Privacy Policy

The controller of your personal data is MySelf Studio, based in Lisbon.

• Email: myselfstudio.info@gmail.com
• Phone: +351 935 025 672
• Website: www.myselfstudio.pt

Data you provide

• Name, email, and phone number;
• Password (stored securely with hashing);
• Payment data processed directly by Stripe. We do not store full card numbers in our systems;
• History of packs, bookings, and session durations;
• Communication preferences and session ratings.

Data generated by use

• Booking, check-in, and door-unlock records made through the platform;
• IP address, device, and browser, for security and diagnostics;
• Aggregate usage statistics for the website.

Cookies and similar technologies

For more details on the cookies we use, see our Cookies Policy.

We process your data for the following purposes:

• Performance of contract: managing your account, processing Stripe payments, activating bookings and studio access (Art. 6(1)(b) GDPR);
• Compliance with legal obligations: issuing accounting documents and complying with requests from authorities (Art. 6(1)(c));
• Legitimate interest: facility security, fraud prevention, and service improvement (Art. 6(1)(f));
• Consent: marketing communications and non-essential cookies (Art. 6(1)(a)). You can withdraw consent at any time.

Your data may be shared with:

• Stripe: a PCI-DSS certified payment processor that receives and stores the data needed for the transaction;
• Public authorities, whenever required by law or in the course of legal proceedings;
• Technical partners subject to confidentiality clauses and GDPR compliance.

MySelf Studio never sells, rents, or transfers your data to third parties for marketing purposes.

• Account data: while the account is active and up to 12 months after a deletion request;
• Booking and payment history: up to 10 years, in line with Portuguese tax and accounting obligations;
• CCTV footage: up to 30 days, unless needed for incident investigation;
• Technical and security logs: up to 12 months;
• Marketing data based on consent: until you withdraw consent.

We apply appropriate technical and organisational measures to protect your data against loss, unauthorised access, alteration, or disclosure:

• Traffic encrypted with TLS;
• Passwords stored with modern hashing algorithms;
• Restricted access to internal systems via authentication;
• Regular updates of servers and dependencies.

No system is fully secure. You commit to keeping your credentials private and to notifying us if you suspect unauthorised access to your account.

• The studio uses cameras for security purposes only;
• Footage is recorded, encrypted, and stored in a restricted environment;
• There is no real-time monitoring;
• Visible signage is in place at the space entrance;
• Legal basis: legitimate interest in protecting people and property, under Law no. 1/2005.

The service is intended for users aged 18 or older. Minors may only use the studio accompanied by an authorised Personal Trainer and under the PT's responsibility.

Under GDPR, you have the right at any time to:

• Access, rectify, or erase your personal data;
• Request data portability;
• Object to processing based on legitimate interest;
• Withdraw consent for specific purposes;
• Request restriction of processing.

To exercise these rights, email us at myselfstudio.info@gmail.com. We respond within 30 days at most. Some data may be retained to meet legal obligations.

If you believe the processing of your data breaches GDPR, you can lodge a complaint with the Portuguese Data Protection Authority (CNPD):

• Website: www.cnpd.pt
• Email: geral@cnpd.pt
• Phone: +351 213 928 400

We may update this Policy to reflect legal, technical, or operational changes. When changes are significant, we'll notify you by email or through the website. Continued use of the service implies acceptance of the most recent version.

Email: myselfstudio.info@gmail.com
Phone: +351 935 025 672
Address: Lisbon
Website: www.myselfstudio.pt