Privacy Policy
Last Updated: January 12, 2026
1. Introduction
Zentrio Limited OÜ ("Company", "We", "Our", or "Us"), registry code 17125131, registered at Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia, operates the Norisa digital fitness application and website (the "Product").
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Product, in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
By using our Product, you agree to the collection and use of your data as described in this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
Zentrio Limited OÜ
Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia
Email: info@norisa.fr
3. Personal Data We Collect
We collect the following categories of personal data:
Information you provide directly:
- Name and email address
- Age
- Weight
- Fitness goals
- Health-related information (such as water intake habits, injuries, physical limitations)
- Payment information (processed securely by our payment providers)
Information collected automatically:
- Device information (device type, operating system)
- IP address
- Browser type
- Usage data (pages visited, features used, time spent)
- Advertising identifiers and cookie data
4. How We Use Your Data
We use your personal data for the following purposes:
- To provide and personalize our fitness programs based on your goals and health information
- To process your payments and manage your subscription
- To communicate with you about your account, purchases, and customer support
- To send you marketing communications (with your consent)
- To analyze and improve our Product
- To display relevant advertisements and measure their effectiveness
5. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
Contract: Processing necessary to provide you with the Product and services you purchased.
Consent: Processing of health-related data and sending marketing communications, based on your explicit consent.
Legitimate Interest: Processing for analytics, fraud prevention, and improving our services.
Legal Obligation: Processing required to comply with applicable laws.
6. Health Data
Some of the data we collect (such as information about injuries, physical limitations, and health habits) may be considered special category data under the GDPR. We process this data based on your explicit consent, which you provide when completing our quiz. You may withdraw your consent at any time by contacting us at info@norisa.fr.
7. Third-Party Service Providers
We share your personal data with the following categories of service providers who process data on our behalf:
Quiz and Landing Page:
- Heyflow GmbH (Germany) — to collect your quiz responses and process purchases
Payment Processing:
- Stripe, Inc. (USA) — to process card payments
- PayPal (Europe) — to process PayPal payments
App Delivery:
- Movement.so — to deliver our fitness content and track your progress
Email Marketing:
- Klaviyo, Inc. (USA) — to send transactional and marketing emails
Advertising and Analytics:
- Meta Platforms, Inc. (USA) — for advertising on Facebook and Instagram, and conversion tracking
- Google LLC (USA) — for advertising on Google and analytics
These providers are contractually obligated to protect your data and only process it according to our instructions.
8. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), including in the United States. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on the provider's certification under the EU-US Data Privacy Framework.
9. Data Retention
We retain your personal data for as long as necessary to provide you with our services and fulfill the purposes described in this Privacy Policy. Specifically:
- Account and subscription data: retained while your account is active and for 3 years after termination for legal and accounting purposes.
- Payment records: retained for 7 years as required by tax and accounting laws.
- Marketing data: retained until you withdraw consent or unsubscribe.
10. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of Access: You can request a copy of your personal data.
Right to Rectification: You can request correction of inaccurate data.
Right to Erasure: You can request deletion of your data ("right to be forgotten").
Right to Restriction: You can request that we limit how we use your data.
Right to Data Portability: You can request your data in a machine-readable format.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at info@norisa.fr. We will respond within 30 days.
11. Marketing Communications
With your consent, we may send you marketing emails about our products, promotions, and fitness tips. You can unsubscribe at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at info@norisa.fr.
Unsubscribing from marketing emails will not affect transactional emails related to your account or purchases.
12. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your browsing activity and to deliver personalized advertising.
Essential Cookies: Required for the website to function properly. These cannot be disabled.
Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics).
Advertising Cookies: Used to deliver relevant ads and track ad performance (e.g., Meta Pixel, Google Ads).
You can manage your cookie preferences through our cookie consent banner when you first visit our website, or through your browser settings.
13. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
14. Children's Privacy
Our Product is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately at info@norisa.fr.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.
16. Complaints
If you have concerns about how we handle your personal data, please contact us first at info@norisa.fr. You also have the right to lodge a complaint with your local data protection authority. For users in France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL) at www.cnil.fr.
17. Contact Us
For any questions or requests regarding this Privacy Policy or your personal data, contact us:
Zentrio Limited OÜ
Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia
Email: info@norisa.fr
1. Introduction
Zentrio Limited OÜ ("Company", "We", "Our", or "Us"), registry code 17125131, registered at Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia, operates the Norisa digital fitness application and website (the "Product").
