Privacy Policy

Effective Date: January 16, 2025

Last Updated: November 8, 2025

Language Notice: This document is available in both English and Greek. In the event of any inconsistency or conflict between the two versions, the English version shall prevail and be considered the official and legally binding version.

Overview

Welcome to Beyond the Finish Line ("we," "us," or "our") Endurance Coaching. Your privacy is our priority, and we are committed to safeguarding your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you visit our website, use our coaching services, or engage with us in other ways. By accessing our website or purchasing our services, you consent to this Privacy Policy and agree to its terms.

1. Information We Collect

We collect information that you provide directly, data collected automatically, and information from third-party sources.

1.1 Information You Provide Directly

  • Basic Account Information: Includes your full name, email address, date of birth, running history and goals, phone number, country, city, height, weight, emergency contact information.
  • Sensitive Health Data: Medical and injury history, pre-existing medical conditions, medications, and other health-related information necessary for safe and effective coaching. This constitutes sensitive personal data under GDPR and is subject to enhanced protection measures (see Section 1.4 below).
  • Transaction and Billing Information: When purchasing our services, you provide personal and payment information such as your name, billing address, and payment details. We process payments through third-party vendors like Revolut. Please refer to their privacy policies for more details.
  • Athlete-Provided Content: Content such as race reports, blog posts, photos, and results may be made publicly available, including shared media files and reposts on social channels.
  • Comments and Reviews: Feedback and testimonials may be displayed on our website or social media channels.

1.2 Information Collected Automatically

  • Log Information: Browser type, IP address, unique device identifiers, language preferences, referring site, access date and time, and operating system.
  • Usage Information: Website interactions, including pages viewed and actions performed.
  • Location Information: Approximate location derived from IP addresses.
  • Cookies and Tracking Technologies: Information collected via cookies and pixel tags to enhance user experience and monitor website performance.

1.3 Information from Other Sources

We may receive data from platforms you authorize us to connect with, such as Intervals.icu, Garmin, Wahoo, Zwift, Suunto, Coros, Polar, and Strava. Data shared depends on the permissions you grant these platforms.

1.4 Special Category Data (Health Data) Protection

Medical and injury information, health conditions, and related data constitute "special category data" under the General Data Protection Regulation (GDPR) Article 9, requiring explicit consent and enhanced protection.

Enhanced Security Measures for Health Data:

  • All health data is stored using encrypted storage systems (Google Drive with encryption at rest and in transit).
  • Access to health data is strictly limited to the Coach and authorized personnel on a need-to-know basis only.
  • Health data is kept separate from publicly accessible information and is never shared without your explicit consent.
  • We implement appropriate technical and organizational measures including password protection, two-factor authentication, and regular security reviews.
  • Health data is retained only as long as necessary to provide coaching services and comply with legal obligations.

Legal Basis for Processing Health Data: We process your health data based on your explicit consent provided when you submit your medical history and health information to us. You have the right to withdraw this consent at any time by contacting us at info@bflcoaching.com. However, withdrawal of consent may affect our ability to provide safe and effective coaching services.

2. How We Use Your Information

  • Setting up and managing accounts.
  • Delivering coaching and related services.
  • Personalizing and improving your experience.
  • Processing payments and transactions.
  • Sending updates, offers, and promotions.
  • Analyzing trends and service quality.
  • Complying with legal obligations and protecting rights.

3. Legal Bases for Processing (For EU Users)

  • Contractual Necessity: To provide services and fulfill agreements.
  • Legitimate Interests: For improving services, monitoring trends, and marketing.
  • Consent: For non-essential cookies or direct marketing communications.
  • Legal Obligations: To comply with applicable laws or lawful requests.

4. Sharing of Information

  • Vendors: Payment processors (e.g., Stripe, Revolut), analytics providers (e.g., Umami Analytics), email service providers (e.g., Resend), and cloud storage (e.g., Google Drive).
  • Employees and Contractors: For service delivery on a need-to-know basis.
  • With Consent: For publicly sharing race reports or testimonials.
  • Legal Compliance: In response to lawful requests or to protect our rights.
  • Business Transfers: If Beyond the Finish Line undergoes acquisition or merger.

5. Retention of Information

  • Comments and race reports are retained indefinitely unless removal is requested.
  • Account information is retained until a deletion request is submitted.

