Privacy Policy
This Privacy Policy describes how LyfeSport ("the Company", "We", "Us", "Our") collects, uses, and discloses Your information when You use our health and wellness Service, including any associated health-related features and content. It also explains Your privacy rights and how applicable law protects You.
We take the privacy of Your health and wellness data seriously. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. If You do not agree, please discontinue use of the Service.
๐ Table of Contents
- Definitions
- Types of Data Collected
- Health & Wellness Data
- Tracking Technologies & Cookies
- Use of Your Personal Data
- Retention & Transfer of Data
- Disclosure of Personal Data
- Security of Your Personal Data
- Data Breach Notification
- Third-Party Service Providers
- GDPR Privacy Rights
- CCPA Privacy Rights
- Health Data – HIPAA Notice
- Indonesia UU PDP Compliance
- Children's Privacy
- Links to Other Websites
- Changes to This Policy
- Contact Us
1. Interpretation & Definitions
Words with capitalised initial letters carry the meanings defined below, applicable in both singular and plural.
| Term | Definition |
|---|---|
| Account | A unique account created for You to access Our Service. |
| Company | LyfeSport, managed as an Individual Entity in Indonesia. |
| Cookies | Small files placed on Your Device that store browsing details and other usage data. |
| Country | Indonesia (principal place of operations). Global data protection laws also apply where relevant. |
| Device | Any device that can access the Service — computer, mobile phone, tablet, or wearable. |
| Health & Wellness Data | Any information related to Your physical or mental health, fitness, nutrition, sleep, or wellness goals that You provide or that is generated through use of the Service. |
| Personal Data | Any information relating to an identified or identifiable individual. |
| Service | The LyfeSport website accessible at https://www.LyfeSport.web.id and any associated mobile features. |
| Special Category Data | Sensitive personal data including health data, biometric data, and data concerning mental health, as defined under GDPR Article 9. |
| Usage Data | Data collected automatically from the use of the Service — e.g., IP address, browser type, pages visited, session duration. |
| You | The individual or legal entity accessing or using the Service. |
2. Types of Data Collected
Personal Data
When using Our Service, We may ask You to provide personally identifiable information, including but not limited to:
- Email address
- First and last name (optional, for personalised experience)
- Country of residence (for regional compliance)
- Age or date of birth (for age-appropriate content gating)
Usage Data
Usage Data is collected automatically and may include: Device IP address, browser type and version, pages visited, time and date of visit, time spent on pages, unique device identifiers, mobile operating system, and diagnostic data.
Health & Wellness Content Interaction Data
As a health and wellness platform, We may collect or infer the following based on Your interaction with Our content:
- Fitness or workout categories You engage with
- Nutrition or diet topics You browse or save
- Wellness goal categories You interact with (e.g., weight management, mental health)
- Content bookmarks, reading duration, and engagement signals
We do not collect clinical health records, prescriptions, or medical diagnoses. Our Service provides general wellness content only and does not constitute medical advice.
3. Health & Wellness Data
Under GDPR Article 9, data relating to health and physical well-being is classified as Special Category Data and requires explicit, informed consent before processing.
What Health-Related Data We May Collect
If You choose to use interactive features of Our Service (such as fitness trackers, goal setters, or wellness assessments), You may voluntarily provide:
- Physical metrics: height, weight, body mass index (BMI)
- Fitness activity data: exercise type, frequency, and intensity preferences
- Nutrition preferences: dietary restrictions, calorie goals, macro tracking (if applicable)
- Sleep and recovery data: self-reported sleep patterns
- Mental wellness data: stress levels or mood self-assessments (if applicable)
- Wellness goals: weight loss, muscle gain, mental health improvement, etc.
Legal Basis for Processing Health Data
We process Health & Wellness Data only under the following lawful bases:
- Explicit Consent (primary): You provide clear, specific, informed, and unambiguous consent prior to any health data processing.
- Contract performance: Where health data is necessary to deliver the specific service You have requested.
- Vital interests: In emergency situations requiring protection of Your life or safety.
