Data Privacy Policy

Last updated: 15 January 2026

Introduction

focusvbgs Ltd ("we", "our", or "us") is committed to protecting and respecting your privacy. This privacy policy explains how we collect, use, process, and safeguard your personal data when you visit our website or use our analytics services. We are based in Malta and operate under EU data protection laws, including the General Data Protection Regulation (GDPR).

As a data controller, focusvbgs is responsible for ensuring that all personal data we collect is processed lawfully, fairly, and transparently. This policy outlines our data collection practices and your rights regarding your personal information.

Data Controller Information

The data controller responsible for your personal data is:

Data We Collect

We collect and process the following categories of personal data:

Information You Provide Directly

  • Contact Information: Name, email address, phone number, business name, and postal address
  • Business Information: Details about your fitness business, member count, revenue streams, and operational requirements
  • Communication Records: Messages, inquiries, and correspondence with our team
  • Account Information: Login credentials, preferences, and account settings for our analytics platform

Information Collected Automatically

  • Website Usage Data: IP address, browser type, device information, pages visited, and time spent on our website
  • Analytics Data: Information about how you interact with our platform and services
  • Technical Data: Log files, error reports, and system performance data

Information from Third Parties

  • Integration Data: Information from your gym management software and payment systems (with your consent)
  • Marketing Data: Information from legitimate marketing partners and public sources

How We Use Your Information

We process your personal data for the following purposes, based on legitimate legal grounds:

Service Provision (Contract Performance)

  • Providing our gym analytics platform and related services
  • Processing your inquiries and providing customer support
  • Managing your account and billing
  • Delivering reports, insights, and analytics dashboards

Business Operations (Legitimate Interest)

  • Improving our services and developing new features
  • Conducting market research and business analysis
  • Preventing fraud and ensuring platform security
  • Managing our business relationships and communications

Legal Compliance

  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Maintaining records for tax and accounting purposes

Marketing (Consent)

  • Sending newsletters and industry insights (with your consent)
  • Providing information about new services and features
  • Conducting targeted advertising campaigns

Cookies and Tracking Technologies

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

For detailed information about the cookies we use, please refer to our Cookie Policy.

Data Sharing and Disclosure

We do not sell your personal data to third parties. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in delivering our services, including cloud hosting providers, payment processors, and analytics tools. These providers are contractually bound to protect your data and use it only for specified purposes.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new entity, subject to the same privacy protections.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Active Accounts: Data is retained while your account is active and for up to 2 years after account closure
  • Marketing Data: Retained until you unsubscribe or for up to 3 years of inactivity
  • Legal Requirements: Some data may be retained longer to comply with legal obligations
  • Website Analytics: Typically retained for up to 26 months

When data is no longer needed, we securely delete or anonymise it in accordance with our data retention schedule.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

Access and Portability

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Portability: Receive your data in a structured, machine-readable format

Correction and Deletion

  • Right to Rectification: Correct inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances

Processing Control

  • Right to Restrict Processing: Limit how we process your data in certain situations
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict access controls and authentication procedures for our systems
  • Regular Audits: Regular security assessments and vulnerability testing
  • Staff Training: Ongoing privacy and security training for all employees
  • Incident Response: Procedures for detecting and responding to data breaches

While we take every reasonable precaution to protect your data, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

International Data Transfers

As a Malta-based company, your personal data is primarily processed within the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognising equivalent data protection standards
  • Certification schemes and codes of conduct

Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us immediately, and we will take steps to remove such information.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by posting the updated policy on our website and updating the "last updated" date. For significant changes, we may provide additional notice through email or our platform.

Contact Information

If you have any questions about this privacy policy, wish to exercise your data protection rights, or need to contact us regarding data protection matters, please reach out to us:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the Malta Information and Data Protection Commissioner or your local data protection authority.

Supervisory Authority

If you have concerns about how we handle your personal data, you can contact the Malta Information and Data Protection Commissioner:

  • Website: idpc.org.mt
  • Email: idpc.info@idpc.org.mt
  • Phone: +356 2328 7100