Updated

Januari 2026

Updated

Januari 2026

Updated

Januari 2026

Privacy Policy


This Privacy Policy describes how MRP collects, uses, stores and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish law.

By using MRP’s services, you acknowledge and accept this Privacy Policy.


1. Data Controller

MRP is the data controller responsible for the processing of personal data.

Business name: Matteus Rehab & Performance
Business structure: Sole proprietorship (enskild firma)
Country of registration: Sweden
Contact: Via the official MRP platform or provided contact details on the website


2. Personal Data We Collect

MRP collects and processes personal data necessary to deliver coaching and training services.

a) Identity & contact information

  • Name

  • Email address

  • Phone number

b) Health & training-related data (special category data)

  • Training history

  • Injury history

  • Physical capacity and limitations

  • Load monitoring data

  • Subjective ratings (fatigue, soreness, recovery, etc.)

  • Lifestyle-related information voluntarily provided

c) Technical and usage data

  • App usage and interaction data

  • Communication within the digital platform

d) Payment-related data

  • Billing information processed via Stripe

MRP does not store full payment card details.


3. Purpose of Processing

Personal data is processed for the following purposes:

  • Delivering coaching and training services

  • Creating, adjusting and managing individualized training systems

  • Monitoring load, recovery and progression

  • Communication related to the service

  • Payment processing and administration

  • Compliance with legal and accounting obligations


4. Legal Basis for Processing

Personal data is processed based on:

  • Contractual necessity – to deliver the agreed coaching service

  • Explicit consent – for processing health-related and sensitive data

  • Legal obligation – accounting and regulatory requirements

Explicit consent for processing health-related data is obtained when the client completes onboarding and actively uses the service.


5. Storage Systems & Data Processors

MRP uses trusted third-party services that act as data processors on behalf of MRP:

  • Everfit – storage of training data, load monitoring and communication

  • Google services – secure storage of screening and onboarding documentation

  • Stripe – payment processing

These providers comply with GDPR and have appropriate data processing agreements in place.

Some providers may process data outside the EU/EEA in accordance with approved GDPR safeguards, such as standard contractual clauses.

Access to personal and health-related data is restricted to MRP only.


6. Data Retention

Personal data is stored only as long as necessary to fulfill the purposes described in this policy.

  • Active client data is stored during the service period

  • Health and training-related data is normally stored for up to 24 months after the end of the service

  • Data may be retained longer where required by law (e.g. accounting regulations)

You may request deletion of your personal data at any time, subject to mandatory legal retention requirements.


7. Data Sharing

MRP does not sell or share personal data with third parties for marketing purposes.

Personal data is shared only with:

  • Essential service providers acting as data processors

  • Authorities where required by law


8. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate or incomplete data

  • Request deletion of personal data

  • Restrict or object to certain processing

  • Request data portability

Requests will be handled within 30 days in accordance with GDPR.


9. Data Security

MRP implements appropriate technical and organizational measures to protect personal data, including:

  • Secure authentication and restricted access

  • Use of GDPR-compliant platforms

  • Reasonable safeguards against unauthorized access, loss or misuse


10. Changes to This Privacy Policy

This Privacy Policy may be updated to reflect legal, technical or operational changes.

The latest version will always be available on MRP’s website.


11. Contact

For questions regarding this Privacy Policy or the processing of personal data, please contact MRP through the official platform or contact details provided on the website.


This Privacy Policy describes how MRP collects, uses, stores and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish law.

By using MRP’s services, you acknowledge and accept this Privacy Policy.


1. Data Controller

MRP is the data controller responsible for the processing of personal data.

Business name: Matteus Rehab & Performance
Business structure: Sole proprietorship (enskild firma)
Country of registration: Sweden
Contact: Via the official MRP platform or provided contact details on the website


2. Personal Data We Collect

MRP collects and processes personal data necessary to deliver coaching and training services.

a) Identity & contact information

  • Name

  • Email address

  • Phone number

b) Health & training-related data (special category data)

  • Training history

  • Injury history

  • Physical capacity and limitations

  • Load monitoring data

  • Subjective ratings (fatigue, soreness, recovery, etc.)

  • Lifestyle-related information voluntarily provided

c) Technical and usage data

  • App usage and interaction data

  • Communication within the digital platform

d) Payment-related data

  • Billing information processed via Stripe

MRP does not store full payment card details.


3. Purpose of Processing

Personal data is processed for the following purposes:

  • Delivering coaching and training services

  • Creating, adjusting and managing individualized training systems

  • Monitoring load, recovery and progression

  • Communication related to the service

  • Payment processing and administration

  • Compliance with legal and accounting obligations


4. Legal Basis for Processing

Personal data is processed based on:

  • Contractual necessity – to deliver the agreed coaching service

  • Explicit consent – for processing health-related and sensitive data

  • Legal obligation – accounting and regulatory requirements

Explicit consent for processing health-related data is obtained when the client completes onboarding and actively uses the service.


