. These natural persons are hereinafter also referred to as "Data Subjects," in accordance with the definitions provided by current regulations. Below we briefly explain what data we use and for what purposes.
Identity Data, including: name (first name, surname), date of birth, email address, gender, preferred language, profession, IP address, social media identifiers, and information received through your Facebook or Google account. We use this data to verify your identity, provide the service, for payments, and for messaging on the Platform. The name will also be published and visible in challenge/contest rankings if the User decides to register and participate in these.
Contact Data, including: your phone number, shipping and billing address, email address, social media, and any other communication channel you have used to contact us for additional information. We use this data to contact you for various purposes depending on the objectives and to execute delivery services for physical products purchased through the Platform.
Location Data, including: physical address. We use this data for profiling purposes, to manage our products and adapt your experience with the products to your geographical area, potentially connect Users and Trainers within the Platform, as well as for billing purposes.
Measurements, including: age, weight, height, and hypothetical body fat percentage (which you provide). We use this data to manage our products and offer you customized training solutions.
Communication Data: within the Platform, it is possible to send messages to other subjects (for example in the Buddyfit Class public chat). Chat data is therefore managed for the purpose of providing the service and reading previous messages by users. Buddyfit recommends not transmitting sensitive data within messages. The name provided by the user will be displayed next to the message.
Payment Data: for purchases made by Users on the platform (including the purchase of physical products through the Platform), some personal data must necessarily be processed including, in addition to contact data, also tax code, billing address, and possibly some payment data. The purpose is to allow payments to be made. Buddyfit does not have access to the complete credit card number (and does not process it in any way) which is managed directly by the service provider.
Purchase Information, including: payment service provider, Subscription duration, price, currency. We use payment service providers to process payments and manage any refunds. Although we do not store credit card data, we store the payment identification number issued by the respective provider (e.g., Apple, Google, Stripe, Paypal, Mollie, Shopify) that could be assigned to you. We use it to process your payments.
Device and Usage Information, including: data about your device or browser that provide insights into your browsing habits or device usage. Device information is collected through our apps and your browsing data is collected through our cookies, tags, and pixels. Data collected from monitoring services such as Adjust, Google Analytics, Google Firebase, Facebook Analytics, and Facebook pixel is therefore processed. Such information includes but is not limited to: IP address, date and time of visit, duration of sessions on our website and App, volume of data transmitted, referring URL (if you came to our site through another website or advertisement), pages visited on our site, browser type (including language and browser software version) and add-ons, device identifier and characteristics, device type, versions, operating system. This is often necessary for network security purposes, as well as for the Controllers' needs related to service usage tracking and for service development and improvements.
Preference and Physical Data, including: preferred language, access location, measurement units (distance, weight, temperature), personal goals and motivation (e.g., weight loss, toning, or increasing mass and strength goals), information you provide about your current athletic status and the status you want to achieve (including information you provide about weight and body fat), your comments on workouts (e.g., when you indicate that the workout was too challenging or too easy). We use this data for profiling purposes and to allow you to monitor your results and track workouts by seeing your activity history for monitoring your results and tracking workouts.
Training Preference Data including: preferred place to train, preferred type of training and preferences between different training alternatives, training experiences, User's profession data, User's period of inactivity, preferred time of day to train and frequency per week. We use this data for profiling purposes, to identify and define your tastes, preferences, habits, and needs.
Activity and Results Data, including: data regarding your fitness activities, workout program information (e.g., start date, workout program, associated fitness activities), information about completed workouts (e.g., workout start and end times, activity type, sports category), hypothetical calories burned, your comments on workouts (e.g., when you indicate that the workout was too challenging or too easy). We use this data for profiling purposes, to manage our products, to help you improve your performance goals and User experience, as well as to identify the products most suitable for you based on your training patterns.
Profile Picture You Upload to the Platform: we use this data only if you decide to provide it to us (you are not obligated to do so in any case). The image will also be published and visible in challenge/contest rankings if the User decides to register and participate in these.

Finally, please note that the computer systems and software procedures used to operate the Buddyfit App (Apple Store or Google Play or Huawei App Gallery) may acquire some data relating to Users transmitted in the use of smartphones and devices used. These might include, but are not limited to, geographical location, phone identity, User contacts, email, credit card data. For more information on the processing and protection of personal data and related settings, you can consult:
Apple Store: https://www.apple.com/legal/internet-services/itunes/it/terms.html
‍Google Play: https://policies.google.com/privacy
‍Huawei App Gallery: https://consumer.huawei.com/minisite/cloudservice/hiapp/privacy-statement.htm?code=DE&branchid=2&language=it

Personal data is processed by the Joint Controllers for the purposes described previously and therefore for:
Managing the platform and providing service to Users, and thus to authenticate your access to an account, verify your Subscription, provide you with workout plans, participate in classes, use all Platform functions including chat, access your preferences and goals, monitor and track workouts and results to allow you to follow your activities, statistics and progress.
Management of messaging services within the Platform, among Buddyfit services there are also communication tools within the platform such as public chat during Classes that allows the User to write messages that are displayed to other Users of the Class and the Trainer. In the public chat, the name (entered during registration or subsequently modified) of the User who sent the message will be displayed and will be visible to the Trainer and other Users.
Management of purchases and payments and therefore to manage payment operations both in credit and debit, both for User purchases on the Platform, and for purchases of physical products on the Platform, and for User subscriptions. Data necessary for accounting, billing and tax management purposes are also managed.
Customer support, and therefore to carry out checks, respond to your requests, and resolve complaints and service issues, e.g., to contact you following a question you posed to our customer support team.
Fulfillment related to the contractual relationship, and therefore process payment and Subscription activation, manage orders related to the purchase of physical products, manage administrative, accounting, civil and tax obligations.
Business needs and research and development, and therefore to manage our business needs, including the creation (in anonymous and aggregate form) of statistics on the use of our services also divided by age groups, location and other factors, to monitor, analyze and improve the use of our products; we use, always in anonymous and/or aggregate form, all data relating to workouts and progress in order to improve our Products and to develop and train our automated algorithms; as well as to protect the security or integrity of the products themselves and their performance and functionality. For example, we analyze user behavior and conduct research on how our products are used and process Data, including public feedback, to conduct research for the further development of our Products and our software and algorithms, in order to offer you and others a better, more intuitive and personalized experience, and support user growth and engagement in our Products.
Profiling. And therefore to identify and define your tastes, your training preferences, your habits, your needs and your consumption choices in order to improve our services and to provide you with a personalized service.
General Marketing. Unless otherwise and expressly indicated in this Privacy Policy (e.g., in the case of using Apple's HealthKit tool), we process Data to provide you with (personalized) marketing material on online products and services.
Marketing and communications via email/push message. Your email address provided during registration with Buddyfit will be used to provide you with communications, promotions and information about the Buddyfit service. With your consent, we may send you personalized marketing emails or push messages with information on fitness and health topics, as well as related and unrelated products.