How We Use Health Data
- To personalise health and wellness content recommendations
- To enable interactive tracking features You have opted into
- To provide goal-progress insights within the Service
- Aggregated and anonymised for internal content improvement (never individual profiling)
Health Data Sharing
We do not sell Your health data to third parties. Health data may only be shared:
- With Your explicit consent
- With service providers under strict data processing agreements who are bound by confidentiality obligations
- When required by law
Withdrawing Consent for Health Data
You may withdraw consent for health data processing at any time by contacting Us at lyfesport.global@gmail.com. Withdrawal does not affect processing carried out prior to withdrawal.
Content on LyfeSport is for general informational and educational purposes only. It does not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional before making health decisions.
4. Tracking Technologies & Cookies
We use Cookies and similar tracking technologies (beacons, tags, scripts) to track activity on Our Service and store certain information to improve and analyse our Service.
Types of Cookies We Use
| Cookie Type | Description | Required? |
|---|---|---|
| Essential Cookies | Necessary for the Service to function correctly (e.g., login sessions, security tokens). | Yes — always active |
| Preference Cookies | Remember Your settings and personalisation preferences across sessions. | Optional — requires consent |
| Analytics Cookies | Used by Google Analytics to track aggregate usage data. | Optional — requires consent |
| Advertising Cookies | Used by Google AdSense for contextual ad delivery only. Interest-based or behavioral ad targeting is not enabled on this Service. | Optional — contextual only |
| Session Cookies | Deleted automatically when You close Your browser. | Functional only |
| Persistent Cookies | Remain on Your device until manually deleted or expired. | Optional — consent required |
Cookie Consent
In compliance with GDPR, UK GDPR, and applicable Indonesian regulations, non-essential cookies are only placed on Your device with Your prior consent. You will be presented with a cookie consent banner upon first visiting the Service. You can manage or withdraw consent at any time via Your browser settings or by contacting Us.
Advertising Cookies Notice: Advertising cookies on this Service are used for contextual purposes only. We do not use interest-based or behavioral advertising targeting. The IAB Transparency & Consent Framework (TCF), Google Consent Mode for advertising purposes, and precise geolocation signal collection are not active on this Service. No advertising consent strings or TCF signals are transmitted to ad networks.
Web Beacons
Certain pages and emails may contain web beacons (clear gifs, pixel tags, single-pixel gifs) that allow Us to count user visits and verify system integrity. These are used only for aggregate analytics.
5. Use of Your Personal Data
The Company uses Personal Data for the following purposes:
- Service provision and maintenance — including monitoring service usage and performance.
- Account management — to manage Your registration and give You access to Service features.
- Health & wellness content personalisation — to tailor recommendations to Your preferences and goals (with consent).
- Communications — to contact You by email about updates, security notices, or features related to the Service.
- Marketing communications — to send offers or wellness content similar to what You have engaged with, unless You have opted out.
- Request management — to respond to Your enquiries and support requests.
- Business transfers — in the event of a merger, acquisition, or similar business restructuring, Personal Data may be included among transferred assets.
- Analytics and improvement — for usage trend analysis, campaign effectiveness measurement, and Service improvement. Health data used for this purpose is always anonymised and aggregated.
- Legal compliance — to meet Our obligations under Indonesian law, GDPR, CCPA, and other applicable regulations.
6. Retention & Transfer of Your Personal Data
Retention Period
We retain Your Personal Data only for as long as necessary to fulfil the purposes described in this Policy or as required by law. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of active account + 2 years after deletion request |
| Health & wellness data | Duration of consent or until withdrawal, whichever is earlier |
| Usage data / analytics | Up to 26 months (Google Analytics standard cycle) |
| Email communications | Up to 3 years for legal compliance |
| Cookie data | Per cookie type — see cookie table above |
International Data Transfer
Your Personal Data may be processed outside Your country of residence, including in countries where data protection laws may differ from Your jurisdiction. Where such transfers occur, We ensure that:
- Transfers to EEA countries are protected under GDPR-compliant mechanisms (Standard Contractual Clauses or adequacy decisions).
- All third-party processors are bound by data processing agreements that meet GDPR standards.
- Transfers within ASEAN comply with the ASEAN Data Management Framework where applicable.
7. Disclosure of Your Personal Data
Law Enforcement
We may disclose Your Personal Data if required by law or in response to valid requests by public authorities (court orders, regulatory bodies, or government agencies).
