About Custom Training
The party responsible for the processing of your personal data is Custom Training. Our address is Donker Curtiusstraat 123, 1051 MC Amsterdam.
How we process personal data
Below is an overview of the purposes for which Custom Training processes your personal data. The overview indicates the personal data used for a specific purpose, what the legal basis is for processing these data, and how long the data is stored. In order to keep things organised, all information is grouped by type of data processing.
When you become a member at Custom Training we process your personal information to register you as a client and to provide you with our services, including your name, address, phone number, email address, payment information and date of birth. The processing of your personal data in this context is necessary for the performance of a contract to which you are a party in connection with the use of service (Article 6.1(b) GDPR). You cannot register as a member and make use of our services without providing us with these personal details.
In order to provide you with the most customised, optimal experience possible and to provide you with services that we think are most likely to meet your needs, we collect information during an intake, a Physical Activity Readiness Questionnaire (PARQ) and during training sessions, regarding your fitness and health, including height, weight, measurements, body fat, food and nutrition, performance metrics, current and past injuries and surgeries, nutritional information, and fitness goals, and may also gather information about you that is developed by our trainers, such as training session logs, notes taken by trainers and other information you may choose to provide.
Information regarding your health, medical condition and fitness are considered sensitive under data protection law. Custom Training therefore only processes such data if you have given us your consent to do so (Article 9.2(a) GDPR).
Please note that you may always decide what information you would like to provide us and that you are not obligated to answer specific questions if you do not want to. You can still participate in training sessions, but our services, such as training programs and nutrition plans, will be limited to information you provided
When you make use of our personal training services, you can register for a personal account, for example to book training sessions or change your subscription. You will provide us with personal data, including your name, email address and password. The processing of your personal data in this context is necessary for the performance of a contract to which you are a party in connection with the use of service (Article 6.1(b) GDPR). You cannot register for an account without providing us with these personal details.
To provide customer service, Custom Training may collect and process your personal data to be of service to you and to respond to any questions you submit, including helping you with any issues which may arise regarding our services. The processing of these personal data is necessary for the purposes of the legitimate interests pursued by Custom Training (Article 6.1(f) GDPR), in order to serve you efficiently and to optimise our customer service.
To inform you on the developments of our services, Custom Training allows you to sign up for its newsletters. If, at any moment, you do not wish to receive newsletters of Custom Training anymore, you can unsubscribe by using the opt-out option that is provided in every newsletter that we send you. To subscribe you provide Custom Training with your email address. The processing thereof is necessary for the purposes of the legitimate interests pursued by Custom Training (Article 6.1(f) GDPR), namely direct marketing.
If you apply for a position at Custom Training, you will provide your personal data such as your first and last name, full address, email address, phone number and your CV and other attachments to your application. Custom Training uses this information to review your application and respond to your application. The processing of these personal data is necessary for the purposes of the legitimate interests pursued by Custom Training (Article 6.1(f) GDPR), for recruitment.
Custom Training follows a standard procedure of using log files. These files log visitors when they visit our website. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is directly identifiable, such as your name. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information, which is our legitimate interest (Article 6.1(f) GDPR).
In order to provide the services, (some of) your personal data is shared with service providers. These service providers process your personal data on behalf of Custom Training. The processing by service providers is governed by a so-called data processing agreement in which Custom Training has ensured that that the service provider shall only process the personal data on instructions of Custom Training. Third parties are:
- External hosting provider, including cloud providers for the storage and management of data;
- Software provider of our booking system;
- Google Analytics and Google Drive;
- Service provider for email marketing (Mailchimp).
Do we transfer your personal data outside the European Economic Area?
Some of our service providers are located outside the European Economic Area (EEA), in this case the United States and New Zealand. To comply with EU data protection laws around international data transfer, service providers outside the EEA are only allowed to process your personal data in accordance with a contract entered into between Custom Training and the service provider, incorporating the European Commission’s Standard Contractual Clauses, which ensure that adequate data protection arrangements are in place (Article 46.1(c) GDPR). For more information on where and how the relevant document may be accessed or obtained, please contact us.