The legal basis for processing is represented by the need to execute the contract (Art. 6.1.b of GDPR), consent expressed during registration (Art. 6.1.a of GDPR), pursuit of legitimate interests of the Joint Controllers relating to the management of their economic activity (Art. 6.1.f of GDPR), pursuit of legitimate interests of the Data Subject to use the services (Art. 6.1.f of GDPR) and legal obligation (Art. 6.1.c of GDPR).

The provision of data is necessary for the provision of the Joint Controllers' service, and in some cases to comply with legal requirements and to protect the legitimate interest of the Joint Controllers. Therefore, the failure, partial or inaccurate provision of such personal data will result in the objective impossibility for the Joint Controllers to establish or properly conduct the contractual relationship.
Most Personal Data is recorded by us when the Data Subject themselves communicates it to us spontaneously, for example when they contact us, especially when registering a Buddyfit account, when placing an order or activating a Subscription, when interacting with the Platform, when using chat, when contacting Customer Support (through email or certified email), when uploading photos or entering or modifying information or requesting information. Some data is collected during exercises for the purpose of providing the workout tracking service.
Some data necessary for profile creation can also be collected through Facebook or Google accounts. If you register a Buddyfit account through social login credentials, we will receive the following information:
From Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, "Facebook"): first and last name, email address, gender, date of birth, profile picture. From Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, "Google"): first and last name, email address, gender, date of birth and profile picture. For more information on the processing and protection of personal data by Facebook and related settings, you can consult the "Data Policy" (https://www.facebook.com/about/privacy/update) and "Terms of Use" (https://www.facebook.com/legal/terms) of Facebook. Here are also reported the current conditions governing the above-mentioned Facebook access or registration option. For more information on the processing and protection of personal data by Google and related settings, you can consult the relevant page (https://policies.google.com/privacy) and Google's Terms of Service (https://policies.google.com/terms).

We need such access possibilities and information for the technical functionality of our apps and the provision of services offered with the app and Platform in general, in particular to be able to access the camera or photos and to send push notifications. During the installation procedure and/or before first use, we request permission to access individual functions and information and will access such functions only to the extent that the Data Subject gives consent. You can manually block access rights in the settings according to the respective operating system. How to proceed is indicated in the manufacturer's instructions for each OS device. Please note, however, that in the absence of the relevant authorization, the use of the app will be limited or impossible.
Buddyfit uses Apple's HealthKit tool (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, United States), which is the Health App for Apple devices, which provides a central repository for health and fitness data (and in particular steps, sleep and workout activity) on iPhone and Apple Watch and, with the Data Subject's explicit consent, allows apps to communicate with HealthKit to access and share such data.
Depending on your settings, data may be transferred from Buddyfit to HealthKit and vice versa.
The data is processed in any case according to the methods and purposes described in this notice. Specifically, data collected from HealthKit will be used by Buddyfit only to provide health, movement and fitness services connected with the App. Data collected from HealthKit will not be used by Buddyfit for marketing purposes, advertising or other data mining purposes based on use, including sharing with third parties.
Buddyfit and its statistical service providers may analyze engagement data for research purposes, to provide a personalized experience and to motivate engagement in healthy habits. You can choose whether to activate data exchange between Buddyfit and HealthKit by accepting when requested or by selecting preferences in Buddyfit settings. You can also choose to activate sharing of some data and not others. You can prevent Buddyfit from accessing your data at any time by modifying your mobile device settings.
Similar functions to Healthkit might be implemented for other devices and in particular through the Google Fit function for Android devices.
Buddyfit may have functions that include the use of wearable devices such as smartwatches.

Data is processed in compliance with the General Data Protection Regulation (EU Reg. 2016/679, hereinafter also GDPR), as well as with other current legal provisions, including the Privacy Code (Legislative Decree No. 96/2003 as amended) and Legislative Decree No. 101/2018.
Personal data is used exclusively to the extent necessary to fulfill and execute our services or for the other purposes as described in this notice.
The processing of personal data is based on principles of correctness, lawfulness and transparency. Processing may be carried out using manual, paper, electronic and computer tools with methods strictly related to the purposes for which the data is processed and in any case in compliance with the provisions of Article 32 GDPR regarding security measures and through the use of appropriate procedures that avoid the risk of loss, unauthorized access, illicit use and dissemination.
Data is used and processed in a computerized and automated way only for the creation of the personalized training plan and to improve our services. Other profiling activities may be carried out for the purpose of sending emails and communications.
Regarding data processed through the use of cookies, see below.

Personal data processed by the Joint Controllers will not be disseminated, meaning that it will not be made known to undetermined subjects, in any possible form.
The Controllers' collaborators may access the data. In particular, based on the work roles and duties performed, some collaborators of the Joint Controllers have been authorized to process personal data within the limits of their competencies and in accordance with the instructions given to them by the Joint Controllers themselves.
If the User sends a message in the Class public chat, the message and the User's name will be visible to the Trainer and all other Users of the Class.
They may also be communicated, within strictly necessary limits, to external subjects who collaborate with the Joint Controllers who will assume, depending on the cases, the role of data processors or autonomous controllers; these subjects include: audit firms, law firms, payment or video communication service providers, suppliers for the sale of physical products, server provider, database service provider, email and newsletter service providers, call center service providers, customer success and CRM services, banks and credit institutions, as well as all subjects entitled to access them by force of law provisions, regulations, EU regulations.
We will share Data with third parties if necessary, for the purposes, or following a request from a national authority, or following a court judgment, or if required by law, or if necessary to conduct investigations and defend ourselves from third party requests or accusations, or to exercise and protect the rights and security of Buddyfit, our members and staff; or if you have (explicitly) provided your consent.

Data may be transferred outside the European Union, particularly to the USA. Such transfer will nevertheless take place in the presence of legal conditions or on the basis of an adequacy decision adopted by the European Commission.

