Privacy Policy
This Privacy Policy governs the processing of personal data carried out by Antonio Cavadas (hereinafter, the Controller or the Platform) in relation to users (hereinafter, the User) who access and use the mobile app, website and associated services.
The Controller complies with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights, and any other applicable regulations.
1. Data Controller
- Owner: Antonio Cavadas
- Address: Calle Vascongadas, Colmenar Viejo, Madrid, Spain
- Contact email: antonio.cavadas.dev@gmail.com
The Controller is responsible for ensuring compliance with the applicable data protection regulations. The User may send any query or request related to the processing of their personal data through the email address indicated above. The User also has the right to lodge a complaint with the competent supervisory authority if they believe the processing of their data does not comply with the applicable regulations.
2. Categories of Personal Data Processed
In accordance with the data minimization principle, the Controller only processes the data necessary for the proper provision of the services:
2.1 Identification and contact data
- Name or alias
- Email address
- Access credentials
2.2 Profile, activity and training data
- Physical data voluntarily provided by the User (e.g. weight, height, sex, age)
- Physical activity, training and performance metrics
- Sports goals, routines and training plans
2.3 Health-related data
- Data linked to the User's physical activity and fitness condition
- Data imported from third-party services (such as Apple Health and/or Google Health Connect), always with prior explicit authorization
2.4 Content provided by the User
- Images, videos or other multimedia content voluntarily uploaded
- Communications and messages exchanged within the Platform
2.5 Technical and usage data
- Information derived from the use of the application and website
- Technical identifiers, access logs and data required to ensure the security and proper functioning of the service
3. Purposes of Processing
The User's personal data is processed for the following purposes:
- Managing registration, authentication and maintenance of the User account
- Providing training, sports monitoring and technical advisory services
- Facilitating interaction between the User and the assigned coach
- Managing payments, subscriptions and billing
- Handling the User's queries, requests and communications
- Improving the quality, functionality and security of the Platform
- Preventing misuse, fraud and unauthorized access
- Complying with applicable legal obligations
4. Legal Basis for Processing
The processing of personal data is based on the following legal grounds:
- Performance of a contract (art. 6.1.b GDPR): to provide the services requested by the User.
- Explicit consent (art. 6.1.a and 9.2.a GDPR): for processing health-related data, multimedia content and synchronization with third-party services.
- Compliance with legal obligations (art. 6.1.c GDPR): for tax, accounting and administrative matters.
- Legitimate interest (art. 6.1.f GDPR): to guarantee security, technical maintenance and fraud prevention.
Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to its withdrawal.
5. Data Recipients
Personal data may be disclosed or become accessible to:
- Technology service providers acting as data processors
- Payment and billing service providers
- Coaches assigned to the User, exclusively for the proper provision of the contracted service
- Public administrations and competent authorities, when there is a legal obligation
Under no circumstances will personal data be sold or transferred to third parties for advertising purposes.
6. International Data Transfers
If personal data is transferred or hosted outside the European Economic Area, such transfers will only take place when there is an adequate level of protection under the applicable regulations or appropriate safeguards have been implemented, such as standard contractual clauses or other legally recognized mechanisms.
7. Relationship Between User, Coach and Platform
The Platform acts as a technological intermediary between the User and the coach.
- The User accepts that the data and content provided through the Platform may be shared with the assigned coach for the purpose of providing training and advisory services.
- The coach may act as an independent controller regarding personal data processed outside the Platform environment and is responsible for complying with their own legal obligations in matters of data protection.
8. Data Retention Period
Personal data will be retained:
- While the User's account remains active
- For the time necessary to fulfill the purposes for which the data was collected
- For the periods required by applicable regulations to comply with legal obligations
Once these periods have ended, the data will be securely deleted, anonymized or blocked.
9. User Rights
The User may exercise the following rights:
- Access
- Rectification
- Erasure
- Restriction of processing
- Objection
- Portability
To exercise these rights, the User may send a request to antonio.cavadas.dev@gmail.com. The Controller will respond within the legally established timeframes after verifying the identity of the requester.
10. Account Deletion
The User may request deletion of their account from within the Platform itself. Once requested:
- The personal data associated with the account will be deleted within a maximum period of 30 days.
- Certain data may be retained in a duly blocked form when required to comply with legal obligations.
11. Security Measures
The Controller implements appropriate technical and organizational measures to ensure the security and confidentiality of personal data, including access controls, encryption, secure authentication and incident management procedures.
In the event of a personal data breach, the necessary measures will be adopted and, where applicable, the supervisory authority and affected users will be notified in accordance with applicable law.
12. Minors
The Platform is not directed at minors. If the processing of personal data of minors is detected without valid consent from their legal representatives, such data will be deleted immediately.
13. Changes to the Privacy Policy
The Controller reserves the right to modify this Privacy Policy to adapt it to legal developments or changes in the Platform. Changes will be published on the website and/or in the application and, when legally required, the User will be notified.
14. Applicable Law
This Privacy Policy is governed by Spanish and European personal data protection regulations.