GDPR Compliance

Last updated: March 15, 2026

1. Data Controller

Athlo acts as the Data Controller for personal data collected through our platform. For gyms and trainers using our platform, we act as the Data Processor.

2. Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR Article 6:

• Consent (Art. 6(1)(a)): For marketing communications and optional features.
• Contract Performance (Art. 6(1)(b)): To provide the fitness management service you signed up for.
• Legitimate Interest (Art. 6(1)(f)): For security, fraud prevention, and service improvement.
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulations.

3. Your GDPR Rights

Under the General Data Protection Regulation, you have the following rights:

• Right of Access (Art. 15): Request a copy of all personal data we hold about you.
• Right to Rectification (Art. 16): Correct inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing (Art. 18): Limit how we use your data.
• Right to Data Portability (Art. 20): Receive your data in a machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests.
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time without affecting prior processing.

4. Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at: support@athloapp.eu

5. International Transfers

Your data is stored within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) as approved by the European Commission.

6. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with GDPR Articles 33 and 34.

7. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.