The Joint Controllers of processing retain and process personal data for the time necessary to fulfill the indicated purposes and as long as there is a contractual relationship and/or legitimate interest. Subsequently, personal data will be retained for the time established by current civil and tax provisions.
In particular:
- identification data, contact data, payment-related data, purchase information will be kept for a maximum of 10 years from the termination of the subscription or 2 years from the last interaction;
- data relating to measurements, device and usage, preferences and physical data, training preferences, activities and results, will be kept for a maximum of 2 years from the termination of the subscription or 2 years from the last interaction;

Location data will be kept for up to 60 days from the termination of the subscription.
Data managed within the chat for the purpose of providing Buddyfit services and reading previous messages by users will be kept for a maximum time of one month, after which they will be deleted.
We store the Data Subject's data for the time required for the fulfillment of the intended purpose and/or until the Data Subject deletes their account or until the retention terms established by law make archiving necessary. Finally, in accordance with legislative provisions, data is deleted or its processing is limited.
We are required to keep your data for the entire period during which you have an account with us. If the Data Subject residing in the EU stops using our services without requesting to delete their information, we will keep the data for 25 months after the last interaction with any point of contact.
If the Data Subject decides to delete their account, all data on their account in Buddyfit's possession will be removed, with the exception of the following: Data necessary for the fulfillment of contractual obligations or compliance with legal retention obligations will not be deleted, but reduced to the minimum necessary extent.
A deletion request does not affect Data if their archiving is required by law or for other specific purposes.

For the purposes of the operation and use of the platform, the Joint Controllers will use the data provided by registered users to send communications relating to the products and services offered, fitness news and other informative communications, newsletters, promotional communications including those of a commercial nature (referring to services similar to those to which the Data Subject has subscribed) with automated contact methods via e-mail or push notifications. In relation to this processing, the indications in this information notice apply with the addition of the following clarifications:
1) The Data Subject, by registering on Buddyfit and providing their contact data, gives their consent to the sending of such communications. The processing referred to in this paragraph does not require the explicit consent of the Data Subject as the sending of these communications is necessary for the provision of the service or is authorized pursuant to the fourth paragraph of Article 130 of the Privacy Code.
2) In case of consent of the Data Subject, other commercial communications not included among those indicated above may also be sent
3) The Data Subject has the right to object to such processing by using the appropriate page on the platform to choose which notifications to receive or by contacting the Joint Controllers at the email address indicated above. However, the Data Subject is informed that refusing to receive such communications could compromise the experience of using the Services.
4) The data provided will be used with computer and telematic tools for the sole purpose of providing the requested service and, for this reason, will be kept exclusively for the period in which it will be active, unless they are necessary for the other purposes indicated above.
5) Only for the purpose of sending communications, the Joint Controllers use profiling mechanisms by making differentiations based on customer type, areas of interest and relevant elements. The consequence of this processing is represented solely by the sending of specific communications.
6) For the purpose of sending such communications, contact data and other useful information will be transmitted to newsletter service providers.

Our services use (for technical reasons, to improve services, for marketing purposes and to track usage experience) various tracking tools, including Google Analytics, Google Firebase, Facebook Analytics, Facebook Pixel, Adjust, etc.
Cookies. This paragraph aims to inform users of our site about how their personal data is managed by providing information about data processing through cookies.
Our site and our app automatically collect certain data during user visits. This is data that is used to verify the proper functioning of services.
Among the data collected with cookies are included: IP (Internet Protocol) address; type of browser used to connect to the site; date and time of site visit; referring web page; number of clicks.
These data are managed through cookies. Cookies are small text files that sites visited by users send to their terminals, where they are stored to be then retransmitted to the same sites on the next visit. "Third-party" cookies are, instead, set by a website different from the one the Data Subject is visiting.
Cookies allow our site to recognize the device and are intended to facilitate efficient navigation between pages.
All cookies other than technical ones are installed only following the Data Subject's express consent. The first time you visit the site, you accept such installation by clicking on the appropriate button present on the brief information banner on the landing page.
Our site uses technical cookies: these are those necessary for managing login functions, for managing game functions and in general for the operation of the site.
The use of these cookies does not require the collection of the Data Subject's consent: everyone can deactivate them through their browser settings.
Below are the links to the help desk of the main browsers where you can find information on how to disable or delete cookies:
Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
‍Google Chrome: https://support.google.com/chrome/answer/95647?hl=it-IT
‍Mozilla Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
‍Safari: https://support.apple.com/kb/PH17191?locale=it_IT&viewlocale=it_IT
‍
Clearly, blocking cookies will directly affect the Data Subject's browsing experience on our website and could prevent the site from functioning, participation in games and use of services.
Our site also uses third-party cookies, set by website managers or servers different from the Joint Controllers.
In particular, our site may incorporate social buttons in the Home page and in the news pages of the site to share and comment on our news on your profiles.
When the Data Subject clicks on the button accepting the use of cookies, they are installed. The method of processing data collected by these cookies is regulated by the privacy policies of the individual social networks, which are:
Facebook (cookies): https://www.facebook.com/help/cookies/
‍Facebook (privacy): https://www.facebook.com/privacy/explanation
‍Google: http://www.google.com/intl/it/policies/privacy/
‍Adjust: https://www.adjust.com/terms/privacy-policy/

Our site includes components transmitted by Google Analytics and Google Firebase (the analysis services provided by Google). These cookies are used to analyze information about the behaviors of use of our site by the Data Subject (pages visited, length of stay on the site, etc.). You can prevent the use of such cookies in the browser by installing a special additional component available at the following link https://tools.google.com/dlpage/gaoptout.

At this link https://support.google.com/analytics/answer/6004245?hl=it you can find additional information regarding the use and management of data transmitted by Google Analytics. The site also uses Google Adsense cookies necessary for managing advertising announcements. For more information, you can visit the following link https://support.google.com/adsense/answer/1348695?hl=it.

Data collected through social platforms and other cookies could be shared with services located outside the European Union area.

