Table of Contents:
Welcome to Gympass. Gympass provides Promotion Services to Gyms who have entered into partnership agreements with Gympass and individuals who desire to purchase the Gym Services offered by such Gyms (“you”). We then enable you to purchase and make use of the Gym Services by the Gyms.
As noted in the Terms, we do not knowingly collect or solicit personal data from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services yourself or send any personal data about yourself to us, but rely on a parent or a legal guardian to assist you. If we learn that we have collected personal data from a child under age 16, we will delete that data as quickly as possible. If you believe that a child under 16 may have provided us personal data, please contact us at support@Gympass.com.
We gather various types of Personal Data from our Users, as explained in more detail below, and we use this Personal Data internally in connection with our Services, including to personalize, provide, and improve our Services, to allow you to set up a User account and profile, to contact you, to fulfill your requests for certain products and services, and to analyze how you use the Services. In certain cases, we may also share some Personal Data with third parties, but only as described below.
Personal Data Your Employer Provides to Us:
To offer our Services, your employer might share some Personal Data with us. This Personal Data will be stored by us and may include your full name, your corporate e-mail address, and your employee ID number.
Personal Data may be shared with your employer, that has an agreement with us, for verification and payment purposes. If you decide to use our Services, your employer will have access to your full name, your status as an active User, the type of Plan purchased and the payment method chosen.
Go to ‘5. Legal Grounds for Processing’ to see an overview of the legal grounds for processing these Personal Data.
Personal Data You Provide to Us:
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers or email you about your use of the Services. We may use your wireless phone number, email address or Facebook account credentials, to send you information we think may be of interest to you, including but not limited to offers, promotions and updates regarding Gympass Partners. Such information may be sent to you by email, SMS (text messages), push notifications and messages on social networks.
You will have the opportunity to opt out of receiving communications from us every time we contact you. If you decide that you don't want to receive communications from Gympass, please note that we may still be required to send you emails regarding factual, transactional and/or servicing information in connection with the Services that we might provide to you or the organization through which you are known to us.
If you do not want to receive communications from us, you can update your communication preferences in your account (go to ‘edit personal details’) or by clicking the unsubscribe link that will appear in all emails or by contacting support@Gympass.com. Gympass will use all reasonable efforts to perform your unsubscribe request via email within 72 hours of receipt of such request. If you unsubscribe via your account or the unsubscribe link, it will be effective immediately.
Data Collected Automatically:
Whenever you interact with our Services, either on our Website or through the Gympass App, we automatically receive and record data on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, “cookie” data (please see policy below), the type of browser and/or device you’re using to access our Services, the page or feature you requested and time of access.
We may use this data to provide a customized experience for you, based on your usage patterns, or for remarketing, report printing, management, or other analysis. We may also use it to improve the Services - for example, this data can tell us how often Users use a particular feature of the Services and we are able to use that knowledge to enhance our User experience.
Gympass stores data that is used in the form of aggregated and generic statistics or reports to obtain a better understanding of User profiles for the improvement of Products and Services offered by Gympass.
The General Data Protection Regulation (GDPR) requires Gympass to base the processing of the Personal Data of Users located in the European Economic Area (EEA) on a specific legal ground. Gympass uses the following legal grounds to process your Personal Data:
We do not rent, sell or transfer your Personal Data to anyone, except as expressly provided below. We may share your Personal Data with third parties as described below:
Gyms and Booking Partners:
We may share some of your Personal Data with Gyms so that they can verify you as a User in the system and allow you to access their services. The only data we share with Gyms is your full name, telephone number, e-mail address and the Daily Token generated by our system. We may also share your Personal Data with booking partners that you chose to book classes with, but that will only happen if you agree, each time, to book for a class.
We may share your Personal Data with your Employer. This may include your name, e-mail address, your employee ID number, your status as an active User, the type of Plan you purchased and the payment method. In some situations, this is necessary for the performance of the agreement we have with you. For example in case you chose to pay through payrolling.
