This Privacy Policy governs the collection, processing, storage, and transmission of personal data by Bret Combs, an independent physical conditioning provider based at Wattstraat 56, 2723 RC Zoetermeer, Netherlands ("we", "us", "our", or the "Provider"). This Policy is established in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch Implementation Act of the GDPR (Uitvoeringswet AVG).
1. Data Controller
Bret Combs serves as the Data Controller for all personal data collected through this website and associated channels. For inquiries regarding this Policy or the exercise of your data subject rights, contact: bret.combs@exec-conditioning.nl.
2. Categories of Personal Data
We collect and process the following categories of personal data, limited to what is strictly necessary:
- Identity Data: Full name, date of birth.
- Contact Data: Email address, telephone number, physical address.
- Health & Physical Data: Body composition, fitness assessments, injury history, dietary information (with explicit consent).
- Transaction Data: Payment records, service selections, billing information.
- Technical Data: IP address, browser type, device information, access timestamps.
- Communication Data: Messages, inquiries, and correspondence.
3. Legal Basis for Processing
Processing is conducted under one or more of the following legal bases (GDPR Article 6):
- Article 6(1)(a) — Consent: Health data for personalized protocol development.
- Article 6(1)(b) — Contract: Execution of service agreements.
- Article 6(1)(c) — Legal Obligation: Tax compliance and regulatory reporting.
- Article 6(1)(f) — Legitimate Interests: Security, fraud prevention, service improvement.
4. Purposes of Processing
- To assess physical condition and design personalized protocols.
- To deliver purchased services and maintain records.
- To process payments and manage billing.
- To communicate regarding appointments and service updates.
- To comply with legal obligations.
- To maintain website security.
- To analyze usage for continuous improvement (anonymized).
5. Data Retention
| Data Category | Retention Period | Basis |
|---|
| Identity & Contact | 7 years after last service | Tax obligations |
| Health & Physical | 3 years after last service | Consent limitation |
| Transaction | 7 years | Dutch tax law |
| Technical | 26 months | Analytics & security |
| Communication | 2 years | Dispute resolution |
6. Your Rights
Under GDPR, you possess the following rights:
- Right of Access (Article 15): Confirm processing and obtain a copy.
- Right to Rectification (Article 16): Correct inaccurate data.
- Right to Erasure (Article 17): Request deletion where permitted.
- Right to Restriction (Article 18): Limit processing under specified circumstances.
- Right to Data Portability (Article 20): Receive data in structured format.
- Right to Object (Article 21): Object to processing based on legitimate interests.
- Right to Withdraw Consent (Article 7(3)): Withdraw at any time.
- Right to Lodge a Complaint (Article 77): File with Autoriteit Persoonsgegevens.
7. Security Measures
- SSL/TLS encryption for all transmissions.
- Password-protected internal systems.
- Regular security audits.
- Limited access on need-to-know basis.
- Secure encrypted backups.
8. Data Sharing
We do not sell personal data. Sharing is limited to:
- Service Providers: Payment processors, hosting, email delivery (under DPA).
- Legal Authorities: When required by law or court order.
- Professional Advisors: Accountants and legal counsel under confidentiality.
9. International Transfers
All data is processed within the EEA. For non-EEA providers, Standard Contractual Clauses ensure GDPR-compliant protection.
10. Cookies
We use minimal essential cookies. No third-party advertising cookies or tracking pixels are deployed.
11. Children's Privacy
Services are not directed to individuals under 18. We do not knowingly collect data from minors.
12. Changes
This Policy may be updated periodically. Material changes will be communicated via email. The "Last Updated" date indicates the most recent revision.
This Policy constitutes the entire privacy agreement between you and the Provider.
By submitting data, you acknowledge and accept these terms.