Tracking Pixels. Additionally, with the help of markers on our pages, we record so-called tracking pixels - e.g., at each loading of our page, how often it is accessed and clicked - always without any access and connection to the Data Subject's computer. We use Facebook Inc.'s (Menlo Park, California) "tracking pixel" to monitor user behavior after they have clicked on a Facebook advertisement and been redirected from the provider's website. This makes it possible to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous, i.e., the personal information of individual users is not displayed. However, given the situation that has arisen, it is important to specify that the data is stored and processed by Facebook which could link the information to the Data Subject's related Facebook profile and use it for its own promotional purposes, according to what is provided for in Facebook's Data Processing Information, available at https://www.facebook.com/about/privacy/. The Data Subject can allow Facebook and its Partners to propose advertisements even while not connected to the social network. For this purpose, a cookie may be stored on the Data Subject's computer. You can object to the collection of your data by the Facebook pixel or to the use of the same for the purpose of displaying Facebook advertisements, through the following address: https://www.facebook.com/settings?tab=ads.

Being certified for Privacy Shield purposes, Facebook guarantees compliance with European data protection regulations (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

The legal basis for such processing is established by Art. 6, paragraph 1, letters b) and f) of the GDPR (i.e., the General Data Protection Regulation).

Email Opening Tracking. We remind you that we evaluate the Data Subject's behavior during email reading with the help of so-called web beacons or tracking pixels. With this integrated information, we can create a user profile to personalize marketing emails/push messages. We collect data when you "Click" on our emails, or on any links and combine such data with your actions in the products. You can revoke your consent to marketing emails and push messages at any time by clicking on the link reported at the end of the email or by modifying your device settings related to push messages. We store tracking information as long as you are subscribed to our marketing emails.

The Data Subject, if there are no limitations provided by law, has the following rights:
‍1. Right to obtain from the Joint Controllers confirmation of whether or not personal data concerning them is being processed and in such case, right to obtain access to the data and to the additional information listed in Article 15 GDPR;
‍2. Right to obtain from the Joint Controllers the rectification of inaccurate personal data concerning them without undue delay; taking into account the purposes of the processing, the Data Subject also has the right to have incomplete personal data completed, including by providing a supplementary statement;
‍3. Right to obtain from the Joint Controllers, without undue delay, the erasure of personal data concerning them, where one of the grounds indicated in Article 17 GDPR exists;
‍4. Right to obtain from the Joint Controllers restriction of processing when one of the cases listed in Article 18 GDPR applies; to object to the processing of personal data, when possible;
‍5. Right to receive the personal data concerning them; right to transmit such data to another controller without hindrance from the Joint Controllers, where the provisions of Article 20 GDPR apply.Each Data Subject can exercise their rights by sending a request via email to the Joint Controllers or to the Data Protection Officer (DPO), at the email addresses indicated in this notice. The Data Subject also has the right to lodge a complaint in the event they believe that the processing of Personal Data does not comply with what is provided for by law; such complaint can be lodged by registered mail with return receipt addressed to Garante per la protezione dei dati personali, Piazza Venezia, 11, 00187 Roma, or through certified email message addressed to protocollo@pec.gpdp.it (or through the contacts indicated on the Garante's website).

The Joint Controllers reserve the right to make changes to this notice at any time, giving notice to the data subjects through publication within the platform and in any other manner required by law. The Data Subject who continues to use Buddyfit after the publication of the changes accepts such changes without reservation. We will send you a notification when we make substantial changes that you need to be aware of.

Buddyfit is a paid physical training support service. 
The Buddyfit platform is accessible to Users via the website and applications for mobile devices and other devices and is managed by the company Buddyfit S.r.l. (with registered office in Genoa, Piazza Borgo Pila 39, and email address privacy@buddyfit.club).
The data controller you can contact is Buddyfit S.r.l. (email address privacy@buddyfit.club). The Data Controller of personal data, pursuant to and for the purposes of art. 13 of the European Regulation 2016/679 (GDPR) and other provisions in force, you are required to provide some information regarding the use of your personal data.

