Privacy Policy & Data Protection

Security

We use appropriate technological and organisational measures to protect the transmission and storage of personal data and payment information. Card details and payment system access credentials are not stored on the server of the online shop and are encrypted accordingly, ensuring that third parties cannot read them even in the event of unauthorised access.

Protection of Personal Data

The provider and data processor is Movepro GmbH (La Primafit) (click here for more information). The provider undertakes to permanently protect all personal data of the user.

The website stores the following data of registered online shop users for an indefinite period or until cancellation by the individual user: full name, email address, contact telephone number, primary billing and delivery addresses, country of residence, time and date of registration, and a record of communication.

For registered B2B members, the provider stores the following data for an indefinite period (which may constitute personal data in certain cases): legal or natural entity name, tax number, full name, address of the contact person/company headquarters and delivery addresses, country of residence/company location, email address, contact telephone number, time and date of registration, and a record of communication with the provider.

The personal data listed above is used exclusively for the purpose of fulfilling orders (e.g., sending informational material, offers and invoices) and for any other necessary communication with registered users of the online shop. Under no circumstances will user data be disclosed to unauthorised third parties. All confidential information transmitted online (including personal data, purchase information and payment card numbers) is securely encrypted and therefore cannot be accessed or read by third parties.

For non-registered users (guests), the following data is stored until the order has been fulfilled: full name, email address, contact telephone number, primary and delivery address, country of residence, date and time of order, and a record of communication.

Users are also responsible for safeguarding their own personal data, specifically by ensuring the security of their email address, username and password, and by maintaining appropriate software protection (such as antivirus software) on their devices.

Account Deletion

If you wish to delete your account ("My Account"), please notify us at info@laprimafit.com. To verify authenticity, we will contact you and confirm the deletion. The request must be submitted from the same email address used to create the account. Within 15 days of receiving your request, we will delete your personal data (except where we are legally required to retain certain data for a specified period) and will notify you once the deletion is complete.

Which Personal Data We Process and How You Can Modify It

You may obtain a report of your personal data via the link GDPR Report. Follow the instructions provided to access the report and to request correction or complete deletion of your data. How you can review or manage your personal data individually depends on how the data was submitted: when placing an order by creating a user account, when placing an order as a guest, or by entering your email address to subscribe to the Newsletter. You may always choose whether you wish to receive promotional communications, phone calls or postal mail from Movepro GmbH.

Privacy Protection

Movepro GmbH respects and protects your privacy. This Privacy Notice of Movepro GmbH (“Data Protection and Privacy Notice”) explains why we collect personal data about you, which types of personal data we collect, how we collect it, how long we retain it, with whom we share it, and your rights regarding your personal data. This document also explains how we safeguard your information.

This Privacy Notice is compliant with the EU General Data Protection Regulation 2016/679 (“GDPR”).

The data controller responsible for your personal data is: Movepro GmbH, Hauptstraße 16, 9431 St. Stefan im Lavanttal, Austria, Company Registration No. FN 645846 z (hereinafter referred to as “Movepro”).

Why We Process Personal Data and the Legal Basis for Processing

The primary reason for collecting, using and storing your personal data is to provide our services to you. “Service”, “our service”, and similar terms refer to conducting business with you/your organisation, and assisting you with your enquiries, purchases and requests.

We also process usage data for purposes of business development, to inform you of business-related activities, products and services through marketing communication, and to improve our services based on your feedback. Personal data may also be processed for the performance of contractual obligations and to comply with legal requirements. Certain data is processed on the basis of our legitimate interests.

For business operations, the provider collects the following personal data:

full name,

address and place of residence,

email address (your username),

contact telephone number,

and any other data submitted in the relevant forms on the website.

Personal data is processed on the following legal bases:

Performance of a Contract, including purchase – Article 6(1)(b) GDPR:

When we process personal data in connection with a contract, the legal basis is the performance of that contract, including the execution of a purchase.

Consent – Article 6(1)(a) GDPR:

When we send newsletters or promotional messages, we do so based on your consent. Where processing is based on consent, you may withdraw your consent at any time.

Legal Obligation – Article 6(1)(c) GDPR:

If we share personal data with law enforcement or other public authorities, this is based on a legal obligation.

