Friskis&Svettis knows that personal integrity is important to our customers, vendors, and website visitors, and our goal of this policy is to clearly and transparently describe how we collect, use, display, transfer, and store your personal data to make you feel confident that we handle your personal data in a legal and secure manner.
All our handling of personal data is in accordance with the General Data Protection Regulation (2016/679) and other applicable privacy laws.
Personal data controller
Friskis&Svettis, (”the Company”), is the personal data controller and responsible for ensuring that the processing of your personal data is carried out in accordance with applicable privacy laws.
If you have any questions or would like additional information about the processing of your personal data, please contact: firstname.lastname@example.org
What is personal data?
Personal data includes all type of information that can be directly or indirectly attributed to a physical person who is alive. Examples of personal data is names, personal ID numbers, e-mail addresses, and phone numbers. However, they can also include customer numbers, encrypted data, and various electronic identities, such as IP numbers, etc. if they can be linked to a physical person.
How we collect data about you
We collect personal data about you in several ways. They may, for example, be collected when you sign up to use one of our membership, when you sign to receive notifications form us.
What personal data about you, the customer, is processed
- e-mail address,
- address, and
- phone number
The purposes your personal data is processed for
- in order for us to provide, perform, and improve our services to you
- in order for us to fulfil our obligations under applicable laws and regulations, such as required reporting
- in order for us to communicate and send marketing materials and other information about our services to you
The legal basis the processing is supported by
- that processing is necessary in order for us to fulfil our agreement with you,
- that processing is necessary in order for us to fulfil our legal obligations, such as required reporting
- your consent to process your personal data for communication and marketing purposes
We may process your personal data to market and inform you of our services. You may notify us at any time if you no longer wish to receive marketing information by unsubscribing from mailings in a current e-mail.
Who may access your personal data
The Company’s starting point is to not disclose your personal data to third parties.
- Internal membership system – Internally, we handle personal data in our database. This system is used to provide us information about who is currently a member and what membership type they have. All personal data collected by us may be processed in this system.
- Payment solutions – We use external providers to handle payments. These providers gain access to personal data in the form of names, addresses, and payment information. This handling is necessary in order for us to provide the services you order from us.
- Marketing services – We do not use external providers to send marketing and information about our services to you by e-mail.
The Company always takes appropriate steps to ensure that the recipients of your personal data do not process them for purposes other than those set out in this appendix, and that processing is carried out in a secure manner.
Where we process your personal data
Our goal is to make sure that processing of your personal data takes place within the EU/EEA. However, in some cases, for example because we use cloud service providers, your personal data may be transferred to and processed in a country outside the EU/EEA.
If your personal data is processed outside the EU/EEA, we will take all reasonable legal, technical, and organisational steps required to ensure that your personal data is handled and protected in an adequate manner, comparable to the protection offered within the EU/EEA.
How long we save your personal data for
The Company will process your personal data as long as the contractual relationship exists and then as long as processing is necessary in order to fulfil the purpose of the processing. In terms of customer and vendor information, we retain data for 7 years after termination of the agreement. In terms of students or course participants, data is erased 5 years after the last active course on the account. Training materials are erased within 2 years of termination of the agreement. However, your personal data will be retained for a maximum of 10 years from the termination of the agreement. After that, the data will be erased.
Under the General Data Protection Regulation and Swedish law, you have the following rights with respect to your personal data:
- Right of access – You have the right to request confirmation of how and what personal data we process about you, as well as to obtain a copy of the data at no charge.
- Right to rectification – You have the right to request that inaccurate data be corrected at no charge. Corrections must be made without unnecessary delays. You also have the right to request to complete incomplete information about you.
- Right to erasure (right to be forgotten) – Under certain circumstances, you have the right to request to have your personal data erased. However, this right does not apply if the Company is able to demonstrate particularly important reasons against erasure.
- Right to restriction of processing – In certain situations, you have the right to request a restriction of processing of your personal data, such as during the time when the Company examines whether personal data about you are inaccurate.
- Right to data portability – You have the right to obtain the personal data about you that you have provided to the Company. You also have the right to demand that the Company facilitates the transfer of your data to another party.
- Right to object – In certain situations, you have the right to object to our processing of your personal data. However, this right does not apply if the Company is able to demonstrate particularly important reasons for continuing the processing. In terms of objecting to marketing, that right is absolute.
Cookies are used on the Company’s website. Cookies are small text files stored on the visitor’s computer and used to improve your website experience, its functionality, and to analyse how the website is used.
We always strive to process your personal data in a legal and secure manner in accordance with applicable legislation.
If you believe that we are processing your personal data in violation of applicable law, you may file a complaint with the relevant Luxembourgish data protection authority.