Privacy Policy

Last updated:

This Privacy Policy describes how Ligamentsghflexi, operating at ligamentsghflexi.world and located at Prinsengracht 1123A, 1017 JK Amsterdam, Netherlands, collects, uses, stores, and protects personal data in connection with our corporate health challenge programs, including the Sprint Step Challenge, Balance Break Program, and Vitality Year Pass, as well as related services such as participant portals, challenge administration, and customer support.

1. Data Controller

The data controller responsible for your personal data is Ligamentsghflexi. For privacy-related enquiries, you may contact us at team@ligamentsghflexi.world or by post at Prinsengracht 1123A, 1017 JK Amsterdam, Netherlands. You may also call +31611380835 during business hours.

2. Scope of This Policy

This policy applies to personal data processed when you visit our website, enquire about or purchase our corporate health challenge products, participate in a challenge as an employee of a client organisation, communicate with our team, or interact with our participant portal. It does not apply to third-party websites linked from our platform.

3. Categories of Personal Data We Collect

Depending on your relationship with us, we may collect the following categories of personal data:

• Identity and contact data: name, job title, company name, email address, telephone number, and postal address.
• Account and participation data: username, challenge enrolment status, team assignment, activity logs related to challenge modules such as step counts, mindful moment completions, and nutrition awareness entries voluntarily submitted by participants.
• Communication data: messages sent through our contact form, email correspondence, and feedback provided during or after a challenge.
• Technical data: IP address, browser type, device information, operating system, referral URLs, and cookies as described in our Cookies Policy.
• Transaction data: billing details, purchase history, invoice references, and payment status for corporate health challenge packages.
• Preference data: communication preferences, language settings, and accessibility requirements you choose to share.

4. How We Collect Personal Data

We collect personal data through direct interactions when you complete forms on ligamentsghflexi.world, sign agreements for challenge programs, register for a participant portal, or contact us by phone or email. We also collect data automatically through cookies and similar technologies when you browse our website. Client organisations may provide employee lists for challenge enrolment pursuant to their own employment relationship and applicable agreements with us.

5. Purposes and Legal Bases for Processing

We process personal data for the following purposes and on the following legal bases under the General Data Protection Regulation (GDPR):

• Delivering corporate health challenge programs you or your employer have purchased, including setup, administration, progress tracking, and reporting. Legal basis: performance of a contract (Article 6(1)(b) GDPR).
• Responding to enquiries, providing proposals, and managing customer relationships. Legal basis: legitimate interests in operating our business and pre-contractual steps at your request (Article 6(1)(b) and 6(1)(f) GDPR).
• Processing payments and maintaining financial records. Legal basis: performance of a contract and legal obligation (Article 6(1)(b) and 6(1)(c) GDPR).
• Improving our challenge products, website functionality, and user experience through aggregated analytics. Legal basis: legitimate interests (Article 6(1)(f) GDPR), where consent is required for non-essential cookies we obtain it separately.
• Complying with legal obligations under Dutch and EU law, including tax, accounting, and regulatory requirements. Legal basis: legal obligation (Article 6(1)(c) GDPR).
• Sending service-related communications about active challenges, schedule changes, or account matters. Legal basis: performance of a contract and legitimate interests (Article 6(1)(b) and 6(1)(f) GDPR).

6. Participant Data in Corporate Challenges

When your employer engages Ligamentsghflexi to run a corporate health challenge, we process employee participation data on behalf of the client organisation as a data processor in many cases, and as an independent controller for certain platform operations. Challenge activity data is used solely to facilitate the program, generate participation reports for authorised client representatives, and improve challenge delivery. We do not use individual participant health-related activity data for advertising purposes.

Participants may access, correct, or request deletion of their data subject to the client organisation's policies and our data processing agreements. Individual leaderboard visibility and team sharing settings are configured per challenge to respect organisational preferences and privacy expectations.

7. Data Sharing and Recipients

We may share personal data with the following categories of recipients where necessary and proportionate:

• Client organisations that purchase our corporate health challenge programs, receiving aggregated and individual participation reports as contractually agreed.
• Service providers who assist with hosting, email delivery, payment processing, analytics, and customer support, bound by data processing agreements and located within the European Economic Area or subject to adequate safeguards.
• Professional advisers including accountants and legal counsel under confidentiality obligations.
• Public authorities when required by applicable law, court order, or regulatory request.

We do not sell personal data to third parties. We do not share participant activity data with insurers, employers beyond the contracting client, or marketing networks without explicit consent where required.

8. International Transfers

Personal data is primarily stored and processed within the European Economic Area. If we transfer data outside the EEA, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or rely on adequacy decisions. You may request details of safeguards applicable to your data by contacting us.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy. Contact enquiry data is retained for up to twenty-four months unless a business relationship continues. Contract and billing records are retained for seven years to comply with Dutch tax and accounting requirements. Participant challenge data is retained for the duration of the program plus twelve months for reporting and dispute resolution, unless the client organisation requests earlier deletion consistent with our agreement. Technical logs may be retained for up to ninety days for security monitoring.

10. Security Measures

Ligamentsghflexi implements appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encrypted connections via HTTPS, access controls limiting employee access to data on a need-to-know basis, regular security reviews of our participant portal infrastructure, and secure handling of credentials. While we strive to protect your data, no method of transmission over the internet is completely secure.

11. Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights regarding your personal data, subject to applicable limitations:

• Right of access: obtain confirmation of whether we process your data and receive a copy.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion where processing is no longer necessary or consent is withdrawn, subject to legal retention requirements.
• Right to restriction: request limitation of processing in certain circumstances.
• Right to data portability: receive your data in a structured, commonly used format where processing is based on consent or contract and carried out by automated means.
• Right to object: object to processing based on legitimate interests, including profiling, and to direct marketing at any time.
• Right to withdraw consent: where processing is based on consent, withdraw it without affecting the lawfulness of prior processing.

To exercise your rights, contact us at team@ligamentsghflexi.world. We will respond within one month, extendable by two further months where requests are complex. You also have the right to lodge a complaint with the Autoriteit Persoonsgegevens, the Dutch Data Protection Authority, at autoriteitpersoonsgegevens.nl.

12. Children's Data

Our corporate health challenge products are designed for adult employees in workplace settings. We do not knowingly collect personal data from individuals under sixteen years of age. If you believe we have inadvertently collected such data, please contact us for prompt deletion.

13. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals. Challenge progress calculations and team rankings are transparent rule-based computations visible to participants and do not constitute automated decisions within the meaning of Article 22 GDPR.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our corporate health challenge products, legal requirements, or operational practices. Material changes will be communicated via our website or direct notice to active clients where appropriate. The date at the top of this page indicates the latest revision.

15. Contact

For questions about this Privacy Policy or our data practices related to Sprint Step Challenge, Balance Break Program, Vitality Year Pass, or any other Ligamentsghflexi offering, contact us at team@ligamentsghflexi.world, call +31611380835, or write to Prinsengracht 1123A, 1017 JK Amsterdam, Netherlands.