LEGAL NOTICE & PRIVACY POLICY – UNDERFIT

This website is owned and operated by UNDERFIT.

Through this website, certain personal data belonging to its users may be collected and processed. When doing so, UNDERFIT acts as the data controller, in accordance with the provisions of the General Data Protection Regulation (GDPR – EU 2016/679).

UNDERFIT respects your privacy and the protection of your personal data. All data collected is processed ethically, lawfully, and transparently. To clarify how we collect, store, and use your personal data, we make this Privacy Policy publicly available, which includes information about:

  • Who may use the site;

  • What data we collect and how we use it;

  • Your rights regarding your personal data;

  • How to contact us.

1. Who may use our site

This site is intended only for individuals over the age of 18. Therefore, children and minors are not permitted to use it.

2. Data collected and reasons for collection

We collect and process the following personal data provided voluntarily by users:

  • Full name

  • National ID (e.g., NIF or other)

  • Address

  • Phone number (mobile and/or landline)

  • Postal code

  • Email address

These data may be collected when:

  • The user registers or makes a purchase on the site or through our payment platform;

  • The user fills out a contact or support form.

The data collected is used for the following purposes:

  • To provide access to our platform and services;

  • To enable communication between our customer support and the customer;

  • To send exclusive offers, promotions, and discounts.

3. Sensitive Data

We do not collect sensitive personal data such as racial or ethnic origin, religious beliefs, political opinions, union memberships, health information, or biometric data.

4. Additional data collection

Other types of data may be collected, provided it is done with user consent or based on other legal grounds defined by law. Any such data processing will be clearly communicated to users.

5. Data Storage

All data is securely stored via our GATEWAY payment system, as this platform is responsible for the data collection during transactions.

6. Third-party data sharing

We do not share your data with third parties, except when legally required to do so by competent authorities.

7. Data retention period

Personal data will be retained only for the time necessary to fulfill the purposes stated in this policy and in accordance with applicable legal and regulatory requirements. Once the retention period has expired, the data will be deleted or anonymized unless continued storage is legally required.

8. Legal basis for data processing

UNDERFIT processes personal data based on one or more of the following legal grounds:

  • The data subject’s consent;

  • The execution of a contract or pre-contractual procedures requested by the user;

  • The legitimate interest of the data controller;

  • The exercise of legal rights or compliance with legal obligations.

9. Consent

Certain processing activities require your express, free, and informed consent. You may withdraw your consent at any time. If you withdraw consent and there is no other legal basis for retention, your data will be deleted. Some site features may become unavailable if consent is not provided.

10. Contract Execution

We may collect and store additional data necessary for executing any contract entered into with the user, including support-related communications.

11. User rights under GDPR

You have the following rights regarding your personal data:

  • Confirmation of whether we process your data;

  • Access to your data;

  • Correction of incomplete, inaccurate, or outdated data;

  • Anonymization, blocking, or deletion of unnecessary or excessive data;

  • Portability of data to another provider;

  • Deletion of consent-based data;

  • Information about third parties with whom we share data;

  • Explanation of consequences of denying consent;

  • Revocation of consent at any time.

12. How to exercise your rights

To exercise your rights, we may request verification documents to confirm your identity. This is for your protection and to safeguard third-party rights. Requests will be processed with transparency and security.

13. Security measures

We implement technical and organizational measures to protect your data from unauthorized access, alteration, loss, or destruction. These include:

  • Password hashing and encryption;

  • Restricted database access;

  • Physical server access control;

  • Role-based access limitation;

  • Secured and monitored infrastructure.

While we take all reasonable measures, no online platform is entirely risk-free. In case of a security incident, we will notify users and the Portuguese Data Protection Authority (CNPD) as required by law.

14. Filing a complaint

If you believe your data has been processed improperly, you may file a complaint directly with the Comissão Nacional de Proteção de Dados (CNPD) in Portugal or another competent supervisory authority.

15. Cookies

We use cookies to analyze and improve user experience on our site. Cookies are small text files stored on your device. They help us:

  • Understand how the website is used;

  • Improve performance and user experience;

  • Offer content and promotions based on your interests.

Collected data may include:

  • Pages visited;

  • Time spent on pages;

  • Navigation behavior;

  • Device type;

  • Language and location.

By continuing to browse, you consent to the use of cookies. You may disable cookies in your browser settings, though this may affect website functionality.

16. Changes to this policy

This Privacy Policy was last updated on October 16, 2024.
UNDERFIT reserves the right to make changes at any time to reflect updates to the website, features, or legal requirements. Users will be notified of significant changes.

17. Contact Information

If you have any questions or wish to exercise your data rights, please contact our Data Protection Officer:

Email: underfitnesshop@gmail.com
Phone: +351 911 187 227