5. Storage Systems & Data Processors

MRP uses trusted third-party services that act as data processors on behalf of MRP:

  • Everfit – storage of training data, load monitoring and communication

  • Google services – secure storage of screening and onboarding documentation

  • Stripe – payment processing

These providers comply with GDPR and have appropriate data processing agreements in place.

Some providers may process data outside the EU/EEA in accordance with approved GDPR safeguards, such as standard contractual clauses.

Access to personal and health-related data is restricted to MRP only.


6. Data Retention

Personal data is stored only as long as necessary to fulfill the purposes described in this policy.

  • Active client data is stored during the service period

  • Health and training-related data is normally stored for up to 24 months after the end of the service

  • Data may be retained longer where required by law (e.g. accounting regulations)

You may request deletion of your personal data at any time, subject to mandatory legal retention requirements.


7. Data Sharing

MRP does not sell or share personal data with third parties for marketing purposes.

Personal data is shared only with:

  • Essential service providers acting as data processors

  • Authorities where required by law


8. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate or incomplete data

  • Request deletion of personal data

  • Restrict or object to certain processing

  • Request data portability

Requests will be handled within 30 days in accordance with GDPR.


9. Data Security

MRP implements appropriate technical and organizational measures to protect personal data, including:

  • Secure authentication and restricted access

  • Use of GDPR-compliant platforms

  • Reasonable safeguards against unauthorized access, loss or misuse


10. Changes to This Privacy Policy

This Privacy Policy may be updated to reflect legal, technical or operational changes.

The latest version will always be available on MRP’s website.


11. Contact

For questions regarding this Privacy Policy or the processing of personal data, please contact MRP through the official platform or contact details provided on the website.


This Privacy Policy describes how MRP collects, uses, stores and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Swedish law.

By using MRP’s services, you acknowledge and accept this Privacy Policy.


1. Data Controller

MRP is the data controller responsible for the processing of personal data.

Business name: Matteus Rehab & Performance
Business structure: Sole proprietorship (enskild firma)
Country of registration: Sweden
Contact: Via the official MRP platform or provided contact details on the website


2. Personal Data We Collect

MRP collects and processes personal data necessary to deliver coaching and training services.

a) Identity & contact information

  • Name

  • Email address

  • Phone number

b) Health & training-related data (special category data)

  • Training history

  • Injury history

  • Physical capacity and limitations

  • Load monitoring data

  • Subjective ratings (fatigue, soreness, recovery, etc.)

  • Lifestyle-related information voluntarily provided

c) Technical and usage data

  • App usage and interaction data

  • Communication within the digital platform

d) Payment-related data

  • Billing information processed via Stripe

MRP does not store full payment card details.


3. Purpose of Processing

Personal data is processed for the following purposes:

  • Delivering coaching and training services

  • Creating, adjusting and managing individualized training systems

  • Monitoring load, recovery and progression

  • Communication related to the service

  • Payment processing and administration

  • Compliance with legal and accounting obligations


4. Legal Basis for Processing

Personal data is processed based on:

  • Contractual necessity – to deliver the agreed coaching service

  • Explicit consent – for processing health-related and sensitive data

  • Legal obligation – accounting and regulatory requirements

Explicit consent for processing health-related data is obtained when the client completes onboarding and actively uses the service.


5. Storage Systems & Data Processors

MRP uses trusted third-party services that act as data processors on behalf of MRP:

  • Everfit – storage of training data, load monitoring and communication

  • Google services – secure storage of screening and onboarding documentation

  • Stripe – payment processing

These providers comply with GDPR and have appropriate data processing agreements in place.

Some providers may process data outside the EU/EEA in accordance with approved GDPR safeguards, such as standard contractual clauses.

Access to personal and health-related data is restricted to MRP only.


6. Data Retention

Personal data is stored only as long as necessary to fulfill the purposes described in this policy.

  • Active client data is stored during the service period

  • Health and training-related data is normally stored for up to 24 months after the end of the service

  • Data may be retained longer where required by law (e.g. accounting regulations)

You may request deletion of your personal data at any time, subject to mandatory legal retention requirements.


7. Data Sharing

MRP does not sell or share personal data with third parties for marketing purposes.

Personal data is shared only with:

  • Essential service providers acting as data processors

  • Authorities where required by law


8. Your Rights Under GDPR

You have the right to:

  • Access your personal data

  • Request correction of inaccurate or incomplete data

  • Request deletion of personal data

  • Restrict or object to certain processing

  • Request data portability

Requests will be handled within 30 days in accordance with GDPR.


9. Data Security

MRP implements appropriate technical and organizational measures to protect personal data, including:

  • Secure authentication and restricted access

  • Use of GDPR-compliant platforms

  • Reasonable safeguards against unauthorized access, loss or misuse


10. Changes to This Privacy Policy

This Privacy Policy may be updated to reflect legal, technical or operational changes.

The latest version will always be available on MRP’s website.


11. Contact

For questions regarding this Privacy Policy or the processing of personal data, please contact MRP through the official platform or contact details provided on the website.