Privacy Policy

1. Data controller

2. What personal data we process

• Contact and request data you submit (e.g. name, company, email, phone, product details) to process evaluation inquiries and pre-contractual steps.
• Technical and usage data required to operate and secure the website (e.g. server logs; IP address may be truncated or processed in aggregated form depending on infrastructure).
• Cookies and similar technologies as described in our Cookie Policy.
• Customer and certification records if you contract with us, including data needed to deliver reports, registry entries, invoicing, and compliance.

3. Purposes and legal bases (GDPR Art. 6)

We process data to perform contracts or take steps at your request before a contract (Art. 6(1)(b) GDPR), for our legitimate interests such as IT security, fraud prevention, and improving our services where not overridden by your rights (Art. 6(1)(f) GDPR), to comply with legal obligations (Art. 6(1)(c) GDPR), and where you have given consent (Art. 6(1)(a) GDPR).

4. Recipients, processors, international transfers

We use carefully selected service providers (e.g. hosting, email delivery) who process data on our behalf only under written agreements (Art. 28 GDPR). If data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, unless a derogation applies.

5. Retention

We keep personal data only as long as necessary for the purposes collected, including statutory retention (e.g. tax and commercial law). Evaluation-related business records may be retained for up to ten years where required; marketing and website logs are kept for shorter periods aligned to purpose and security needs.

6. Your rights

Subject to applicable law, you may have the right of access, rectification, erasure, restriction, data portability, and objection, as well as to withdraw consent where processing is consent-based. To exercise your rights, contact privacy@fitnesstest.eu. We typically respond within one month.

7. Right to lodge a complaint

You may lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement. Example authority (verify applicability with counsel): Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate), Tatari 39, 10134 Tallinn, Estonia — https://www.aki.ee/en.

8. Security

We implement appropriate technical and organizational measures to protect personal data. No method of transmission over the Internet is completely secure.

9. Changes

We may update this policy to reflect legal, technical, or operational changes. The “Last updated” date at the top will be revised accordingly.