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Product, in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
By using our Product, you agree to the collection and use of your data as described in this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
Zentrio Limited OÜ
Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia
Email: info@norisa.fr
3. Personal Data We Collect
We collect the following categories of personal data:
Information you provide directly:
- Name and email address
- Age
- Weight
- Fitness goals
- Health-related information (such as water intake habits, injuries, physical limitations)
- Payment information (processed securely by our payment providers)
Information collected automatically:
- Device information (device type, operating system)
- IP address
- Browser type
- Usage data (pages visited, features used, time spent)
- Advertising identifiers and cookie data
4. How We Use Your Data
We use your personal data for the following purposes:
- To provide and personalize our fitness programs based on your goals and health information
- To process your payments and manage your subscription
- To communicate with you about your account, purchases, and customer support
- To send you marketing communications (with your consent)
- To analyze and improve our Product
- To display relevant advertisements and measure their effectiveness
5. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
Contract: Processing necessary to provide you with the Product and services you purchased.
Consent: Processing of health-related data and sending marketing communications, based on your explicit consent.
Legitimate Interest: Processing for analytics, fraud prevention, and improving our services.
Legal Obligation: Processing required to comply with applicable laws.
6. Health Data
Some of the data we collect (such as information about injuries, physical limitations, and health habits) may be considered special category data under the GDPR. We process this data based on your explicit consent, which you provide when completing our quiz. You may withdraw your consent at any time by contacting us at info@norisa.fr.
7. Third-Party Service Providers
We share your personal data with the following categories of service providers who process data on our behalf:
Quiz and Landing Page:
- Heyflow GmbH (Germany) — to collect your quiz responses and process purchases
Payment Processing:
- Stripe, Inc. (USA) — to process card payments
- PayPal (Europe) — to process PayPal payments
App Delivery:
- Movement.so — to deliver our fitness content and track your progress
Email Marketing:
- Klaviyo, Inc. (USA) — to send transactional and marketing emails
Advertising and Analytics:
- Meta Platforms, Inc. (USA) — for advertising on Facebook and Instagram, and conversion tracking
- Google LLC (USA) — for advertising on Google and analytics
These providers are contractually obligated to protect your data and only process it according to our instructions.
8. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), including in the United States. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on the provider's certification under the EU-US Data Privacy Framework.
9. Data Retention
We retain your personal data for as long as necessary to provide you with our services and fulfill the purposes described in this Privacy Policy. Specifically:
- Account and subscription data: retained while your account is active and for 3 years after termination for legal and accounting purposes.
- Payment records: retained for 7 years as required by tax and accounting laws.
- Marketing data: retained until you withdraw consent or unsubscribe.
10. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of Access: You can request a copy of your personal data.
Right to Rectification: You can request correction of inaccurate data.
Right to Erasure: You can request deletion of your data ("right to be forgotten").
Right to Restriction: You can request that we limit how we use your data.
Right to Data Portability: You can request your data in a machine-readable format.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at info@norisa.fr. We will respond within 30 days.
11. Marketing Communications
With your consent, we may send you marketing emails about our products, promotions, and fitness tips. You can unsubscribe at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at info@norisa.fr.
Unsubscribing from marketing emails will not affect transactional emails related to your account or purchases.
12. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your browsing activity and to deliver personalized advertising.
Essential Cookies: Required for the website to function properly. These cannot be disabled.
Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics).
Advertising Cookies: Used to deliver relevant ads and track ad performance (e.g., Meta Pixel, Google Ads).
You can manage your cookie preferences through our cookie consent banner when you first visit our website, or through your browser settings.
13. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
14. Children's Privacy
Our Product is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately at info@norisa.fr.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.
16. Complaints
If you have concerns about how we handle your personal data, please contact us first at info@norisa.fr. You also have the right to lodge a complaint with your local data protection authority. For users in France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL) at www.cnil.fr.
17. Contact Us
For any questions or requests regarding this Privacy Policy or your personal data, contact us:
Zentrio Limited OÜ
Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia
Email: info@norisa.fr
1. Introduction
Zentrio Limited OÜ ("Company", "We", "Our", or "Us"), registry code 17125131, registered at Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia, operates the Norisa digital fitness application and website (the "Product").
