fbpx

Privacy Notice

Introduction

  • In this privacy policy, you can learn more about how Zenfit ApS (“Zenfit”, “we”, “us”, “our”) process your personal data in various situations.
  • We provide you with this information as we are required to do so under the EU General Data Protection Regulation (the “GDPR”). 

Data controller

Below, you can find information on the processing of your personal data in the following situations: 

  • when you visit our website or use our app (cookies and similar tracking technologies),
  • when you communicate with us,
  • when you visit our social media platforms,
  • when you partner up with us (coaches), 
  • when you are or represent a supplier, vendor or other third party, and
  • when you apply for a job with us.

Below, you can read more about the various purposes of our processing of your personal data in different situations. You can also see which data we process, what the legal basis for our processing is, for how long we store the personal data and who we share it with. 

Further, in the section Your rights etc. you can read about your rights and how to contact us.

To read about how your coach (who has partnered up with us) processes your personal data, please have a look at the coach’s website or contact them.

When you visit our website or use our app

When you, as a coach or client to a coach, visit our website or use our app, we use cookies and similar tracking technologies to collect data about your visits and use, including e.g.:

  • Internet Protocol (IP) addresses,
  • device or mobile IDs and/or device model and type,
  • app profile username and password,
  • browser information, operating system information, and/or language preferences,
  • the location and the preceding and succeeding websites you have visited, including which pages/part/icons on the website you interacted with,
  • applications you click on and how often, and
  • the pages of our website you visit, and how long you spend on each page.


Further, we may conduct surveys in our app to gain feedback on certain app features or app functionality.

The above data may contain personal data. The controller is Zenfit ApS.

We collect the data in order to ensure a stable, secure and user-friendly experience on our website and in our app, as well as to keep statistics about our website visitors and app users. In some cases, data is processed in order to target marketing based on the web browser or in-app behaviour. 

The legal bases for our processing are:

  • for necessary (technical) cookies and similar technologies: Article 6(1)(f) of the GDPR, as we are pursuing our legitimate interest in ensuring functionality and security of our website, and 
  • for other cookies and similar technologies: Article 6(1)(a) of the GDPR, as you have given your consent, e.g. to targeted marketing.

Personal data contained in cookies will be deleted in accordance with the lifetime/period for each specific cookie. We disclose information to any third-party service providers that you have allowed to place cookies when you use the website, and we share your information with our group companies. 

You can read more about our cookies and other similar tracking technologies, including their lifetime and disclosure to third parties, in our Cookie Policy.

When you communicate with us

When you, as a coach or client to a coach, communicate with us directly (e.g., via email, the contact form on our website or with the Zenfit support team through our app) your communication will contain personal data, e.g., your contact details (including name and email address) and other personal data you may provide us with. The controller is Zenfit ApS.

We process these personal data for the purpose of managing and answering your inquiries. The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general inquiries. 

Personal data pertaining to our general communication with you (such as email inquiries) will be deleted 5 years after the end of the financial year where your last inquiry has been handled/concluded. If your communication pertains to an order, personal data will generally also be deleted 5 years after the end of the financial year in which the order was placed. In specific situations, we may defer from our general retention periods (in case of e.g. complaints, objections or other specific situations).

We disclose personal data included in our account records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping etc. We also make your personal data available to our processors who e.g. host, develop and support our IT systems, and we share your information with our group companies.

Please see below regarding transfer of your personal data to third countries.

When you visit our social media platforms 

If you, as a coach or client to a coach, visit our pages at Facebook, Instagram or LinkedIn, we may process the personal data that you make available to us via the pages, including your reactions on content, likes and comments, and any sharing of our content etc. The controller is Zenfit ApS.

We process these personal data for the purpose of managing our social media platforms and communicating with our followers through these platforms. The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing the above-mentioned legitimate interests. Your personal data is deleted in accordance with applicable data protection policies in place to the relevant social media platforms (see the links below).

Please note that when using our social media platforms, the provider (such as e.g., Facebook) will also process your personal data for its own purposes, including for targeted marketing purposes. You may find further information on the processing activities in the relevant privacy notices: 

When you partner up with us (only for coaches)

When you partner up with us as a coach, we process your personal data, including your name and contact details, such as your email, phone number, address, your social media information, as well as your billing information, and any other information you provide us. The purpose of the processing is to manage our partnership with you. The controller is Zenfit ApS.

The legal basis for our processing of your name and contact details, as well as your banking details, is article 6(1)(f) of the GDPR, as the processing is necessary in order for us to fulfil our end of our partnership agreement.

