Last updated: [Insert date]

Bluezonelife ApS (“we”, “our”, “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you interact with us, visit our website, or use our services.

1. Data Controller

Bluezonelife ApS
Bygaden 64
8700 Horsens
Denmark
CVR No.: 45919404
Email: stensballe@bluezonelife.dk
Phone: +45 55662121

We are the data controller for the processing of personal data about our customers, partners, and visitors. It is not a legal requirement for us to appoint an external Data Protection Officer (DPO). However, if you have any questions about our processing of personal data, you can contact us at the above email address.

2. How We Process Your Personal Data

2.1 Website Visits

When you visit our website, we use cookies to ensure the website functions properly. You can learn more about this in our Cookie Policy.

2.2 Communication with Potential Customers

If you contact us via email or phone to inquire about our services, we process the information you provide to respond to your inquiry and maintain correspondence.

Data processed: Name, email address, phone number, and any other information you provide.
Legal basis: GDPR Article 6(1)(f) – Legitimate interest in communicating with potential customers.
Retention: We delete communication when it becomes clear whether you wish to use our services. In special cases, we may retain correspondence longer if necessary.

2.3 Customers

We process personal data to deliver our services and maintain customer relationships.

Data processed: Name, address, service details, agreements, payment details, and similar.
Legal basis: GDPR Article 6(1)(b) – Necessary for the performance of a contract.
Retention: Personal data is deleted once the service has been delivered and any outstanding matters have been settled.

2.4 Newsletter

You can subscribe to our newsletter voluntarily, and unsubscribe at any time.

Purpose: To send you updates about our services, news, or content related to Bluezonelife.
Data processed: Email address.
Legal basis: GDPR Article 6(1)(a) – Consent.
Double opt-in: You will receive a confirmation email to verify your subscription.
Retention: Data is retained while subscribed. Consent expires after 12 months of inactivity.

2.5 Bookkeeping

We are legally required to store accounting records under the Danish Bookkeeping Act.

Data processed: Name, address, service descriptions, and invoice details.
Legal basis: GDPR Article 6(1)(c) – Legal obligation.
Retention: Minimum 5 years after the end of the financial year.

2.6 Job Applications

We welcome job applications for the purpose of recruitment.

Legal basis: GDPR Article 6(1)(f) – Legitimate interest in assessing candidates.
Retention: Unsolicited applications are deleted immediately if no match is found. Applications for advertised positions are deleted once the position has been filled.

3. Data Processors and Third Parties

We use trusted partners and suppliers to deliver our services, some of whom act as data processors. These partners process personal data on our behalf and under our instructions.

Our key data processors include:
– Easyme: Booking of health services, including storage of personal information and records.
– Technogym/MyWellness: Management of our training platform, including bookings.
– BRP: Membership management system (memberships, bookings, clip cards).
– Chatassist: AI-powered chatbot used for customer service on our website.

4. Disclosure of Personal Data

We do not sell, share, or otherwise disclose your personal data to third parties unless required by law.

5. Transfers Outside the EU/EEA

As a general rule, we use data processors located within the EU/EEA or who store data in the EU/EEA. In certain cases, data may be transferred outside the EU/EEA if the recipient provides adequate protection under the EU Commission’s Standard Contractual Clauses.

6. Data Security

We have implemented appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, or misuse. We conduct risk assessments and maintain GDPR awareness among employees through training, courses, and internal procedures.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:
– Right of Access: You may request access to the personal data we process about you.
– Right to Rectification: You may request correction of inaccurate data.
– Right to Erasure: You may request deletion of your data in special circumstances.
– Right to Restrict Processing: You may request limited processing under certain conditions.
– Right to Object: You may object to processing based on legitimate interests or for direct marketing.
– Right to Data Portability: You may request to receive your data in a structured, machine-readable format.

8. Withdrawal of Consent

If we process your data based on consent, you can withdraw your consent at any time by contacting us. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

9. Complaints

If you are dissatisfied with our processing of your personal data, you have the right to file a complaint with:

The Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35
2500 Valby, Denmark
Website: www.datatilsynet.dk

10. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, and the ‘last updated’ date will reflect the most recent revision.