The Data Controller processes the personal data of the users of the Buddyfit Platform and therefore of both the Users who use the Platform to train, the Trainers who use the Platform to provide their services and therefore of both of the Customers who use the Platform to purchase physical products such as clothing, training tools and accessories and objects of all kinds. These natural persons are also identified below as "Data Subjects", in accordance with the definitions in current legislation. Below we briefly explain what data we use and for what purposes.
‍Identity data, including: name (first name, surname), date of birth, email address, gender, profile picture, preferred language, IP address, social media identifiers and information received through your Facebook or Google accounts. We use this data to verify your identity, for service provision, for payments and for messaging on the Platform.
‍Contact details, including: your telephone number, shipping and billing address, email address, social media and any other communication channels you have used to contact us for the purpose of obtaining further information. We use this data to contact you for different reasons depending on the purpose as well as to perform the delivery services of the physical products purchased through the Platform.
‍Trainer data: in relation to the Trainers, the additional data provided by the latter in their profile or otherwise communicated to Buddyfit for use for the purposes of the services or the Platform and therefore the data on their skills and experiences, on their CV, are processed and on the type and characteristics of the services offered. This information is processed for the purpose of promoting the services and therefore is made public with the awareness of the Trainer and in his commercial interest. The purpose is to allow the Trainer to be known by the potential customer and to sell their services within the Platform. The images, audio and videos made under the contract between Buddyfit and the Trainer are also dealt with.
‍Location data including: physical address. We use this data to manage our products and adapt your experience with the products themselves to your geographical area, possibly put Users and Trainers in contact within the Platform, as well as for billing.
‍Measurements including: age, weight, height and hypothetical body fat percentage (which you provide us). We use this data to manage our products and offer you training solutions tailored to you.
‍Communication data: within the Platform it is possible to send messages to other subjects (for example between Trainer and User or in the public chat of the Buddyfit Class). The data is then managed within the chat for the purpose of providing the service and reading the previous messages by users. Buddyfit recommends not transmitting sensitive data within messages. The name provided by the user will be displayed next to the message.
‍Payment data: for purchases made by Users on the platform (including the purchase of physical products through the Platform), for payments by Trainers and for Buddyfit payments in favour of Trainers, some personal data are necessarily processed including, in addition to contact data, the tax code, the billing address and possibly some payment data. The purpose is to allow payments to be made. Buddyfit does not have access to the complete credit card number (and does not process it in any way); it is managed directly by the service provider.
‍Purchase information, including: payment service provider, subscription duration, price, currency. We use payment service providers to process payments and to manage any refunds. While we do not store credit card information, we do store the payment identification number which is issued by the respective provider (e.g. Apple, Google, Stripe, Paypal, Mollie, Shopify) and may be assigned to you. We use it to process your payments.
‍Device and usage information, including: data about your device or browser that gives us suggestions about your browsing habits or your use of devices. Device information is collected through our apps and your browsing data is collected from our cookies, tags and pixels. The data collected by monitoring services such as Adjust, Google Analytics, Google Firebase, Facebook Analytics and the Facebook pixel are then processed. This information includes, but is not limited to: IP address, date and time of the visit, duration of sessions on our website and on the App, volume of data transmitted, the reference URL (if you have reached our website via another website or an advertisement), the pages visited on our website, the type of browser (including language and version of the browser software) and add-ons, device identifier and characteristics, type of device, versions, operating system. This is often necessary for purposes related to network security, as well as for the owner's needs related to tracking the use of the service and for the development and improvements of the services.
‍Preference and physique data, including: preferred language, access position, units of measurement (distance, weight, temperature), personal goals and motivation (e.g. weight loss goal, toning or gaining mass and strength), information about your current athletic state and the state you want to achieve (including the information you provide us on weight and body fat), your comments on workouts (e.g. when you indicate that the workout was too demanding or too mild). We use this data to provide you, with automated tools, our personalised training programme service based on your information, to provide you with our service that allows you to get in touch with a trusted Trainer, and to allow you to monitor your results and track your workouts by viewing your activity history.
‍Activity and achievement data, including: data regarding your fitness activities, training program information (e.g. start date, alignment program, associated fitness activities), information about your workouts (e.g. start times and end of workout, type of activity, sport category), hypothetical calories consumed, your comments on workouts (e.g. when you indicate that the workout was too demanding or too mild). We use this data to manage our products, to help you improve your performance goals and experience as a User, as well as to identify the most suitable products for you based on your training patterns. We use this data to provide you, with automated tools, our personalised training programme service based on your information, to provide you with our service that allows you to get in touch with a trusted Trainer, and to allow you to monitor your results and track your workouts by viewing your activity history.
‍Images you upload to the platform, including profile picture and images uploaded for progress tracking. We use this data only if you decide to provide it to us (you are under no circumstances obliged to do so). The profile picture will only be visible to you and your Trusted Trainer if you choose to connect to one. If you provide us with progress images, we store them for the sole purpose of allowing you to monitor your progress within the app; only you will be able to see the progress images.The computer systems and software procedures responsible for the operation of the Buddyfit App (Apple Store or Google Play or Huawei App Gallery) may acquire some data relating to Users transmitted in the use of smartphones and devices used. These may include, by way of example, geographical location, phone identity, User contacts, e-mail, credit card information. For more information on the processing and protection of personal data and their settings, you can consult:
Apple Store: https://www.apple.com/legal/internet-services/itunes/us/terms.html
Google Play: https://policies.google.com/privacy
Huawei App Gallery: https://consumer.huawei.com/minisite/cloudservice/hiapp/privacy-statement.htm?code=DE&branchid=2&language=en

Among the Buddyfit services there is the possibility to upload your own images and videos. Users can upload such content to communicate the activity and progress to the Trainer who assists them or to monitor their own progress over time. The contents of Users are visible only to Users themselves and their associated Trainer. The Trainer can upload images and videos to show their services or to show exercises or other information to Users. The images and videos uploaded by the Trainer may be public on the Platform or visible by numerous subjects depending on the purpose. The data subject can at any time provide for the deletion of these images from the Buddyfit databases or request the deletion if the conditions are met.
‍Protection of uploaded images: Buddyfit offers a high level of computer protection against unwanted access to the images saved on its databases but (unless otherwise required by law) it assumes no responsibility for the case in which third parties are able to access the images in unpredictable and such ways which cannot reasonably be avoided. Furthermore, it is the responsibility of data subjects to keep confidential their profile access credentials as they allow access to images and other information. Buddyfit assumes no responsibility in case of unwanted access to the profile and contents through the correct credentials.
‍Prohibition of uploading images of third parties, prohibited or offensive images or nude images: It is absolutely forbidden for the User and the Trainer to upload images of other people or to upload images whose use or possession is prohibited by law or which are offensive and in any case it is forbidden to insert nude images. Regardless of whether this gives rise to a crime, it is generally forbidden to upload content of a pornographic, sexual, violent, racist, seditious, discriminatory, unsuitable for minors, offensive and/or defamatory nature. When posting your content, you are required to comply with all applicable laws and regulations. The User and the Trainer are also required to refrain from violating the rights of third parties. This applies in particular to the personal rights of third parties and to the intellectual property rights of third parties (e.g. copyright and trademark rights). In particular, users must respect the necessary rights for uploading images. The visualization of the images by Buddyfit and its employees and collaborators is limited according to the privacy legislation and therefore no moderation activity is carried out. The only activity of Buddyfit consists, using computer methods, in saving the images and making them available to the same User or Trainer who uploaded them.We are authorised at any time and without notice, to delete or remove illegal content or content that violates the above principles. In case of violation of the principles set out above, we reserve the right to warn you or temporarily block your profile or cancel the contract of use for just cause in compliance with this clause.
‍Responsibility of Users and Trainers in the use of images. By uploading images, Users or Trainers assume all responsibility for them, exonerate Buddyfit from any responsibility towards them and expressly releases Buddyfit from any liability towards third parties. User or Trainers are obliged to indemnify Buddyfit for all requests from third parties following a violation of their rights by Users or Trainers themselves in relation to uploaded content. Users or Trainers are also required to bear the costs of all legal actions in which Buddyfit may be involved in relation to the aforementioned requests, including all court costs and legal fees to the maximum extent permitted by law, unless their liability for such violations has been expressly excluded.In the event that a request is submitted by a third party, the User or the Trainer must provide Buddyfit, in a timely and accurate manner, all the information available to the User or the Trainer themselves that may be necessary to verify the request and prepare a defensive action. This provision does not affect further claims for damages that Buddyfit may eventually make against the User or the Trainer.

