Privacy Policy

Privacy Policy

This English version is provided for convenience only. The original Spanish version shall prevail in the event of any conflict or inconsistency.

By using our services, you entrust us with your data. We understand that your privacy is a great responsibility and we strive to protect your information to the fullest extent.

The purpose of this Privacy Policy is to inform you about the data we collect, why we collect it, what we do with it, and the period for which we retain it.

1. Personal Data We Process

Victu collects and processes different categories of personal data depending on the user’s use of the application, the web version, and associated services.

The data processed may vary depending on the functionalities activated, the integrations authorized by the user, and the chosen privacy settings.

1.1 Identification and registration data

Victu processes the following data provided directly by the user during the registration process or while using the service:

  • Name and surname
  • Email address
  • Age and/or date of birth
  • Sex
  • Password (stored in encrypted form)

This data is necessary to create the account, identify the user, and allow access to the service’s functionalities.

1.2 Health-related data (special category of data)

Victu may process data related to the user’s health, which constitutes special categories of personal data pursuant to Article 9 of the GDPR.

This data may include:

  • Weight
  • Height
  • Body Mass Index (BMI)
  • Body composition and metrics
  • Heart rate
  • Biometric data associated with physical activity
  • Sports progress
  • Information about training sessions conducted
  • Data related to physical performance
  • GPS routes associated with sports activity

This data may include:

  • Entered manually by the user
  • Generated during the use of the application
  • Voluntarily synced from third-party services (e.g., Apple Health, Health Connect , Google Fit , or other wearable devices)

This data is processed exclusively with the user’s explicit consent and for the purpose of providing the requested service.

1.3 Usage and activity data on the platform

Victu collects information related to user interaction with the application and website, including:

  • Screens visited
  • Functionalities used
  • Interactions within the platform
  • Team participation
  • Sharing workouts or routines
  • Activity history within the application

This data allows us to improve the user experience, optimize service performance, and develop new features.

1.4 Technical and device data

Certain technical data necessary for the operation of the service can be collected automatically, such as:

  • IP Address
  • Device type
  • Operating system
  • Application version
  • Technical identifiers
  • Browser information

This data is necessary to ensure the security, stability and proper functioning of the platform.

1.5 Data obtained through integrations with third parties

If the user authorizes the connection with external services, Victu may receive data from:

  • Apple Health
  • Health Connect (Android)
  • Google Fit
  • Wearable devices
  • Payment platforms like Stripe
  • Other services that the user voluntarily connects

The type of data processed will depend on the authorization granted by the user on each external platform.

Victu will only process the data necessary for the provision of the service and in accordance with the authorizations granted by the user.

2. Purposes and Legal Basis of the Processing

The user’s personal data is processed by Victu in accordance with Regulation (EU) 2016/679 (GDPR), on the basis of the following purposes and legal grounds:

2.1 Service provision

Purpose:
To allow account creation, access to the application, training management, progress tracking, participation in teams and use of the functionalities offered by the platform.

Legal basis:
Performance of the contract (art. 6.1.b GDPR).

2.2 Processing of health-related data

Purpose:
To allow tracking of physical progress, recording of workouts, display of body metrics, synchronization with wearable devices, and personalization of the user experience.

Legal basis:
Explicit consent of the user (art. 9.2.a GDPR).

Health-related data constitutes a special category of data under Article 9 of the GDPR. It is processed only when the user:

  • Voluntarily enter this data into the application, or
  • It expressly authorizes its synchronization from third-party services.

The user may withdraw their consent at any time, without this affecting the lawfulness of the processing prior to its withdrawal.

2.3 Service-related communications

Purpose:
To send technical notifications, administrative messages, notices about changes in conditions or incidents related to the account.

Legal basis:
Performance of the contract (art. 6.1.b GDPR).

These communications are necessary for the proper provision of the service.

 

2.4 Commercial communications and marketing

Purpose:
To send information about new features, functionalities, promotions or service improvements.

Legal basis:
User consent (art. 6.1.a GDPR).

The user may withdraw their consent at any time through the mechanisms enabled in the application or through the email address indicated in this Policy.

2.5 Service Analysis and Improvement

Purpose:
To analyze application usage, improve functionalities, optimize performance, and develop new services.

Legal basis:
Legitimate interest of Victu (art. 6.1.f GDPR).

Victu carries out these treatments applying data minimization measures and ensuring that the fundamental rights and freedoms of the user do not prevail.

2.6 Compliance with legal obligations

Purpose:
To comply with tax, accounting, administrative obligations or to respond to requests from competent authorities.

Legal basis:
Compliance with a legal obligation (art. 6.1.c GDPR).

