Privacy Policy - UNIK FITNESS

1. Introduction

UNIK FITNESS ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you participate in our fitness and wellness programs.

Data Controller: UNIK FITNESS Henrik Bygum Kolding, Denmark Email: Henrik@unikfitness.dk

2. Legal Basis

We process your personal data in accordance with:

  • EU General Data Protection Regulation (GDPR)
  • Danish Data Protection Act (Databeskyttelsesloven)
  • Danish Health Act (Sundhedsloven) for health data

3. What Data We Collect

3.1 Personal Information

  • Name, email address, phone number
  • Date of birth, gender
  • Emergency contact information

3.2 Health and Fitness Data

We collect health data with your explicit consent, including:

Directly from You:

  • Body measurements (weight, body fat percentage, muscle mass)
  • Fitness test results (strength benchmarks, cardiovascular tests)
  • Health questionnaires and medical history
  • Dietary information and nutrition logs
  • Training goals and preferences

From Garmin Wearable Devices: Through the Garmin Health API, we collect:

  • Daily activity metrics (steps, active minutes, calories burned)
  • Heart rate data (resting, during activity, heart rate variability)
  • Sleep data (duration, sleep stages, sleep quality)
  • Stress levels and recovery metrics
  • VO2 max and fitness age estimates
  • Workout data (type, duration, intensity, GPS routes)
  • Body composition data (from compatible Garmin scales)

3.3 Communication Data

  • Messages, emails, and correspondence with coaches
  • Progress photos and videos (only with your explicit consent)

4. How We Use Your Data

We use your personal data exclusively for:

4.1 Program Delivery

  • Creating personalized training programs
  • Developing customized nutrition plans
  • Monitoring your progress and adjusting programs
  • Providing coaching support and guidance
  • Assessing recovery and preventing overtraining

4.2 Health and Safety

  • Ensuring training appropriateness for your fitness level
  • Identifying potential health concerns requiring medical consultation
  • Emergency contact in case of incidents

4.3 Program Improvement

  • Analyzing aggregated, anonymized data to improve program effectiveness
  • Internal quality assurance and coaching methodology development

4.4 Communication

  • Sending program updates, schedules, and reminders
  • Responding to your questions and support requests
  • Providing motivational support and check-ins

We will NEVER:

  • Sell your personal data to third parties
  • Use your data for marketing without your separate consent
  • Share your individual health data publicly without your explicit permission

5. Legal Basis for Processing

We process your data based on:

Explicit Consent (GDPR Art. 9.2.a):

  • For all health and fitness data collection
  • For Garmin device data integration
  • For progress photos and testimonials

Contractual Necessity (GDPR Art. 6.1.b):

  • To deliver the fitness program you enrolled in
  • To provide coaching services

Legitimate Interest (GDPR Art. 6.1.f):

  • Program quality improvement (using anonymized data)
  • Internal business administration

6. Data Sharing and Third Parties

6.1 Garmin Connect

When you authorize UNIK FITNESS to access your Garmin data:

  • Data is transmitted directly from Garmin Connect to our secure systems via Garmin Health API
  • We only access data you explicitly authorize
  • You can revoke access at any time through your Garmin Connect settings

6.2 Service Providers

We may share limited data with:

  • Cloud hosting providers: Secure data storage (EU-based servers)
  • Communication platforms: Email and messaging services
  • Payment processors: For subscription billing (no health data shared)

All service providers are:

  • GDPR-compliant with appropriate data processing agreements
  • Bound by confidentiality obligations
  • Only permitted to process data on our instructions

6.3 Legal Requirements

We may disclose your data if legally required by:

  • Danish health authorities
  • Law enforcement (with valid legal request)
  • Court orders

7. Data Security

We implement appropriate technical and organizational measures:

7.1 Technical Security

  • End-to-end encryption for data transmission
  • Encrypted data storage on secure servers
  • Regular security updates and vulnerability assessments
  • Access controls and authentication requirements
  • Regular data backups with encrypted storage