Further, we are obligated to store bookkeeping information, including information related to payments/transactions in accordance with the bookkeeping legislation. Based on the GDPR, our legal basis in that regard is article 6(1)(c).

The legal basis for our processing of your social media information and other information you provide us is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in tailoring our partnership to you.

As a starting point, we will delete your personal data 5 years after the end of the financial year where our partnership has ended. In specific situations, we may defer from our general retention periods (in case of e.g., complaints, objections or other specific situations).

We disclose personal data included in our account records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping etc. Further, we disclose your personal data to our service providers and to our processors who e.g. host, develop and support our IT systems, and we share your information with our group companies.

Please see below regarding transfer of your personal data to third countries.

When you are or represent a supplier, vendor or other third party

When you communicate with us (e.g., via email) as or on behalf of supplier, vendor or another third party, your communication may often contain personal data, e.g. your contact details (including name and email address), association with a certain company or other personal data you may provide us with. We may also receive such personal data from a third party, such as your employer. 

We process these personal data for the purpose of managing and answering your inquiries and orders and to communicate with you/the company you represent. 

The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general inquiries and fulfilling any agreement, we may have concluded with the company you represent. 

Personal data pertaining to our communication with you will generally be deleted 5 years after the end of the financial year in which our last contact with the business you represent took place.

We disclose personal data included in our account records to the relevant public authorities, including in connection with our statutory bookkeeping etc. We may also disclose your personal data to our relevant business partners, including external advisors. Finally, we make your personal data available to our processors who e.g., host, develop and support our IT systems, and we share your information with our group companies. 

Please see below regarding transfer of your personal data to third countries.

When you apply for a job with us

When you apply for a job with one of our European-based companies, we process your personal data in different situations, which you can read more about below. The controller is Zenfit ApS.

Receipt of applications etc. 

When we receive your application, we will read it and select the persons who we will call for an interview. The selection is based on your qualifications in relation to the specific position(s). You will be called for the interview by email or telephone.

As part of the recruitment process, we will receive and process the personal data that you have included in your application, CV and any other material that you may have forwarded along with your application. We may also ask you to send us additional information. The information obtained in this connection will include information about your previous employment, including information relating to work assignments, skills and performance, and information about your personal appearance and interpersonal skills. We will also obtain other information about you if we consider such information to be necessary for the assessment of your application.

The legal basis for processing the personal data is article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of you as a person and your skills in relation to the contents of the position. 

Further, our processing of data that you make available to us on your own initiative is deemed to be performed on basis of your consent (in accordance with the relevant consent provisions of the GDPR and/or national data protection laws).

Social media

If relevant, we will obtain available information published by you on social media, such as LinkedIn and Facebook.

The legal basis for processing the personal data published by you is article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of you as a person in relation to the contents of the position.

References

If we wish to obtain information about you from your current or former employer using your references, we will first ask for your consent. Unless you are otherwise specifically notified by us, the information we obtain in that connection will include the following categories: Information about your previous employments, including information relating to work assignments, skills and performance, your personal appearance and interpersonal skills, and the reason for not being or no longer wanting to be employed by the employer in question.

The legal basis is the consent you give for the purpose of using your references, in accordance with article 6(1)(a) of the GDPR.

Use of personality and competency tests

During the recruitment process relating to some positions, we may use a personality test and/or a competency test. Typically, the tests are taken after our first interview with you. The purpose of the tests is to identify your personal preferences and skills, forming a basis for a dialogue with you about your personal resources and conduct. The tests will be part of the overall basis for selecting the right candidate for the position.

The legal basis for processing the personal data is article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of your personal skills based on the tests.

Criminal record

During the recruitment process, we may ask you to show your criminal record certificate. Whether a criminal record certificate is required depends on the position, including the responsibilities and powers involved. If we consider it to be relevant to the position for which you have applied, we will ask you to request a personal criminal record certificate.

Please note that no processing of personal data takes place regarding criminal records, as you will in any case only be asked to show us a physical copy of the criminal record certificate (and you are thus not asked to send us a copy via email or otherwise provide us with a copy for us to keep).

Job interviews

If you progress in the recruitment process, we will conduct interviews where we will focus on your professional and personal skills as well as the challenges etc. of the job. We will write down some of the information disclosed during the interview(s). We only use the relevant information in the assessment of whether you should be offered a position.

The legal basis for processing the personal data is article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of you as a person and your skills in relation to the contents of the position.

Drafting of employment agreement

If we offer you a position, we will process the personal data necessary for staff administration purposes. In that case, you will receive further information on this.

