Privacy Notice
At RUNNERWELLNESS SL ("we," "us," "our"), we respect your concerns about privacy.
This Privacy Notice explains how we use the personal data we collect about you and your rights in relation to the information. "Personal data" refers to any information that identifies you or that can identify you as an individual. For the purposes of applicable data protection laws, including the General Data Protection Regulation ("GDPR"), the data controller is Cristóbal Redondo Rodríguez, a company incorporated in Spain. Our company registration number is B13985650. Our email address is cristobal.redondo@runnerpro.app.
Information Covered by this Privacy Notice
This Privacy Notice covers all personal data collected and used by us.
This includes your name, age, postal address, email address, telephone number, credit card number, details of the preferences you express to us, your comments and questions, and technical information about the devices you use to access our website. It also includes information about your body and well-being, such as height, weight (obesity information), body statistics, workouts, mood, meals, nutrition, and overall health and well-being, that you choose to disclose to us on this website or through the use of our application or that the application generates, as well as any images you choose to share with us.
Summary
Please refer to the following summary, which sets out the purpose, legal basis, and retention periods applicable to the various processing activities described in the preceding sections.
Purpose of Processing Legal Basis Retention Period
Administration of your account Article 6(1)(b) of the GDPR 72 months after last activity Provision of coaching services Article 6(1)(b) of the GDPR and, for medical data, the legal basis is also Article 9(2)(a) of the GDPR. 72 months after last activity: for medical data and uploaded images, the period is 6 months Marketing purposes, adapting our product to your needs (including based on a profile of you and your activities) and customer satisfaction surveys Article 6(1)(a) of the GDPR, Article 6(1)(f) of the GDPR 36 months after last activity Payment purposes Article 6(1)(b) of the GDPR 72 months after last activity Mandatory record-keeping Article 6(1)(c) of the GDPR, as we are required to store, for example, accounting records (which may include personal data) 72 months after last activity
Personal Data We Obtain
We (and our service providers) collect this personal data when you: • purchase products or services from us, including subscribing to coaching. • submit information through this website. • create an account with us, or sign up for our services. • request or receive our marketing or that of our representatives. • choose to participate in our customer opinion surveys. • communicate with us through third-party social media websites. • contact us, write to us, or otherwise provide us with information.
When you visit our website and/or our application, we (and our service providers) may use cookies (see our separate cookie policy on our website) and other technologies to automatically collect the following information about you:
• technical information, including IP address, login information, browser type and version, device identifier, location and time zone settings, browser plug-in types and versions, operating system and platform, page response times, and download errors.
• information about your visit, including the websites you visited before and after our website and the products you viewed or searched for.
• duration of visits to certain pages, information about page interaction (such as scrolling, clicks, and mouseovers), and methods used to exit the page.
Within our application, you can choose to:
• record a fitness activity, such as a run. You must first allow the application to access your location. The application will then access your location data from the moment you start recording the activity until you stop. To ensure that all your activity is recorded, we need to continue accessing location data if the application is in the background during the activity. You can revoke permission at any time by adjusting your device settings.
• import your fitness activity history from Strava, Apple Health, or Google Fit. You must first allow the application to access your data from these sources. You can revoke permission at any time by adjusting the application settings. While you are generally free to choose the extent to which you share your personal data with us, please note that choosing not to share such personal data may limit our ability to provide you with our service and fulfill the contract you have entered into with us. How We Use the Information We Obtain
We use the personal data we collect about you for the following purposes:
• setting up and managing your online account.
• providing our services, which may include
• designing personalized meal and workout plans.
• monitoring changes or adaptations in your body to improve your training cycle
and combining the information we receive and collect (e.g., from updates you provide about your body transformation) to provide you with a more personalized experience and make informed decisions about future coaching to facilitate your improvement. This also provides vital statistics that we use to better understand the effectiveness of different diet and workout approaches.
• a history of your fitness activities, including (where possible) duration, distance, speed, activity type, and heart rate, as well as an overview of your fitness progress.
