Privacy policy

Version: 04.05.2020


1 Introduction

At Physiotechlab, accessible from the website www.physiotechlab.online, we recognise protection and careful handling of your personal data as one of our main priorities. This Privacy Policy document contains the types of information collected and recorded by Physiotechlab and how we use it. At Physiotechlab, we comply strictly with the GDPR (General Data Protection Regulation https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN) and applicable legal provisions when using your data. In this Privacy Policy, terms such as data subject, personal data, processing, controller, processor and recipient are all used within the meaning of Article 4. This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in Physiotechlab. This policy is not applicable to any information collected offline or via channels other than this website.


2 Consent – Users

By using our website, www.physiotechlab.online and sub-domains, you hereby consent to our Privacy Policy and agree to its terms. The controller (“we” or “us” in this section) for the processing of your data is Physiotechlab.


2.1 Information we collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information. If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. When you register for an Account, we may ask for your contact information, including items such as name, address, email address, profile photo and telephone number. When registering your Account using Facebook or Google account information, the Privacy Policy of the third part may apply. Note that Physiotechlab has no access to or control over these cookies that are used by third parties.


2.2 Why we process the data

In connection with our online offerings, we process data from visitors to our website based on our legitimate interests in the analysis, optimisation and commercial operation of our website for the following purposes:

  1. Provide, operate, and maintain our website/platform;
  2. Improve, personalize, and expand our website;
  3. To adapt Physiotechlab services to the preferences of visitors to the website;
  4. To verify and optimise the effectiveness of Physiotechlab services;
  5. To transfer booking data to the sports provider so that the sports provider can book the sports offerings;
  6. To create and send out booking confirmations;
  7. Find and prevent fraud, for purposes of troubleshooting and detection of anomalies, to guard against misuse of Physiotechlab services and to track any unauthorised access attempts;
  8. Communicate with you, either directly or through one of our partners (including Teachers), including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes.

Our legitimate interest in processing these data lies in the analysis, optimisation and commercial operation of the Physiotechlab platform and the promotion of our products and services. Consent to the above purposes is given voluntarily during the registration process. You may withdraw it at any time, with future effect in the online profile settings. To do so, please contact us at the following e-mail address: contact@physiotechlab.online. For information about the options for objecting, please see the “Technical notes” section.


2.3 To whom we transfer the data?

We transfer data from visitors to the website to the following recipients and/or categories of recipient:

  1. Communication tools for support requests and communication with customers;
  2. Third party platforms for payment and instant money transfer;
  3. Teachers and class providers for booking and customer management purpose;
  4. External hosting providers for data storage;
  5. Marketing tools.

2.4 Log file

Physiotechlab follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users' movement on the website, and gathering demographic information.


3 Consent - Teachers

If you use the Physiotechlab platform to live stream your classes, not only your customers' data needs to be protected, but also your own. Here you can learn about the processing of your data. Since you also visit our websites as part of our collaboration, please also read the section “Consent - Users” carefully.


3.1 Why we process the data

We process data from sports providers in connection with the performance of a contract for the following purposes:

  1. To enable the live streaming of classes;
  2. To enable you to check in customers and share class payment details;
  3. To enable you to update your teacher profile and settings (the sports provider's cancellation conditions, GTCs and privacy policy);
  4. To create and send out booking confirmations and invoice documents;
  5. To enable communication with customers and resolution of support requests;
  6. To provide Teachers with personalised recommendations for making more efficient use of the Physiotechlab platform;
  7. To ensure compliance with licensing conditions.

We also process data from sports providers for the following purposes, as part of our own legitimate interest

  1. To improve the service, in particular by sending Teachers information about Physiotechlab services by e-mail;
  2. To adapt the service to the Teacher’s preferences, monitor the effectiveness of the Physiotechlab network and service, and to develop new tools;
  3. To display interest-based advertising on a third party’s website;
  4. To prevent misuse of Physiotechlab services and to track unauthorised access attempts.

We process data based on consent for the following purposes:

  1. To display the sports provider’s feedback with their name and photograph on the Physiotechlab websites;
  2. To administer newsletter recipients and dispatch newsletters;
  3. To display interest-based advertising on third-party service providers’ websites using customer data matching.

