Privacy Policy

Tletify – Fitness Platform

Last updated: January 2025

1. Data Controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

VDX Solutions Srl
Mureda str. 105D
I-39046 Ortisei (BZ)
VAT-ID: IT03260820216
E-mail: info@tletify.com

If you have any questions about data protection, you can contact us at any time by email.

2. Overview of Data Processing

  1. We only process personal data to the extent necessary to provide our fitness platform "Tletify". Processing is carried out on the basis of the legal provisions of the GDPR and Italian data protection law (Codice Privacy).
  2. All data is stored on servers in Switzerland. Switzerland has an adequacy decision from the European Commission pursuant to Art. 45 GDPR, ensuring an adequate level of data protection.

3. Categories of Personal Data

3.1 Registration Data

  1. During registration, we collect the following data: first and last name, email address, password (stored encrypted), date of birth, gender, country, and, if applicable, company data for invoicing.
  2. Legal basis: Contract performance pursuant to Art. 6(1)(b) GDPR.

3.2 Profile Data

  1. Users may voluntarily provide additional profile data: profile picture, display name, bio/description, as well as sports and interests.
  2. Legal basis: Consent pursuant to Art. 6(1)(a) GDPR.

3.3 Health and Fitness Data (Special Categories)

  1. Users aged 16 and over may enter the following sensitive data: body data (weight, height, muscle circumference), injury documentation and reports, condition data (fatigue, fitness level, well-being), and synchronized data from fitness watches and trackers.
  2. This data is considered a special category of personal data pursuant to Art. 9 GDPR and is only processed with explicit consent.
  3. Legal basis: Explicit consent pursuant to Art. 9(2)(a) GDPR.

3.4 Training Data

  1. During platform use, the following is recorded: created and completed training plans, custom exercises, training history and progress, and chat messages with coaches or group members.
  2. Legal basis: Contract performance pursuant to Art. 6(1)(b) GDPR.

3.5 Payment Data

  1. For payment processing, billing address, payment method, and transaction history are processed. Actual payment processing is handled by our payment service provider Stripe (see section 6).
  2. Legal basis: Contract performance pursuant to Art. 6(1)(b) GDPR.

3.6 Technical Data

  1. When using the platform, the following is automatically recorded: IP address (anonymized), device type and operating system, browser type and version, date and time of access, and referrer URL.
  2. Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR (security and functionality of the platform).

4. Purposes of Data Processing

We process your data for the following purposes:

  1. Provision and operation of the platform and app
  2. Management of your user account
  3. Enabling training planning and analysis
  4. Communication between users (athletes, coaches, groups)
  5. Processing of payments and subscriptions
  6. Sending service emails and push notifications
  7. Improvement and development of the platform
  8. Fulfillment of legal obligations

5. Cookies and Session Data

5.1 Session Cookies

  1. We use technically necessary session cookies to store your login data during a browser session. These cookies are automatically deleted when you close the browser or log out.
  2. Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR (necessary for the operation of the platform).

5.2 Google Analytics

  1. We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of your use of the platform.
  2. We have concluded a data processing agreement with Google and use the IP anonymization function, so that your IP address is truncated within the EU/EEA.
  3. The information generated by the cookie is usually transmitted to a Google server in the USA. Google is certified under the EU-US Data Privacy Framework.
  4. Legal basis: Consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time.
  5. Opt-out option: You can prevent collection by Google Analytics by installing the browser add-on to disable Google Analytics: https://tools.google.com/dlpage/gaoptout

6. Sharing with Third-Party Providers

6.1 Stripe (Payment Processing)

  1. For payment processing, we use the service Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA (European office: Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Dublin 2, Ireland).
  2. During payment, your payment data is transmitted directly to Stripe. We do not store complete credit card numbers or bank details ourselves. Stripe is PCI-DSS Level 1 certified and processes data according to its own privacy policy: https://stripe.com/privacy
  3. Legal basis: Contract performance pursuant to Art. 6(1)(b) GDPR.

6.2 Firebase Cloud Messaging (Push Notifications)

  1. For sending push notifications in our mobile app, we use Firebase Cloud Messaging (FCM), a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
  2. A device-specific token is generated that enables the delivery of notifications. No personal data beyond this token is transmitted to Firebase.
  3. You can disable push notifications at any time in your device settings.
  4. Legal basis: Consent pursuant to Art. 6(1)(a) GDPR.

7. Integration of Fitness Services

Tletify offers the option to synchronize data from the following fitness services and wearables:

  • Garmin Connect
  • Apple Health
  • Google Fit
  • Fitbit
  1. The connection is made via the official APIs of these services. When activating an integration, you will be redirected to the respective service for authentication and must consent to data sharing there.
  2. We only receive the data you explicitly share (e.g., steps, heart rate, sleep analysis, training activities). This data is stored in your Tletify account and used for training analysis.
  3. You can disconnect from external fitness services at any time in your account settings. Already synchronized data can be deleted upon request.
  4. Legal basis: Explicit consent pursuant to Art. 9(2)(a) GDPR (as this involves health data).

8. Data Sharing Within the Platform

Depending on user type and group structure, certain data may be visible to other platform users:

  1. Athletes in a group: The assigned coach and group administrator can view training data, progress, and, if shared, health data.
  2. Coaches: Can view the data of athletes assigned to them.
  3. Group administrators: Have access to all user data within their group and can manage user accounts.
  4. Legal basis: Contract performance pursuant to Art. 6(1)(b) GDPR (data sharing is an essential part of the platform functionality).

9. Storage Duration

We only store personal data for as long as necessary for the respective purposes or as required by statutory retention periods:

  1. Account data: Stored for the duration of the contractual relationship and deleted within 30 days after account deletion, unless statutory retention obligations apply.
  2. Training data: Deleted together with the user account.
  3. Billing data: Retained for 10 years in accordance with commercial and tax regulations.
  4. Server logs: Automatically deleted after 90 days.
  5. Google Analytics data: Automatically deleted after 14 months.

10. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  1. Right of access (Art. 15 GDPR): You have the right to obtain information about the personal data we process.
  2. Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate data.
  3. Right to erasure (Art. 17 GDPR): You can request the deletion of your data, unless statutory retention obligations apply.
  4. Right to restriction (Art. 18 GDPR): Under certain conditions, you can request the restriction of processing.
  5. Right to data portability (Art. 20 GDPR): You have the right to receive your data in a structured, commonly used format.
  6. Right to object (Art. 21 GDPR): You can object to the processing of your data for reasons relating to your particular situation.
  7. Withdrawal of consent (Art. 7(3) GDPR): You can withdraw consent given at any time with effect for the future.

To exercise your rights, please contact us by email at info@tletify.com.

11. Right to Lodge a Complaint with a Supervisory Authority

  1. If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority.
  2. Competent supervisory authority in Italy:

    Garante per la protezione dei dati personali
    Piazza Venezia 11, 00187 Rome, Italy
    Email: protocollo@gpdp.it
    Web: https://www.garanteprivacy.it

  3. You can also contact the supervisory authority in your country of residence.

12. Data Security

We implement technical and organizational measures to protect your data from loss, destruction, manipulation, and unauthorized access:

  1. All data transfers are encrypted via TLS/SSL.
  2. Passwords are stored using modern hashing algorithms.
  3. Server access is restricted to authorized personnel.
  4. Regular security updates and backups are performed.
  5. Storage takes place on servers in Switzerland with high security standards.

13. Protection of Minors

  1. Our platform is intended for users aged 14 and over. For users between 14 and 16 years, limited features apply – in particular, processing of health data is not possible.
  2. This age restriction complies with the requirements of Art. 8 GDPR and the Italian implementation, which provides for a minimum age of 14 years for consent to digital services.
  3. If we become aware that data from children under 14 has been collected, it will be deleted immediately.

14. Changes to this Privacy Policy

  1. We reserve the right to adapt this privacy policy to accommodate changes in the legal situation or changes to our services.
  2. In the event of significant changes, we will inform you by email or via the platform. The current version is available at https://tletify.com/privacy.

Contact

For questions about data protection, you can reach us at:

VDX Solutions Srl
Mureda str. 105D
I-39046 Ortisei (BZ)
E-mail: info@tletify.com
www.tletify.com

* * *

Last updated: January 2025