Privacy Policy

This Privacy Policy explains how Fitter BV processes personal data when you use the Trenara mobile application and related services. We comply with the EU General Data Protection Regulation (GDPR).

1. Data Controller

Fitter BV
Schuttersgang 7
3700 Tongeren, Belgium
Company number: KBO BE0695775456
Email: christophe@trenara.com

2. Categories of Personal Data Collected

We collect and process the following categories of personal data when you use the Service:

• Identification and account details such as email address, first name and last name
• Preferences and interactions such as preferred sports, attendance to events and reactions
• Training related data such as performance data, GPS location data, distance, speed, pace, elevation
• Performance and activity data that users choose to share from linked third party services such as Strava, Garmin or Polar including heart rate tracked during sport activities, distance, pace, elevation and GPS location. We process these data only to provide training features and performance insights, not as medical data.
• Subscription and payment related information handled securely by third party payment providers
• Technical data such as IP address, device model, operating system, time and date of access, error logs

Providing health or GPS data is voluntary. If you connect a third party service, you consent to the transfer of such data to us.

3. Purposes and Legal Bases for Processing

We process personal data only when a legal basis applies. The purposes include:

• Account creation and access: performance of a contract
• Training plan creation, workout monitoring and app functionality: performance of a contract
• Error analysis, fraud prevention and IT security: legitimate interests
• Analytics and improvement of the Service: legitimate interests
• Scientific research and statistical analysis, including studies on training load, performance evolution and injury risks: public interest research and legitimate interests. Research results never identify users directly
• Marketing communications about the Service if you consent. You may withdraw consent at any time
• Compliance with legal obligations such as tax and bookkeeping duties

Our processing of performance and activity data is based on the performance of a contract and our legitimate interests. We do not classify these data as health data under GDPR since they are not used to evaluate or manage medical conditions.

4. Scientific Research

Scientific research may involve either:

• Anonymous and aggregated datasets, or
• Pseudonymized personal data where identification is not possible without additional safeguards

Where external academic or research institutions are involved, appropriate data protection agreements are in place to ensure that no individual user is identified in any publication or external dataset.

5. Sharing of Personal Data

We may share personal data with the following categories of recipients only where necessary:

• Hosting and analytics providers: Google Firebase
• Payment service providers if you subscribe to a paid plan
• Other service providers that operate under Fitter BV instructions
• External research partners under agreements that protect user confidentiality
• Authorities when required by law

We do not sell personal data.

6. International Data Transfers

Some processors are located outside the European Economic Area. In such cases, we ensure appropriate safeguards are in place such as Standard Contractual Clauses approved by the European Commission.

7. Data Retention

Personal data is retained only as long as necessary for the purposes stated above:

• Account data is kept until you delete your account or after a period of inactivity in accordance with our internal policies
• Technical logs are retained for a limited period required for security and error monitoring
• Research datasets may be retained in anonymous or pseudonymized form for longer periods

If you delete your account, we delete or irreversibly anonymize personal data, except where legal obligations require a longer retention period.

8. Rights of Data Subjects

Under GDPR you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object to certain processing
• Right to withdraw consent at any time where consent applies

You may exercise your rights by contacting us at christophe@trenara.com
You also have the right to lodge a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35, 1000 Brussels
www.gegevensbeschermingsautoriteit.be

9. Children

The Service is not directed to individuals under the age of 16. We do not knowingly process personal data of children under 16 without parental consent.

If you believe that a child has provided personal data without appropriate consent, please contact us and we will delete such data promptly.

10. Security

We use technical and organisational measures to protect personal data. No system can guarantee absolute security, but we continually improve our safeguards.

11. Links to External Services

The Service may include links or integrations with third party services. Their privacy policies apply to their data processing activities.

12. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. Any changes will be published in the app and on our website with an updated revision date. Continued use of the Service after publication of changes constitutes acceptance of the updated policy.

13. Contact

For any questions or requests concerning this Privacy Policy or the processing of your personal data, please contact: christophe@trenara.com