Privacy Policy

Scope and Introduction

This privacy policy informs you about the nature, scope and purpose of the collection and use of personal data (hereinafter referred to as "data") when using our website and the related services, functions and content. The technical terms used, such as "processing" or "controller", correspond to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

For users from the EU and the EEA, the GDPR legal bases mentioned below apply. In addition, we process data in accordance with the Swiss Data Protection Act (DSG).

Data Controller

David Winzler
Eggbergstr. 19
79618 Rheinfelden
Germany

info@medicalpersonaltraining.com
Legal Notice: https://medicalpersonaltraining.com/en/legal.html

What Data Do We Process?

- Master data (such as names, addresses)
- Contact information (such as email addresses, phone numbers)
- Input data (such as text messages, form entries)
- Technical data (such as IP addresses, device information)

Who Is Affected?

All persons who visit our website or use our services are affected (hereinafter referred to as "users").

Processing Purposes

- Provision and operation of our website and its functions
- Processing inquiries and communication
- Ensuring IT security
- Reach analysis and marketing

Definitions

"Personal data" refers to all information relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly or indirectly – for example, by assignment to a name, an identification number, location data or an online identifier such as cookies.

The term "processing" covers any operation in connection with personal data, regardless of whether it is carried out automatically or not. This includes collecting, storing, using, transmitting or deleting data.

"Pseudonymization" refers to the processing of personal data in such a way that it can no longer be attributed to a specific person without additional information, whereby this additional information must be kept separately and securely.

"Profiling" means the automated evaluation of personal data to analyse or predict certain aspects of a person, such as their behaviour, interests or whereabouts.

"Controller" is the natural or legal person who decides on the purposes and means of data processing.

"Processor" is an entity that processes data on behalf of the controller.

Legal Basis for Processing

In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing:

- Consent: Art. 6 (1) (a), Art. 7 GDPR
- Contract fulfilment and pre-contractual measures: Art. 6 (1) (b) GDPR
- Legal obligations: Art. 6 (1) (c) GDPR
- Protection of vital interests: Art. 6 (1) (d) GDPR
- Public interest: Art. 6 (1) (e) GDPR
- Legitimate interests: Art. 6 (1) (f) GDPR
- Change of purpose: Art. 6 (4) GDPR
- Special categories of data: Art. 9 (2) GDPR

Data Security

In accordance with legal requirements and taking into account the state of the art, we employ appropriate technical and organizational measures to protect your data.

These include in particular measures to ensure the confidentiality, integrity and availability of data. We control access to data, their input and transmission. Furthermore, we have established procedures to guarantee the rights of data subjects, to delete data and to respond to security incidents. Data protection is already taken into account when selecting hardware and software (privacy by design and privacy by default).

Disclosure to Third Parties

We only disclose data to third parties if this is permitted by law – for example, for contract fulfilment, with consent, due to legal obligations or within the scope of legitimate interests (for example, when using service providers or web hosts).

When data is shared within our company, this is done for administrative purposes as a legitimate interest and always in accordance with applicable law.

Data Transfer to Third Countries

If we process data outside the EU, EEA or Switzerland or transfer it to recipients there, this only happens for contract fulfilment, with your consent, due to legal obligations or within the scope of legitimate interests.

We only transfer data to countries with a recognized level of data protection – including US companies certified under the EU-US Data Privacy Framework (DPF) – or on the basis of suitable guarantees such as EU standard contractual clauses, certifications or binding corporate rules (Art. 44 to 49 GDPR, EU Commission information).

Your Rights

You have the right to information about whether and what data we process about you, as well as to a copy of this data.

You may request the correction of incorrect data or the completion of incomplete data.

Under certain conditions, you may request the deletion of your data or the restriction of processing.

You have the right to data portability – that is, the right to receive the data you have provided in a common format and to have it transferred to other controllers.

You also have the right to lodge a complaint with a supervisory authority.

Right of Withdrawal

You may withdraw consent you have given at any time with effect for the future.

Right to Object

You may object to the processing of your data at any time, provided the legal requirements are met. This applies in particular to processing for direct marketing purposes.

Cookies and Tracking

Cookies are small text files stored on your device. They are used to store information during or after your visit.

There are different types: Temporary cookies (session cookies) are deleted when the browser is closed and store, for example, the contents of a shopping cart. Persistent cookies remain after the browser is closed and can store, for example, login data or user interests. Third-party cookies come from providers other than the website operator.

