Privacy Policy

CHALET AQUARIUS LTD ("Company", "we", "us", "our") is committed to protecting your privacy and the sensitive personal information you entrust to us. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you use our website chaletcoaching.co.uk and our fitness coaching platform (the "Service").

We act as the Data Controller for the personal data you provide to us directly.

By using the Service, purchasing Tokens, or requesting a fitness plan, you acknowledge the terms of this Policy. This Service is strictly intended for users aged 18 and over.

We collect data necessary to generate personalized fitness plans, process Token payments, and deliver digital content.

2.1. Data You Provide

• Account Information: Your name, email address, phone number, and secure password.
• Physical & Health Data (Special Category Data): To create effective AI or Trainer-led fitness plans, we collect sensitive data including, but not limited to:
  • Age, gender, height, and weight.
  • Fitness goals (e.g., weight loss, muscle gain).
  • Current fitness level and lifestyle habits.
  • Physical limitations or past injuries (to ensure safety).

  Legal Basis: By submitting this information, you provide Explicit Consent for us to process this data solely for the purpose of generating your workout plan.

• Transaction Data: Details of Token package purchases, payment history, and current Token balance. We do not store full credit card numbers.
• Support Communications: Records of your correspondence with our support team or chat history with Trainers.

2.2. Data Collected Automatically

• Technical Data: IP address, browser type and version, time zone setting, operating system, and device type.
• Usage Data: Information about how you navigate our dashboard, download courses, and utilize the Token system.
• Cookies: Small data files stored on your device to maintain your login session and preferences.

We process your personal data under the UK GDPR and Data Protection Act 2018 based on the following legal grounds:

3.1. Performance of a Contract

• To manage your User Account and Token Wallet.
• To deliver the purchased PDF courses to your email and dashboard.
• To process payments via our payment processors (Visa/Mastercard).

3.2. Explicit Consent (Article 9 UK GDPR)

• To process your Health and Physical Data for the specific purpose of generating a workout routine. You may withdraw this consent at any time by deleting your account, but this will prevent us from providing further services.

3.3. Legal Obligation

• To maintain financial records for tax and accounting purposes (HMRC compliance).
• To prevent fraud and money laundering.

3.4. Legitimate Interests

• To improve our AI algorithms and website functionality.
• To send strictly operational emails (e.g., "Course Ready for Download", "Password Reset").

To provide our services, we may share your data with trusted third parties. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

1. Contracted Fitness Trainers: If you purchase a "Trainer Course," we share your Physical & Health Data with the specific human trainer assigned to your order so they can compile your PDF plan.
2. AI Technology Providers: If you purchase an "AI Course," your anonymized or pseudonymized metrics are processed by our AI algorithms to generate the content instantly.
3. Payment Processors: We use secure third-party payment gateways to process Visa/Mastercard transactions. They process your financial data independently.
4. Service Providers: Cloud hosting services (to store your PDF files securely), email delivery services (to send your plans), and IT support.
5. Professional Advisers: Accountants and lawyers for legal and financial compliance.

We do NOT sell your personal data to advertisers.

Our servers and third-party service providers (e.g., cloud hosting) may be located outside the UK or the European Economic Area (EEA).

If we transfer your data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• The country is deemed to provide an adequate level of protection; or
• We use specific contracts approved by the UK Information Commissioner's Office (ICO) regarding personal data protection (Standard Contractual Clauses).

We retain your personal data only as long as necessary to fulfill the purposes we collected it for:

• Account & Health Data: Retained while your account is active to allow you to download past courses. If you delete your account, this data is anonymized or erased within 30 days.
• Financial Records: Kept for 6 years to comply with UK tax laws.
• Token History: Retained for audit purposes as long as the account exists.

Under the UK GDPR, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate data (e.g., updating your weight or email).
• Erasure (Right to be Forgotten): Request deletion of your data (subject to our legal tax obligations).
• Restriction: Request restriction of processing.
• Data Portability: Request transfer of your data to you or another provider.

To exercise these rights, please contact us at info@chaletcoaching.co.uk.

We implement robust security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way.

• We use SSL/TLS encryption for all data in transit.
• Access to your Health Data is restricted to employees and trainers who have a direct business need to know.
• Files stored in the dashboard are protected by authentication protocols.

If you have any questions about this Privacy Policy or how we handle your health data, please contact: