PRIVACY STATEMENT - GAINSBYBRAINS APP

(version: 11 October 2023)

This is the privacy statement of the GAINSBYBRAINS B.V. (GAINSBYBRAINS). In this

privacy statement we explain, why we collect and use your personal data when you use our

app. We also explain what your rights are and how to contact us.

Who we are

GAINSBYBRAINS is a limited liability company based in Amsterdam, the Netherlands

If you have any questions about this privacy statement or about GAINSBYBRAINS's use of

your personal data, please do not hesitate to contact us at: gdpr@gainsbybrains.com We

are happy to help.

Corporate address:

GAINBYBRAINS B.V. Zekeringstraat 17 A, 1014BM Amsterdam, the Netherlands

Dutch Chamber of Commerce number: 76549348

Why do we process personal data?

To use our app it is necessary to process personal data. For instance to verify if you have a

subscription, what your language preference is and what workouts you prefer. In doing so,

we process personal data only as necessary.

What personal data do we collect and use?

Hereafter we provide an overview of personal data we process and the legal basis for doing

so. The legal basis is explained further down in this privacy statement.

Type

Why

Legal

asis

E-Mail necessary to communicate with

you

Art. 6(1) (b) GDPR

Name (pseudonym allowed) necessary to properly address

you

Art. 6(1) (b) GDPR

IP Address(es)

security measure

Art. 6(1) (f) GDPR

Preferred language ISO

Code

necessary to properly inform

you

Art. 6(1) (b) GDPR

Password** to secure your account Art. 6(1) (b) GDPR

List of the preferred

workouts days within a week

necessary tot perform the

services of the app

Art. 6(1) (b) GDPR

Preferred workout intensity

level

necessary to perform the

services of the app

Art. 6(1) (b) GDPR

List of content IDs that the

user has liked in the app

necessary to perform the

services of the app; and

analyse general content

preferences of user

Art. 6(1) (b) GDPR /

Art. 6(1) (f) GDPR

fitness plan

Data:

startDate

necessary to perform the

services of the app. This is the

result of the chosen workout

days and intensity.

Art. 6(1) (b) GDPR

· workouts

· exercises

· recipes

· state of finishing

subscription data from Apple

AppStore servers

To check for a valid subscription

Art. 6(1) (b) GDPR

For avoidance of doubt, we note that we do not process any health data or monitor your

health via your mobile device, sensory equipment or the app. In case we extend the app – in

the future - to allow users to track their health – user’s informed consent will always be

requested prior to processing any such personal data.

May we process your personal data?

We may only use personal data for a reason (so called ‘legal basis’) stated in the privacy

laws. Under the General Data Protection Regulation (GDPR) the legal basis is listed in

Article 6 GDPR.

The main legal basis on which we process personal data is because it is necessary for the

performance licensed use of the app. That way we can provide the services you are

expecting from our app; or verify that you have a valid subscription; or properly address any

complaints (legal basis: Art. 6(1)(b) GDPR).

In addition we store the IP-address of app-users to secure the app and try to prevent

illegitimate use of the app or your account (legal basis: Art. 6(1)(f) GDPR).

We also analyse content that is liked by our user in order to improve the app and its content

(legal basis: art. 6(1)(f) GDPR). The interests or fundamental rights and freedoms of our

users is not harmed in any way.

In case consent is the legal basis for the processing of your personal data, we will inform you

in advance why we use the information. Please note that you can withdraw your consent at

any time. From that moment we will no longer process your personal data, unless there is

(also) another legal basis for processing your personal data (legal basis: art. 6(1)(a) GDPR).

In some cases we might be obligated by law to process/archive personal data (legal basis:

art. 6(1)(c) GDPR).

How do we secure your data?

The privacy of our users is important to us. In developing our app, we have tried to keep the

applicable privacy principles in mind as much as possible.

In addition, we take both technical and organizational measures to secure the personal data

we process.

Technical measures:

A few examples of the technical measures taken are:

- Physical security of data centres

- Logical access control

- Secure connections for data transfer

- Hashing of passwords

- Encryption of data

- IP-address-logging

Organisational measures taken:

A few examples of the organizational measures taken are:

- Only authorized persons have access to data and are bound to confidentiality

- Data Processing Agreements are concluded with and companies that process

personal data on behalf of GAINSBYBRAINS

- Personal data is only stored in the European Union

- Security incident management

How long do we keep your data?

We do not keep your personal data for longer than necessary for the purpose for which we

process your data.

Upon deletion of your account, or any request to remove your data, the data will be no

longer retained than 14 days, unless there is another legal basis for the processing.

Do we share your data with third parties?

In order to perform our services it is necessary to share data with other parties (third parties).

For instance a hosting company to store the data. This may be within the Netherlands as

well as within the European Union (EU). If we share your data outside the EU, we will inform

you separately.

What are your rights?

You have several privacy rights. For example, you can ask us what personal data we

process about you. And if the data is incorrect, you can request to correct it. Also, in some

cases you can ask us to delete, transfer or restrict the processing of your data. Please note

that restricting the processing of your personal data, can affect or prevent the performance

of the app.

Finally, you can object to the processing of your data. If you disagree with how we process

your data, you can file a privacy complaint with the local privacy authority.

Any request, questions or complaints regarding your privacy can be send to

gdpr@gainsbybrains.com

Note: This privacy statement is valid as of 11 October 2023 and may be revised from time to

time. Applicable at all times is the most recent version of the privacy statement. If a revision

could significantly affect our users we will do our best to inform those affected of said

revisions.