Personal data are processed by the Data Controller for the purposes described above and therefore to:
‍Manage the Platform and provide the service to Users, and therefore to authenticate your access to an account, verify your Subscription, provide you with training schedules, participate in classes, use all the functions of the Platform including the chat, access the your preferences and goals, monitor and track workouts and results to allow you to follow your activities, your statistics and your progress.
‍Manage messaging services within the Platform, among the Buddyfit services there are also communication tools within the Platform such as the chat with the trusted Trainer (for example if the User connects to a Trainer) or the public chat during the Classes which allows the User to write messages that are displayed by the other Users of the Class and by the Trainer. The name (entered during registration or subsequently modified) of the User who sent the message will be displayed in the public chat and will be visible to the Trainer and other Users.
‍Manage purchases and payments and therefore manage payment operations both in credit and debit, both for the purchases of the Users on the Platform, both of the purchase of physical products through the Platform, and for the subscriptions of Users and Trainer and payments to the Trainers. The data necessary for accounting, billing and tax management purposes are also managed.
‍Customer support, and therefore to carry out investigations, respond to your requests, and resolve complaints and service problems, e.g. to contact you following a question you put to our customer support team.
‍Fulfilment related to the execution of the contractual relationship, and therefore to process the payment and activation of the Subscription, to manage the orders related to the purchase of physical products, to manage the administrative, accounting, civil and fiscal obligations.
‍Serve business and research and development needs, and therefore to manage our business needs, including the creation (in anonymous and aggregate form) of statistics on the use of our services also divided by age, place and other, to monitor, analyse and improve the use of our products; we use, always in anonymous and/r aggregate form, all data relating to training and progress in order to improve our Products and to develop and train our automated algorithms; as well as to protect the safety or integrity of the products themselves and their performance and functionality. For example, we analyse user behaviour and research how our products are used and process Data, including public feedback, to conduct research for the further development of our Products and our software and algorithms, to in order to offer you and others a better, more intuitive and personalised experience, and to support the growth and engagement of users in our Products.
‍General marketing. Unless otherwise expressly stated in this Privacy Policy (e.g. when using Apple's HealthKit tool) we process Data to provide you with (personalised) marketing material about online products and services. Trainer data may be used for the purpose of promoting the Trainer's services.
‍Marketing and communications via email/push message. Your email address communicated when registering with Buddyfit will be used to provide you with communications, promotions and information on the Buddyfit service. With your consent, we may send you personalised marketing emails or push messages with information on health and fitness topics, as well as related and unrelated products.

The legal basis of the processing is represented by the need to execute the contract (Article 6.1.b of the GDPR), by the consent expressed during the registration phase (Article 6.1.a of the GDPR), by the pursuit of the legitimate interests of the Data Controller relating to management of their economic activity (Article 6.1.f of the GDPR), by the pursuit of the legitimate interests of the data subject to use the services (Article 6.1.f of the GDPR) and by the applicable legal obligations (Article 6.1.c of the GDPR).

The provision of data is necessary for the provision of the service of the owner, and in some cases to comply with the law and to protect the legitimate interests of the Data Controller. Therefore, failure, partial or incorrect provision of such personal data will result in the objective impossibility for the Data Controller to establish or regularly conduct the contractual relationship.
Most of the Personal Data are recorded by us when Data Subjects themselves communicate them spontaneously, for example when they get in touch with us, especially when registering a Buddyfit account, when placing an order or activating a subscription when interacting with the Platform, when using the chat, when contacting Customer Support (using email or pec), when uploading photos or entering or editing information or requesting information. Some data is collected during the exercises in order to provide the training activity tracking service.
Some data necessary for the creation of the profile can also be collected via Facebook or Google accounts. If you register a Buddyfit account via your social media login details, we will receive the following information:
From Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”): full name, email address, gender, date of birth, profile picture.
From Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA, “Google”): First and last name, email address, gender, date of birth and profile picture.
For more information on the processing and protection of personal data by Facebook and on the related settings, you can consult the “Data Policy” (https://www.facebook.com/about/privacy/update) and the “Conditions of use “(https://www.facebook.com/legal/terms) of Facebook. Current conditions governing the aforementioned option of accessing or registering via Facebook are also listed here. For more information on the processing and protection of personal data by Google and on the related settings, you can consult the “Data Policy” (https://policies.google.com/privacy) and the “Conditions of use” (https://policies.google.com/terms) of Google. The current conditions governing the aforementioned option of accessing or registering via Google are also listed here.

We need these access possibilities and information for the purpose of the technical functionality of our apps and the provision of the services offered with the app and the Platform in general, in particular to be able to access the camera or photos and to send push notifications. During the installation procedure and/or before first use, we request permission to access the individual functions and information and we will access these functions only to the extent that the Data Subject gives their consent. You can manually lock the access rights in the settings according to the respective operating system. How to proceed is indicated in the manufacturer’s instructions for each OS device. However, keep in mind that in the absence of the relevant computerized, the use of the app will be limited or impossible. Before the first use of the app, permissions are requested for the purposes illustrated.
Buddyfit uses Apple’s HealthKit tool (Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA), which is the Apple Device Health App, which provides a central repository for health and fitness data on iPhone and Apple Watch and, with the explicit consent of the data subject, allows apps to communicate with HealthKit to access and share such data. Depending on your settings, data may be transferred from Buddyfit to HealthKit and vice versa.
The data are processed in any case in the manner and for the purposes described in this statement. In detail, HealthKit data will be only used by Buddyfit to provide health, motion or fitness services in connection with the App. HealthKit data will not be used by Buddyfit for marketing, advertising or other use-based data mining purpose, including sharing with third parties.
Buddyfit and its statistical service providers may analyse engagement data for research purposes, in order to offer a computerized experience and to motivate engagement in healthy habits.
You can choose whether to activate the data exchange between Buddyfit and HealthKit by accepting when requested or by selecting your preferences in the Buddyfit settings. You can also choose to enable sharing of some data and not others. You can prevent Buddyfit from accessing your data at any time by changing the settings on your mobile device.
Functions similar to Healthkit could be implemented for other devices and in particular through the Google Fit function for Android devices.
Buddyfit may have features that include using wearable devices such as smartwatches.
Buddyfit Android App’s use and transfers of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

The Data is processed in accordance with the General Data Protection Regulation (Reg. EU 2016/679, hereinafter also GDPR), as well as with the additional legal provisions in force including the Privacy Code (Legislative Decree 96/2003) and the Legislative Decree 101/2018.
Personal data is used only to the extent necessary to fulfil and perform our services or for other purposes as described in this statement.
The processing of personal data is based on principles of correctness, lawfulness and transparency. The processing can be carried out using manual, paper, electronic and IT tools with methods strictly related to the purposes for which the data are processed and in any case in compliance with the provisions of art. 32 GDPR regarding security measures and through the use of suitable procedures that avoid the risk of loss, computerized access, illicit use and dissemination.
The Data Controller does process data in a manner that consist of automated decision-making processes that produce legal effects concerning the Data Controller or that significantly affects the Data Controller in a similar way. The data are used and processed in a computerized and automated way only for the creation of the training plan. Some profiling activities can be carried out for the purpose of sending emails and communications.
With reference to the data processed through the use of cookies, see below.