6. Your Rights

If you are in the European Union or similar jurisdictions, you may have the following rights:

  • Access, Correction, and Deletion: Request access to, correction of, or deletion of your data.
  • Restrict Processing: Limit how your data is processed.
  • Object to Processing: Decline specific types of data processing.
  • Withdraw Consent: Revoke consent for optional data processing.
  • Data Portability: Receive your data in a portable format.

To exercise these rights, contact us at info@bflcoaching.com.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience and analyze how our website is used. By using our website, you consent to our use of cookies as described in this Privacy Policy.

Types of Cookies We Use

  • Strictly Necessary Cookies: These cookies are essential for the website to function properly, such as maintaining your language preference selection. These cookies do not require consent.
  • Analytics Cookies (Umami): We use Umami Analytics, a privacy-friendly analytics service, to understand how visitors interact with our website, including page views, time spent on pages, traffic sources, and user behavior patterns. Umami does not use tracking cookies, does not collect personal data, and is fully GDPR compliant. All data is anonymized and used solely for improving our website and services.
  • Error Tracking and Performance Monitoring (Sentry): We use Sentry to monitor website errors, performance issues, and user experience problems. This helps us identify and fix technical issues quickly. Sentry may collect information such as error messages, browser type, IP addresses, and session recordings to help us diagnose problems. All data is anonymized where possible and used solely for improving website functionality and user experience.

Managing Your Cookie Preferences

You can control and manage cookies in several ways:

  • Browser Settings: Most web browsers allow you to manage cookie preferences through your browser settings. You can set your browser to refuse cookies or delete certain cookies. Please note that disabling cookies may affect the functionality of our website.

For more information about Umami's privacy practices, please visit Umami's Privacy Policy.

8. International Data Transfers

Beyond the Finish Line operates primarily in Cyprus. However, some of our service providers and technology platforms may be located outside the European Economic Area (EEA), including in the United States and other countries.

When your personal data is transferred outside the EEA, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements. These safeguards include:

  • Standard Contractual Clauses (SCCs): We use Standard Contractual Clauses approved by the European Commission for transfers to countries without adequate data protection laws.
  • Adequacy Decisions: We may transfer data to countries that the European Commission has determined provide an adequate level of data protection.
  • Service Provider Commitments: Our third-party service providers (such as Google Drive, Umami Cloud, Sentry, Resend, Stripe, Revolut) are contractually obligated to protect your data and comply with applicable data protection laws.

Third-party services that may involve international data transfers include:

  • Google Drive (cloud storage) - United States
  • Umami Cloud (website analytics) - United States
  • Sentry - United States
  • Resend (email service for contact forms) - United States
  • Stripe (payment processing) - United States
  • Revolut - United Kingdom/EEA
  • Training platforms (Intervals.icu, Garmin, etc.) - Various locations

If you have questions about international data transfers or would like more information about the safeguards we have in place, please contact us at info@bflcoaching.com.

9. Third-Party Services

Our website may include links to external platforms or embedded content. We are not responsible for their privacy practices. Review their privacy policies before sharing information.

10. Security Measures

We implement reasonable security measures, including encryption and secure storage systems, to protect your data. However, no system is entirely secure, and absolute protection cannot be guaranteed.

11. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we are committed to responding promptly and transparently in accordance with GDPR requirements.

Our Data Breach Response Process:

  • Timely Notification: If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority (Cyprus Commissioner for Personal Data Protection) within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
  • Breach Details: We will inform you about the nature of the breach, including the categories and approximate number of individuals affected, the categories and approximate number of personal data records concerned, and the likely consequences of the breach.
  • Mitigation Measures: We will describe the measures taken or proposed to address the breach, including measures to mitigate its possible adverse effects and steps you can take to protect yourself.
  • Contact Information: We will provide contact details for our data protection point of contact where you can obtain more information about the breach.

If you suspect any unauthorized access to your account or personal information, please contact us immediately at info@bflcoaching.com.

12. Updates to This Policy

We may revise this Privacy Policy periodically. Updates will include a "Last Updated" date, and significant changes will be communicated via email or our website.

13. Contact Information

For questions or concerns about this Privacy Policy, contact us at: info@bflcoaching.com

By using our services, you acknowledge that you have read and understood this Privacy Policy.