We use both temporary and persistent cookies. If we ask for consent, Art. 6 (1) (a) GDPR is the legal basis. Otherwise, processing takes place on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR or for contract fulfilment pursuant to Art. 6 (1) (b) GDPR.

You can deactivate or delete cookies in your browser settings. However, this may limit the functionality of our website.

You can object to tracking cookies for marketing purposes at aboutads.info or youronlinechoices.com.

Data Deletion

We delete data as soon as the purpose of its collection ceases to apply and there are no legal retention obligations to the contrary.

If data is required for other legitimate reasons, its processing will be restricted – it will then be blocked and not used for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

Updates to This Policy

We update this privacy policy as needed, for example when our data processing changes. If changes require your participation (such as new consent), we will inform you separately.

Personal Training and Therapeutic Services

We process data from clients and interested parties to provide our contractual and pre-contractual services in accordance with Art. 6 (1) (b) GDPR. This includes master and contact data, contract data (such as booked services, fees) and payment data.

In the course of our activities, we may also process special categories of data pursuant to Art. 9 (1) GDPR, in particular health data. For this, we obtain explicit consent pursuant to Art. 9 (2) (a) GDPR if necessary, or process the data for health care purposes pursuant to Art. 9 (2) (h) GDPR, § 22 (1) No. 1 b BDSG (German Federal Data Protection Act).

If necessary, we share data with other professionals or service providers – such as billing centres – if this is required for service provision, due to legal obligations, legitimate interests or to protect vital interests, or if you have consented.

Deletion takes place when the data is no longer needed for contractual or legal duty of care obligations. The necessity of continued retention is reviewed every three years.

Business Administration and Accounting

We process data in the context of administrative tasks, accounting and to fulfil legal obligations such as archiving. The legal bases are Art. 6 (1) (c) and (f) GDPR. Those affected are customers, interested parties, business partners and website visitors.

If necessary, we transmit data to tax authorities, tax advisors, auditors or payment service providers.

We generally store contact data of business partners and suppliers permanently within the scope of our business interests.

Contact

When you contact us (by email, phone or contact form), we process your information to handle your inquiry. The legal basis is Art. 6 (1) (b) GDPR (for contractual inquiries) or Art. 6 (1) (f) GDPR (for other inquiries).

We delete inquiries as soon as they are no longer needed and review the necessity every two years. Statutory archiving obligations remain unaffected.

Web Hosting

Our hosting service provider provides infrastructure, storage space, email services and security services.

Master, contact, contract and usage data from visitors are processed on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (data processing agreement).

Server Log Files

Each time our website is accessed, our hosting provider automatically collects access data (server log files). These include: page accessed, date and time, amount of data transferred, success message, browser type and version, operating system, referrer URL, IP address and provider.

This data is stored for security reasons for a maximum of 7 days and then deleted. Exceptions are data that must be retained as evidence for specific incidents. The legal basis is Art. 6 (1) (f) GDPR.

Google Ads and Conversion Tracking

We use services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google LLC is certified under the EU-US Data Privacy Framework (DPF entry).

With Google Ads, we place advertisements in the Google advertising network that are shown to users who are interested in relevant topics. Remarketing tags are used which store cookies on your device. These record which pages you have visited and which offers you have clicked on.

Through conversion cookies, we receive anonymous statistics about the number of users who clicked on our ads – without being able to identify individuals.

Google processes data in pseudonymized form, meaning without linking to names or email addresses. The collected information is stored on Google servers in the USA.

The legal basis is Art. 6 (1) (a) GDPR for consent, otherwise Art. 6 (1) (f) GDPR (legitimate interests).

More information: Google Privacy Policy and Ad Settings.

Integration of External Content

We integrate content and services from third-party providers on the basis of legitimate interests (Art. 6 (1) (f) GDPR), such as videos or interactive elements.

This requires these providers to capture users' IP addresses, as delivery would not be possible without them. We ensure that we only use providers that use IP addresses exclusively for content delivery. Third-party providers may also use tracking technologies such as pixel tags for statistical or marketing purposes.

Fonts

All fonts used on this website (Poppins, Font Awesome) are stored locally on our server. No connections are made to external font services such as Google Fonts. This means that no data is transmitted to third parties when using our website.

Last updated: December 2025