Privacy Policy
Scope and Introduction
This privacy policy informs you about the nature, scope and purpose of the collection and use of personal data (hereinafter referred to as "data") when using our website and the related services, functions and content. The technical terms used, such as "processing" or "controller", correspond to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
For users from the EU and the EEA, the GDPR legal bases mentioned below apply. In addition, we process data in accordance with the Swiss Data Protection Act (DSG).
Data Controller
David Winzler
Eggbergstr. 19
79618 Rheinfelden
Germany
info@medicalpersonaltraining.com
Legal Notice: https://medicalpersonaltraining.com/en/legal.html
What Data Do We Process?
- Master data (such as names, addresses)
- Contact information (such as email addresses, phone numbers)
- Input data (such as text messages, form entries)
- Technical data (such as IP addresses, device information)
Who Is Affected?
All persons who visit our website or use our services are affected (hereinafter referred to as "users").
Processing Purposes
- Provision and operation of our website and its functions
- Processing inquiries and communication
- Ensuring IT security
- Marketing (e.g. via Google Ads)
Definitions
"Personal data" refers to all information relating to an identified or identifiable natural person. A person is considered identifiable if they can be identified directly or indirectly – for example, by assignment to a name, an identification number, location data or an online identifier such as cookies.
The term "processing" covers any operation in connection with personal data, regardless of whether it is carried out automatically or not. This includes collecting, storing, using, transmitting or deleting data.
"Pseudonymization" refers to the processing of personal data in such a way that it can no longer be attributed to a specific person without additional information, whereby this additional information must be kept separately and securely.
"Profiling" means the automated evaluation of personal data to analyse or predict certain aspects of a person, such as their behaviour, interests or whereabouts.
"Controller" is the natural or legal person who decides on the purposes and means of data processing.
"Processor" is an entity that processes data on behalf of the controller.
Legal Basis for Processing
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing:
- Consent: Art. 6 (1) (a), Art. 7 GDPR
- Contract fulfilment and pre-contractual measures: Art. 6 (1) (b) GDPR
- Legal obligations: Art. 6 (1) (c) GDPR
- Protection of vital interests: Art. 6 (1) (d) GDPR
- Public interest: Art. 6 (1) (e) GDPR
- Legitimate interests: Art. 6 (1) (f) GDPR
- Change of purpose: Art. 6 (4) GDPR
- Special categories of data: Art. 9 (2) GDPR
Data Security
In accordance with legal requirements and taking into account the state of the art, we employ appropriate technical and organizational measures to protect your data.
These include in particular measures to ensure the confidentiality, integrity and availability of data. We control access to data, their input and transmission. Furthermore, we have established procedures to guarantee the rights of data subjects, to delete data and to respond to security incidents. Data protection is already taken into account when selecting hardware and software (privacy by design and privacy by default).
Disclosure to Third Parties
We only disclose data to third parties if this is permitted by law – for example, for contract fulfilment, with consent, due to legal obligations or within the scope of legitimate interests (for example, when using service providers or web hosts).
When data is shared within our company, this is done for administrative purposes as a legitimate interest and always in accordance with applicable law.
Data Transfer to Third Countries
If we process data outside the EU, EEA or Switzerland or transfer it to recipients there, this only happens for contract fulfilment, with your consent, due to legal obligations or within the scope of legitimate interests.
We only transfer data to countries with a recognized level of data protection – including US companies certified under the EU-US Data Privacy Framework (DPF) – or on the basis of suitable guarantees such as EU standard contractual clauses, certifications or binding corporate rules (Art. 44 to 49 GDPR, EU Commission information).
Your Rights
You have the right to information about whether and what data we process about you, as well as to a copy of this data.
You may request the correction of incorrect data or the completion of incomplete data.
Under certain conditions, you may request the deletion of your data or the restriction of processing.
You have the right to data portability – that is, the right to receive the data you have provided in a common format and to have it transferred to other controllers.
You also have the right to lodge a complaint with a supervisory authority.
Right of Withdrawal
You may withdraw consent you have given at any time with effect for the future.
Right to Object
You may object to the processing of your data at any time, provided the legal requirements are met. This applies in particular to processing for direct marketing purposes.
Cookies and Tracking
Cookies are small text files stored on your device. They are used to store information during or after your visit.
There are different types: Temporary cookies (session cookies) are deleted when the browser is closed. Persistent cookies remain after the browser is closed and can store, for example, settings or user interests. Third-party cookies come from providers other than the website operator.
