DATA PROTECTION POLICY

1. Data Controller

In accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), users are informed that the personal data provided will be processed by:

Data Controller: RICARDO DÍAZ
Training Center: POWER UP FITNESS BCN
Contact Email: gerencia@power-up-fitness.com
Contact Phone: 663 613 412
Primary Purpose: Comprehensive management of personal training services.

2. Purposes of Data Processing

Personal data collected from users, clients, or interested parties will be processed for the following legitimate purposes:

2.1 Management of Personal Training Services

  • Creation of individualized training programmes.
  • Preparation of fitness progression reports and monitoring assessments.
  • Recording of biometric data, performance indicators, and health-related information strictly necessary for service delivery.

2.2 Administrative and Contractual Management

  • Preparation, formalization, and maintenance of service contracts.
  • Creation of legal documents such as annexes, informed consents, and service agreements.
  • Issuance of invoices, payment receipts, and accounting documentation.

2.3 Communication with the Client

  • Contacting the client via email, telephone, or messaging for appointment management, reminders, schedule changes, or any service-related information.
  • Sending relevant updates necessary for the proper delivery of services.

2.4 Compliance with Legal Obligations

  • Fulfilment of legal requirements in relation to tax, accounting, consumer protection, or public health regulations.
  • Responding to administrative or judicial requests when required.

3. Legal Basis for Processing

The lawful bases for data processing are:

  • Performance of a contract for personal training services (Article 6.1.b GDPR).
  • Explicit consent from the client for processing health or biometric data, collected through the Informed Consent and Assumption of Risks document (Article 9.2.a GDPR).
  • Compliance with legal obligations of the Data Controller (Article 6.1.c GDPR).
  • Legitimate interest of the Data Controller to ensure proper service delivery (Article 6.1.f GDPR).

4. Data We Collect

Depending on the services contracted, the following categories of personal data may be collected:

4.1 Identification Data

  • Full name, ID/passport number.
  • Telephone number, email address, postal address.

4.2 Administrative and Billing Data

  • Bank details or payment method.
  • Contracts, invoices, receipts, and financial history.

4.3 Health and Biometric Data (only when necessary)

  • Body composition, weight, measurements, strength indicators, physical performance.
  • Sports history, lifestyle habits, and health-related information voluntarily provided by the client.
  • Limitations or medical recommendations, if applicable.

(These data are processed exclusively under explicit consent.)

4.4 Training and Monitoring Data

  • Assigned training routines.
  • Monthly progression and technical development.
  • Record of attendance and session performance.

5. Data Recipients

Personal data:

  • Will not be shared with third parties, unless legally required.
  • May be accessed by tax or accounting advisors exclusively to comply with fiscal and administrative obligations.
  • Will never be sold, disclosed, or transferred for commercial or advertising purposes.

6. Data Retention

Personal data will be retained:

  • For as long as the contractual relationship remains active.
  • After termination of services, data retention will follow legally required timeframes:
    • Billing and financial data: 5 years.
    • Contracts and legal documentation: 5 years.
    • Fitness progress reports and training data: Deleted within a maximum of 12 months after service termination, unless retention is requested by the client.

The Data Controller will delete or anonymise data once they are no longer required for the purposes described.

7. Rights of Data Subjects

Clients may exercise the following rights at any time:

  • Right of access to their personal data.
  • Right to rectification of inaccurate or incomplete information.
  • Right to erasure when data are no longer necessary.
  • Right to restriction of processing.
  • Right to object to processing.
  • Right to data portability to another provider.
  • Right to withdraw consent at any time.

To exercise any of these rights, the client must send a written request, including a copy of their identification document, to:

Email: gerencia@power-up-fitness.com

The Data Controller will respond within a maximum period of 30 days.

The client may also file a complaint with the Spanish Data Protection Agency (AEPD).

8. Security Measures

POWER UP FITNESS BCN and RICARDO DÍAZ implement the necessary technical and organisational measures to ensure:

  • Confidentiality, integrity, and availability of personal data.
  • Protection against unauthorised access.
  • Risk analysis in accordance with GDPR principles.

Such measures include:

  • Secure digital storage systems.
  • Access control protocols.
  • Strong password protection.
  • Internal file encryption when applicable.

9. Accuracy of the Data

The client guarantees that all information provided is truthful, accurate, and up-to-date, and undertakes to notify any modification to keep such data current.

10. Acceptance of the Policy

The client declares that they have read and understood this Data Protection Policy and accept the processing of their personal data under the terms outlined herein.
Acceptance of this policy is a mandatory condition for the provision of services by POWER UP FITNESS BCN.

01 January 2025

Translate »