Other Legal Requirements
We may disclose Your Personal Data in good faith to:
- Comply with a legal obligation
- Protect the rights or property of the Company
- Prevent or investigate potential wrongdoing in connection with the Service
- Protect the personal safety of users or the public
- Protect against legal liability
Health Data — Disclosure Restrictions
Health & Wellness Data will never be disclosed to insurers, employers, government entities (except under explicit legal obligation), or advertising networks without Your express written consent.
8. Security of Your Personal Data
The security of Your Personal Data, particularly Health & Wellness Data, is a priority. We implement commercially reasonable technical and organisational measures including:
- HTTPS encryption for all data transmission
- Access controls and role-based data access restrictions
- Regular security assessments and audits
- Data minimisation practices — we collect only what is necessary
No method of transmission over the Internet or electronic storage is 100% secure. While We strive to protect Your data, We cannot guarantee absolute security.
9. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to Your rights and freedoms, We will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33.
- Notify You directly without undue delay if the breach is likely to result in a high risk to Your rights — via the email address associated with Your account or a prominent notice on Our website.
- Document all breaches in Our internal breach register, regardless of notification obligation.
The notification to You will include: the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach.
If You believe Your data has been compromised or wish to report a security concern, contact us immediately at lyfesport.global@gmail.com.
10. Third-Party Service Providers
Third-party vendors may access Your Personal Data to perform services on Our behalf. These providers are contractually obligated to protect Your data and may not use it for any other purpose.
Analytics — Google Analytics
Google Analytics tracks and reports website traffic. Data collected may be shared with other Google services. You can opt out by installing the Google Analytics Opt-out Browser Add-on. For more information: Google Privacy Policy.
Advertising — Google AdSense (Contextual Ads)
LyfeSport uses Google AdSense to display contextual (non-personalized) advertisements. The following advertising features are not enabled on this Service:
- Ad Transparency Controls (IAB TCF) — The IAB Transparency & Consent Framework is not implemented; no TCF consent strings are collected or transmitted.
- Interest-Based or Behavioral Targeting — Ads are served based on page content only, not on Your browsing history, profile, or personal interests.
- Google Consent Mode for Advertising — Consent Mode for advertising purposes is not active; Google tags operate in standard mode without consent-based signal adjustment for ad personalization.
- Precise Geolocation (IAB TCF Special Feature 2) — Precise geolocation data is not collected or transmitted for advertising purposes.
Standard Google AdSense cookies may still be placed for basic ad delivery and frequency capping. You can review and adjust ad preferences via Google Ad Settings. For more information: Google Privacy Policy. Health & Wellness Data is never shared with advertising networks.
Third-Party Health Integrations
If Our Service integrates with third-party health apps or wearable devices in the future, We will update this Policy and obtain Your explicit consent before any health data is shared with such providers.
11. GDPR Privacy (General Data Protection Regulation)
This section applies to users in the European Economic Area (EEA) and the United Kingdom.
Legal Basis for Processing Personal Data
- Consent — You have given explicit consent for processing for one or more specific purposes.
- Contract performance — Processing is necessary to perform a contract with You.
- Legal obligations — Processing is necessary for compliance with a legal obligation.
- Vital interests — Processing is necessary to protect Your vital interests or those of another person.
- Legitimate interests — Processing is necessary for Our legitimate interests, unless overridden by Your interests or fundamental rights.
Special Category Data (Health) — Additional Basis
For health-related data (Article 9 GDPR), we rely solely on explicit consent or vital interests. We do not process health data under legitimate interests.
Your Rights under GDPR
To exercise any of these rights, contact us at lyfesport.global@gmail.com. We will respond within 30 days.
12. CCPA Privacy (California Consumer Privacy Act)
This section applies solely to visitors and users residing in the State of California.
Categories of Personal Information Collected (Last 12 Months)
| Category | Examples | Collected? |
|---|---|---|
| A: Identifiers | IP address, email address | ✅ Yes |
| F: Internet / Network Activity | Website interaction, browsing history on our site | ✅ Yes |
| B: Customer Records | Name (if provided voluntarily) | Optional |
| I: Professional / Employment | Not collected | ❌ No |
| C: Protected Characteristics | Age range (for content gating only) | Limited |
Your Rights under CCPA
- Right to Know — Request disclosure of what personal information We have collected, used, disclosed, or sold.