The legal basis for processing the general personal data stated in the application documents may (also) be 6(1)(b) of the GDPR as it may be necessary to process the personal data in question for the purpose of drafting an employment agreement, if relevant.

Recipients of your personal data

Certain data will be made available to our processors, for example our IT system providers etc., and if relevant, we share your information with our group companies.

Please see below regarding transfer of your personal data to third countries.

Storage of your personal data

We are required to only store your personal data for the period necessary for us to fulfil the purposes for which they were collected. For that reason, we have established the time limits for erasure set out below. As a general rule, we erase or anonymise your personal data according to the time limits stated below unless it is necessary that we continue to store them, e.g. for the purpose of particular cases or the like.

When it is stated below that your personal data will be erased, we may instead anonymise the personal data, and then the personal data can no longer be used to identify you. Anonymised data are not covered by the GDPR as they are no longer personal data.

If your application is rejected, we will generally delete the information that we have processed about you during the recruitment process when it is completed. This will typically coincide with the time when we enter into an employment agreement with the selected candidate and generally no more than 6 months after the date when you were informed of the rejection.

If we employ you, the personal data that we have processed during the recruitment process will, if relevant, be stored in your personnel file in accordance with the applicable retention periods. In that case, you will be further notified of the processing of your personal data. 

Mandatory processing of personal data

Under the data protection rules, you are entitled to be informed of whether the provision of personal data is a statutory requirement, or a requirement necessary to enter into a contract, and of whether you are obligated to provide the personal data and of the possible consequences of failure to provide such data.

It should be noted in that respect that under certain national legislations, including the Danish Health Information Act (helbredsoplysningsloven), an employee must state of its own motion or at the employer’s request to that effect whether the employee knows that (s)he suffers from an illness or shows symptoms of an illness which will significantly affect the employee’s ability to carry out the work in question.

Further, as a potential future employee, you are subject to the general duty of transfer which means that you must not knowingly withhold information that may be relevant to your opportunity for being employed.

Moreover, it should be noted that if you are offered a position, we will use certain personal data about you to draft your employment agreement, including your name and address.

If you do not wish to provide the information that you are required to provide under the provisions of the Danish Health Information Act or similar legislation and/or according to your duty of transfer or the information necessary for drafting an employment agreement, or any other information which we are required to collect from you by law, we will be unable to offer you a position. 

Transfer of your personal data to third countries

We transfer your personal data to countries outside the EU and EEA, when making data available to our processors, including to the US. 

The bases for such transfers are

  • for all third countries other than UK: the Commission Decision of 4 June 2021 on standard contractual clauses for the transfer of personal data of third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, and
  • for the UK: an EU Commission adequacy decision based on article 45 of the GDPR.  

If you want additional information about our transfer of personal data outside the EU and EEA, including a copy of the relevant security measures, etc., you can make a request for such additional information by contacting us (see contact information below). 

Your rights etc.

You have special rights to help you control your personal data, and we wish to make it easy for you to exercise those rights:

Right to withdraw consent 

Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us, see below under “Contact”. 

If you wish to unsubscribe to our newsletters, you can also withdraw your consent by unsubscribing in the emails you receive from us.

If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent. 

Right of access

You have the right to have confirmed whether we collect or process your personal data, and, if so, you have the right to request a copy of your personal data in a digital format.

Right of rectification

You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.

Right of erasure

In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.

Right to restrict processing

In certain circumstances, you have the right to request that we restrict the processing of your personal data, e.g., if you believe that the personal data is not accurate or lawfully processed.

Right to object to the processing

In certain circumstances, you have the right to request that we stop processing your personal data.

Right to data portability

In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.

Complaint to a supervisory authority 

If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, File a complaint (datatilsynet.dk). 

You may also contact your local regulator (outside Denmark) to receive guidance on how to file a complaint, see: Our Members | European Data Protection Board (europa.eu).

Further, if you are a resident in the United Kingdom, detailed information on the full content of your rights (and any conditions that may apply) is provided by the United Kingdom’s Information Commissioner’s Office and is available on their website: https://ico.org.uk/your-data-matters.

You can read more about your rights in the Danish Data Protection Agency’s guidelines on data subjects’ rights, which is available at www.datatilsynet.dk (in Danish). Please contact us if you wish to exercise your rights. The relevant contact details are stated below.

Contact

Your can contact our headquarters at

Zenfit ApS
CVR no. 37 08 59 60
Nyelandsvej 34, 4.
2000 Frederiksberg
Denmark

You can always reach us at email: dpo@zenfitapp.com.

Contact Zenfit

We typically reply within 1-2 business days.