Privacy Policy

Last updated:

1. Data Controller

The data controller responsible for the processing of your personal data under the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, AVG) is:

Ligamentjoints
Veenweg 9a, 9628 TW Siddeburen, Netherlands
Phone: +31 6 21621677
Email: message@ligamentjoints.world

We have not appointed a Data Protection Officer (DPO), as our processing activities do not require one under Article 37 GDPR.

2. What Data We Collect

We may collect and process the following categories of personal data:

  • Contact information: name, email address, phone number ??? provided voluntarily through our contact form or direct communication.
  • Consultation data: information you share during consultations related to your movement preferences and lifestyle routine.
  • Technical data: IP address, browser type, device information, pages visited, and timestamps ??? collected automatically when you visit our website.
  • Cookie data: information collected through cookies and similar technologies as described in our Cookie Policy.

3. Purposes of Processing

We process your personal data for the following purposes:

  • To respond to your inquiries and messages submitted through our contact form.
  • To provide consultation services you have requested.
  • To improve our website functionality and user experience.
  • To comply with legal obligations applicable to our business.
  • To maintain the security and integrity of our website.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR and AVG:

  • Consent (Art. 6(1)(a) GDPR): When you submit a contact form, accept optional cookies, or voluntarily share health-related information relevant to your consultation.
  • Contractual necessity (Art. 6(1)(b) GDPR): Processing required to respond to your inquiry, schedule sessions, and provide consultation services you request.
  • Legitimate interest (Art. 6(1)(f) GDPR): For website security, fraud prevention, and limited analytics, where your rights do not override our interests.
  • Legal obligation (Art. 6(1)(c) GDPR): Where required to comply with applicable Dutch and EU laws.

If you share information about your health or physical condition during a consultation, we process it only with your explicit consent under Article 9(2)(a) GDPR, solely to tailor our educational movement guidance. You may refuse to provide such information without affecting basic contact with us.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: retained for up to 12 months, unless further communication continues.
  • Consultation records: retained for up to 24 months after the last session.
  • Technical and analytics data: retained for up to 12 months.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share data with:

  • Service providers (processors): website hosting, email delivery, and analytics providers that process data on our behalf under Article 28 GDPR data processing agreements.
  • Technical providers: content delivery and font services (e.g., Google Fonts via CDN) that may receive technical connection data such as IP address when you load our pages.
  • Legal authorities: when required by law, court order, or to protect our legal rights.

We maintain a record of processing activities as required by Article 30 GDPR. All third-party processors are located within the EU/EEA or provide adequate safeguards (e.g., EU Standard Contractual Clauses) in accordance with GDPR requirements.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data ("right to be forgotten").
  • Right to restriction: request limitation of processing in certain circumstances.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interest or for direct marketing.
  • Right to withdraw consent: withdraw your consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us using the details in Section 1. We will respond within one month, as required by Article 12 GDPR. This period may be extended by two further months where necessary; we will inform you of any extension and the reasons.

We do not charge a fee for handling requests unless they are manifestly unfounded or excessive. If we cannot identify you from your request, we may ask for additional information to verify your identity.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (SSL/TLS), secure storage, access controls, and regular security reviews.

9. International Transfers

Your personal data is primarily processed within the European Economic Area (EEA). In the event that data is transferred outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Children's Data

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately for deletion.

11. Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30, 2594 AV The Hague, Netherlands
Website: autoriteitpersoonsgegevens.nl

12. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects concerning you within the meaning of Article 22 GDPR.

13. Marketing Communications

We only send marketing or newsletter communications if you have given separate, explicit consent. You may withdraw that consent at any time by contacting us or using the unsubscribe option in any message. Withdrawal does not affect the lawfulness of processing before withdrawal.

14. Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens within 72 hours where required by Article 33 GDPR, and inform affected individuals without undue delay where required by Article 34 GDPR.

15. Changes to This Policy

We may update this privacy policy from time to time. Any changes will be published on this page with an updated revision date. We encourage you to review this policy periodically to stay informed about how we protect your data.