Privacy Policy

February 2024 | Version 1.0

Bodysync Hub AB ("Bodysync," "BOSY," "Company," "we," "our," or "us") and all its subsidiaries take data protection seriously. We value your privacy rights and are committed to handling your personal data with care. This includes the collection, use, disclosure, transfer, and storage of your information. When we mention "website" or "platform," we are referring to all websites, applications, and third-party applications that we utilise.

Please read the details below regarding the processing of your personal data and how we adhere to the EU Data Protection Regulation (GDPR) governance.

Personal Data We Collect

Personal data refers to any information related to an identifiable individual. When you make a booking through one of our providers, sign the customer's consent, drop in for a session, or reach out to us via email or our platform, we may collect and process the following data about you:

  • Contact Information: Your name, email address, phone number, or any other contact information you provide us.

  • Health Information: Your general health status, health issues, and information about your fitness goals and nutrition habits. This may include relevant documents such as a doctor's note that you have submitted.

  • Body Measurements: Your height, weight, body composition (fat mass, muscle mass, bone mass, etc.), and before-and-after photos.

  • Usage Preferences: Browser settings (the type of browser you use, browser language, time zone), and location.

How We Collect Personal Data

The personal data we process is primarily collected directly from you when you provide your details to interact with our platform, services, or marketing communications. Additionally, we may receive your personal data from third parties with whom you interact, including Google, Instagram, Facebook, WhatsApp, as well as wellness benefit servers such as Benify and Epassi.

We also automatically generate or collect information from your device when you use our services. This includes data such as your IP address, location, and usage information of the website or our marketing emails. When dealing with device-related data, our goal is to always anonymise and aggregate the information.

Who Controls Your Personal Data

All personal data associated with the usage of Bodysync Hub’s services and applications are controlled by Bodysync Hub AB.

Why and How Do We Use Your Personal Data

We may use your personal data to:

  • Provide relevant services to you, such as offering WB-EMS training sessions and providing health, nutrition, and training consultations.

  • Verify your identity and age.

  • Respond to your questions and provide customer service.

  • Notify you about important transactional communications, such as changes to our services or your memberships.

  • Send you marketing material, such as newsletters, promotional emails, and motivational notifications.

  • Improve our platform and services through feedback and review collection.

  • Utilise your data for internal business purposes, such as data analysis, audits, fraud monitoring and prevention, and developing new products and services.

  • Train our employees and conduct quality control to help us continuously improve our service quality.

  • Exercise or comply with our legal rights and requirements in connection with legal claims, compliance, regulatory, and auditing purposes where necessary. For example, we may retain your information where required by law or compelled to do so by a court order or regulatory body.

Who Can Access Your Personal Data

Your personal data can be accessed by employees of Bodysync Hub and any third-party sub-processors with whom we collaborate.

We share your personal data with selected third parties that provide various services supporting our technical and daily operations. These third parties act as data processors, with us being the data controller. The regulations governing the actions of data processors are defined by respective Terms & Conditions.

We strive to use services with high regulatory standards that adhere to GDPR rules. Whenever possible, we aim to transfer your data within the European Union. If this is not feasible, we will transfer your data outside the European Economic Area only when a European Commission-approved method of validating the transfer is in place.

Additionally, we may share your personal data with other parties under the following circumstances:

  • With public authorities to comply with laws and regulatory bodies, cooperating with regulatory bodies in connection with investigations.

  • With third parties to protect our operations and safeguard your rights, privacy, safety, and our property.

  • With third parties that may assist in investigating, preventing, and taking action against suspected activities, including but not limited to fraud and misuse of our services and platform.

  • With third parties in the event of reorganisation, merger, acquisition, sale, joint venture, assignment, transfer, or other disposition of any proportion of our business or assets, including bankruptcy or similar proceedings.

How Long Do We Store Your Personal Data

Your personal data is retained only for as long as it is necessary to fulfil a contract between us or is required for legal reasons. Once the data is no longer in use, it is either deleted or anonymised to prevent any connection to you. The treatment of data may vary based on its use case, depending on the type of data we collect. You can exercise the right to delete your data, as described below.

Financial-related records are stored for up to 7 years as required by law. Health declarations, such as Customer’s Consent or medical documents, are retained for 5 years from the time of the last activity.

How Do We Keep Your Personal Data Secure?

We prioritize the highest security standards for your personal data. Our platforms are accessible only by our employees, who are required to authenticate with 2FA for additional security. All personal data stored is encrypted during transfer between the server and the client or application, ensuring that only the authenticated person can view decrypted data.

However, as the internet is not entirely secure, we cannot guarantee the security of information transmitted to us. Emails sent to us may not be encrypted, so we advise against including confidential information in emails or submission forms not appointed by us.

How Do We Use Cookies

Like the majority of businesses, we use cookies to help deliver, optimise, personalise, analyse, and promote the services we provide. We employ a combination of cookies and other technologies, such as pixels and tracking codes, to collect information for the purposes outlined in this privacy policy.

What is a Cookie?

A cookie is a small piece of data stored on a user's device by a website or application. It aids in session management, personalisation, analytics, authentication, and targeted advertising. Cookies enhance the user experience and can be employed to test new experiments and improvements for effectiveness. Cookies may be set directly by Bodysync Hub’s services or by any third parties we work with.

What is a Pixel?

Pixels are small, transparent images included on a web page or in emails to understand how you interact with our services and communication materials.

What are Tracking Codes?

A tracking code is a snippet of code placed on a web page to measure visits and interactions, among other things. We use tracking codes to understand how you interact with our platform and services.

You can find more information about the cookies we use on our platform by navigating to the cookie consent button in the bottom left corner of the website.

Your Rights

As a member or user of our digital and physical services, in accordance with Art. 15 GDPR, you have the right to exercise the following rights and understand to what extent we process your personal data about you:

  • Right to Correction (Art. 16 GDPR): You have the right to request us to correct your data.

  • Right to Deletion (Art. 17 GDPR): You have the right to request the deletion of your personal data.

  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to restrict the processing of your personal data.

  • Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us in a structured, common, and machine-readable format and to transfer this data to another data controller.

  • Right to Object (Art. 21 GDPR): You have the right to object to processing carried out on the legal basis of Art. 6 para. 1, lit. e) or f) of the GDPR. If we process personal data about you for the purpose of direct marketing, you may object to such processing in accordance with Art. 21 para 2 and 3 GDPR.

  • Right to Revoke Consent (Art. 7 Para. 3 GDPR): You may revoke your consent at any time. Such revocation does not affect the legality of the processing that occurred until the revocation based on the consent.

Underage Individuals

Our services are intended for adults only. Consequently, we do not knowingly collect personal data from any children or teenagers under the age of 18. If you become aware that an underage individual has provided us with their personal data, please contact us using the information provided below.

Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy without prior notice. All changes will be reflected on this page, and we may encourage you from time to time to review this policy to stay informed. Your continued use of our services or website after any modifications indicates acceptance of the updated Privacy Policy. If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email or through our platform.

Contact Information

For any questions about this privacy statement or requests to exercise your rights, please submit your request to:

Email:
hello@bodysynchub.com

Address:
Bodysync Hub AB
Hyllie Boulevard 35
215 37 Malmö

If contacting us doesn't resolve your complaint, efforts will be made to amicably resolve disputes. If unsuccessful, you may appeal to the Swedish Authority for Privacy Protection.