Privacy Policy

GimFit Carrer Sant Salvador, 2, 2-1 · AD500 Andorra la Vella · Principality of Andorra Tax ID (NRT): [Pending assignment] Email: info@gimfit.com

We collect only the data necessary to provide the service: User account: first name, last name, email address, password (encrypted). Trainer profile: photo, biography, phone, Instagram handle, sports specialties, availability schedule, training locations, CV (optional PDF). Client profile: date of birth, gender (optional), phone, notes on physical condition or injuries (optional, voluntarily provided). Bookings and sessions: date, time, location, price, booking notes. Communications: chat messages between trainers and clients on the Platform. Geolocation: only if the user activates the «Near me» filter. Not stored permanently. Billing: name, address and tax details of trainers for invoice generation. Credit card data is handled exclusively by the payment provider.

Account management and authentication — Legal basis: contract performance (Art. 6.1.b GDPR). Booking and schedule management — Legal basis: contract performance. Trainer–client communication — Legal basis: contract performance. Notifications and reminders — Legal basis: contract performance and legitimate interest. Invoice generation and tax compliance — Legal basis: legal obligation. Trainer identity and qualification verification — Legal basis: legitimate interest. Geolocation for proximity filter — Legal basis: explicit user consent.

Active account: data is retained for as long as the account is active. Deleted accounts: data is erased within 30 days, except where legally required. Billing data: retained for 5 years in accordance with Andorran tax law.

GimFit uses the following service providers as data processors, with appropriate data processing agreements in place: • Neon Inc. — database hosting (EU/US, Standard Contractual Clauses) • Vercel Inc. — web hosting (EU/US, Standard Contractual Clauses) • Cloudinary — image storage • Resend Inc. — transactional email delivery • Twilio Inc. — WhatsApp notifications (optional, with consent) GimFit does not sell or share personal data with third parties for commercial purposes.

Under the LQPD and GDPR, you have the following rights: • Access, Rectification, Erasure («right to be forgotten»), Objection, Restriction of processing, Data portability and Withdrawal of consent. To exercise any of these rights, contact us at: info@gimfit.com

If you believe that the processing of your personal data does not comply with applicable law, you may lodge a complaint with: Agència de Protecció de Dades d'Andorra (APDA) Website: https://www.apda.ad · info@apda.ad EU residents may also contact the supervisory authority in their country of residence.

GimFit applies appropriate technical and organisational measures to protect personal data, including password encryption, HTTPS connections, role-based access control and regular backups.

GimFit reserves the right to amend this Privacy Policy. In the event of material changes, we will notify users by email or via a notice on the Platform before they take effect.