Our legitimate interest in processing these data lies in the analysis, optimisation and commercial operation of the Physiotechlab platform and the promotion of our products and services. Consent to the above purposes is given voluntarily during the registration process. You may withdraw it at any time, with future effect, in the online profile settings. To do so, please contact us at the following e-mail address: contact@physiotechlab.online. For information about the options for objecting, please see the “Technical notes” section.


3.2 To whom we transfer the data?

We transfer data from visitors to the website to the following recipients and/or categories of recipient:

  1. Communication tools for support requests and communication with customers;
  2. Third party platforms for payment and instant money transfer;
  3. Security and requirements engineering tools;
  4. External hosting providers for data storage;
  5. Accountant and Tax consultants;
  6. Financial administration and tax authority;
  7. Marketing tools;
  8. Physiotechlab Ambassadors.

4 Advertising Partners Privacy Policies

You may consult this list to find the Privacy Policy for each of the advertising partners of Physiotechlab. Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on Physiotechlab, which are sent directly to users' browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit. Note that Physiotechlab has no access to or control over these cookies that are used by third-party advertisers.


5 Live streaming service

On Physiotechlab platform, users can attend live streaming classes. Teachers may choose to record the session, and if so, the teacher is responsible for obtaining consent from users. Physiotechlab will support teachers obtain consent from meeting participants by providing visual and audio cues to alert participants of a recording. Recordings may contain personal data and may be stored in Physiotechlab’s server at the request of the customer. A teacher may choose to store a recording of a meeting on the teacher’s local storage device, not in Physiotechlab’s servers. When a teacher chooses to do that, Physiotechlab does not have any control over the recording.


6 Third Party Privacy Policies

Physiotechlab's Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options.
You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites.

We commission external service providers to undertake various assignments for us. If one of these assignments involves processing your personal data, any such service provider is a processor within the meaning of the GDPR. We have written agreements with them (in accordance with Article 28 GDPR), which govern the handling of personal data and oblige processors to comply with suitably high security standards. Some recipients are controllers in their own right for data transferred to them, so such processing does not constitute commissioned processing. The payment service provider that we use, PayPal, is one of these controllers in their own right. All PayPal transactions are subject to the PayPal privacy policy. Teachers are also controllers in their own right for data transferred to them to arrange your booking. If you would like information about a Teacher’s privacy policy, please contact that Teacher directly. Physiotechlab works together as joint controllers. They have signed a written agreement between them (in accordance with Article 26 GDPR) in order to manage their respective responsibilities. All data processing issues can be addressed by mail to Physiotechlab. The issues are forwarded accordingly within the Group. Data protection issues can be addressed via e-mail to the following e-mail address: contact@physiotechlab.online. We also transfer certain data to recipients in third countries (i.e. countries outside the EU/EEA). For these third countries there is either an adequacy decision of the EU Commission [https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en] (recipients in the USA must certify themselves under the Privacy Shield agreement [https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en], or we have signed standard contractual clauses [https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en] with the recipients in order to guarantee an adequate level of protection for your data.


7 Duration of the processing

As a basic principle, your data are processed for the duration of the contractual relationship or for as long as needed for the above purposes. In addition, the data are stored only for as long as legal data retention obligations stipulate. If the use of the data is based on your consent, the data will be processed until such consent is withdrawn. Inactive Physiotechlab online profiles, including profile data provided by the user, are erased by default three years after the last login if they no longer have any credit. Correspondence with prospective customers and applicants is stored for six months in case of any follow-up questions. Server log files are stored for 30 days and then erased. For details of the retention period for cookies and other technical tools of the Physiotechlab online services, please refer to the “Technical notes” section.


8 GDPR Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  1. The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
  2. The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
  3. The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  4. The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  5. The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  6. The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

You may withdraw it at any time, with future effect, in the online profile settings. If you make a request, we have one month to respond to you. To do so, please contact us at the following e-mail address: contact@physiotechlab.online.


9 Residents of the State of California

If you reside in California, you may have legal rights with respect to your personal data, including those set forth under the California Consumer Privacy Act (CCPA). If you are a California resident, you can request information about both the categories and specific pieces of data we have collected about you in the previous twelve months, the reason we collected it, the category of entities with whom we have shared it and the reason for any disclosure. Physiotechlab is prohibited from discriminating against California consumers that choose to exercise their privacy-related rights under the CCPA.


10 Children's Information

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
Physiotechlab does not knowingly collect any Personal Identifiable Information from children under the age of 16. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.



