Thank you for your interest in this Privacy Policy and welcome to iAthletiq and our website and shop at www.iathletiq.com (our “website”). Data protection and data security when using our website are very important to us. We would therefore like to inform you which of your Personal Data we collect when you visit our website and for what purposes it is used.
The person responsible in the sense of Luxembourg`s Data Protection Act (“DPA”) and the EU’s General Data Protection Regulation (“GDPR”) is iAthletiq of 14 rue de Neuerburg, 2215 Beggen, Luxembourg (“iAthletiq”, “we”, “us”, “our”). Please direct any questions you may have to info@iathletiq.com using “Data Protection” in the subject line.
Personal data
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour.
Special Category Data
Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data. As well as, data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.
Processing
The processing of Personal Data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis.
Legal basis
In accordance with the DPA and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: i) you have given your consent, ii) the data is necessary for the fulfilment of a contract / pre-contractual measures, iii) the data is necessary for the fulfilment of a legal obligation, or iv) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.
Retention
Processed Personal Data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations.
Provision and use of the website
When you call up and use our website, we collect the Personal Data that your browser automatically transmits to our server. This is technically necessary for us to display our website and to ensure its stability and security. In this sense, we collect the following data: i) IP address of the requesting computer, ii) Date and time of access, iii) name and URL of the file accessed, iv) website from which the access was made (referrer URL), v) browser used and, if applicable, the operating system of your computer as well as the name of your access provider. The legal basis is our legitimate interest.
Hosting
We use the hosting services of Bluehost (Newfold Digital Inc) for the purpose of hosting and displaying our website. Bluehost does so on the basis of processing on our behalf, and that also means that all data collected on our website and shop is processed on Bluehost’s servers. The basis for processing is our legitimate interest and the initiation and/or fulfilment of a contract.
Content Management System
We use the open-source Content Management System (CMS) of WordPress.org to publish and maintain the created and edited content and texts on our website. This means that all content, texts, and contact data submitted to us are transferred to and stored on our Bluehost servers. The legal basis for this processing is our legitimate interest.
WooCommerce
To provide our checkout, we use the WooCommerce service developed and operated by Automattic Inc,. WooCommerce provides us with their online e-commerce platform through which we can offer our goods for sale to you. Both your inventory data and your usage data are stored on WooCommerce’s servers. The legal basis for processing is our legitimate interest.
Fonts
We have integrated Google Fonts by Google. To enable the display of fonts, a connection to Google’s server is established when our website is accessed. This enables Google to determine which website sent the request and to which IP address the display of the font is to be transmitted. The integration is based on our legitimate interest.
Economic analyses and market research
For business reasons, we analyse the data we have on web and server traffic patterns, website interactions, browsing behavior etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarised and or anonymised values. For this purpose we use Google Analytics from Google, and SourceBuster by SourceBuster JS. The legal basis is our legitimate interest and your consent. For further information on our use of analytics, please refer to our Cookie Policy.
Cookies
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. As set out in Luxembourg`s Law of 30 May 2005 (the Electronic Communications Act) (“ECA”) and the EU`s counterpart the Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of non-essential cookies. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent.
Cookie consent
Our website uses a cookie consent management tool to obtain your consent to the storage of cookies and to document this consent. When you enter our website, the following Personal Data is transferred to us: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website. The basis for processing is our legitimate interest.
Contacting us
We offer you the opportunity to contact us using various methods. We collect the data you submit, such as your name, email address, telephone number, and your message in order to process your inquiry and respond to you. The legal basis is both your consent and contract.
Contractual Services
We process the Personal Data involved when you enter into a contract with us in order to be able to provide our contractual services, for example our tuition service. This includes in particular our support, correspondence with you, invoicing, and fulfilment of our contractual, accounting, and tax obligations. Accordingly, the data is processed on the basis of fulfilling our contractual obligations and our legal obligations.
When using our customized training plans services
When you are using our customized training plans services, you will provide a variety of data including your full name and email address for the digital delivery of your plan. Doing so we process that data within the framework of the provision of our services and for the initiation and processing of the existing contractual relationship between you and us. Thus, we process your Personal Data and all information that is necessary in the context of fulfilling the services, exclusively for the purpose of processing and handling the contractual relationship.
Please note: Some of the Personal Data you provide when creating a customized training plan may be considered “special” or “sensitive”, for example data related to your health or fitness or preferences, aims and ambitions and training regimes etc. By choosing to provide this data, you expressly consent to our processing of that special or sensitive data.
Payment Data
To make a purchase, you may need to provide a valid payment method (e.g., credit card). Your payment information will be collected and processed by our authorised payment vendor, Stripe. We do not directly collect or store credit or debit card numbers ourselves in the ordinary course of processing transactions. The legal basis for the provision of a payment system is the establishment and implementation of the contract.
Administration, financial accounting, office organisation, contact management
We process data in the context of administrative tasks as well as organisation of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.
We undertake to protect your privacy and to treat your Personal Data confidentially. In order to prevent manipulation, loss, or misuse of your data stored with us, we take extensive technical and organisational security precautions which are regularly reviewed and adapted to technological progress. These include, among other things, the use of recognised encryption procedures (SSL or TLS).
However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions that are not in our area of responsibility. We have no technical influence on this. It is the user’s responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.
We may share your Personal Data with our business partners for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request, or customising our services to better meet your needs. We share your Personal Data only with business partners who agree to protect and use your Personal Data solely for the purposes specified by us.
We may also disclose your Personal Data for any purpose with your consent or for law enforcement, fraud prevention or other legal actions as required by law or regulation, or if we reasonably believe that we must protect us, our customers, or other business interests. Except as described above of which you will be informed in advance, we will not disclose your Personal Data.
We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organisational measures to protect the Personal Data we transfer.
Insofar as you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
General
We are present on social media on the basis of our legitimate interest. If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The Personal Data collected when contacting us is to handle your request, and the bases are both your consent and our legitimate interest.
When you visit our profiles and interact with us and others
When you visit our social media profiles, we, as the operator of the profile, process your actions and interactions with our profile (e.g., the content of your messages, enquiries, posts, or comments that you send to us or leave on our profile, or when you like or share our posts) as well as your publicly viewable profile data (e.g., your name and profile picture). Which Personal Data from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in the settings of your social media account. The legal basis is our legitimate interest and your consent.
Under the DPA and the GDPR, you can exercise the following rights:
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact me.
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing or want to withdraw any consents you have given us, please contact us.
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
The supervisory authority in Luxembourg is the Commission Nationale pour la Protection des Données (CNPD) (www.cnpd.lu). We would, however, appreciate the chance to deal with your concerns before you approach the CNPD or any other supervisory authority.
The following applies to users located in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state’s legislature and that no data protection framework similar to the EU’s GDPR exists on a federal level, we are committed to follow and apply the relevant privacy rules and regulations for your state.
As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.
Further, the following also apply
“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.
When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.
If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.
Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above-mentioned States may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.
Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of Personal Data in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of Personal Data in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data.
In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx).
This Privacy Policy was last updated on Thursday, 23rd of January, 2025, and is the current and valid version. However, from time to time, changes or a revision to this policy may be necessary. If you have any questions about this policy or our data protection practices, please contact us at info@iathletiq.com using “Data Protection” in the subject line.
