Courses
START HERE IFBB Coaching Fundamentals Course - Free IFBB Personal Trainer Course SPECIALIZE IFBB Advanced Nutrition Course IFBB Advanced Resistance Training Course IFBB Posing Coach Course COMPETITION / MASTER IFBB Competition Coach IFBB Master Coach Program
Free IFBB Webinars
Resources
Blog Podcast Free IFBB Webinars FAQ Find a Coach
Student Login
Find Your Course
Privacy & Data Protection

IFBB Nordic Academy Privacy Notice

This Privacy Notice explains how IFBB Nordic Academy Oy processes your personal data when you use our website, mobile application, digital services, courses, and direct communication channels.

Effective from June 1, 2025. This version replaces the Privacy Notice dated March 10, 2022.

Read Notice Contact Privacy Team

Your privacy at a glance

We process personal data to provide education services, manage accounts, issue certificates, process payments, improve our services, and communicate with users.

  • Controller: VI Coaching Ltd
  • Address: Mäkitarhankatu 4, 15320 Lahti, Finland
  • DPO email: info@ifbbacademynordic.com
  • Frameworks: GDPR, CPRA, DSA, and applicable Finnish law
Clear rights Access, correct, erase, restrict, object, and port your data
Security measures Encryption, access controls, testing, and monitoring
Cookie control EU/EEA users can accept or decline non-necessary cookies
International safeguards SCCs, TIAs, and EU-U.S. Data Privacy Framework where applicable

1. Introduction and Scope

This Privacy Notice explains how VI Coaching Ltd ("IFBB," "we," "us," "our") processes your personal data when you use our website ifbbacademynordic.com and its subdomains, our mobile application, and our digital services and courses.

This notice also covers direct communication with us via email, chat, or social media. Third-party sites and services process data according to their own policies.

2. Data Controller and Contact Information

  • Data Controller: VI Coaching Ltd (Business ID [Insert Actual ID])
  • Postal address: Mäkitarhankatu 4, 15320 Lahti, Finland
  • Data Protection Officer: Ville Isola
  • Email: info@ifbbacademynordic.com
You can contact us regarding any matter in this notice. The supervisory authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja.fi).

3. What Personal Data We Process

We process different data depending on your interaction with our services. This includes:

  • Basic Information: Name, date of birth, gender, and contact details.
  • Account Information: Username, password, and order history.
  • Course Information: Completions, certificates, feedback, and practical assignments.
  • Payment Information: Last four digits of payment card, payment method, and billing address. Full card details are processed by a third-party payment provider.
  • Technical Information: IP address, device identifiers, browser type, log data, and cookies.
  • Location Data: Coarse location at country level and precise GPS location if you grant permission.
  • Profiling Data: Course preferences and purchasing behavior.
We do not process special categories of personal data, also known as sensitive data, unless required by law and accompanied by your explicit consent.

4. Purposes, Legal Bases, and Retention Periods

We process your data based on specific legal grounds and retain it only as long as necessary.

Providing Services and Managing Accounts

Purpose: To deliver courses, maintain your account, and issue certificates.

Legal basis: Performance of a contract.

Retention: Duration of the active account plus 2 years. Certificate records are kept permanently to verify qualifications.

Processing Payments and Accounting

Purpose: To manage billing and comply with financial laws.

Legal basis: Legal obligation.

Retention: 6 years from the end of the financial year, according to the Finnish Accounting Act.

Marketing and Communications

Purpose: To send newsletters and course updates.

Legal basis: Consent.

Retention: Until you withdraw consent or opt out.

Service Development and Analytics

Purpose: To monitor service performance and improve the user experience.

Legal basis: Legitimate interest.

Retention: 2 years.

Once the retention period expires, we permanently delete or anonymize the data.

5. Cookies and Similar Technologies

We use cookies, SDKs, and tracking pixels for necessary site functions, analytics, and advertising.

