FREE INITIAL CONSULTATION

Privacy Policy

NHS Personal Training GmbH (Website + “New Health Society” mobile app)

Last updated: December 22, 2025

NHS Personal Training GmbH (“NHS”, “we”, “us”) takes the protection of your personal data seriously. This Privacy Policy explains how we collect, use, store, and share personal data when you use our website and our “New Health Society” mobile app and related services, and what rights you have under the GDPR.

1. Controller

NHS Personal Training GmbH

Commercial Register: AG Charlottenburg (HRB 260252)

Represented by the Managing Director: Mr Alexander Brikman

Lilienthalallee 5–7, 80807 Munich, Germany

Tel.: +49 176 81253942

E-mail: info@newhealthsociety.com

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • our website: newhealthsociety.com (including subpages such as the privacy and terms pages), and

  • our mobile app (“New Health Society”) and the related backend services we operate to provide the app.

3. What data we process

3.1 Account and contract data (website/app)

We may process:

  • name, address, email address, phone number

  • login credentials (email + password)

  • membership/contract data (e.g., plan, start/end dates, status)

  • communication history with us (e.g., support requests)

3.2 Training, fitness and health-related data (app/service)

Depending on your use, we may process:

  • training performance data (workouts, progress)

  • body metrics (e.g., weight, body fat)

  • nutrition logs

  • health information you provide to support coaching (e.g., injuries, allergies, health conditions, supplements)

Important: Health-related information can be “special category data” under Art. 9 GDPR (see section 5.2).

3.3 Billing and payment data

We may process:

  • billing data (invoices, payment status)

  • bank account data (e.g., IBAN) for SEPA direct debit, if applicable

  • data required for accounting and tax purposes

3.4 Media and files (app)

If you choose to use media features, we may process:

  • photos/videos you capture in-app or select from your device

  • files/media saved by the app on your device (where applicable)

3.5 Technical and log data (website/app)

We may process:

  • IP address (often in truncated form for analytics where applicable)

  • device/browser information (e.g., user agent)

  • basic log data needed to operate our services (e.g., request logs)

We do not use in-app advertising/marketing tracking and we do not sell your data.

We do not use third-party SDKs inside the app to track you for advertising.

4. Purposes of processing

We process personal data for the following purposes:

  1. Contract management / membership administration

    Creating and managing your membership and providing contracted services.

  2. Appointment scheduling and plan management

    Organizing training appointments and managing training/nutrition plans.

  3. Communication and support

    Responding to inquiries, providing service updates, handling cancellations/changes.

  4. Training and coaching delivery

    Documenting progress, adjusting training/nutrition plans, supporting your goals.

  5. Billing and payment processing

    Invoices, SEPA direct debits (where applicable), payment reminders, and accounting.

  6. Compliance with legal obligations

    Statutory retention duties (e.g., tax and commercial law obligations).

  7. Legitimate interests

    Ensuring proper operations and IT security; enforcing claims in cases of payment default; maintaining house rules and service integrity.

  8. Marketing (only with consent, where applicable)

    For example, using photos/videos on social media or for event promotion only if you have explicitly consented.

  9. Website analytics and measurement (only with consent)

    Using tracking technologies on our website to understand usage and improve our marketing (details in section 11).

5. Legal bases

5.1 General legal bases (Art. 6 GDPR)

Depending on the situation, we rely on:

  • Art. 6(1)(b) GDPR (contract performance / pre-contractual measures)

  • Art. 6(1)(c) GDPR (legal obligations)

  • Art. 6(1)(f) GDPR (legitimate interests)

  • Art. 6(1)(a) GDPR (consent, where required)

5.2 Health-related data (Art. 9 GDPR)

Where the information you provide qualifies as special category (health) data, we process it:

  • with your explicit consent (Art. 9(2)(a) GDPR), and in parallel

  • under the corresponding Art. 6 GDPR basis (typically Art. 6(1)(b) for delivering coaching services and/or Art. 6(1)(a) where consent is used).

You can refuse or withdraw consent for optional health-related inputs; however, certain coaching features may be limited if needed information is not provided.

6. Recipients of data

We share personal data only where necessary for the purposes above, including:

  • Internal recipients: authorized NHS coaches who need access to deliver coaching/training services.