Legitimate Interests – Article 6(1)(f) GDPR:

We have a legitimate business interest in processing certain data, for example when responding to your enquiries.

Types of Personal Data We Process

Activity	Types of Personal Data Processed	Purpose of Processing	Legal Basis
General business operations	Name, contact details, and other data needed for business dealings	For general business operations, including managing relationships with customers, suppliers (including third-party service providers) and other stakeholders. May also be used for system testing.	Art. 6(1)(b), Art. 6(1)(f) GDPR
Enquiries	Name, email, telephone numbers, messages, other contact details, documents or images you provide	To respond to enquiries or requests via phone, email, post or digital channels; may include follow-up surveys.	Art. 6(1)(a), Art. 6(1)(b), Art. 6(1)(f) GDPR
Sales / Online sales / Order fulfilment	Name, contact details, payment and credit card information	To analyse purchase trends, provide personalised browsing, process and fulfil online orders, manage deliveries and returns.	Art. 6(1)(b), Art. 6(1)(a), Art. 6(1)(f) GDPR
Marketing campaigns	Name, contact details	To carry out marketing activities following acceptance of terms.	Art. 6(1)(a), Art. 6(1)(b) GDPR
Business development	Personal data collected via digital platforms	To improve customer understanding, communication, and development of products and services.	Art. 6(1)(a) GDPR
Marketing (profiling & personalisation)	Contact details, browsing history, purchase history, identifiers	To tailor marketing activity and optimise experience and communication.	Art. 6(1)(a), Art. 6(1)(f) GDPR
Use of your image / testimonials	Personal photographs or statements provided with consent or taken at events	Used as outlined in an agreement or based on consent.	Art. 6(1)(a), Art. 6(1)(b), Art. 6(1)(f) GDPR
Website visitors / surveys	Personal data from online platforms or surveys	To improve products and services; for marketing only with consent.	Art. 6(1)(a), Art. 6(1)(f) GDPR
Compliance and legal requirements	Any personal data as required	To comply with law, enforcement or legal processes.	Art. 6(1)(c), Art. 6(1)(f), Art. 9(2)(a), Art. 9(2)(f) GDPR

How We Collect Your Personal Data

Directly from you

In most cases, personal data is collected directly from you, or generated as part of your use of our services, products and digital platforms. We collect the personal data you provide when you request products, services, or information, register an account, participate in public forums, interact on our digital platforms, respond to our surveys, or otherwise communicate with us. We also use various technologies, including cookies, to collect information.

From our business partners

In certain situations, we may receive personal data from business partners who require our support in delivering the best possible service to you.

From your publicly accessible company website

In some cases, we collect personal data from public online sources in order to introduce or offer our services.

Links to other websites

This website contains links to other websites (e.g., Facebook, YouTube), to which this Privacy Notice does not apply. We do not endorse external websites or their content. We recommend reviewing the privacy policies of each website you visit.

How Long We Retain Your Personal Data

We retain your personal data only for as long as necessary for the purposes described in this Privacy Notice. Retention periods vary depending on the type of data and the purpose of processing.

Examples of retention periods:

Until you unsubscribe from marketing communications (you may do so at any time).

Photographs and testimonials are retained as specified in the applicable agreement.

Where data is processed on the basis of consent, we retain it until consent is withdrawn.

For legal compliance (e.g., accounting and tax records), personal data is retained in accordance with statutory requirements.

Who We Share Your Personal Data With

Your personal data may be shared with selected third parties, including:

Business partners, suppliers and subcontractors assisting us in service provision (e.g., logistics providers).

Technology providers (e.g., analytics, tracking, targeting services, hosting and website support providers).

Advertising platforms and networks, where you have given consent, to display relevant advertisements.

Social media platforms (e.g., Facebook, Instagram, Google) when relevant for marketing purposes and based on your consent.

Government bodies or law enforcement, where legally required.

Other parties when necessary to ensure safety, protect our rights, or comply with legal obligations.

Notifications - CartFox

The controller uses Klaviyo for email communication and CartFox for SMS and direct messaging. The CartFox Privacy Policy is available at: https://cartfox.io/en/privacy-policy/.