• providing you with information about our products and services (where you have given consent for this or for us to contact you by other means for marketing purposes), and using your information to tailor our product to your needs (based on a profile of you and your activities).
• sending you invitations to participate in customer satisfaction surveys.
• processing your payments.
• notifying you of any changes to our services that may affect you.
• fulfilling our legal obligations to maintain internal records (financial).
The legal bases on which we collect, use, transfer, or disclose your personal data include:
• the performance of our contractual obligations to you (see Article 6(1)(b) of the GDPR).
• our legitimate interests (see Article 6(1)(f) of the GDPR), which include: improving our offerings and services as a company; personalizing our services and interactions with you, including profiling, to better meet your needs as a customer and tailor our product to your needs; and detecting and preventing fraud.
• compliance with our legal obligations (see Article 6(1)(c) of the GDPR).
• to the extent we send you information about our products and services for marketing purposes, we will seek your consent (in accordance with Article 6(1)(a) of the GDPR) before processing your information in this way or processing your personal data based on our legitimate interests (in accordance with Article 6(1)(f) of the GDPR; the legitimate interests have been mentioned above).
We will only use the images you choose to share with RUNNERWELNNESS SL to track your progress and will never share them on our website or social media unless you explicitly consent to it.
Use of Consent for the Processing of Your Medical Data In order to provide you with personalized meal and workout plans, we will process the medical data you provide to us, including information about allergens, information that could reveal obesity or specific injuries, or other relevant information related to your physical or mental health. In addition to the legal bases described above, the legal basis for processing your medical information is Article 9(2)(a) of the GDPR, which means we will ask for your explicit consent to allow us to process your medical data before you become our customer.
You can withdraw your consent for us to process your medical data at any time. However, you should be aware that if we are prevented from processing relevant personal data such as information about allergens, information that could reveal obesity or specific injuries, or other relevant information related to your physical or mental health, we may not be able to provide you with our services (e.g., coaching and personalized meal and workout plans based on your specific needs).
Third Parties, including Processing by Runnerpro
When you register with RunnerPro through Google, we receive information about your profile, which may include your username, email address, and profile picture.
The security of your personal data is extremely important to us. We do not sell personal data to third parties and never will.
Access to your personal data is only provided to carefully selected third parties, including:
• service providers who assist us in providing our services, such as our infrastructure and IT service providers. These include Runnerpro and Stripe, who support our business by providing technical infrastructure services, analyzing product performance, providing technical support, and facilitating payments. Therefore, please note that Runnerpro may process your personal data as a data processor on our behalf. However, Runnerpro may also act as an independent data controller in limited cases. You can read more about the processing of your personal data by Runnerpro as an independent data controller (including cookies). You can read more about the processing of your personal data by Stripe as a data processor here: https://stripe.com/en-dk/privacy.
• our regulators, law enforcement agencies, or other public authorities and organizations if we are required to disclose your personal data by law.
• potential buyers and their advisors in the event of a business transfer, such as in connection with a reorganization, restructuring, merger, acquisition, or transfer of assets, provided that the receiving party agrees to process your personal data in a manner consistent with this Privacy Notice.
Our website may, when we deem it appropriate, contain links to and from the websites of our partner or affiliate websites. If you follow a link to any of these websites, please note that these websites have their own privacy notices and we do not have control over how they may use your personal data. You should review the privacy notices of third-party websites before submitting any personal data to them.
How Long We Retain Your Personal Data
Your personal data will only be stored for as long as necessary for the purposes for which it was collected and only to the extent permitted by applicable law. When we no longer need to use your information, we will delete it from our systems and records and/or take steps to anonymize it quickly so that you can no longer be identified from it (unless we need to retain your information to comply with legal or regulatory obligations to which we are subject).
We comply with the retention periods listed in the following table. As a general rule, we delete or anonymize your personal data according to the timeframes indicated below, unless it is necessary to continue storing it.