  • Necessary: Enable basic site functions.
  • Analytics: Measure and understand site usage, including Google Analytics 4.
  • Advertising: Target personalized advertising, including Meta Ads and Google Ads.

When you first visit our site in the EU/EEA, a cookie banner allows you to accept or decline non-necessary cookies. You can update these settings at any time via the "Cookie Settings" link.

We support the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we automatically block advertising cookies. Read our separate Cookie Policy for full details.

6. Profiling and Automated Decision-Making

We analyze course and browsing data to recommend relevant educational materials. This profiling does not produce legal effects or significantly impact you. We do not use automated decision-making as defined by GDPR Article 22.

7. International Transfers

Our primary servers are in Finland and Germany. Some partners, such as Stripe, Mailchimp, Meta, and Google, may process data in the United States. We transfer data outside the EU/EEA only under appropriate safeguards.

  • The partner is certified under the EU-U.S. Data Privacy Framework.
  • We use EU Standard Contractual Clauses (SCCs) combined with a Transfer Impact Assessment (TIA).
You can request a copy of these safeguards by contacting us.

8. To Whom We Disclose Data

We disclose data only to the necessary extent to the following parties:

  • Service Providers: IT maintenance, cloud hosting, payment gateways, and communication tools.
  • Marketing Partners: Only if you have given explicit consent.
  • Authorities: When mandated by law.
  • Business Transfers: In the event of a merger or acquisition.
We do not sell your personal data. California residents can opt out of data sharing with advertising networks via Profile → Privacy Settings.

9. Data Subject Rights

EU/EEA & UK (GDPR) Rights

  • Access your data.
  • Rectify incorrect data.
  • Erase data, also known as the right to be forgotten.
  • Restrict processing.
  • Object to processing, including profiling.
  • Data portability.
  • Withdraw consent at any time.

California (CPRA) Rights

  • Know, delete, and correct personal information.
  • Limit the use of sensitive personal information.
  • Opt out of the sale or sharing of personal information.
  • Receive non-discriminatory service.

Exercise your rights through your account settings or by emailing our DPO. We respond to all requests within 30 days. You have the right to file a complaint with the Data Protection Ombudsman in Finland, the ICO in the UK, or the CPPA in California if you believe we are processing your data unlawfully.

10. Data Security Measures

We protect your data using industry standard practices:

  • TLS 1.3 encrypted traffic and HSTS.
  • Firewalls and IDS/IPS systems.
  • Regular penetration testing.
  • Role-based access controls.
  • Two-factor authentication for all personnel.
No system is entirely secure. If we detect a high-risk data breach, we will notify you and the relevant authorities within 72 hours.

11. Children's Data

Our services are intended for adults aged 18 years and older. We do not knowingly collect data from minors. If you become aware that a minor has provided us with personal data, contact us immediately so we can delete it.

12. Social Media and Third-Party Links

Our site contains links and plug-ins to platforms like Facebook, Instagram, TikTok, YouTube, and LinkedIn. Interacting with these features means the respective service providers process your data according to their own privacy policies.

13. Digital Content Moderation (DSA)

To comply with the Digital Services Act for user-generated content, such as discussion forums and assignment uploads:

  • We provide a clear "Report illegal content" form.
  • We process reports within 48 hours.
  • We publish transparency reports on removed content twice a year.

14. Changes to This Notice

We update this notice as necessary. We will notify you of significant changes via email or an in-app alert 14 days before the changes take effect.

15. Contact and Complaints

Email: info@ifbbacademynordic.com

Postal Address: VI Coaching Ltd, Mäkitarhankatu 4, 15320 Lahti, Finland

If you are unsatisfied with our response to a privacy concern, contact the Office of the Data Protection Ombudsman (tietosuoja.fi) or your local supervisory authority.

Need help with a privacy request?

Contact our Data Protection Officer at info@ifbbacademynordic.com. Please include enough information for us to identify your account and understand your request.

© 2026 VI Coaching Ltd – All rights reserved.