Privacy Policy
We are staunchly committed to protecting and meticulously safeguarding all personal data provided by our website visitors and service users, implementing robust and comprehensive security measures throughout our services and operations.
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. In this role, we are responsible for maintaining comprehensive oversight of how your personal information is collected, used, and protected throughout our systems.
We may process usage data (“usage data”), which comprehensively includes browser type, operating system, page views, navigation paths, timing and duration of visits, click patterns, and interaction methods. This information is collected through automated logging systems, cookies, and analytics tools and may include session identifiers, IP addresses, and device information. The source of this data is our analytics tracking system and server logs. We process this information for several important purposes, including improving website performance, analyzing user behavior, optimizing content delivery, and enhancing security measures, which enables us to provide a better user experience, protect against unauthorized access, and optimize our service delivery. The legal basis for this processing is our legitimate interests in monitoring and improving our website and services.
We may process account data (“account data”), which comprehensively includes name, email address, telephone number, postal address, and account preferences. This information is collected through registration forms, account updates, and direct user input and may include billing information, communication preferences, and security credentials. The source of this data is the user providing the information directly. We process this information for account management, service delivery, communication purposes, and security verification, which enables us to provide personalized services, maintain account security, and facilitate user support. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
We may process profile data (“profile data”), which comprehensively includes health conditions, fitness goals, injury history, treatment preferences, and progress tracking information. This information is collected through profile forms, questionnaires, and progress updates and may include rehabilitation progress, exercise preferences, and treatment history. The source of this data is the user’s direct input and interaction with our services. We process this information for personalizing rehabilitation programs, tracking progress, providing tailored advice, and improving treatment outcomes, which enables us to deliver customized health solutions, monitor effectiveness, and enhance user success rates. The legal basis for this processing is your explicit consent and our legitimate interests in providing effective health-related services.
Your Rights:
Right to Access: You have the right to obtain confirmation about whether we process your personal data and request copies of this data. This includes the ability to receive information about what data we hold, request electronic copies of your data, and understand how we use your information. To exercise this right, you can submit a written request through our dedicated privacy portal or contact our data protection officer directly. We will respond within 30 days and may require government-issued identification, proof of address, and account verification to verify your identity.
Right to Rectification: You have the right to request correction of inaccurate personal data and to have incomplete personal data completed. This includes the ability to update account information, correct profile details, and modify any incorrect data entries. To exercise this right, you can use our account settings interface or submit a formal correction request through our support system. We will process your request within 15 days and may require account credentials, supporting documentation, and identity verification to process your request.
Right to Erasure: You have the right to request the deletion of your personal data when there is no compelling reason for its continued processing. This includes the ability to remove account information, delete stored preferences, and erase historical data. To exercise this right, you can submit an erasure request through our privacy center or contact our support team. We will respond within 30 days and may require written confirmation, account verification, and identity documentation to process your request.
Right to Restrict Processing: You have the right to limit the ways in which we use your personal data, particularly in cases where you have concerns about the accuracy of the data or how it’s being used. This includes the ability to pause data processing, limit data usage, and temporarily block certain processing activities. To exercise this right, you can submit a restriction request through our privacy dashboard or contact our data protection team. We will respond within 15 days and may require account verification, specific processing details, and identity confirmation to implement your request.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit this data to another controller. This includes the ability to download your data, transfer information between services, and receive digital copies of your information. To exercise this right, you can use our data export tool or submit a portability request through our privacy portal. We will respond within 30 days and may require account authentication, format preferences, and identity verification to fulfill your request.
[Continuing in next response due to length limit…]Data Processing and Security
Data Types and Processing
We process Service Data which includes health profiles, exercise logs, rehabilitation progress tracking, and personal wellness goals. This processing involves automated analysis, progress monitoring, and personalized recommendation generation, enabling us to provide tailored rehabilitation programs and track recovery progress. For example, in the context of health, this includes monitoring tendon rehabilitation milestones and exercise adherence. The legal basis for this processing is legitimate interest and explicit consent, specifically for providing personalized health recommendations and tracking recovery progress.
We process Technical Data which includes device information, browser type, IP addresses, and usage patterns. This processing involves automated collection, analysis, and storage, enabling us to optimize website performance and user experience. For example, in the context of health, this includes ensuring smooth video playback of exercise demonstrations. The legal basis for this processing is legitimate interest, specifically for maintaining and improving service quality.
We process Communication Data which includes email correspondence, support tickets, and consultation requests. This processing involves storage, analysis, and response management, enabling us to provide timely and effective support. For example, in the context of health, this includes addressing specific rehabilitation questions and concerns. The legal basis for this processing is contract fulfillment and legitimate interest.
We process Transaction Data which includes purchase history, subscription details, and payment information. This processing involves secure payment processing and subscription management, enabling us to deliver premium content and services. For example, in the context of health, this includes access to specialized rehabilitation programs. The legal basis for this processing is contract fulfillment.