Purpose of Processing Retention Period
Administration of your account
72 months after last activity
Provision of coaching services
72 months after your last activity (except for medical information and uploaded images, which is only 6 months)
Marketing purposes, adapting our product to your needs (including based on a profile of you and your activities) and customer satisfaction surveys
36 months after last activity
Mandatory record-keeping, including payments
72 months after the end of the fiscal year of your last activity
However, health information and uploaded body images will always be deleted 6 months after the last activity.
Data Transfers to Third Countries
The personal data we collect about you may be transferred and stored in a destination outside the European Economic Area ("EEA"), which does not provide an equivalent level of protection for personal data as guaranteed within the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our service providers. Countries outside the EEA to which personal data about you may be transferred and stored include the United States.
We will take all reasonably necessary steps to ensure that your personal data is treated securely and in accordance with this Privacy Notice and applicable data protection laws, including, where appropriate, entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA receiving the personal data pursuant to Article 46(2)(c) of the GDPR. You can find a copy of the EU standard contractual clauses by clicking here.
How We Keep Your Information Secure
We have implemented technical and organizational security measures to protect the personal data under our custody and control. The measures we have implemented include, among others, limiting access to personal data only to authorized employees and service providers who need to know such information for the purposes described in this Privacy Notice, as well as other technical, administrative, and physical security measures. To provide you with greater security, certain personal data stored in your online account can only be accessed through your username and password. You are responsible for maintaining the confidentiality of your online account credentials, and we strongly recommend that you do not disclose your online account username or password to anyone. We will never ask you for your password in an unsolicited communication. Please notify us immediately (see the "How to Contact Us" section) of any unauthorized use of your online account credentials or any other suspicion of a security breach.
Your Rights Regarding Personal Data
You have several rights in relation to the processing we do of your personal data:
• Access. You have the right to request a copy of the personal data we process about you, which we will provide to you in electronic format.
• Rectification. You have the right to have incomplete or inaccurate personal data we process about you rectified.
• Erasure. You have the right to request that we erase the personal data we process about you, except where we are required to retain such data for a legal obligation or for the establishment, exercise, or defense of claims.
• Restriction of Processing. You have the right to restrict the processing of your personal data where you believe such data is inaccurate, our processing is unlawful, or we no longer need to process such data for a specific purpose. When we are unable to delete the data due to a legal or other obligation, or because you do not want us to delete it, we will mark the stored personal data in order to restrict its processing for specific purposes in accordance with your request, or otherwise limit its processing.
• Objection. Where the legal justification for processing your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will honor your request unless we have compelling legitimate grounds for the processing that override your interests and rights, or if we need to continue processing the data for the establishment, exercise, or defense of legal claims.
• Withdrawal of Consent. Where we process certain personal data about you based on your consent, you have the right to withdraw such consent, including with respect to direct marketing. Regarding the consequences of withdrawing your consent for us to process your medical data, please see the "Use of Consent for the Processing of Your Medical Data" section.
If you wish to exercise any of the above rights, please contact us at contacto@cristobalrunning.com and include your name, email address, and postal address, as well as your specific request and any other information we may need to provide or process your request.
In some situations, we may impose limitations on your rights as permitted by law. Before we can provide you with information or correct any inaccuracies, where there are reasonable grounds to doubt your identity, we may ask you to verify your identity and/or provide other data to help us respond to your request. However, identity verification will be carried out by cross-checking the information we already have about you. To exercise your rights, please contact us using the contact details provided below in the "How to Contact Us" section.
In any case, you have the right to lodge a complaint with the local data protection authority if you believe we have not complied with applicable data protection laws. If you reside in the EU or EEA, you can find the contact details for your local data protection authority by clicking on this link.
How to Contact Us
If you have any questions about this Privacy Notice and/or the privacy policies and practices of our service providers, please contact us at cristobal.redondo@runnerpro.app.
Last Updated: 4/1/2023