Overview
This page describes how RYFT Fitness collects, uses, and protects personal data under the EU General Data Protection Regulation (GDPR) and Belgian law.
TODO-LEGAL: Full privacy policy to be drafted with a Belgian legal advisor in Phase 6 of the build. This draft is a placeholder and must not ship to production.
Controller
TODO-LEGAL: Controller identity (legal name, BCE/KBO number, registered address, email, phone).
What we collect
- Contact form submissions via Typeform (name, email, goals, history)
- Analytics (Cloudflare Web Analytics, cookieless, aggregated)
Legal basis
- Contact form data: Article 6(1)(b) GDPR (pre-contractual steps)
- Analytics: legitimate interests in understanding site usage, assessed against subject rights (cookieless, no personal identifiers)
Recipients / sub-processors
TODO-LEGAL: Full sub-processor list (Cloudflare, Typeform, email host).
Retention
TODO-LEGAL: Retention periods per data category.
Your rights
Access, rectification, erasure, restriction, portability, objection. To exercise any right, email the controller at the address above. You may also lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit).
Transfers outside the EEA
Typeform is incorporated in Spain (EU). Cloudflare is incorporated in the US; transfers rely on Standard Contractual Clauses and the EU-US Data Privacy Framework.
Contact
TODO-LEGAL: Contact email for privacy requests.
Last updated: TODO-LEGAL