Trainee
Start Now

Privacy Policy

Effective Date: 14.03.2026

1. Data Controller

The data controller responsible for processing your personal data is:

OND-Holding GmbH Pestalozzistraße 34, 10627 Berlin Email: info@ond-holding.com Phone: +49 151 29739397

Data Protection Officer: data-protection@ond-holding.com

2. Data We Collect

2.1. Personal Data

Account data: name, email address, country, role (coach or trainee). Profile data: avatar/profile photo. Coach-specific: subscription plan, billing information.

2.2. Fitness Data

Workout data: sessions, exercises, sets, reps, weight, duration. Body measurements: height, weight, body fat percentage. Session data: scheduled sessions, session history, coach-trainee associations. Exercise library: custom exercises and session templates.

2.3. Technical Data

Device information: device type, operating system, app version. Network data: IP address, user agent string. Usage data: timestamps of logins and interactions. Log data: server logs for error tracking.

3. Legal Basis for Processing

We process your personal data under Article 6(1) GDPR:

  • Contract performance (Art. 6(1)(b)): Core platform functionality — account management, coach-trainee connections, session scheduling, workout recording.
  • Consent (Art. 6(1)(a)): Optional features such as push notifications, avatar uploads, and sharing body measurement data with coaches. You may withdraw consent at any time.
  • Legitimate interest (Art. 6(1)(f)): Platform security, service improvement through aggregated analytics, and ensuring stability.
  • Legal obligation (Art. 6(1)(c)): Retention of billing records as required by German tax law.

Fitness and body measurement data may constitute health data under Article 9 GDPR. We process this based on your explicit consent (Art. 9(2)(a)), provided when you enter such data or connect with a coach.

4. How We Use Your Data

We use your data to: provide the service and manage your account; connect coaches and trainees; operate subscriptions and billing; send transactional emails; maintain security; and improve the Platform through aggregated, anonymised analytics.

5. Data Sharing

5.1. Within the Platform

When a trainee connects with a coach, profile information, session history, workout performance, and body measurements are shared with that coach. Disconnecting stops further sharing.

5.2. Service Providers

We share data with trusted third-party processors under data processing agreements (Art. 28 GDPR). See Section 8 for the list.

5.3. Legal Requirements

We may disclose data if required by law, regulation, or legal process.

5.4. No Selling of Data

We do not sell, rent, or trade your personal data to third parties.

6. Data Retention

  • Active account data: retained while account is active.
  • Deleted account data: 30 days after deletion, then permanently purged.
  • Server logs: 90 days.
  • Billing records: 10 years as required by German tax law.
  • Anonymised analytics: retained indefinitely.

7. Your Rights Under the GDPR

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent

Contact us at info@ond-holding.com or data-protection@ond-holding.com to exercise these rights. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority.

8. Sub-processors

Sub-processor Purpose Location
Hosting provider Server infrastructure and database EU
Resend Transactional email delivery USA (SCCs)
Expo (EAS) Push notification delivery USA (SCCs)

9. Cookies & Tracking

We use only strictly necessary session cookies to maintain your login session. We do not use third-party tracking cookies, advertising cookies, or analytics cookies. The mobile app does not use cookies.

10. Data Security

We implement encryption in transit (TLS/HTTPS), industry-standard password hashing, access controls, EU-based hosting with physical and network security, automated encrypted backups, and system monitoring for security incidents.

11. International Data Transfers

Our servers are located within the EU. Where data is transferred to sub-processors outside the EU/EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Children's Privacy

The Platform is not intended for children under 16. We do not knowingly collect data from children under 16. Contact us at info@ond-holding.com to report a child's account.

13. Changes to This Policy

We will notify you of material changes at least 30 days before they take effect. The current version is always available within the Platform.

14. Contact

OND-Holding GmbH Pestalozzistraße 34, 10627 Berlin Email: info@ond-holding.com Phone: +49 151 29739397 Data Protection Officer: data-protection@ond-holding.com