7.2 Organizational Security

  • Staff training on data protection and confidentiality
  • Strict access controls (need-to-know basis)
  • Confidentiality agreements with all staff and partners
  • Regular security policy reviews

7.3 Garmin Integration Security

  • OAuth 2.0 authentication protocol
  • Secure API connections with Garmin servers
  • No storage of Garmin login credentials
  • Automatic token refresh for continuous security

8. Data Retention

We retain your data as follows:

During Active Program Participation:

  • All data is retained and actively used for coaching

After Program Completion:

  • Health and fitness data: Retained for 12 months for follow-up support
  • Personal contact information: Retained until you request deletion
  • Anonymized aggregated data: May be retained indefinitely for research

Upon Request:

  • You can request immediate deletion of all personal data at any time

Legal Requirements:

  • Some data may need to be retained longer for legal/accounting purposes (max 5 years)

9. Your Rights Under GDPR

You have the following rights:

9.1 Right of Access (Art. 15)

Request a copy of all personal data we hold about you

9.2 Right to Rectification (Art. 16)

Correct any inaccurate or incomplete personal data

9.3 Right to Erasure (Art. 17) - "Right to be Forgotten"

Request deletion of your personal data

9.4 Right to Restrict Processing (Art. 18)

Limit how we use your data in certain circumstances

9.5 Right to Data Portability (Art. 20)

Receive your data in a structured, commonly used format

9.6 Right to Object (Art. 21)

Object to processing based on legitimate interests

9.7 Right to Withdraw Consent (Art. 7.3)

Withdraw consent for health data processing at any time

9.8 Right to Lodge a Complaint

File a complaint with the Danish Data Protection Agency (Datatilsynet)

To Exercise Your Rights: Contact us at [your-email@unikfitness.dk] We will respond within 30 days

10. Garmin Data Integration - Specific Information

10.1 Authorization Process

  • You explicitly authorize UNIK FITNESS to access your Garmin data
  • Authorization is done through Garmin's secure OAuth system
  • You choose which data types to share

10.2 Data Synchronization

  • Data syncs automatically when your Garmin device connects to Garmin Connect
  • We access only the data types you've authorized
  • Historical data may be accessed for baseline establishment

10.3 Revoking Access

You can revoke UNIK FITNESS's access to your Garmin data at any time:

  1. Log into Garmin Connect
  2. Go to Account Settings → Connected Apps
  3. Remove UNIK FITNESS authorization

Note: Revoking access will limit our ability to provide personalized coaching based on daily activity data.

11. Cookies and Website Technology

If we implement a website, we will:

  • Use only necessary functional cookies
  • Not use tracking or advertising cookies without consent
  • Provide a cookie consent mechanism
  • Update this policy to reflect cookie usage

12. International Data Transfers

Your data is stored on servers located within the EU/EEA. If we ever need to transfer data outside the EU/EEA, we will:

  • Obtain your explicit consent
  • Ensure adequate protection through EU-approved mechanisms
  • Notify you of the transfer and safeguards in place

13. Children's Privacy

Our programs are designed for adults (18+). We do not knowingly collect data from individuals under 18 without parental consent.

14. Changes to This Policy

We may update this Privacy Policy to reflect:

  • Changes in our data practices
  • New legal requirements
  • Service improvements

When we make changes:

  • We will update the "Last Updated" date
  • Notify you via email of significant changes
  • Request renewed consent if required by law

15. Contact Information

For Privacy Questions or to Exercise Your Rights:

UNIK FITNESS Henrik Bygum Kolding, Denmark Email: Henrik@unikfitness.dk Phone: +4523815353

Danish Data Protection Authority (Datatilsynet): Borgergade 28, 5. 1300 København K Denmark Email: dt@datatilsynet.dk Phone: +45 33 19 27 00 Website: www.datatilsynet.dk

16. Consent Acknowledgment

By participating in UNIK FITNESS programs and authorizing Garmin data access, you acknowledge that you have:

  • Read and understood this Privacy Policy
  • Been informed of your rights under GDPR
  • Given explicit consent for processing of your health data
  • Understood that you can withdraw consent at any time