Information on the processing of personal data in accordance with Art. 13 GDPR for customers of NHS Personal Training GmbH
NHS Personal Training GmbH attaches great importance to the protection of your personal data. Below you will find an overview of how your personal data are processed by NHS Personal Training GmbH and of the rights to which you are entitled under data‑protection legislation.
1. Controller responsible for the data processing
NHS Personal Training GmbH
Commercial Register: AG Charlottenburg (HRB 260252)
Represented by the Managing Director Mr Alexander Brikman
Lilienthalallee 5–7, 80807 Munich, Germany
Tel.: +49 176 81253942
E‑mail: info@newhealthsociety.com
2. Purposes of the data processing
Your personal data are processed for the following purposes:
| Purpose | Description |
|---|---|
| Contract management / Membership administration | Recording and managing your data for concluding and performing the membership contract (e.g. name, address, contact details, bank account) |
| Appointment scheduling | Managing training plans; arranging and organising your personal training appointments |
| Communication | Using your contact details to inform you of important information (e.g. contract changes, appointment cancellations) |
| Updating training and nutrition plans | Creating and adapting individual plans during the contract term |
| Billing & payment processing | Executing SEPA direct debits and, where necessary, debt collection in cases of payment arrears |
| Marketing purposes (with consent) | Using your photos/videos on our social‑media channels or for advertising events |
| Compliance with legal obligations | Observing statutory retention and documentation obligations (e.g. under tax or commercial law) |
| Legitimate interests | Debt management in cases of payment default; ensuring proper operations (e.g. compliance with house rules) |
3. Legal bases of the processing
| Purpose | Legal basis |
|---|---|
| Contract management and administration | Art. 6 (1) (b) GDPR |
| SEPA direct debit & billing | Art. 6 (1) (b) GDPR |
| Communication (e.g. scheduling) | Art. 6 (1) (b) GDPR |
| Updating training/nutrition plans | Art. 6 (1) (b) GDPR |
| Debt collection / other legitimate interests | Art. 6 (1) (f) GDPR |
| Statutory retention duties | Art. 6 (1) (c) GDPR |
| Use of photos/videos (with consent) | Art. 6 (1) (a) GDPR |
4. Recipients of your data
Your data are disclosed only insofar as this is necessary for contract performance or required by law (e.g. banks, IT service providers, collection agencies, tax advisers, authorities). Data are transferred to third parties for other purposes only if you have expressly consented or if we are legally obliged to do so.
5. Data transfers to third countries
Your personal data are transferred to countries outside the EU/EEA only where necessary for contract performance or where you have expressly consented to the transfer; such transfers rely, where applicable, on recognised safeguards (e.g. EU Standard Contractual Clauses).
6. Storage period
We store your personal data only as long as necessary for the aforementioned purposes or to comply with legal obligations. After termination of membership and expiry of statutory retention periods (generally 10 years), the data are deleted.
7. Your rights as a data subject
Under Art. 15–21 GDPR you have the right to access, rectification, erasure, restriction of processing, data portability and to object to processing of your personal data.
8. Right to withdraw consent
Where processing is based on your consent (e.g. use of images), you may withdraw that consent at any time with effect for the future.
9. Right to object (Art. 21 GDPR)
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you that is based on Art. 6 (1) (e) or (f) GDPR; this applies also to profiling based on these provisions.
10. Right to lodge a complaint with a supervisory authority
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach, Germany
Tel.: +49 (0) 981 180093‑0
E‑mail: poststelle@lda.bayern.de
11. Provision of data
Certain data (e.g. name, address, bank details) are required for entering into and performing the membership contract; without these data the contract cannot be concluded.
12. Automated decision‑making / profiling
No automated decision‑making within the meaning of Art. 22 GDPR takes place.
13. Data Protection Information on Tracking Technologies
Our website uses various tracking tools for analytics, conversion measurement and advertising performance monitoring. Such tools are employed solely on the basis of your voluntary consent via our consent banner (§ 25 (1) TTDSG in conjunction with Art. 6 (1) (a) GDPR). You can change or withdraw your consent at any time in the consent banner.
| No. | Tool | Provider & Hosting | Data processed (examples) | Legal basis | Third‑country transfer |
|---|---|---|---|---|---|
| 13.1 | Server‑side tracking (stape.io) | Stape Inc., Dover, DE, USA; EU servers | Truncated IP, user‑agent, GCLID/FBCLID, page views, events, device info | Consent (Art. 6 (1) (a) GDPR) | EU Standard Contractual Clauses |
| 13.2 | Google Tag Manager | Google Ireland Ltd., Dublin, IE | GTM itself stores no personal data; activates other tags | – (no own tracking); activation of tags based on consent | – |
| 13.3 | Google Analytics 4 | Google Ireland Ltd.; server‑side via stape | Page and event data, truncated IP, device & browser data | Consent (Art. 6 (1) (a) GDPR) | EU SCCs + explicit consent (Art. 49 (1) (a)) |
| 13.4 | Google Ads (Conversion, Remarketing, Enhanced Conversions) | Google Ireland Ltd. / Google LLC (USA) | GCLID, conversion events, hashed contact info (SHA‑256), browser data | Consent | EU SCCs + explicit consent |
| 13.5 | Meta (Facebook) Pixel & CAPI | Meta Platforms Ireland Ltd. / Meta Platforms Inc. (USA) | IP, user‑agent, event data, hashed e‑mail (Advanced Matching) | Consent | Joint controllership + EU SCCs + explicit consent |
| 13.6 | Mautic (self‑hosted) | Dogado GmbH, EU hosting | Pseudonymous IDs, truncated IP, page & e‑mail interactions | Consent; newsletter double opt‑in | – |
| 13.7 | Microsoft Ads (Bing) | Microsoft Ireland Operations Ltd. / Microsoft Corp. (USA) | Cookies (UET tag), pseudonymous IDs, conversion data | Consent | EU SCCs |
Note: A personal user profile is created only if you log in to a customer account or give explicit consent.
13.8 Withdrawal of your consent
You can withdraw your consent to individual or all tracking technologies at any time via the consent banner with effect for the future. The legality of processing carried out up to the time of withdrawal remains unaffected.
For your further data‑subject rights (access, erasure, restriction, objection, etc.) section 7 of this notice applies accordingly.