Data that has been de-identified:
We employ other companies and people to perform tasks on our behalf and need to share your data with them to provide products or services to you; for example, we use a payment processing company to receive and process your credit card transactions for us. Unless we tell you differently, our agents do not have any right to use the Personal Data we share with them beyond what is necessary to assist us.
User Profiles and Submissions:
Certain account data, including your name, location, and any video or image Content that you uploaded to the Services, may be displayed to other Users to facilitate User interaction within the Services or address your request for our Services. Please remember that any Content you upload to your public User profile, along with any Personal Data or Content that you voluntarily disclose online in some manner other Users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your User name may also be displayed to other Users if and when you send messages or comments or upload images or videos through the Services and other Users can contact you through messages and comments. Additionally, if you sign into the Services through a third party social networking site or service, your list of “friends” from that site or service may be automatically imported to the Services, and such “friends,” if they are also registered Users of the Services, may be able to access certain non-public data you have entered in your Services User profile. Again, we do not control the policies and practices of any other third-party site or service.
We may choose to buy or sell assets and may share and/or transfer customer data in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data could be one of the assets transferred to or acquired by a third party.
Your account is protected by a password for your privacy and security. If you access your account via a third-party site or service, you may have additional or different sign-on protections via that third-party site or service. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Data we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of User data at any time.
All data is encrypted in transit using TLS 1.2 and AES 256 for data at rest.
Gympass is based in the following countries.
Gympass B.V.: is a company based in Amsterdam, the Netherlands and the data we collect is governed by EU law (the General Data Protection Regulation).
Gympass US LLC is a company based in the United States of America (USA).
GPBR Participações Ltda. is a company based in Brazil.
Gympass servers are hosted at Amazon.com (AWS) services facilities in the USA. Amazon participates in the EU-US Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries.
By accessing or using the Gympass Services or otherwise providing data to us, you consent to the processing, storage and transfer of data in and to the U.S. and Brazil. In particular, your data may be accessible to Gympass’ staff in the USA or Brazil or stored on Gympass servers in the USA.
Gympass uses approved data transfer mechanisms to transfer your Personal Data out of the European Economic Area (EEA). We rely on European Commission–approved Standard Contractual Clauses as a legal mechanism for any data transfers from the EEA to the U.S. and Brazil.
Access Your Data:
Through your account settings, you can access and edit the data you’ve provided to us. If you wish to exercise your rights (for a summary of your rights, please check below), and that option is not yet available through your account settings, please contact us at the e-mail below and we will address your request as soon as we can.
The data you can view and update may change as the Services change. If you have any questions about viewing or updating data, or to request that we delete Personal Data that we have on file about you, please contact us at support@Gympass.com. Please note that we own and may use aggregated and anonymized data derived from or incorporating your Personal Data after you provide it to us but will delete any specific Personal Data upon request.
What rights do I have?
You are free to decide not to share any Personal Data with Gympass. Please keep in mind that without providing us with the data we need to create your account, you will not be able to use our Services or features that require this information.
You may be able to add, or update data as explained above. When you update data, however, we may maintain a copy of the data in our records. You may request the cancellation of your account by phone +44 (0) 20 3868 7759, email support@Gympass.com or via chat support. Some data may remain in our records after you request the cancellation of your account in the manner described above. We own and may use any aggregated data derived from or incorporating your Personal Data after you update or delete it, but not in a manner that would identify you personally.
Below, we have listed all the rights you have under the GDPR. The rights you have over your data under the GDPR are:
Individuals located in the European Economic Area, can contact our Data Protection Officer at the following email address: firstname.lastname@example.org.
Subject to applicable law, you also have the right to (i) restrict Gympass’s use of your Personal Data and (ii) lodge a complaint with your local data protection authority (telephone +353 578 684 800-) or the Dutch Data Protection Authority, which is Gympass’s lead supervisory authority in the European Union.
The Dutch Data Protection Authority contact information is as follows:
2509 AJ DEN HAAG
0031 88 - 1805 250
Last Modified: 28 February 2019