Personal data of individuals processed within the CartFox service includes:

email address;

telephone number;

information about the website or application through which the email address and/or telephone number was provided;

information regarding message transmission, namely:

the type of message (SMS, instant messaging application (type of application), email);
date of sending;
time of sending;
the content of the message sent (e.g., purchase notifications, abandoned basket reminder, discount notice, etc.);

information on undelivered messages (date and time when the non-delivery notice was received);

data on the action performed (e.g., purchase of an item from an abandoned basket, purchase of a discounted item, etc.).

Personal data (email address, telephone number) are automatically transmitted to the joint controller.

Legal Basis for Processing Personal Data in CartFox

Consent:

Used to process personal data of individuals who have consented to receive electronic communications or SMS messages and/or agreed to the online shop’s terms and conditions and to receive information about news, promotions and new products.

Legitimate Interests:

The controller processes personal data within the CartFox service on the basis of legitimate interests only where all of the following preconditions are met:

the individual has added at least one item to the online shop basket;

the individual has voluntarily provided their contact details (email address and/or telephone number);

the message contains text relating to the individual’s (intended) purchase.

Purpose of processing on the basis of legitimate interests: to inform the individual about their (intended) purchase, since the messages contain the following information:

order confirmation;

up-to-date delivery information;

invoice after the purchase is completed;

abandoned basket reminder (to assist with completing an unfinished, incomplete or unconfirmed order).

The primary purpose of these messages is transactional communication. The messages are intended to inform the individual about their business relationship with the controller or the merchant (e.g., purchase-related notifications).

Unsubscribing

The recipient may unsubscribe from CartFox messages at any time by using the unsubscribe option provided in each message sent via the CartFox service. To unsubscribe from all messages sent by the controller, you may contact the joint controller at info@dfvu.org.

Disclosure, Access and Aggregation

Personal data collected within the CartFox service are not disclosed to third parties (other than the joint controller, i.e., the CartFox service provider). The controller does not have access to the personal data processed within CartFox; the controller can only access reports containing aggregated and thereby anonymised data (e.g., number of messages sent, number of purchases attributable to messages, etc.).

International Data Transfers

Personal data processed within the CartFox service are not transferred to third countries or international organisations; that is, they are not transferred or exported outside the territory of EU Member States.

Retention, Security and Rights (CartFox)

Information regarding the retention period for personal data processed within the CartFox service, the protection of such personal data and the rights of individuals in relation to their personal data is available in the CartFox Privacy and Personal Data Protection Policy. For more information, you can contact the CartFox provider at info@dfvu.org.

Transfers to Third Countries

If we transfer personal data outside the European Economic Area, such transfer will only occur where one of the following safeguards applies:

The country provides an adequate level of data protection recognised by the European Commission.

The recipient is certified under the EU–U.S. Data Privacy Framework (if applicable).

We use EU Standard Contractual Clauses approved by the European Commission, with supplementary security measures where necessary.

Data Security

The security, integrity and confidentiality of your personal data are of high importance to us.

We have implemented technical, organisational and physical security measures to protect your data from:

unauthorised access,

disclosure,

alteration, or

destruction.

However, no security system can be guaranteed to be completely secure or immune to intrusion.

Your Data Protection Rights

Movepro GmbH provides the following rights under the GDPR:

Your right	Legal Basis	Explanation
Access	Art. 15 GDPR	You may request confirmation of whether we process your personal data and receive a copy of the data.
Rectification	Art. 16 GDPR	You may request correction of inaccurate or incomplete personal data.
Erasure Right	Art. 17 GDPR	You may request deletion of your data in certain circumstances.
Restriction of Processing	Art. 18 GDPR	You may request restricted processing of your data in certain situations.
Data Portability	Art. 20 GDPR	You may request your personal data in a machine-readable format.
Objection	Art. 21 GDPR	You may object to processing based on legitimate interests or direct marketing.

To exercise your rights, please contact: info@laprimafit.com. We will respond within one (1) month. If necessary, this period may be extended by up to two (2) additional months; if so, we will notify you. If you are dissatisfied with our response, you may lodge a complaint with your local Data Protection Authority: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.

Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes in technology, legal requirements, or our practices. The most recent version will always be available on our website.

Last updated: 27 July 2025.