We do not use technically necessary cookies. For marketing purposes (Google Ads conversion tracking), we obtain your consent via our cookie notice; the legal basis is Art. 6 (1) (a) GDPR. Your choice (accepted/declined) is stored locally in your browser (localStorage) until you change it or clear your browser data. Without consent, no Google marketing tags are loaded.
You can generally deactivate or delete cookies in your browser settings. This may limit the functionality of websites. You can also object to marketing tracking cookies at aboutads.info or youronlinechoices.com.
Data Deletion
We delete data as soon as the purpose of its collection ceases to apply and there are no legal retention obligations to the contrary.
If data is required for other legitimate reasons, its processing will be restricted – it will then be blocked and not used for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
Updates to This Policy
We update this privacy policy as needed, for example when our data processing changes. If changes require your participation (such as new consent), we will inform you separately.
Personal Training and Therapeutic Services
We process data from clients and interested parties to provide our contractual and pre-contractual services in accordance with Art. 6 (1) (b) GDPR. This includes master and contact data, contract data (such as booked services, fees) and payment data.
In the course of our activities, we may also process special categories of data pursuant to Art. 9 (1) GDPR, in particular health data. For this, we obtain explicit consent pursuant to Art. 9 (2) (a) GDPR if necessary, or process the data for health care purposes pursuant to Art. 9 (2) (h) GDPR, § 22 (1) No. 1 b BDSG (German Federal Data Protection Act).
If necessary, we share data with other professionals or service providers – such as billing centres – if this is required for service provision, due to legal obligations, legitimate interests or to protect vital interests, or if you have consented.
Deletion takes place when the data is no longer needed for contractual or legal duty of care obligations. The necessity of continued retention is reviewed every three years.
Business Administration and Accounting
We process data in the context of administrative tasks, accounting and to fulfil legal obligations such as archiving. The legal bases are Art. 6 (1) (c) and (f) GDPR. Those affected are customers, interested parties, business partners and website visitors.
If necessary, we transmit data to tax authorities, tax advisors, auditors or payment service providers.
We generally store contact data of business partners and suppliers permanently within the scope of our business interests.
Contact
When you contact us (by email, phone or contact form), we process your information to handle your inquiry. The legal basis is Art. 6 (1) (b) GDPR (for contractual inquiries) or Art. 6 (1) (f) GDPR (for other inquiries).
We delete inquiries as soon as they are no longer needed and review the necessity every two years. Statutory archiving obligations remain unaffected.
Web Hosting
Our hosting service provider provides infrastructure, storage space, email services and security services.
Master, contact, contract and usage data from visitors are processed on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR in conjunction with Art. 28 GDPR (data processing agreement).
Server Log Files
Each time our website is accessed, our hosting provider automatically collects access data (server log files). These include: page accessed, date and time, amount of data transferred, success message, browser type and version, operating system, referrer URL, IP address and provider.
This data is stored for security reasons for a maximum of 7 days and then deleted. Exceptions are data that must be retained as evidence for specific incidents. The legal basis is Art. 6 (1) (f) GDPR.
Google Ads (Online Advertising)
We advertise our services via Google Ads, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google LLC is certified under the EU-US Data Privacy Framework (DPF entry).
The delivery of our ads and the measurement of their performance take place within Google's advertising network. The associated data processing (for example when an ad is clicked) takes place at Google and is subject to Google's privacy policy.
With your consent, we embed Google Ads conversion tracking (gtag.js) on this website to measure whether visitors use the contact form after clicking an ad. This may set cookies and transmit data to Google (Google Ireland Limited / Google LLC, USA — certified under the EU-US Data Privacy Framework). Legal basis: Art. 6 (1) (a) GDPR. Without your consent in the cookie notice, no conversion tag is loaded. We do not use remarketing.
You may withdraw consent at any time by declining in the cookie notice (to show it again, clear site data for this website) or by removing stored website data in your browser.
You can adjust your Google ad settings at any time at Google Ad Settings.
Integration of External Content
Currently, we do not embed any external content or services from third-party providers (such as videos, maps or fonts from external servers) that transmit data from your device to third parties when our website is accessed.
Should we embed such content in the future, this may require the respective providers to capture users' IP addresses, as delivery would not be possible without them. In that case we would act on the basis of legitimate interests (Art. 6 (1) (f) GDPR) or your consent (Art. 6 (1) (a) GDPR) and inform you here.
Fonts
All fonts used on this website (Poppins, Font Awesome) are stored locally on our server. No connections are made to external font services such as Google Fonts. This means that no data is transmitted to third parties when using our website.
Last updated: June 2026