We at Athletic Wellness STHLM care deeply about our customers and visitors integrity, and we intend on doing everything in our power to obtain and maintain the trust that is created between us, our customers, and our associates. This means that we will, in a transparent manner, gather and handle personal data strictly for the, in advance, specifically mentioned purposes. We will not sell personal data to other companies neither now nor in the future. Our business is about looking after our customers best, and that's where all energy us going to be put.
You can read more about how and why we use personal data below.
WHAT WE COLLECT AND WHY
The reasons why we gather personal data and what we do with it is explained in the following text. We will not gather personal data without specific consent from the person in question.
The kind of personal data we may request includes:
- Telephone number
- E-mail address
- Personal number
- Payment information
- Location information
- Health related information, such as:
- Eating habits
- Exercise habits
- Relevant medical information
- Information that can be connected to physical activity in a relevant way, such as:
- Working habits
- Sleeping habits
The reasons why we may collect such data is:
- The creation of custom made nutritional plans
- The creation of custom made exercise/fitness plans
- Customer registration
- Complaints, feedback, or support-related activities
- Employee-related activities of current and former employees
- Educational activities
- Statistical studies of surveys or requests
We may collect relevant personal data from children (under 18 years old) if the parent/custodian reaches out to us for exercise- and nutrition-related help, and gives the child's consent, and only if we consider it appropriate.
Personal information will only be saved when potential customers and/or collaborators reach out to us through our Contact form, telephone, or e-mail, and only if we consider it appropriate/necessary.
HOW WE PROTECT PERSONAL DATA
Below you can see a list of the procedures we follow in order to protect the personal data we have saved:
- Regular backups
- We create regular backups where the personal data is stored up to one year since the last consent confirmation from the person in question (deletion of the personal data can be requested by the person at any time).
- We use encryption for the files that contain personal data. We also make sure that the digital platforms we use adopt encryption usage.
- Physical security
- The personal data is physically stored in a locked space that is protected by camera surveillance with alarm.
VENDORS, SUPPLIERS, AND AFFILIATES
The vendors, suppliers, collaborators and affiliates that we work with may request some of our customers personal data (e.g. email-addresses, telephone numbers, etc.). If this is requested, we will make sure the customers give prior consent, and that these vendors, suppliers, or collaborators follow the GDPR-guidelines in a satisfactory manner, before the share the personal data.
CONSENT AND DATA WITHDRAWAL
Consent that is give to us may be withdrawn at any time. If you want to retrieve your personal information from us, all you need to do is write an email to firstname.lastname@example.org, verify your identity, and we will comply without delay.
POTENTIAL DATA BREACHES
In cases of potential data breaches we will go through the following procedures:
- Investigate the incident together with the appropriate authority
- Establish the breach's severity and extent
- Provide suggestions on how we can minimize the impact of the breach
- Report to the affected parties, as well as to the Swedish Data Protection Authority (Datainspektionen) within an 72 hours after the data breach