We process Preference Data which includes customized exercise programs, notification settings, and content preferences. This processing involves preference tracking and personalization algorithms, enabling us to tailor content delivery. For example, in the context of health, this includes adapting exercise recommendations based on user progress. The legal basis for this processing is legitimate interest and consent.
Security Measures
Our comprehensive encryption protocols ensure end-to-end protection of your data, incorporating industry-standard algorithms and regular security updates to maintain data integrity. This includes regular security assessments and penetration testing by qualified professionals.
We implement multi-layered security infrastructure, including advanced firewalls and intrusion detection systems that continuously monitor for and prevent unauthorized access attempts. This infrastructure undergoes regular updates and enhancements.
Access to personal data is strictly controlled through role-based permissions, multi-factor authentication, and detailed access logs. We maintain comprehensive audit trails of all data access and modifications.
Our continuous monitoring systems provide real-time threat detection and automated response protocols, ensuring immediate action against potential security threats.
We maintain comprehensive backup procedures with encrypted offsite storage and regular recovery testing, ensuring data availability and integrity.
All staff undergo regular security awareness training and must comply with detailed data protection protocols, including specific training for handling sensitive health data.
International Transfers
We may transfer your personal data to countries outside your jurisdiction. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses, Privacy Shield certification, and Binding Corporate Rules. Each international transfer is conducted under strict protocols that ensure:
– Adequate data protection standards
– Compliant processing procedures
– Enforceable data subject rights
– Effective legal remedies
International transfers are protected by ISO 27001 standards, GDPR requirements, and HIPAA compliance measures, ensuring compliance with global privacy regulations. We implement additional measures including:
– Regular compliance audits
– Data protection impact assessments
– Documented transfer mechanisms
– Continuous monitoring procedures
Regarding international transfers, you maintain specific rights including:
– Right to information about transfers
– Right to object to transfers
– Right to withdraw consent
– Right to data protection guarantees
Data Retention
We maintain specific retention periods for different data categories:
Account Information: 24 months after account closure to support potential reactivation and compliance requirements
Usage Data: 12 months for service optimization and pattern analysis
Transaction Records: 7 years to comply with financial regulations and tax requirements
Communication History: 36 months to maintain service continuity and support dispute resolution
Technical Logs: 6 months for security monitoring and system optimization
These retention periods are determined by:
– Legal requirements
– Business purposes
– Technical necessities
– User preferences
Special circumstances affecting retention:
– Legal obligations
– Dispute resolution
– Security investigationsCookie Policy and Compliance
Our Cookie Management System
Essential cookies are fundamental to website functionality. These cookies manage user authentication, maintain security protocols, and ensure basic site operations run smoothly. We use them specifically for protecting your account access, maintaining secure browsing sessions, and preserving your exercise program selections during therapy planning sessions.
Functional cookies enhance your experience by remembering your preferences. In the context of tendon therapy, these cookies store your preferred exercise demonstration formats, save your therapy tracking preferences, and customize content based on your rehabilitation progress. They enable seamless access to your personalized recovery plans and exercise libraries.
Analytics cookies help us understand user behavior to improve our therapeutic resources. They collect information about how you interact with exercise demonstrations, which rehabilitation guides you find most helpful, and how long you spend reviewing specific therapy techniques. This helps us optimize our content to better serve your recovery journey.
Performance cookies assess and improve website operation by monitoring loading times of exercise videos, identifying technical issues in therapy tracking tools, and optimizing the delivery of rehabilitation content. They ensure our movement demonstration tools and progress tracking features work efficiently for all users.
Cookie Management
You can control your cookie preferences through your browser settings, our site’s cookie consent tool, and your account privacy preferences. We respect your right to modify these settings at any time while ensuring essential site functions remain accessible.
Compliance Framework
For EU residents, we implement strict GDPR compliance measures including explicit consent mechanisms for health-related data collection, minimal data storage for therapy tracking, and transparent processing of rehabilitation progress information. All collected data serves specific, declared purposes in supporting your tendon health journey.
California residents are entitled to additional rights under CCPA, including comprehensive access to collected health-related information, the ability to delete personal therapy records, and protection against discrimination for exercising these rights. We ensure complete transparency regarding any health data collection and usage.
For users under 13, we maintain strict COPPA compliance through age verification systems and mandatory parental consent for any therapy tracking features. We limit data collection to essential information needed for safe exercise guidance and provide parents complete access to their child’s activity records.
Policy Updates and Contact Information
We regularly review and update our policies to maintain compliance with evolving privacy standards. For any privacy-related inquiries or to exercise your data rights, please contact us at info@tendontherapytrain.com. We respond to all privacy concerns within 48 hours and require verification for data-related requests to protect your information.
This policy was created specifically for tendontherapytrain.com and covers all associated services within the health industry.