GDPR & Data-Protection Rights
This page complements our Privacy Policy and sets out how we meet the EU/UK General Data Protection Regulation (GDPR) for users in the European Economic Area and the United Kingdom. As a Swiss-based controller, we also comply with the Swiss Federal Act on Data Protection (FADP).
1. Who is responsible for your data
The data controller is PLO Hero, operated by R. Rezgui (full operator and address details in our Impressum). You can reach us about any data-protection matter at hello@plo-hero.com.
2. Legal bases for processing
We rely on the following lawful bases under Article 6 GDPR:
| What we do | Legal basis (Art. 6 GDPR) |
|---|---|
| Provide your account and the training Service | (b) performance of a contract |
| Authentication, security and abuse prevention | (b) contract / (f) legitimate interests |
| Process payments and manage subscriptions | (b) contract / (c) legal obligation |
| Send service emails (verification, confirmations, notices) | (b) performance of a contract |
| Analytics to measure and improve the Service (Google Analytics) | (a) consent |
| Meet legal, tax and accounting duties | (c) legal obligation |
Analytics cookies (Google Analytics) run only if you consent via our cookie banner; declining does not affect your use of the Service. Where we rely on consent (Art. 6(1)(a)), you can withdraw it at any time — use the Cookie settings link in any page footer — without affecting processing carried out before withdrawal.
3. Your rights
If you are in the EEA or UK, you have the right to:
- Access — get a copy of the personal data we hold about you.
- Rectification — have inaccurate or incomplete data corrected.
- Erasure — ask us to delete your data (“right to be forgotten”).
- Restriction — ask us to limit how we use your data.
- Objection — object to processing based on our legitimate interests.
- Portability — receive your data in a structured, machine-readable format.
- Withdraw consent — where processing is based on consent.
4. How to exercise your rights
Email hello@plo-hero.com from the address on your account. We will respond within one month, as required by the GDPR (this period may be extended for complex requests, in which case we will tell you). We do not charge for genuine requests. You can also delete much of your data yourself in the app (hands, sessions and your account).
5. International transfers
We host data in Switzerland and/or the EU. Switzerland benefits from an EU adequacy decision. Some sub-processors (e.g. Stripe and Google) may process data in the United States; such transfers are protected by appropriate safeguards, such as the European Commission’s Standard Contractual Clauses. The current list of sub-processors is in our Privacy Policy.
6. Automated decision-making
We do not carry out automated decision-making that produces legal or similarly significant effects about you. The coaching feedback and statistics in the app are educational and have no effect outside the Service.
7. Data retention
We keep personal data while your account is active and delete it on account closure or request, except records we must retain to meet legal obligations (e.g. accounting records, up to 10 years under Swiss law). See the Privacy Policy for details.
8. Complaints
If you have concerns, please contact us first so we can help. You also have the right to lodge a complaint with a supervisory authority — your local Data Protection Authority in the EEA/UK, or the Swiss Federal Data Protection and Information Commissioner (FDPIC).
9. EU representative
As a small Swiss provider we do not currently maintain a separate EU representative. You can contact us directly about any data-protection matter at hello@plo-hero.com, and we will respond promptly.
10. Contact
For any GDPR or data-protection question, email hello@plo-hero.com.