Privacy Policy

Introduction

SecurityAuditor S.L. ("we", "our", or "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our personal training services, visit our website, or interact with us.

Data Controller Information

The data controller for your personal information is SecurityAuditor S.L., a company registered in Spain with registration number B58294061, located at Calle San Juan 60, 48072 Bilbao, Basque Country, Spain.

Data Collection

The data we collect may include the following types of personal information:

• Personal identification information (name, email address, phone number, address)
• Health and fitness information (medical history, fitness goals, physical measurements)
• Payment information (billing address, payment method details)
• Communication records (emails, messages, consultation notes)
• Website usage data (IP address, browser type, pages visited, time spent on site)
• Training session data (attendance records, progress notes, performance metrics)

How We Use Your Information

We use the information how we use your information and use of your data for the following purposes:

• To provide and deliver our personal training services
• To create and maintain your training programmes
• To monitor your progress and adjust your fitness plans
• To process payments and manage your account
• To communicate with you about your training sessions and our services
• To send you important updates and notifications
• To improve our services and develop new offerings
• To comply with legal obligations and protect our legitimate interests

Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds: performance of a contract (to provide our training services), legitimate interests (to improve our services and communicate with you), consent (for marketing communications), and legal obligation (for tax and accounting purposes).

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner. For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy. We may share your information with trusted service providers who assist us in operating our business, conducting our services, or serving you, provided they agree to keep this information confidential.

Your Rights

Under GDPR, your rights include the following:

• Right of access: You can request copies of your personal data
• Right to rectification: You can request correction of inaccurate or incomplete data
• Right to erasure: You can request deletion of your personal data
• Right to restrict processing: You can request limitation of how we use your data
• Right to data portability: You can request transfer of your data to another organisation
• Right to object: You can object to our processing of your personal data
• Rights related to automated decision-making: You have rights regarding automated processing

Data Retention

We retain your personal information for as long as necessary to provide our services and fulfil the purposes outlined in this policy. Training records and health information are typically retained for 7 years after the end of our service relationship. Financial records are kept for the period required by Spanish tax law. Website analytics data is typically retained for 26 months.

Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data may be processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data outside the EEA, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last updated" date at the top of this policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding your personal data, please reach out to us using the contact information below:

You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos) if you believe we have not handled your personal data in accordance with applicable law.