Privacy Policy

At Aarhus Training Collective, we prioritize protecting your personal data in compliance with GDPR. Our Privacy Policy outlines the data we collect, how we store it, and its intended use. We respect confidentiality and ensure responsible data handling. If you do not accept this policy, we may be unable to process orders or inquiries due to legal requirements.

Data Controller – How to Contact Us

Aarhus Training Collective is responsible for the processing of personal data collected from you. Our contact details are:

Aarhus Training Collective

Doing business as Aarhus Training Collective

Ivar Huitfeldts Gade 79, 3th

8200 Aarhus N

CVR: 44736381

E-mail: train@aarhustrainingcollective.dk

Purpose, Types of Data Collected, and Legal Basis for Processing

We collect data necessary for managing and monitoring our services. The types of information we collect include:

- Contact Information: We collect your full name, age, gender, address, email, and other contact details to identify,

communicate, and inform you as needed.

- Payment Information: We collect data on purchase history, financial details, and transactions to maintain customer and supplier relationships.

  • Legal Basis for Processing: We process your data based on one or more of the following legal grounds:

- Your consent

- Performance of a contract

- Legal obligations

- Legitimate business interests (such as security, service improvement, and fraud prevention)

How We Use Your Information

  • Contact Information: Used for communication, service administration, handling inquiries, processing orders, customer surveys, and marketing.

  • Service-Related Information: Used to customize treatment plans and optimize diet and training programs based on individual needs.

  • Payment Information: Used for transaction processing.

  • Legal Compliance: Used to fulfill legal and financial obligations, including bookkeeping and regulatory requirements.

How Your Information is Stored

In compliance with data protection laws, your personal data is stored securely. Data is saved on password-

protected computers, with periodic security audits to ensure compliance with user rights.

Data Retention

Your personal data is retained as long as necessary to fulfill our obligations to you as a customer, or until deletion is

requested. Data may be stored for up to two years, depending on its nature, after which it is either deleted or

anonymized. The retention period depends on legal requirements and the purpose of data collection.

Under accounting and anti-money laundering laws, all transactional data, including contact and company details,

must be kept for five years.

How Your Information is Shared

Under the Danish Healthcare Act, we are required to maintain confidentiality regarding your health and other sensitive data. Data may only be shared outside Aarhus Training Collective with your consent, except in specific cases

where health information may be disclosed to other healthcare professionals, such as your doctor, under Danish

law.

Your contact information is only accessible to your trainer, or relevant staff assisting with services and sales.

We share data with trusted third-party service providers:

• Stripe, PaySafe and Acuity Scheduling – supporting technical infrastructure, booking, payment etc.

Legal and debt collection agencies – for contract enforcement, payments, and legal compliance.

Your data is never sold to third parties and will only be shared with authorities if legally required.

Aarhus Training Collective may use Google Analytics to collect site visit statistics, including IP addresses.

By visiting our website, you agree to Google's privacy terms: www.google.com/privacy.

Your Rights

Under GDPR, you have the following rights regarding your personal data:

- Right of access: You can request a copy of the data we process about you.

- Right to rectification: You can request correction of inaccurate data.

- Right to erasure: You may request deletion of your data under certain conditions.

- Right to restrict processing: You can request restricted use of your data in specific cases.

- Right to object: You can object to our data processing in some instances, including for direct marketing

purposes.

- Right to data portability: You can request that your data be transferred to another provider.

For more details, visit the Danish Data Protection Agency’s website: www.datatilsynet.dk.

Supervisory Authority and Complaints

Regulatory oversight is conducted by the Danish Patient Safety Authority (www.stps.dk).

If you are dissatisfied with how we process your data, you have the right to file a complaint with the Danish Data Protection Agency: www.datatilsynet.dk.

Data Breaches

In the event of a suspected data breach involving Aarhus Training Collective or our third-party providers, we

will assess potential impacts, notify affected users, and report to the Danish Data Protection Agency. If a breach is

suspected, you will be contacted as soon as possible.

For any concerns regarding data security, contact us immediately.

Privacy Policy Updates

We continuously review and update our data processing policies. This document serves as the latest version of the

Aarhus Training Collective Privacy Policy.