- Right to Delete — Request deletion of personal information We have collected from You.
- Right to Non-Discrimination — We will not discriminate against You for exercising any CCPA rights.
- Right to Opt-Out of Sale — We do not sell personal information to third parties.
13. Health Data – HIPAA Notice (United States Users)
LyfeSport is a wellness content and education platform. We are not a Covered Entity or Business Associate under the US Health Insurance Portability and Accountability Act (HIPAA). Therefore, HIPAA does not directly govern Our handling of Your data.
However, We voluntarily commit to HIPAA-aligned principles for health data handling:
- Minimum Necessary Standard — We only collect health-related information that is necessary for the specific wellness feature You are using.
- User Control — You retain control over any health data You voluntarily submit and may delete it at any time.
- No Disclosure for Treatment/Payment — We do not transmit Your wellness data to healthcare providers, insurers, or payment processors for clinical purposes.
- Security Safeguards — We apply administrative, physical, and technical safeguards consistent with HIPAA security standards as best practice.
If You require HIPAA-compliant health data management (e.g., for clinical or insurance purposes), please consult a qualified healthcare provider's dedicated platform.
14. Indonesia Personal Data Protection – UU PDP Compliance
As an entity based in Indonesia, LyfeSport is subject to Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi (UU PDP) — Indonesia's Personal Data Protection Law.
Our Obligations under UU PDP
- Consent basis — We obtain Your consent before processing Personal Data, in compliance with UU PDP Article 20.
- Purpose limitation — Data is processed only for the purposes stated in this Policy.
- Data accuracy — We take reasonable steps to ensure Your Personal Data is accurate and up to date.
- Data security — We implement appropriate technical and organisational measures to protect Your data, consistent with UU PDP Article 35.
- Data subject rights — We honour Your rights to access, correct, and delete Your Personal Data as set out in UU PDP Chapter VI.
- Data breach notification — We notify the relevant authority and affected individuals in the event of a personal data breach, in accordance with UU PDP Article 46.
Your Rights under UU PDP
- Right to obtain information about Your Personal Data
- Right to correct incomplete or inaccurate Personal Data
- Right to access and receive a copy of Your Personal Data
- Right to terminate processing and request deletion of Personal Data
- Right to withdraw consent at any time
- Right to file a complaint with Komisi Informasi (KI) or the Ministry of Communication and Information Technology (Kemenkominfo)
15. Children's Privacy
Our Service is not directed to individuals under the age of 13 (or under 16 for users in the European Economic Area, in line with GDPR Article 8).
We do not knowingly collect personally identifiable information from children. Age-specific rules:
| Region | Minimum Age | Legal Basis |
|---|---|---|
| United States | 13 years | COPPA (Children's Online Privacy Protection Act) |
| European Union / EEA | 16 years (or 13–16 with parental consent depending on member state) | GDPR Article 8 |
| United Kingdom | 13 years (with parental consent for 13–17) | UK GDPR / Age Appropriate Design Code |
| Indonesia | 17 years (parental consent required for minors) | UU PDP Article 21 |
If You are a parent or guardian and believe Your child has provided Us with Personal Data, please contact Us immediately at lyfesport.global@gmail.com. We will take prompt steps to delete such information.
Health and wellness content on Our Service featuring exercise, nutrition, or body-related topics is designed for adults. We do not target health goal content at minors.
16. Links to Other Websites
Our Service may contain links to third-party websites. If You click on such a link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. This applies especially to health-related third-party resources — always verify the credibility of external health information.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When We do, We will:
- Post the updated Privacy Policy on this page with a new "Last updated" date.
- Notify You by email (for material changes) or display a prominent notice on the Service.
- For material changes affecting Health & Wellness Data processing, We will seek Your renewed explicit consent before continuing to process such data.
You are advised to review this Privacy Policy periodically. Changes take effect when posted on this page.
18. Contact Us
For any questions about this Privacy Policy, requests to exercise Your rights, or to report a data concern, please contact Us:
Email: lyfesport.global@gmail.com
Website: https://www.LyfeSport.web.id
Entity: LyfeSport (Individual Entity, Indonesia)
Response time: We aim to respond within 14 business days, and no later than 30 days for formal data subject requests under GDPR or UU PDP.