  • IT/hosting providers: to operate our website, app backend, and databases (see section 7).

  • Banks/payment service providers: for payment processing (e.g., SEPA direct debit), where applicable.

  • Tax advisors / auditors / authorities: where required for accounting, tax, or legal compliance.

  • Debt collection / legal enforcement: only where necessary in cases of payment default.

We do not share app user data with third parties for advertising purposes.

7. Hosting and processing location

7.1 App backend and database

Our backend service and database are hosted on servers provided by IONOS:

  • OS: Ubuntu Linux

  • Database: PostgreSQL

  • Server location: Germany (EU)

  • Data processing & storage: within the EU/EEA

  • Data outside EU/EEA: No (for app backend, database, and file storage)

7.2 Website hosting and tracking providers

Our website may involve additional service providers (including analytics and marketing measurement tools) that can process technical data. See section 11 for details and consent options.

8. Data retention

We store personal data only as long as necessary for the purposes described above.

  • During membership: data is stored to provide the service.

  • After membership ends: we delete or anonymize non-accounting data, unless retention is required for legal reasons.

  • Accounting/tax retention: certain records (e.g., invoices and accounting-relevant contract data) may be retained for statutory periods (commonly up to 10 years under German commercial/tax law).

9. Your rights under the GDPR

You have the following rights (Art. 15–21 GDPR):

  • Right of access (Art. 15)

  • Right to rectification (Art. 16)

  • Right to erasure (Art. 17)

  • Right to restriction of processing (Art. 18)

  • Right to data portability (Art. 20)

  • Right to object (Art. 21)

To exercise your rights, contact us at info@newhealthsociety.com.

10. Withdrawal of consent

Where processing is based on your consent (e.g., marketing use of photos/videos; website tracking), you may withdraw your consent at any time with effect for the future. Processing carried out before withdrawal remains lawful.

11. Website tracking technologies (consent-based)

Our website uses tracking technologies for analytics, conversion measurement, and advertising performance monitoring. These tools are used only on the basis of your voluntary consent via our consent banner (Sec. 25(1) TTDSG in conjunction with Art. 6(1)(a) GDPR). You can change or withdraw your consent at any time via the consent banner.

Examples of tools used on the website may include:

  • server-side tracking (stape.io)

  • Google Tag Manager

  • Google Analytics 4

  • Google Ads (conversion/remarketing/enhanced conversions)

  • Meta (Facebook) Pixel & Conversions API

  • Mautic (self-hosted)

  • Microsoft Ads (Bing)

Note: These tracking technologies relate to the website. We do not use in-app advertising/marketing tracking SDKs.

12. App permissions (Android)

Depending on your device and how you use the app, the app may request the following permissions:

  • INTERNET

    Required to communicate with our backend API and load content.

  • CAMERA

    Used if you choose to capture photos/videos within the app (e.g., profile images or in-app media features).

  • READ_EXTERNAL_STORAGE

    Used if you choose to select existing media files from your device.

  • WRITE_EXTERNAL_STORAGE

    Used to save media files generated or downloaded by the app (where applicable).

  • SYSTEM_ALERT_WINDOW

    Used to display system-level overlays when required by app functionality (only if that feature is used/enabled on your device).

  • VIBRATE

    Used for haptic feedback within the app.

You can manage app permissions in your device settings at any time.

13. Children and minors

The app and services may be used by minors with parental/guardian involvement. Where required by applicable law, we will obtain appropriate parental/guardian consent before activating or maintaining an account for a minor.

14. Automated decision-making / profiling

We do not conduct automated decision-making within the meaning of Art. 22 GDPR.

15. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a competent supervisory authority. For Bavaria, Germany:

Bavarian State Office for Data Protection Supervision (BayLDA)

Promenade 18, 91522 Ansbach, Germany

Tel.: +49 (0) 981 180093-0

E-mail: poststelle@lda.bayern.de

16. Provision of data

Certain data (e.g., name, contact details, membership data, billing details) are necessary to enter into and perform the membership contract. Without this data, we may not be able to provide the service.

17. Contact

If you have questions about this Privacy Policy or data protection at NHS, contact:

info@newhealthsociety.com