Legal · Data Protection

Privacy Policy
for Future Athletes Running

This policy explains what personal data we collect, why we collect it, how it is used, and your rights under the General Data Protection Regulation (GDPR) and applicable German law (BDSG / TTDSG).

🗓 Last updated: May 2025 📍 Applicable jurisdiction: Germany / EU 🔒 GDPR compliant

All infrastructure and service providers are based within the EU/EEA. No personal data is transferred outside the European Economic Area.

Data Controller

The entity responsible for the processing of your personal data (the Controller) within the meaning of Art. 4(7) GDPR is:

Fabio Abbruzzesi — Future Athletes Running

📍 München, 81735, Germany

✉️ info@future-athletes.com

📞 +49 152 02540828

🌐 www.future-athletes.com

As a sole trader operating in Germany, Fabio Abbruzzesi is the natural person responsible for decisions about how and why personal data is processed. No Data Protection Officer (DPO) is required under Art. 37 GDPR for this type and scale of processing.

What Personal Data We Collect

We only collect data that is strictly necessary for the specific purpose for which it is gathered (data minimisation, Art. 5(1)(c) GDPR).

Category	Data Points	Source
Identity & Contact	Full name, email address, phone number	Contact form (Tally.so), booking (Cal.com), direct email
Booking	Name, email, selected time slot, optional message	Consultation booking via Cal.com
Payment	Billing name, email, transaction reference (card details handled by Stripe — not stored by us)	Purchase of coaching services or training plans
Communication	Message content, enquiry details	Contact form (Tally.so), email, WhatsApp
Newsletter	Email address, subscription status, name (optional)	Newsletter sign-up via Brevo
Website Usage	Anonymised IP address, pages visited, session duration, device/browser type	Google Analytics (only after consent)
Athletic & Health Data	Training load, heart rate, pace, VO2max, race results, fitness level	TrainingPeaks (shared directly by client on that platform)

Health data note: Athletic performance and health-related data (e.g. heart rate, VO2max) constitutes special category data under Art. 9 GDPR. This data is shared exclusively through TrainingPeaks — a platform governed by its own privacy policy — and is accessed by your coach solely to deliver the agreed coaching service, on the basis of your explicit consent provided during onboarding.

Legal Bases for Processing

Every processing activity rests on one of the following legal bases under Art. 6 GDPR (and Art. 9 GDPR for health data). We do not process your data beyond these stated purposes.

Processing Activity	Legal Basis
Fulfilling a coaching contract or training plan purchase	Art. 6(1)(b) — Contract performance
Processing bookings for consultation calls (Cal.com)	Art. 6(1)(b) — Pre-contractual steps at your request
Issuing invoices, accounting, tax obligations	Art. 6(1)(c) — Legal obligation (§ 147 AO, § 14 UStG)
Responding to enquiries via Tally.so contact form or email	Art. 6(1)(f) — Legitimate interest (pre-contractual communication)
Sending the newsletter via Brevo	Art. 6(1)(a) — Consent (double opt-in)
Website analytics via Google Analytics	Art. 6(1)(a) — Consent (cookie banner)
Processing health/athletic data on TrainingPeaks	Art. 9(2)(a) — Explicit consent given during onboarding

How We Use Your Data

Your data is used exclusively for the purposes described below. We do not sell your data to any third party, nor do we use it for automated decision-making or profiling that produces legal effects concerning you (Art. 22 GDPR).

Coaching Services

To create, deliver, and adjust personalised training plans; to communicate about sessions, results, and progress; and to provide ongoing support and race strategy guidance.

Group Workouts & Events

To manage registrations, communicate event details, and ensure participant safety at Munich-based sessions.

Consultation Bookings

To schedule free discovery calls via Cal.com. Only the minimum information required to confirm and manage your appointment is collected.

Payments & Invoicing

To process payments securely via Stripe and to issue invoices as required by German commercial and tax law. Invoice data is retained for 10 years (§ 147 AO).

To send training tips, coaching updates, and promotional offers to subscribers who have actively opted in via double opt-in. You may unsubscribe at any time using the link included in every email.

Website Analytics

To understand in aggregate how visitors interact with our website, enabling us to improve content and user experience. Analytics are activated only after your explicit consent via our cookie banner.

Third-Party Service Providers

We use the following processors and services. All providers, except TrainingPeaks and Google Analytics, are headquartered within the EU/EEA. Each is bound by a GDPR-compliant data processing agreement (DPA) where applicable.