3. Integrations with Third-Party Services

Victu may allow voluntary integration with third-party services and platforms in order to improve the user experience and expand the available functionalities.

These integrations may include, among others:

  • Apple Health
  • Health Connect (Android)
  • Google Fit
  • Wearable devices and smartwatches
  • Payment platforms like Stripe
  • Analytics services such as Google Analytics

Connecting to these services is optional and requires the user’s express authorization through the mechanisms enabled by each platform.

When the user activates an integration:

  • Authorizes the import of data from the external service to Victu .
  • Authorize, where applicable, the export of data from Victu to the external service.
  • You agree that the imported data will be processed in accordance with this Privacy Policy.

Each third-party service is governed by its own legal terms and privacy policies, and it is the user’s responsibility to review them.

Victu does not control or is responsible for the operation, availability or accuracy of the data provided by such external services.

4. International Data Transfers

Some of the technology providers used by Victu may be located outside the European Economic Area (EEA) or carry out international data transfers.

In these cases, Victu guarantees that such transfers are carried out in compliance with the appropriate safeguards provided for in the GDPR, such as:

  • Standard Contractual Clauses approved by the European Commission.
  • Adequacy decisions adopted by the European Commission.
  • Other legally valid guarantees.

5. Data Retention Period

Personal data will be kept for the time necessary to fulfill the purposes for which it was collected, according to the following criteria:

  • Account details: as long as the user keeps their account active.
  • Health-related data: as long as the user does not request its deletion or close the account.
  • Data related to subscriptions and billing: for the periods legally required by applicable tax and accounting regulations.
  • Data processed for marketing purposes: until the user withdraws their consent.

Once the applicable deadlines have expired, the data will be deleted or blocked in accordance with current regulations.

6. User Rights

The user may exercise at any time the rights recognized by data protection regulations:

  • Right of access
  • Right of rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to object
  • Right to withdraw consent at any time

These rights can be exercised by sending a written request to the email address indicated in section 12 of this Policy.

The user must prove their identity when necessary.

7. Automated Decisions and Profiling

Victu can use automated systems to personalize the user experience, such as organizing workouts, displaying metrics, or providing suggestions related to physical activity.

However, Victu does not make automated decisions that produce significant legal effects on the user or that substantially affect him or her.

In the event that automated decision systems with relevant effects are implemented in the future, the user will be informed in advance in accordance with applicable regulations.

8. Information Security

Victu adopts appropriate technical and organizational measures to guarantee the security, confidentiality and integrity of personal data, including :

  • Password encryption
  • Access control
  • Secure communication protocols
  • Protective measures against unauthorized access
  • Secure backups

However, the user acknowledges that no system is completely invulnerable and that, although Victu applies reasonable and up-to-date measures, it cannot guarantee absolute security against unforeseeable external incidents.

9. Processing of Minors’ Data

Victu ‘s services are not directed to children under 14 years of age.

Victu does not intentionally collect personal data from minors under that age without the prior consent of their parents or legal guardians, where such consent is legally required.

If Victu becomes aware that personal data of a minor has been collected without proper authorization, it will proceed to delete it as soon as possible.

Parents or legal guardians may request information or the deletion of the minor’s data through the contact email indicated in this Policy.

The user guarantees that the data provided during registration is truthful and that they meet the established age requirements.

1.0 . Use of Cookies and Similar Technologies

Victu uses cookies and similar technologies on its web version to ensure the proper functioning of the platform, improve the user experience, and analyze service usage.

Cookies can be classified into:

  • Technical or necessary cookies: essential for the operation of the website.
  • Analytical cookies: allow us to analyze the use of the platform and improve performance.
  • Personalization and functionality cookies: remember user preferences.
  • Advertising cookies (if applicable): allow display of personalized promotional content.

Non-essential cookies (analytical or advertising) will only be installed if the user gives their consent through the cookie settings banner.

The user can modify or withdraw their consent at any time using the cookie settings tool available on the website.

For more detailed information about the cookies used, the user can consult the specific Cookie Policy available on the website.

11. Changes to the Privacy Policy

Victu may modify this Privacy Policy when necessary to adapt it to regulatory, technical or functional changes in the service.

In the event of substantial modifications, the user will be informed by notification in the application, email or any other appropriate means.

The date of the last update will be indicated at the beginning or end of this document.

Continued use of the services after notification of changes will imply acceptance of the updated version, unless applicable regulations require additional consent.

12. Data Protection Contact

For any query related to the processing of personal data or to exercise the rights recognized in this Policy, the user can contact Victu through:

Email: support@victu-app.com

Victu will process requests within the timeframes established by current data protection regulations.