Privacy Policy

Introduction

nimbusharvester GmbH ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website nimbusharvester.world or use our personal training and wellness services.

We are the data controller for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws in the European Union.

Data We Collect

The data we collect depends on how you interact with our services. We may collect the following types of personal information:

Information You Provide Directly

• Contact information (name, email address, phone number, postal address)
• Health and fitness information (fitness goals, medical conditions, dietary requirements)
• Payment information (billing address, payment method details)
• Communication records (emails, messages, feedback)
• Account information (username, password, preferences)

Information Collected Automatically

• Website usage data (pages visited, time spent, click patterns)
• Device information (IP address, browser type, operating system)
• Location data (general geographic location based on IP address)
• Cookies and tracking technologies (as detailed in our Cookie Policy)

How We Use Your Information

We use of your data is based on legitimate legal grounds under GDPR. Here's how we use your information and our legal basis for processing:

Service Provision (Contract Performance)

• Providing personal training and wellness services
• Scheduling appointments and managing bookings
• Creating personalised fitness and nutrition programmes
• Processing payments and managing billing
• Communicating about your services and appointments

Business Operations (Legitimate Interest)

• Improving our services and customer experience
• Conducting business analysis and reporting
• Maintaining security and preventing fraud
• Responding to enquiries and providing customer support

Marketing and Communication (Consent)

• Sending promotional materials and service updates (with your consent)
• Personalising marketing communications
• Conducting market research and surveys

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about our use of cookies, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: Trusted third-party vendors who assist us in operating our business (payment processors, email service providers, analytics providers)
• Legal Requirements: When required by law, court order, or regulatory authority
• Business Transfers: In connection with a merger, acquisition, or sale of business assets
• Health Professionals: With your explicit consent, we may share health information with relevant healthcare providers
• Emergency Situations: To protect your vital interests or those of others in emergency situations

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required by law:

• Client Records: 7 years after the end of our business relationship (for legal and tax purposes)
• Health Information: 10 years after last treatment (as required by healthcare regulations)
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Website Analytics: 26 months (Google Analytics default retention period)
• CCTV Footage: 30 days (for security purposes)

After these periods, we will securely delete or anonymise your personal data unless we have a legal obligation to retain it longer.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for marketing purposes
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the information provided in the "Contact Information" section below.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and staff training
• Secure data storage and backup systems
• Regular monitoring for security breaches

However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Your personal data is primarily processed within the European Union. If we transfer data outside the EU, we ensure appropriate safeguards are in place, such as:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Certification schemes approved by supervisory authorities

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

For clients under 18, we require parental or guardian consent before providing services and collecting personal data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notification to registered users
• Displaying a prominent notice on our website

Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us regarding your personal data, please reach out to us:

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with data protection laws. In Austria, you can contact: