Privacy Policy

Last updated:

Musclestrengthao ("we," "us," or "our") operates the website musclestrengthao.ddd. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679), the Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, UAVG), and other applicable Dutch and EU data protection legislation.

1. Data Controller

The data controller responsible for your personal data is:

  • Musclestrengthao
  • Katwijkerlaan 105, 2641 PE Pijnacker, Netherlands
  • Email: welcome@musclestrengthao.world
  • Phone: +31 15 369 6767

We have not appointed a Data Protection Officer (DPO), as we do not carry out large-scale systematic monitoring or processing of special categories of data. For all privacy-related matters, please use the contact details above.

2. Data We Collect

We may collect the following categories of personal data:

2.1 Data You Provide Directly

  • Full name (via our contact form)
  • Email address (via our contact form)
  • Message content (via our contact form)
  • Consent confirmation (GDPR checkbox)

2.2 Data Collected Automatically

  • IP address (anonymized where possible)
  • Browser type and version
  • Operating system
  • Pages visited, time of visit, and referring URL
  • Cookie identifiers (see our Cookie Policy)

3. Purposes of Data Processing

We process your personal data for the following purposes:

  • To respond to inquiries submitted via our contact form
  • To improve and optimize our website content and user experience
  • To analyze website usage patterns and performance
  • To comply with legal obligations
  • To ensure the security and functionality of our website

4. Legal Basis for Processing

Under Article 6 of the GDPR, we process your data based on the following legal grounds:

  • Consent (Art. 6(1)(a)): When you submit the contact form and check the GDPR consent box, or when you accept optional cookies
  • Legitimate Interest (Art. 6(1)(f)): For website analytics, security monitoring, and improving our educational content
  • Legal Obligation (Art. 6(1)(c)): When required to comply with applicable Dutch or EU law

Where we rely on legitimate interests, we balance those interests against your rights and freedoms and do not process your data where your interests override ours. We do not use your contact details for direct marketing unless you have given separate, explicit consent.

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal data to third parties. We may share data with the following categories of recipients (processors or sub-processors), only where necessary and subject to appropriate safeguards:

  • Web hosting providers: To host and maintain our website infrastructure within the EEA where possible
  • Content delivery networks (CDN): For example, to deliver fonts and icons (such as cdnjs.cloudflare.com), which may process technical connection data
  • Analytics services: Only if you have given consent to non-essential analytics cookies; such services are not loaded before consent is granted
  • Legal authorities: When required by applicable Dutch or EU law, or to protect our legitimate interests in accordance with the law

All third-party processors act on our instructions and are bound by written data processing agreements (Article 28 GDPR) or equivalent legal mechanisms. A list of specific processors is available on request.

6. Data Retention

We retain your personal data only as long as necessary for the purposes described above:

  • Contact form submissions: Retained for up to 12 months after the inquiry is resolved, then securely deleted
  • Analytics data: Anonymized and retained for up to 26 months
  • Cookie consent records: Retained for up to 12 months

7. Your Rights Under GDPR and the UAVG

As a data subject in the Netherlands or the EEA, you have the following rights under the GDPR and the UAVG:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten") where applicable
  • Right to Restrict Processing (Art. 18): Request limitation of data processing in certain circumstances
  • Right to Data Portability (Art. 20): Receive data you provided to us in a structured, commonly used, machine-readable format, where processing is based on consent or contract and carried out by automated means
  • Right to Object (Art. 21): Object to processing based on legitimate interests, including profiling; object at any time to processing for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
  • Right not to be subject to automated decision-making (Art. 22): We do not use automated decision-making or profiling that produces legal or similarly significant effects

To exercise any of these rights, contact us at welcome@musclestrengthao.world. We will respond within one month, as required by GDPR Article 12(3). This period may be extended by two further months where necessary, taking into account the complexity and number of requests; we will inform you of any extension and the reasons. We may request reasonable information to verify your identity before responding.

If you believe your rights have been infringed, you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) without prejudice to any other administrative or judicial remedy.

8. Cookies

Our website uses cookies and similar technologies. For detailed information about the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

9. Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Autoriteit Persoonsgegevens without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with GDPR Articles 33 and 34. Where the breach is likely to result in a high risk to you, we will also inform you in clear and plain language, unless an exception under the law applies.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Regular security assessments and updates
  • Access controls limiting data access to authorized personnel only
  • Secure data storage with backup procedures

11. International Data Transfers

Your personal data is primarily processed within the European Economic Area (EEA). If any data transfer outside the EEA is necessary, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately so we can take appropriate action.

13. Supervisory Authority

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.

15. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us: