Skip to main content

GDPR Compliance

General Data Protection Regulation Information

Important: This is a template GDPR compliance page. Consult with a legal professional to ensure full GDPR compliance for your specific situation.

1. Our Commitment to GDPR

Wevigor is committed to complying with the General Data Protection Regulation (GDPR) and respecting the privacy rights of individuals in the European Union and European Economic Area.

2. Legal Basis for Processing

We process personal data under the following legal bases:

  • Contractual necessity: To provide our gym management services
  • Legitimate interests: To improve our services and prevent fraud
  • Consent: For marketing communications (where required)
  • Legal obligation: To comply with applicable laws

3. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access

You have the right to request a copy of all personal data we hold about you.

Right to Rectification

You have the right to correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances.

Right to Restriction of Processing

You have the right to request that we limit how we use your personal data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to certain types of processing, including direct marketing.

Right to Withdraw Consent

Where we rely on consent, you have the right to withdraw it at any time.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]

We will respond to your request within 30 days as required by GDPR.

5. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: [email protected]

6. Data Processing Details

Data Controllers

When you use Wevigor, your gym is the data controller for member data, and Wevigor is the data processor. Wevigor is the data controller for account and billing information.

Data Processors

We use the following sub-processors:

  • • Stripe (payment processing) - USA
  • • SendGrid (email delivery) - USA
  • • Cloud hosting provider - Location TBD

International Transfers

Data may be transferred outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

7. Data Retention

We retain personal data only for as long as necessary:

  • • Active accounts: For the duration of the subscription
  • • Cancelled accounts: 30 days grace period, then permanent deletion
  • • Billing records: As required by law (typically 7 years)

8. Security Measures

We implement appropriate technical and organizational measures:

  • • Encryption in transit (TLS/SSL)
  • • Encryption at rest for sensitive data
  • • Access controls and authentication
  • • Regular security audits
  • • Incident response procedures

9. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach.

10. Automated Decision Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects.

11. Right to Lodge a Complaint

If you believe we have not complied with GDPR, you have the right to lodge a complaint with your local supervisory authority.

12. Updates to This Page

We may update this GDPR compliance information from time to time. We will notify you of any material changes.

For general privacy information, see our Privacy Policy.

← Back to home