Privacy Policy

1. Collecting and Using Your Personal Data

We collect several types of data in connection with the operation of the Service. The following subsections describe the categories of data collected, the purposes for which they are used, and the legal bases that govern their processing.

1.1. Types of Data Collected

The data we collect depends on how you interact with the Service and the integrations you choose to enable. The categories of data collected are described below.

1.1.1. Personal Data

When an account is created on your behalf by your organisation (such as a sports association, club, or federation), or by us at your request, the following personal information may be collected and stored:

• Email address
• First name and last name
• Date of birth
• Residential or postal address, including street address, city, state or province, ZIP or postal code, and country
• Role or affiliation (e.g., athlete, trainer, coaching staff)

This data is necessary for account creation, authentication, and the identification of users and their associated organisations within the Service.

Accounts cannot be self-registered. All accounts are created exclusively by the Company upon request from the user, or from a recognised authority to which the user is affiliated, such as a national or regional sports association, club, or federation.

1.1.2. Health Data

With your explicit consent, the Service may collect health and fitness data through integrations with third-party platforms and devices. This may include data retrieved from:

• Garmin Connect — including activity logs, heart rate data, workout sessions, GPS routes, sleep data, and other performance metrics made available via the Garmin Health API.
• Polar Flow — including training sessions, heart rate variability, recovery status, and related performance data made available via the Polar AccessLink API.

These integrations are activated only upon your explicit approval through the integration management functionality within the Application. You may revoke any such integration at any time through the same interface.

Health data is considered sensitive personal data and is handled with the highest level of care. It is processed exclusively for the purposes of providing, operating, and improving the training and performance management features of the Service. This data is never used for advertising, sold, or otherwise disclosed to third parties for commercial purposes.

1.1.3. Usage Data

When you access and use the Service, certain technical and operational data may be collected automatically. This may include:

• Your device’s Internet Protocol (IP) address
• Browser type and version (for web access)
• Operating system and device type
• Pages or screens visited within the Application, and timestamps of access
• Time spent on specific features or sections
• Error logs and crash reports

This data is collected to ensure the technical stability, security, and functionality of the Service. It is not linked to third-party analytics services such as Google Analytics, and is not used for marketing or profiling purposes.

1.1.4. Tracking Technologies and Cookies

The Service uses only essential (strictly necessary) cookies and similar tracking technologies. These are required for the Service to function correctly and cannot be disabled without affecting core functionality. Such technologies are used for:

• Maintaining user authentication sessions
• Preserving user preferences within the Application
• Ensuring security and preventing unauthorised access

We do not use marketing, advertising, or analytics cookies. We do not track your behaviour across third-party websites or share cookie data with external parties. No consent banner is required for essential cookies under applicable law, as they are strictly necessary for the provision of the Service.

1.2. Use of Your Personal Data

We use the data collected to fulfil our contractual obligations and to provide the Service as described. Specifically, data is used to:

• Create and manage your user account
• Authenticate and authorise access to the Application
• Fetch, aggregate, and display training data from connected devices and platforms
• Provide performance analytics, training plans, progress tracking, and related functionalities
• Enable trainers to monitor and manage the training programmes of athletes within their organisation
• Communicate with you regarding your account, service updates, or technical issues
• Comply with legal obligations to which the Company is subject

We do not use your personal data for marketing, profiling, behavioural advertising, or any purpose unrelated to the provision of the Service. We do not sell, lease, rent, or otherwise transfer your data to third parties for commercial gain.

1.3. Retention of Your Personal Data

We retain your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, and in accordance with applicable legal requirements.

• Usage data (technical and operational logs) is retained for a limited period, generally not exceeding ninety (90) days, after which it is automatically deleted or anonymised.
• Personal account data and health and fitness data are retained for as long as your account remains active. Upon account closure or deletion, your data will be removed from our systems within a reasonable period, except where retention is required by applicable law or for the establishment, exercise, or defence of legal claims.

You may request the deletion of your personal data at any time by contacting us or through the account management features available in the Application, subject to any overriding legal obligations.

1.4. Transfer of Your Personal Data

Your data may be stored and processed on servers located outside of your country or jurisdiction of residence. By using the Service, you consent to the transfer of your data to such locations, which may have different data protection laws than those applicable in your country.

Where data is transferred outside the European Economic Area (EEA) or other jurisdictions with specific transfer restrictions, we ensure that appropriate safeguards are in place in accordance with applicable data protection law, such as Standard Contractual Clauses or equivalent mechanisms.

Your data is processed solely by the Company and its authorised personnel. It is not transferred to other commercial entities for their own business purposes. We do not engage third-party data processors for the handling of your data beyond what is strictly necessary for the technical operation of the Service (such as cloud infrastructure providers), and all such processors are bound by appropriate data processing agreements.

1.5. Disclosure of Your Personal Data

We do not share your personal data with external parties except in the limited circumstances described below.

1.5.1. Law Enforcement

Under certain circumstances, we may be required to disclose your personal data in response to lawful requests by public authorities, including law enforcement agencies, courts, or regulatory bodies. Such disclosure will only be made where we are under a legal obligation to do so, and we will take reasonable steps to notify you of such requests unless prohibited by law or court order.

1.5.2. Other Legal Requirements

We may disclose your personal data in the good-faith belief that such action is necessary to:

• Comply with a legal obligation or regulatory requirement
• Protect and defend the rights, interests, or property of the Company
• Prevent or investigate possible wrongdoing, fraud, or misuse in connection with the Service
• Protect the personal safety of users of the Service or members of the public
• Protect the Company against legal liability

1.6. Security of Your Personal Data

The security of your personal data is of significant importance to us. We implement and maintain appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include, among others, encryption of data in transit, access controls, and regular security reviews.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law.

2. Children’s Privacy

The Service is intended exclusively for adults. Only persons who are eighteen (18) years of age or older are eligible to hold an account with the Service.

We do not knowingly collect personal data from individuals under the age of eighteen. Accounts are not self-registered and are only created by the Company upon verified request from the user or from an authorised organisation. Any account request involving a minor will not be processed.

If you believe that a minor’s personal data has been submitted to us inadvertently, please contact us immediately so that we may take appropriate action, including deletion of the relevant data.

3. External Links and Third-Party Services

The Application may contain links to external websites, services, or applications, including but not limited to the platforms of Garmin and Polar. These links are provided for your convenience and to enable the core functionality of the Service.

We have no control over, and assume no responsibility for, the content, privacy practices, or policies of any third-party services. When you choose to connect your account to a third-party platform or authorise the synchronisation of your data with such a service, you do so subject to that service’s own terms of service and privacy policy.

We strongly recommend that you review the privacy policies of any third-party services you choose to use in connection with the Application. Our Privacy Policy does not govern the data practices of third-party services, and we are not responsible for any actions taken by those services with respect to your data.

4. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or the features of the Service.

In the event of a material change to this Privacy Policy, we will notify you by:

• Sending a notification to the email address associated with your account, and/or
• Displaying a prominent notice within the Application prior to the change taking effect.

We encourage you to review this Privacy Policy periodically to stay informed of how we protect your data. The “Last updated” date at the top of this document reflects the most recent revision.

Your continued use of the Service following notification of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated terms, you should discontinue use of the Service and contact us to request account closure.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

IT Manifest
Address: Nikola Parapunov 11, Skopje – Karposh, Republic of North Macedonia
Email: account@refcentralhub.com