Data Protection Policy (GDPR)

TrainYourBody

Last updated: August 9, 2025

1. Data controller

TrainYourBody
Registered address: 60 RUE FRANÇOIS 1er, 75008 PARIS – FRANCE
Email: contact@trainyourbody.net
International phone: +594 694 12 21 52

2. Data collected and purposes

We only collect data strictly necessary to:

  • Process your orders (name, surname, address, phone, email)

  • Ensure secure payment : Shopify Payments – never stored by TrainYourBody)

  • Provide efficient customer service (emails, order history)

  • Send marketing communications (if consent given)

  • Analyse and improve our website (via analytics cookies, if accepted)

3. Legal basis

  • Contract performance: necessary to process your order

  • Consent: for newsletter subscription and cookies

  • Legal obligations: invoice and tax record retention

  • Legitimate interest: improving user experience and fraud prevention

4. Cookies

  • You can accept, refuse, or customise cookies.

  • No targeted advertising without explicit consent.

  • Retention period: 6 months maximum, renewed only upon consent.

5. Data sharing

Your data may be shared with:

  • Couriers: Royal Mail, DPD, DHL…

  • Payment providers: Stripe, Shopify Payments

  • Hosting provider: Shopify 

  • Marketing tools: Klaviyo, Mailchimp (if consent given)

  • Analytics tools: Google Analytics, Meta Analytics (if consent given)

None of these providers may use your data for their own purposes.

6. Transfers outside the UK/EU

Some providers may host data outside the UK or EU.
We apply Standard Contractual Clauses approved by the European Commission and the UK ICO to ensure equivalent protection.

7. Security

  • HTTPS encryption

  • Access restricted to authorised personnel

  • Regular backups

  • Protection against unauthorised access

8. Data retention

Data type Retention period
Orders & invoices 6 years (legal requirement)
Customer service 3 years after last contact
Newsletter Until consent withdrawn
Cookies 6 months maximum

9. Your rights (UK GDPR & GDPR)

You may at any time:

  • Access your data

  • Rectify it

  • Request deletion

  • Withdraw consent

  • Object to processing

  • Request data portability

contact@trainyourbody.net

10. Data Protection Officer (DPO)

TrainYourBody has an internal DPO responsible for compliance with UK GDPR and GDPR.

11. Changes

This policy may be updated at any time. The update date is always displayed at the top.