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Product, in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
By using our Product, you agree to the collection and use of your data as described in this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
Zentrio Limited OÜ
Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia
Email: info@norisa.fr
3. Personal Data We Collect
We collect the following categories of personal data:
Information you provide directly:
- Name and email address
- Age
- Weight
- Fitness goals
- Health-related information (such as water intake habits, injuries, physical limitations)
- Payment information (processed securely by our payment providers)
Information collected automatically:
- Device information (device type, operating system)
- IP address
- Browser type
- Usage data (pages visited, features used, time spent)
- Advertising identifiers and cookie data
4. How We Use Your Data
We use your personal data for the following purposes:
- To provide and personalize our fitness programs based on your goals and health information
- To process your payments and manage your subscription
- To communicate with you about your account, purchases, and customer support
- To send you marketing communications (with your consent)
- To analyze and improve our Product
- To display relevant advertisements and measure their effectiveness
5. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
Contract: Processing necessary to provide you with the Product and services you purchased.
Consent: Processing of health-related data and sending marketing communications, based on your explicit consent.
Legitimate Interest: Processing for analytics, fraud prevention, and improving our services.
Legal Obligation: Processing required to comply with applicable laws.
6. Health Data
Some of the data we collect (such as information about injuries, physical limitations, and health habits) may be considered special category data under the GDPR. We process this data based on your explicit consent, which you provide when completing our quiz. You may withdraw your consent at any time by contacting us at info@norisa.fr.
7. Third-Party Service Providers
We share your personal data with the following categories of service providers who process data on our behalf:
Quiz and Landing Page:
- Heyflow GmbH (Germany) — to collect your quiz responses and process purchases
Payment Processing:
- Stripe, Inc. (USA) — to process card payments
- PayPal (Europe) — to process PayPal payments
App Delivery:
- Movement.so — to deliver our fitness content and track your progress
Email Marketing:
- Klaviyo, Inc. (USA) — to send transactional and marketing emails
Advertising and Analytics:
- Meta Platforms, Inc. (USA) — for advertising on Facebook and Instagram, and conversion tracking
- Google LLC (USA) — for advertising on Google and analytics
These providers are contractually obligated to protect your data and only process it according to our instructions.
8. International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), including in the United States. When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on the provider's certification under the EU-US Data Privacy Framework.
9. Data Retention
We retain your personal data for as long as necessary to provide you with our services and fulfill the purposes described in this Privacy Policy. Specifically:
- Account and subscription data: retained while your account is active and for 3 years after termination for legal and accounting purposes.
- Payment records: retained for 7 years as required by tax and accounting laws.
- Marketing data: retained until you withdraw consent or unsubscribe.
10. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
Right of Access: You can request a copy of your personal data.
Right to Rectification: You can request correction of inaccurate data.
Right to Erasure: You can request deletion of your data ("right to be forgotten").
Right to Restriction: You can request that we limit how we use your data.
Right to Data Portability: You can request your data in a machine-readable format.
Right to Object: You can object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent.
To exercise any of these rights, contact us at info@norisa.fr. We will respond within 30 days.
11. Marketing Communications
With your consent, we may send you marketing emails about our products, promotions, and fitness tips. You can unsubscribe at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at info@norisa.fr.
Unsubscribing from marketing emails will not affect transactional emails related to your account or purchases.
12. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect information about your browsing activity and to deliver personalized advertising.
Essential Cookies: Required for the website to function properly. These cannot be disabled.
Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics).
Advertising Cookies: Used to deliver relevant ads and track ad performance (e.g., Meta Pixel, Google Ads).
You can manage your cookie preferences through our cookie consent banner when you first visit our website, or through your browser settings.
13. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
14. Children's Privacy
Our Product is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately at info@norisa.fr.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.
16. Complaints
If you have concerns about how we handle your personal data, please contact us first at info@norisa.fr. You also have the right to lodge a complaint with your local data protection authority. For users in France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL) at www.cnil.fr.
17. Contact Us
For any questions or requests regarding this Privacy Policy or your personal data, contact us:
Zentrio Limited OÜ
Harju maakond, Tallinn, Nõmme linnaosa, Liipri tn 1, 10917, Estonia
Email: info@norisa.fr
Copyright © 2026 Norisa | All Rights Reserved