MyPT Malta
Log in Get the app
Legal

GDPR & Your Rights

Last updated: 24 May 2026

This page is a plain-language guide to your rights under the EU General Data Protection Regulation (GDPR) and how to exercise them with MyPT. For the full legal text on how we handle your data, see our Privacy Policy.

What is GDPR?

GDPR is the EU regulation (in force since May 2018) that gives EU residents control over how their personal data is collected, used, stored, and shared. It applies to any company processing the data of EU residents, including MyPT.

Your rights at a glance

You have eight specific rights under GDPR. We honour all of them, free of charge, within 30 days of a verified request.

  1. Right to access. Get a copy of every piece of data we hold about you.
  2. Right to rectification. Correct anything that is wrong or out-of-date.
  3. Right to erasure. Delete your account and have all your data removed.
  4. Right to restrict processing. Pause our use of your data while a dispute is resolved.
  5. Right to data portability. Export your data as a CSV to take elsewhere.
  6. Right to object. Object to specific kinds of processing.
  7. Right to withdraw consent. Where processing is based on consent, take it back any time.
  8. Right to complain. Lodge a complaint with a supervisory authority.

How to exercise each right

1. Access your data

Open the app, go to Settings → Privacy → Export my data. A CSV bundle is generated within a few minutes and emailed to your registered address. The bundle includes account info, workout history, nutrition logs, body measurements, photos (with EXIF), and message history.

2. Correct your data

Most account details can be edited directly in the app. For anything you cannot edit yourself (e.g. correcting historical data points or merging duplicate accounts), email info@mypersonaltrainermalta.com and we will help.

3. Delete your account

Open the app, go to Settings → Privacy → Delete account. We will ask you to confirm twice, then send a confirmation email. Your account is immediately deactivated, and all data is permanently deleted within 90 days. A minimal record (account ID + deletion timestamp) is retained for one year for fraud-prevention purposes only.

4. Restrict processing

Email info@mypersonaltrainermalta.com with the specifics — for example, "stop processing my nutrition data while I dispute the macro calculations". We will pause that specific processing within five business days.

5. Export your data (portability)

Same as access — from Settings → Privacy → Export my data. The CSV format is designed to import cleanly into other apps if you ever want to leave MyPT.

6. Object to processing

You can object to specific types of processing — for example, opt out of anonymised analytics, or opt out of community-feed visibility. Most of these can be done in Settings → Privacy. For anything else, email info@mypersonaltrainermalta.com.

7. Withdraw consent

Where we rely on your consent (e.g. for wearable connections, marketing emails, certain analytics), you can withdraw it at any time from Settings → Privacy without needing to give a reason. Past lawful processing is not invalidated retrospectively, but processing stops going forward.

8. Complain to a supervisory authority

If you believe we have mishandled your data, you can lodge a complaint with the Maltese Information and Data Protection Commissioner (IDPC):

  • Website: idpc.org.mt
  • Email: idpc.info@idpc.org.mt
  • Address: Level 2, Airways House, High Street, Sliema SLM 1549, Malta

You can also complain to the supervisory authority in the EU country where you live, work, or where the alleged infringement took place.

Identity verification

For security, we may ask you to verify your identity before fulfilling a GDPR request — typically by emailing from the address on file. This is to prevent someone else from accessing or deleting your data fraudulently.

Children's data

MyPT is intended for users 16 and older. If you believe a child under 16 has created an account, email us and we will delete it immediately, no questions asked.

Data Protection Officer

MyPT is below the threshold that requires a formal Data Protection Officer. Marvic Debono acts as the responsible person for all GDPR matters and can be reached at info@mypersonaltrainermalta.com.

Response time

We acknowledge GDPR requests within five business days and complete them within 30 days. Complex requests may take longer — we will tell you why and give a revised deadline.