GDPR Notice

September 8 2025
0 Comments
Daryl Gardner

Scope and Role

This GDPR Notice explains how Bodyweight Fitting (bwfitting.com) processes personal data of individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland in accordance with the EU General Data Protection Regulation (GDPR) and comparable European data protection laws. Bodyweight Fitting operates from the United States of America and applies the principles stated herein to European personal data while observing applicable U.S. laws.

Data Controller

Data Controller: Bodyweight Fitting, owned by Daryl Gardner

Postal Address: 2855 Stevens Creek Blvd, Santa Clara, CA 95050, United States

Email: [email protected]

Applicability

This Notice applies when you visit or use our website, tools, calculators, and related services, contact us, or otherwise interact with Bodyweight Fitting, and we act as the data controller for your personal data.

Definitions

“Personal data” means any information relating to an identified or identifiable natural person. “Processing” means any operation performed on personal data, such as collection, storage, use, disclosure, or deletion. Other terms have the meanings given in the GDPR.

Categories of Personal Data We Process

Identifiers and contact data: name, email address, and any contact details you provide when you contact us.
Device and usage data: IP address, browser type, device identifiers, pages viewed, time spent, and referring URLs.
Interaction data: queries, feedback, and correspondence you submit.
Calculator and input data: information you enter into tools and dosage calculators, which may include weight or other parameters you choose to provide.
Inferred data: preferences or interests derived from your interactions, where permitted by law.
Special categories: we do not seek to collect special categories of data (e.g., health data) unless you explicitly provide it for a specific purpose; see “Special Categories” below.

Purposes of Processing and Legal Bases

We process personal data for the purposes and on the legal bases listed below:

Consent (GDPR Art. 6(1)(a))

Placing or reading non-essential cookies or similar technologies.
Sending certain direct marketing or communications where consent is required.
Processing optional calculator inputs you choose to provide, where such inputs may include sensitive information.

Contract (GDPR Art. 6(1)(b))

Providing requested services and site features, including calculators and tools you use.
Responding to inquiries and providing customer support.

Legitimate Interests (GDPR Art. 6(1)(f))

Ensuring website security, fraud prevention, debugging, and service integrity.
Measuring and improving site performance and user experience (in a privacy-preserving manner and subject to your choices).
Establishing or defending legal claims.

Legal Obligation (GDPR Art. 6(1)(c))

Complying with applicable laws, regulations, court orders, and law enforcement requests.

Vital or Public Interest (GDPR Art. 6(1)(d) and (e))

Only where strictly necessary and permitted by law, such as to protect life or public safety.

Sources of Personal Data

Directly from you when you submit forms, contact us, or use tools.
Automatically from your device and browser through cookies and similar technologies.
From service providers that support analytics, security, hosting, or communications, as permitted by law.

Cookies and Similar Technologies

We use cookies and similar technologies to operate our site, enable core features, measure performance, and remember preferences. Where required, we seek your consent before setting non-essential cookies. You may manage cookies via your browser settings and, where offered, through on-site controls. Disabling certain cookies may affect site functionality.

Recipients and International Transfers

Processors and Recipients

Service providers: hosting, cloud infrastructure, analytics, security, error monitoring, and customer support providers acting under our instructions.
Professional advisers: legal, compliance, and accounting advisers where necessary.
Authorities and parties in legal proceedings: where required by law or to protect rights, safety, and property.
Business transfers: in the context of a reorganization, merger, or sale, subject to appropriate safeguards.

Cross-Border Data Transfers to the United States

We are located in the United States. When transferring personal data from the EEA/UK/Switzerland to the U.S. or other third countries, we use appropriate safeguards recognized by the GDPR, such as the European Commission’s Standard Contractual Clauses, and implement supplementary measures where appropriate (e.g., encryption in transit and at rest, access controls, and data minimization). We assess the circumstances of transfers and, where legally required, will pause or adjust processing if adequate protection cannot be ensured.

Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, accounting, or reporting requirements. Typical retention periods include: contact and support records for up to 24 months after resolution; usage logs for approximately 12 months; analytics data for up to 26 months; and account-related information (if applicable) for the duration of the account plus a reasonable period thereafter to close out obligations. We may retain data longer where required by law or to establish, exercise, or defend legal claims.

Security Measures

We employ organizational, technical, and administrative safeguards designed to protect personal data against unauthorized access, disclosure, alteration, or destruction, including access controls, encryption in transit, hardened infrastructure, and data minimization. No method of transmission or storage is entirely secure; we continually improve our safeguards in line with industry practices.

Special Categories and Children

Special Categories

We do not intend to collect special categories of personal data (e.g., health data) through routine browsing. If you voluntarily enter such information into tools or calculators, we process it only with your explicit consent, limit retention to what is necessary to deliver the requested functionality, and apply heightened safeguards.

Children

Our services are not directed to children under 16 years of age in the EEA/UK/Switzerland. We do not knowingly collect personal data from children under 16 without appropriate consent. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.

Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal or similarly significant effects on individuals. Any analytics or personalization we conduct is limited to service improvement and user experience enhancements and does not create such effects.

Your GDPR Rights

Access: obtain confirmation of processing and access to your personal data.
Rectification: request correction of inaccurate or incomplete data.
Erasure: request deletion where grounds under GDPR apply.
Restriction: request restriction of processing under certain conditions.
Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
Objection: object to processing based on legitimate interests, including profiling related to such interests.
Withdraw Consent: withdraw consent at any time where processing is based on consent, without affecting lawfulness prior to withdrawal.
Complaint: lodge a complaint with a supervisory authority in your EEA member state, the UK, or Switzerland.
Human Review: request human intervention and contest a decision if we engage in automated decision-making producing legal or similarly significant effects.

Exercising Your Rights

To exercise your rights or submit questions about this Notice, please contact us using the details below. We may need to verify your identity before fulfilling your request. We strive to respond within one month of receipt, extendable by two further months where necessary due to complexity or number of requests, in which case we will inform you of the extension and reasons.

Identity Verification and Timing

We may request additional information to verify your identity or authority. If we cannot verify your identity, we may be unable to satisfy your request. We will communicate outcomes and reasons where we decline a request, as permitted by law.

Fees

We do not charge a fee for reasonable requests. We may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive, taking into account administrative costs.

United States Law Considerations

Bodyweight Fitting is subject to U.S. laws and lawful requests from public authorities. Where such obligations conflict with GDPR, we will assess requests carefully, limit disclosure to what is legally required, notify you when legally permitted, and seek to protect the privacy and security of your data through appropriate technical and organizational measures.

Records and Accountability

We maintain records of processing activities and implement data protection by design and by default when developing or deploying features that process personal data. We review our practices periodically to support ongoing compliance.

Changes to This Notice

We may update this Notice to reflect changes in our practices, technologies, or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by providing additional notice through the site.

Contact Information