The personal data processed by the Data Controller will not be disclosed, i.e. it will not be disclosed to indeterminate subjects, in any possible form.
The Data Controller will be able to access the data. In particular, based on the roles assigned and tasks performed, some workers have been entitled to process personal data, within the limits of their competences and in accordance with the instructions given to them by the Data Controller.
In the event that the User sends a message in the public chat of the Class, the message and the name of the User will be visible to the Trainer and to all other Users of the Class.
They may also be communicated, within the strictly necessary limits, to external subjects who collaborate with the Data Controller who will assume, depending on the case, the role of data processors or independent data controllers; these subjects include: auditing firms, law firms, payment or video communication service providers, physical products providers, server provider, database service provider, email and newsletter service providers, call centre service providers, customer success and CRM services, banks and credit institutions, as well as all subjects entitled to access it by virtue of the provisions of the law, regulations, community regulations.
We will share Data with third parties if necessary, for the purposes, or following a request from a national authority, or following a court ruling, or if required by law, or if necessary to investigate and defend against third-party requests or allegations, or to exercise and protect the rights and safety of Buddyfit, our members and staff; or if you have (explicitly) given your consent.

Only in the event that the User decides to connect his/her profile with a trusted Trainer, he/she will be able to access the data necessary to carry out his activity (the Trainer will not be able to access your images, except for the profile image) and will operate as autonomous data controller.
The Trainer will be able to interact with you through the platform and, modify training plans and create personalised training plans. Buddyfit assumes no responsibility for the validity and correctness of the changes made by the Trainer.
In relation to the processing of User data to which the Trainer has access, the latter is required to manage them in accordance with this document and further agreements with Buddyfit as well as in compliance with the GDPR and other privacy regulations. The Trainer is solely responsible for managing the data to which he/she has access, Buddyfit has entered into an agreement with the Trainer under which he/she undertakes to process the data in a compliant manner and Buddyfit cannot in any case be held responsible for a any unlawful processing by the latter.
Only in case of specific and expressed consent from the User, the connected Trainer will be able to access the images to be uploaded by the User in order to be able to evaluate the progress and needs of the User according to the training.

The data may be transferred outside the European Union, in particular to the USA. This transfer will in any case take place in the presence of legal conditions or on the basis of an adequacy decision adopted by the European Commission.

The Data Controller keeps and processes personal data for the time necessary to fulfil the indicated purposes and as long as there is a contractual and/or legitimate interest relationship. Subsequently, personal data will be stored – and not processed further – for the time established by the current provisions on civil and fiscal matters.
We store the data of the data subject for the time required for the fulfilment of the intended purpose and/or until the data subject cancels his account or until the retention terms established by law make it necessary to archive. Finally, in accordance with the law, the data is deleted or its processing restricted.
We are required to keep your data for as long as you have an account with us. If the data subject residing in the EU stops using our services without requesting to delete your information, we will keep the data for 25 months after the last interaction with any point of contact.
If the data subject decides to delete your account, all data on his account held by Buddyfit will be removed, with the exception of the following: Data necessary for the fulfilment of contractual obligations or compliance with the conservation obligations required by law they will not be eliminated, but minimised to the extent necessary.
A request for deletion does not affect the Data, if their storage is required by law or for other specific purposes.

For the purposes of the operation and use of the platform, the Data Controller will use the data provided by registered users to send communications relating to the products and services offered, fitness news and other information communications, newsletters, promotional communications, including commercial ones (referring to services similar to those to which the data subject has signed up) with automated methods of contact by email or via push notifications.
In relation to this processing, the indications referred to in this information are valid with the addition of the following clarifications:
1) The Data Subject, by registering on Buddyfit and providing his contact details, gives his consent to the sending of such communications. The processing referred to in this paragraph does not require the explicit consent of the data subject as the sending of these communications is necessary for the purpose of providing the service or is authorised pursuant to the fourth paragraph of art. 130 of the Privacy Code.
2) In case of consent of the data subject, other commercial communications not included among those indicated above could also be sent.
3) The possibility is reserved for the data subject to oppose this processing by using the appropriate page on the platform to choose which notifications to receive or by contacting the Data Controller at the email address indicated above. The data subject is however informed that the refusal to receive such communications could compromise the experience of using the Services.
4) The data provided will be used with IT means for the sole purpose of providing the requested service and, for this reason, will be kept exclusively for the period in which it will be active, unless they are necessary for the other purposes indicated above.
5) For the purpose of sending communications only, the Data Controller uses profiling mechanisms, with differentiation based on the type of customer, the sectors of interest and the relevant elements. The consequence of this treatment is represented only by the sending of specific communications.
6) For the purpose of sending such communications, contact details and other useful information will be transmitted to suppliers of the newsletter service.

Our services use (for technical reasons, to improve services, for marketing purposes and to track the user experience) various tracking tools including Google Analytics, Google Firebase, Facebook Analytics, Pixel Facebook, Adjust, etc.
‍Cookies. This paragraph is intended to inform users of our website on how to manage their personal data by providing information relating to the processing of data through cookies. Our website and our app automatically collect some data during user visits. These are data that are used in order to verify the correct functioning of the services. The data collected with cookies includes: Internet Protocol (IP) address; type of browser used to connect to the website; date and time of the visit to the website; web page of origin; number of clicks. This data is managed through cookies. Cookies are small text files that websites visited by users send to their devices, where they are stored and then retransmitted to these websites on subsequent visits. So-called "third party" cookies, however, are sent by a website other than the one the user is visiting.
Cookies allow our website to recognise the device and are intended to facilitate efficient navigation between pages.
All cookies other than technical ones are installed only following the consent expressed by the data subject. The first time you visit the website, accept this installation by clicking on the appropriate button on the short information banner on the landing page. Our website uses technical cookies: they are those necessary for the management of the login functions, for the management of the game functions and in general for the operation of the website. The use of these cookies does not provide for the collection of the consent of the data subject: everyone can disable them through the settings of their browser.