11 Annex 1: Technical Notes


11.1 Links

Physiotechlab website can contain links to other services or websites of the Teachers. Physiotechlab is not responsible for the privacy practices and / or practices of other providers or websites. If the website visitor follows the link to another website, the website visitor is solely responsible for becoming familiar with the data protection regulations of these other websites.


11.2 Cookies

To the Physiotechlab websites and to enable the use of certain functions, cookies are used on various pages. These are small text files that are stored on the website visitor's device. Some of the cookies used are deleted after the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on the end user device and enable the website visitor's browser to be recognized the next time they visit (persistent cookies). As a website visitor, you can set the browser so that you are informed about the setting of cookies and can individually decide whether to accept them or exclude the acceptance of cookies for certain cases or in general.

The following cookies are used on the Physiotechlab websites:

Operator Name Description Storage period
fontawesome.com mp_153b95f810bd70752a0f1f7e63f16ad2_mixpanel Cookie technician to display characters and icons – Third-party cookies (fontawesome.com) 6 months
__stripe_mid stripe.com uses __stripe_mid and __stripe_sid to process payments for our website 1 month
physiotechlab.online cookie_consent_status Stores the user consent status 1 year
cookie_consent Stores the user consents 1 year
_identity Stores the user identity when logged in 1 year
PHPSESSSID Stores the identifier for the session data session
_csrf Stores a security code used to check the forms submissions session
Google Analytics _ga Stores a unique client ID that is used to generate statistical data on how the website visitor uses the website 24 hours
_gat_UA-165485410-1 Is used to control or monitor server requests 1 minute
_gid Stores a unique client ID that is used to generate statistical data on how the website visitor uses the website 24 hours

11.3 Analytics, conversion tracking and remarketing

The following marketing tools used on the Physiotechlab websites are used by Physiotechlab in the legitimate interest (Art. 6 Para. 1 lit. f, GDPR) in the analysis, optimization and economic operation of the Physiotechlab websites. You can find more information in our privacy policy.


11.3.1 Google Analytics

The Physiotechlab websites use functions of the web analytics service Google Analytics. The provider is Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA or for the EU Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses methods that make it possible for website visitors to analyse the use of the Physiotechlab websites, for example using so-called “cookies”, text files that are stored on website visitors' computers. During your website visit, data such as pages viewed, IP addresses in anonymous form, technical information (e.g. browser, Internet provider), source of origin of the visit, number of bookings are recorded. You can find more information on handling data with Google Analytics in Google's data protection declaration [https://support.google.com/analytics/answer/6004245?hl=de]. You can prevent Google from collecting the data generated by the cookie and relating to the use of the Physiotechlab websites and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. The IP address transmitted by your browser as part of Google Analytics is anonymized and is not merged with other Google data. On behalf of Physiotechlab, Google will use this information to evaluate the use of the Physiotechlab website, to compile reports on website activity and to provide Physiotechlab with other services related to website activity and internet usage. Google Analytics data is stored for 26 month.


11.4 Single-sign-on by Facebook login

Registration for the Physiotechlab platform is via the Facebook login plugin, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or for the EU Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland ("Facebook"), possible. For In this case, registration will be redirected to the Facebook page, where you you can log in with your Facebook data. This will link your Facebook profile to the Physiotechlab platform. If you agree to the information about the exchange of data with Facebook in the course of this registration process, Physiotechlab will receive the general and publicly available information stored in your profile, depending on your privacy settings made on Facebook. This information includes the user ID, name, profile picture, age and gender. Physiotechlab processes your first name and surname, your email and your Facebook ID, as this information is required for the fulfilment of the contract. If you call up a page that contains such a plugin, your browser connects to the Facebook servers to integrate the plugin. This gives Facebook the information that your browser has accessed the corresponding website, even if you do not have a Facebook profile or are currently not logged in to Facebook. This information (including your IP address) is sent to a Facebook server in the USA and stored there. If you do not want Facebook to be able to assign data to your profile that has been collected via our website, please log out of Facebook before visiting our website. You can also prevent the Facebook plug-in from loading using browser add-ons. Please inform yourself about the purpose and scope of data collection by Facebook and the further processing and use of data by Facebook, as well as your rights and setting options for protecting your privacy in Facebook's data protection information: http://www.facebook.com/policy.php.