Categories

Optimal-Set

The FitLine® foundation — energy and recovery

Fitness

Performance, recovery & sport

Vitality

Nutrients, well-being & immune system

Figure

Weight management & metabolism

ProductsKnowledgeShop

Services

Vital-Check

Free, individual evaluation tailored to Your goals.

restart your life

4-phase programme — reset Your metabolism, change Your habits.

Become a Partner

Become an independent FitLine® partner and build Your own business.

Contact

Ask Us anything — reply via WhatsApp or email.

Vital-Check

Privacy Policy

Last updated: 29 April 2026

This privacy policy explains how we process your personal data when you visit vitalfit.team (the "Site") or submit one of the forms available on the Site (contact request, Vital-Check). It is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR") and the German Federal Data Protection Act (BDSG-neu). For visitors from the United Kingdom the equivalent UK GDPR and the Data Protection Act 2018 apply.

1. Data controller

The data controller is:

Timo Altholtmann
Wester 312
48607 Ochtrup, Germany
Email: [email protected]

VitalFit is a personal project run by Timo Altholtmann as an independent Team Partner of PM-International AG. This Site is not an official site of PM-International AG or FitLine®. No Data Protection Officer (DPO) has been appointed, because the processing does not fall within the cases of mandatory appointment under Art. 37 GDPR.

2. Categories of data processed

  • Contact data that you voluntarily provide via the forms on the Site: name, email address, optional phone number, content of your message.
  • Vital-Check data (optional questionnaire): answers about your wellness goals, dietary habits, physical activity and — if you enter them on your own initiative — information about your state of health. Such information constitutes a special category of personal data within the meaning of Art. 9 GDPR (data concerning health).
  • Browsing data automatically collected: IP address (truncated to /24 before persistent storage), user-agent, pages visited, date and time, referrer.

3. Purposes and legal basis of processing

  • Replying to your contact requests: Art. 6(1)(b) GDPR (taking steps at your request prior to entering into a contract).
  • Processing your Vital-Check: Art. 9(2)(a) GDPR — your explicit consent in combination with Art. 6(1)(a) GDPR.
  • Security and abuse prevention (rate limiting, anti-bot, logs): Art. 6(1)(f) GDPR (legitimate interest in the security of the Site).
  • Partner / affiliate tracking via a technical cookie: Art. 6(1)(b) GDPR (proper handling of the pre-contractual relationship).

The Vital-Check evaluation produces only informational suggestions and does not constitute a medical diagnosis, therapy or healthcare advice in any way.

4. Recipients of your data

Your data may be disclosed to the following providers, who act as data processors (Art. 28 GDPR) under formal data-processing agreements (DPAs):

Cloudflare, Inc. (USA / EU data centres)

CDN provider and anti-DDoS protection. Processes IP addresses and request metadata.

Migadu Mail AG (Switzerland)

Email service provider for sending confirmation and reply emails.

Hetzner Online GmbH (Germany)

Server and database hosting.

Your data is not sold, rented or disclosed to third parties for marketing purposes.

5. Transfers outside the EU/EEA

Cloudflare is headquartered in and operates servers in the United States of America. Such transfers are based on the Standard Contractual Clauses (SCCs) approved by the European Commission in Implementing Decision (EU) 2021/914, supplemented — where applicable — by the provider's participation in the EU-U.S. Data Privacy Framework (Commission adequacy decision of 10 July 2023). Switzerland is recognised as a country offering an adequate level of protection (Art. 45 GDPR).

You can request a copy of the applicable safeguards by writing to [email protected].

6. Retention periods

  • Contact data from the lead form: 24 months from the last contact.
  • Vital-Check data (special categories, Art. 9 GDPR): 6 months from the date of submission, after which the records are irreversibly deleted.
  • Security logs (truncated IP, user-agent): up to 30 days.

7. Your rights

As a data subject, you may exercise the following rights at any time under Articles 15–22 GDPR:

  • access to your personal data (Art. 15);
  • rectification of inaccurate or incomplete data (Art. 16);
  • erasure ("right to be forgotten", Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • objection to processing based on legitimate interest (Art. 21);
  • withdrawal of consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) GDPR);

To exercise your rights, contact us at [email protected]. We will respond without undue delay and in any case within one month (Art. 12(3) GDPR).

8. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority. Because the controller is established in Germany, the lead supervisory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestr. 2–4, 40213 Düsseldorf, Germany
ldi.nrw.de

Visitors from the United Kingdom may alternatively contact the Information Commissioner's Office (ICO, ico.org.uk).

9. Cookies and similar technologies

We use cookies and similar technologies as follows:

  • Strictly necessary and session cookies (consent cookie cookie-consent-v1): no consent required because they are strictly necessary to provide the service.
  • Third-party analytics, marketing or profiling cookies: installed only after your explicit consent given through the cookie banner on your first visit.

The cookie banner allows you to accept all, reject all or granularly select categories. Closing the banner via "X" or scrolling the page does not amount to valid consent. You can change or withdraw your preferences at any time by clicking "Cookie settings" in the footer.

In addition, the knowledge area stores your reading progress — i.e. which guide articles you have already read — in your browser's local storage (entry vf-wissen-progress) in order to show your progress on the learning path. This information never leaves your device, is not transmitted to us and is not used for tracking; as strictly necessary functional storage for a feature you explicitly use, it does not require consent. You can remove it at any time by clearing this website's site data in your browser.

10. Data security

We adopt appropriate technical and organisational measures (Art. 32 GDPR), including: TLS 1.3 encryption in transit, hashing of sensitive tokens (Web Crypto), truncation of IP addresses, administrative access protected by multi-factor authentication, encrypted backups and the principle of data minimisation.

11. Changes

We reserve the right to update this privacy policy. The applicable version is always the one published on this page, with the date of last update shown above.