Below are the links to the help desk of the main browsers where you can find information on how to disable or delete cookies:
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
‍- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
‍- Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
‍- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
‍
‍Clearly, blocking cookies will directly affect the browsing experience of the data subject on our website and could prevent the operation of the website, participation in games and the use of services. Our website also uses third-party cookies, i.e. set by website managers or servers other than the Data Controller. In particular, our website can incorporate social media buttons to share and comment on our news on your profiles in the Home page and in the pages dedicated to the news of the website. When the data subject clicks on the button accepting the use of cookies, they are installed.
The method of processing the data collected by these cookies is governed by the privacy policies of the individual social networks, which are:
Facebook (cookies): https://www.facebook.com/help/cookies/
‍Facebook (privacy): https://www.facebook.com/privacy/explanation
‍Google: http://www.google.com/intl/en/policies/privacy/
‍AdJust: https://www.adjust.com/terms/privacy-policy/
‍
Our website includes components transmitted by Google Analytics and Google Firebase (the analytics services provided by Google). These cookies are used to analyse information on the behaviour of use of our website by the data subject (pages visited, time spent on the website, etc.). You can prevent the use of these cookies in your browser by installing a special add-on available at the following link https://tools.google.com/dlpage/gaoptout. At this link https://support.google.com/analytics/answer/6004245?hl=en you will find further information on the use and management of data transmitted by Google Analytics. The website also uses Google Adsense cookies necessary for the management of advertisements. For more information, you can visit the following link https://support.google.com/adsense/answer/1348695?hl=en. The data collected through social platforms and other cookies may be shared with services located outside the European Union area.
‍Tracking pixels. Furthermore, with the help of marks on our pages we record so-called tracking pixels – e.g. each time our page is loaded, how often it is called up and clicked - always without any access and connection to the computer of the person concerned. We use the "tracking pixel" of Facebook Inc. (Menlo Park, California) to monitor user behaviour after the click on a Facebook ad and are redirected from the provider's website. This makes it possible to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous, i.e. the personal information of individual users is not displayed. However, taking into account the situation that has arisen, it is important to specify that the data are stored and processed by Facebook which could link the information to the relevant Facebook profile of the data subject and use it for its own promotional purposes, in accordance with the information on the processing of data. Facebook data, available at https://www.facebook.com/about/privacy/. The data subject can allow Facebook and its Trainers to propose advertisements even while not connected to the social network. For this purpose, a cookie may be stored on the computer of the data subject. You can object to the collection of your data by the Facebook pixel or the use of the same for the purpose of displaying Facebook advertisements, through the following address: https://www.facebook.com/settings?tab= ads.
Being certified for the purposes of the Privacy Shield, Facebook guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). The legal basis for this processing is assured by Art. 6, paragraph 1, points b) and f) of the GDPR (i.e. the General Data Protection Regulation).
‍Email opening tracking. We remind you that we evaluate the behaviour of the data subject when reading emails with the help of so-called web beacons or tracking pixels. With this information integrated, we can create a user profile to personalise marketing emails/push messages. We collect data when you "Click" on our emails, or any links, and combine that data with your actions in the products. You can withdraw your consent to marketing emails and push messages at any time by clicking on the link at the end of the email or by changing your device's push message settings. We store tracking information as long as you are subscribed to our marketing emails.

The data subject, if the limitations provided by law do not apply, has the following rights:
1. Right to obtain from the Data Controller confirmation as to whether or not personal data concerning him/her is being processed and, in this case, the right to obtain access to the data and additional information listed in art. 15 GDPR;
2. Right to obtain from the Data Controller the correction of inaccurate personal data concerning him/her without undue delay; taking into account the purposes of the processing, the data subject also has the right to obtain the integration of incomplete personal data, also by providing an additional declaration;
3. Right to obtain from the Data Controller, without undue delay, the cancellation of personal data concerning him/her, where one of the reasons indicated by Article 17 of the GDPR exists;
4. Right to obtain from the Data Controller the limitation of processing when one of the hypotheses listed by Article 18 of the GDPR occurs; oppose the processing of personal data, when possible;
5. Right to receive personal data concerning him/her; right to transmit such data to another data controller without impediments by the Data Controller, if the provisions of art. 20 GDPR should apply.
Each data subject can exercise their rights by sending an email request to the Data Controller, to the email address indicated in this statement.
The data subject also has the right to lodge a complaint if he considers that the processing of personal data does not comply with the provisions of the law; this complaint can be made by registered letter with return receipt addressed to the Guarantor for the protection of personal data, Piazza Venezia, 11, 00187 Rome, or by certified email sent to protocol@pec.gpdp.it (or through the contacts indicated on the website of the Guarantor).

This information is fully applied to Trainers except as specified below.
Among the Trainer data that are processed, we remember in particular name and surname, tax code, VAT number, address of the place where the professional activity is carried out, billing address, payment data, any professional membership and registration number , email for billing, telephone number, images and videos uploaded, identity documents and any certifications communicated.
The Trainer's profile can be made public on the Platform and in this case the information entered is therefore public and accessible by all users of the Platform. Among the public information we remember: name, surname, area, reference gym, contact details, media, images, videos, any other information added by the Trainer himself for promotional purposes, features and details on the services offered, and everything necessary for the use of the services and functions of the Platform.
The Trainer's data are processed (as well as for the purposes and legal bases indicated above) mainly for the execution of the contractual relationship between the Data Controller and the Trainer described in the documents called "General Conditions for Trainer" and "Reserved Commercial Conditions for the Trainer".
For the purpose of promoting their profile and services, the Trainer can publish and show Users images of the results obtained by their customers. The Trainer will only use the images of its customers, committing to Buddyfit to obtain explicit written authorisations from the same, in a manner that complies with the privacy legislation and subject to the changes to the image necessary to make the subjects unrecognisable. In any case, the Trainer will not be able to use the images uploaded by the Users on the Buddyfit Platform but only those transmitted directly by the customers for this purpose with methods external to the Platform.
In the event of express consent from the Trainer, commercial communications and newsletters may also be sent for services not similar to those for which the Trainer has provided their data.

The Data Controller reserves the right to make changes to this information at any time, giving notice to the data subjects by publishing it on the platform and in any other ways required by law. The data subject who continues to use Buddyfit after the publication of the changes accepts these changes without reserve. We will notify you when we make material changes that you need to be aware of.