Your personal data will be stored in accordance with laws and regulations and for as long as necessary for the purposes for which this data was collected. The following retention periods for your personal data apply:
- Your personal data is stored for as long as you are a member and are deleted within three months after you unsubscribe.
- Custom Training has a legal obligation to retain financial records for a period of 7 years.
- Your email address is retained for as long as you are subscribed to the newsletter and no longer than 3 months after you unsubscribe.
- CCTV images are stored for a period of 1 month.
- Application data are retained for 4 weeks after rejection or, with your consent, for a period of 1 year to be able to inform you if a suitable position becomes available for you in the future.
- Log files are stored for a period of 1 month.
Like any other website, Custom Training uses ‘cookies'. Cookies are little text files which are stored on the browser or hard drive of your device when you visit a webpage or application. cookies work to make your experience browsing our site as smooth as possible and they remember your preferences so you do not have to insert your details again and again.
We try to provide an advanced and user-friendly website that adapts automatically to needs and wishes of our visitors and users. To achieve this, we use technical cookies to i.e. show you our website, to make it function correctly, to create your user account, to sign you in and to manage your requests. These technical cookies are necessary for our website to function properly.
We also use functional cookies to remember your preferences and settings (as username, password, language etc.) and to help you to use the website efficiently and effectively. These functional cookies are not strictly necessary for the functioning of our website, but they add functionality for you and enhance your experience.
Analytical cookies record how visitors use the website. These cookies enable us to analyse the use of the website and to generate (anonymous) user statistics and reports. We use the service Google Analytics from Google Inc. (“Google”). Google Analytics places a cookie on your device which records your use of the website. The collected information consists of your IP address (number of your computer that allows your computer to be recognised), the type of browser, the computer system you use, and the pages you visit on the website. This data is then analysed by Google and the results are transmitted to us. This way, we gain insight into the traffic to and from the Website and the way in which the website is used. databased on this information we can make adjustments to the website or our services.
We have set the cookies of Google Analytics in such a way that they do not have a major impact on your privacy. We have taken the following measures in this respect:
- Custom Training has concluded a data processing agreement with Google in which arrangements are made on the handling of the data that is collected. Based on this agreement, Google is not allowed to use the information obtained for other Google services.
- Custom Training has deleted the last octet of your IP address. IP addresses consist of 4 so-called 3-digit octets each. Google offers the possibility of deleting the last octet of the IP address of website visitors. This is done in a temporary file before the IP address is stored by Google.
- Custom Training has set the settings in Google Analytics to not share data with Google, so that Google cannot use the data for its own (advertising) purposes.
- Custom Training does not use Google Analytics in combination with other Google services.
Data Protection Rights
Under the GDPR, you have a number of rights with regard to your personal data and the processing thereof:
Right to access
you have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data and additional information about the processing of your personal data.
Right to rectification
you have the right to request the rectification of inaccurate personal data concerning you.
Right to be forgotten
you have to right to ask us to erase your personal data (right to be forgotten) for example if the personal data are no longer necessary in relation to the purposes for which they were collected; you withdraws consent on which the processing is based, and where there is no other legal ground for the processing; or the personal data have been unlawfully processed.
Right to restriction
you have the right to obtain restriction of processing of your personal data, for example when you have contested the accuracy of your personal data.
you have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where the processing is based on your consent or on a contract.
Right to object
you have the right to object to processing of personal data which is based on our legitimate interests. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims; where personal data are processed for direct marketing purposes, you always have the right to object to processing of personal data for such marketing. In that case, we shall no longer process your personal data for such purposes.
where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Any request regarding this policy or our procedures may be sent to email@example.com. We will respond to your request without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
If we do not take action on your request, we will inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action. In that case, you also have the right to lodge a complaint with the supervisory authority and to seek a judicial remedy.
It is possible that, despite our careful approach, you have a complaint about the way Custom Training processes your personal data and/or the way we deal with your rights. In that case, you may also submit a complaint to the national data protection authority. If you have any questions or complaints in connection with your personal data, you may also choose to contact us.