EU-first infrastructure: Our website is hosted within the EU (Statichost.eu, Sweden; Hetzner infrastructure, Germany/Finland). Our domain is registered with INWX.de (Germany). No personal data leaves the EEA through our hosting or domain provider.

Provider	Purpose	Data Transferred	Location
Statichost.eu	Website hosting (static site)	Server logs, IP address (transient)	🇸🇪 Sweden / Hetzner DE + FI
INWX.de	Domain registration & DNS	Domain registrant data	🇩🇪 Germany
Tally.so	Contact form	Name, email, message content	🇧🇪 Belgium
Brevo (Sendinblue SA)	Email newsletter & marketing	Name, email address	🇫🇷 France
Cal.com	Consultation booking	Name, email, appointment data	🇪🇺 EU infrastructure
Stripe	Payment processing	Billing name, email, transaction reference	🇮🇪 Ireland (Stripe Payments Europe Ltd)
Google Analytics (Google Ireland Ltd)	Website analytics	Anonymised IP, usage behaviour	🇮🇪 Ireland (data may be processed on Google servers; IP anonymisation enabled)
TrainingPeaks	Athlete training management	Athletic & health performance data	USA — access governed by TrainingPeaks' own privacy policy and your direct agreement with them

TrainingPeaks note: TrainingPeaks is the sole service based outside the EU/EEA. You create your own TrainingPeaks account and grant your coach access. The data you share there is governed by TrainingPeaks' Privacy Policy. We access only what is necessary to deliver your coaching plan.

Data Retention

We retain your data only for as long as necessary for the purpose it was collected, or as required by German law. Once the retention period expires, data is securely deleted or anonymised.

Data Type	Retention Period	Reason
Invoices & financial records	10 years	§ 147 AO (German Fiscal Code)
Commercial correspondence	6 years	§ 257 HGB (German Commercial Code)
Active coaching client data	Duration of contract + 3 years	Contractual performance & limitation of claims
Contact / enquiry messages (Tally.so)	Up to 12 months after last contact	Legitimate interest
Booking data (Cal.com)	Up to 6 months after appointment	Legitimate interest (proof of pre-contractual steps)
Newsletter subscribers (Brevo)	Until unsubscription or withdrawal of consent	Consent-based
Analytics data (Google Analytics)	14 months (configured in GA settings)	Consent-based

Your Rights

As a data subject under the GDPR, you have the following rights. You may exercise them free of charge by contacting us at info@future-athletes.com. We will respond within 30 days of receiving your request (Art. 12 GDPR).

Access (Art. 15) Request a copy of all personal data we hold about you, and information on how it is used.

Rectification (Art. 16) Ask us to correct inaccurate or incomplete personal data.

Erasure (Art. 17) Request deletion of your data where there is no overriding legal reason to retain it ("right to be forgotten").

Restriction (Art. 18) Ask us to pause processing of your data while a dispute or objection is resolved.

Portability (Art. 20) Receive your data in a structured, commonly used, machine-readable format (applies to consent-based processing).

Objection (Art. 21) Object to processing based on legitimate interest at any time, including direct marketing.

Withdraw Consent (Art. 7(3)) Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

Complaint (Art. 77) Lodge a complaint with the competent supervisory authority (see Section 11).

Cookies

Our website is a static site (Astro + Tailwind CSS) and sets only the minimum cookies required. In accordance with § 25 TTDSG (German Telecommunications and Digital Services Act) and the GDPR, non-essential cookies require your prior consent.

Strictly Necessary Cookies

Technical cookies required for the website to function (e.g. security tokens, session handling set by embedded services). These do not require consent and cannot be disabled without affecting core functionality.

Analytics Cookies (Google Analytics)

Google Analytics cookies are only set after you give explicit consent via our cookie banner. These help us understand aggregate usage patterns. IP anonymisation is enabled. You can withdraw consent at any time by clearing your cookies or via your browser settings.

Third-Party Form & Booking Cookies

Tally.so and Cal.com may set functional cookies when you interact with embedded forms or the booking widget. These are strictly necessary for those services to work and are described in their respective privacy policies.

We do not use advertising, retargeting, or social media tracking cookies.

Children's Data

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data without appropriate parental or guardian consent, please contact us immediately at info@future-athletes.com and we will delete it promptly.

Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in our services, applicable law, or the tools we use. The effective date at the top of this page always shows the current version.

For material changes that affect how we process your personal data, we will notify active clients and newsletter subscribers by email at least 30 days before the change takes effect.

Contact & Supervisory Authority

For any privacy-related question, or to exercise your rights under Section 7, please contact us directly: