PT EN
Book online
Privacy

Privacy
policy.

Last updated: May 6, 2026.

1. Data controller

The controller of personal data collected through www.bodyfit.pt is:

BODYFIT EMS Studio
Rua Campo de Ourique 103, 1250-060 Lisbon, Portugal
Email: [email protected]
Phone: +351 964 684 718

2. Data we collect

We collect the following categories of personal data:

  • Contact data — when you reach out via WhatsApp, email, phone or through the Noona booking platform, we collect your name, phone number, email and information related to the requested session.
  • Health data — before the first session, every client fills in the official MIHA BODYTEC contraindications questionnaire. This sensitive data is processed exclusively to ensure training safety, under the client's explicit consent (Article 9(2)(a) GDPR).
  • Browsing data — when you visit the website, we may collect technical data (IP address, browser type, pages visited, time on page) through cookies, subject to your consent.

3. Purposes of processing

Your data is processed for the following purposes:

  • Booking, contract and invoicing management;
  • Operational communication (booking confirmation, reminders, changes);
  • EMS training fitness assessment (health data) and programme adaptation;
  • Statistical analysis and continuous improvement of the website;
  • Direct marketing (only with explicit consent, with the right to object at any time);
  • Compliance with legal obligations (tax, accounting).

4. Legal basis

Processing of your data relies on the following legal bases (Article 6 GDPR):

  • Performance of a contract — to manage your booking and the EMS service;
  • Consent — for marketing cookies (Meta Pixel) and commercial communications;
  • Legitimate interest — for aggregated statistical analysis and website security;
  • Legal obligation — for retention of invoices and accounting documents.

5. Cookies and similar technologies

Our website uses two types of cookies:

  • Essential cookies — necessary for the website to operate (language preference, cookie banner state). These do not require consent.
  • Marketing cookies — Meta Pixel — used to measure ad campaign performance on Meta (Facebook and Instagram) and enable remarketing. These cookies are only activated after your explicit consent through the cookie banner. You can accept, decline or change your choice at any time by clicking "Cookie settings" in the footer.

The Meta Pixel may share data with Meta Platforms Ireland Limited. For more information, see Meta's privacy policy.

6. Sub-processors and data transfers

We rely on the following sub-processors, all GDPR-compliant:

  • Cloudflare, Inc. — website hosting and CDN;
  • Noona ApS (Denmark) — booking management platform;
  • Meta Platforms Ireland Limited — advertising Pixel (consent-based only);
  • Twilio / WhatsApp — operational communication via WhatsApp Business.

Some of these entities are based outside the European Economic Area. Transfers are framed by the European Commission's Standard Contractual Clauses or by adequacy decisions.

7. Data retention

  • Active client data — during the contract term and up to 5 years after the last interaction;
  • Health data — up to 2 years after the last session (automatic deletion after this period);
  • Invoices — 10 years (tax obligation);
  • Marketing cookies — 90 days maximum.

8. Your rights

Under the GDPR, you have the following rights:

  • Right of access to your data;
  • Right to rectification;
  • Right to erasure ("right to be forgotten");
  • Right to restriction of processing;
  • Right to object;
  • Right to data portability;
  • Right to withdraw consent at any time;
  • Right to lodge a complaint with the Portuguese Data Protection Authority (www.cnpd.pt).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration or disclosure. Data is hosted on European servers, with in-transit encryption (HTTPS / TLS 1.3) and at rest.

10. Changes to this policy

We may update this policy to reflect changes in our practices or legal obligations. The current version is always published on this page, with the update date noted at the top.

11. Contact

For any question regarding this policy or how we process your data, contact us:

Email: [email protected]
Phone: +351 964 684 718
Address: Rua Campo de Ourique 103, 1250-060 Lisbon