We at Gympass know you care about how your personal data is used and shared, and we take your privacy seriously. This Privacy Policy describes how Gympass collects, uses and discloses information and what choices you have with respect to the information. Please read our Privacy Policy carefully before using our Services.
Table of Contents:
Remember that your use of the our Services is at all times subject to the Terms, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms.
1. Applicability of this Privacy Policy
Welcome to Gympass. Gympass provides Promotion Services to Gyms who have entered into partnership agreements with Gympass and individuals who desire to purchase the Gym Services offered by such Gyms (“you”). We then enable you to purchase and make use of the Gym Services by the Gyms.
Gympass is owned and operated by Gympass B.V. KvK: 63430975, RSIN: 855233400, with registered address at De Entrée 99, 15th Floor, 1011 HE, Amsterdam (“Gympass,” “we” and “us”). This Privacy Policy applies to the personal data of those who provide information to us when accessing or using our Services. It also applies to data we otherwise receive in connection with our services ("Personal Data"). For this Personal Data Gympass acts as a data controller – that means that we determine why and how your Personal Data is being treated. This Privacy Policy does not apply to the practices of companies we don’t own or control, or people that we don’t manage.
2. Age Limitations
As noted in the Terms, we do not knowingly collect or solicit personal data from anyone under the age of 16. If you are under 16, please do not attempt to register for the Services yourself or send any personal data about yourself to us, but rely on a parent or a legal guardian to assist you. If we learn that we have collected personal data from a child under age 16, we will delete that data as quickly as possible. If you believe that a child under 16 may have provided us personal data, please contact us at support@Gympass.com.
3. Changes to this Privacy Policy
We are constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time. If we make material changes, we will inform you of the changes through the Gympass Website and/or through other means, such as email. Please note that if you’ve opted not to receive notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services. In that case we advise you to regularly check our Privacy Policy for updates. If you decide to use the Services after any changes to the Privacy Policy have been posted, you will be requested to confirm that you have read and understood the changes in the Privacy Policy.
4. Personal Data Gympass may Collect and Receive
We gather various types of Personal Data from our Users, as explained in more detail below, and we use this Personal Data internally in connection with our Services, including to personalize, provide, and improve our Services, to allow you to set up a User account and profile, to contact you, to fulfill your requests for certain products and services, and to analyze how you use the Services. In certain cases, we may also share some Personal Data with third parties, but only as described below.
Personal Data Your Employer Provides to Us:
To offer our Services, your employer might share some Personal Data with us. This Personal Data will be stored by us and may include your full name, your corporate e-mail address, and your employee ID number.
Personal Data may be shared with your employer, that has an agreement with us, for verification and payment purposes. If you decide to use our Services, your employer will have access to your full name, your status as an active User, the type of Plan purchased and the payment method chosen.
We may also use this Personal Data to contact you, to cross-reference it with other Personal Data we may hold about you in accordance with this Privacy Policy, and to share it with the Gym you choose to go to and to our commercial partners, as provided in this Privacy Policy.
Go to ‘5. Legal Grounds for Processing’ to see an overview of the legal grounds for processing these Personal Data.
Personal Data You Provide to Us:
We receive and store any data you knowingly provide to us. Specifically, through the account registration process and/or through your account settings, we may collect your full name, email address, phone number, debit/credit card data, direct debit account data, third-party account credentials (for example, the email-address you used for to create an account for Facebook) and non-required fields such as birthdate, address, gender, personal websites and favorite classes. If you provide sign in to the Services through a third-party site or service (such as Facebook), you understand some Content and/or data in those accounts, such as the email used to create that account (“Third Party Account Data”) may be transmitted into your account with us, and that Third-Party Account Data transmitted to our Services is covered by this Privacy Policy. Certain data may be required to create an account or to use of some of our features.
We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers or email you about your use of the Services. We may use your wireless phone number, email address or Facebook account credentials, to send you information we think may be of interest to you, including but not limited to offers, promotions and updates regarding Gympass Partners. Such information may be sent to you by email, SMS (text messages), push notifications and messages on social networks.
You will have the opportunity to opt out of receiving communications from us every time we contact you. If you decide that you don't want to receive communications from Gympass, please note that we may still be required to send you emails regarding factual, transactional and/or servicing information in connection with the Services that we might provide to you or the organization through which you are known to us.
If you do not want to receive communications from us, you can update your communication preferences in your account (go to ‘edit personal details’) or by clicking the unsubscribe link that will appear in all emails or by contacting support@Gympass.com. Gympass will use all reasonable efforts to perform your unsubscribe request via email within 72 hours of receipt of such request. If you unsubscribe via your account or the unsubscribe link, it will be effective immediately.
We may use your Personal Data to contact you, to cross-reference it with other Personal Data we may hold about you in accordance with this Privacy Policy, and to share it with the Gym you choose to go to and to our commercial partners, such as booking partners that you chose to book classes with, as provided for in this Policy.
Data Collected Automatically:
Whenever you interact with our Services, either on our Website or through the Gympass App, we automatically receive and record data on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, “cookie” data (please see policy below), the type of browser and/or device you’re using to access our Services, the page or feature you requested and time of access.
We may use this data to provide a customized experience for you, based on your usage patterns, or for remarketing, report printing, management, or other analysis. We may also use it to improve the Services - for example, this data can tell us how often Users use a particular feature of the Services and we are able to use that knowledge to enhance our User experience.
Reports/Analytics:
Gympass stores data that is used in the form of aggregated and generic statistics or reports to obtain a better understanding of User profiles for the improvement of Products and Services offered by Gympass.
5. Legal Grounds for Processing
The General Data Protection Regulation (GDPR) requires Gympass to base the processing of the Personal Data of Users located in the European Economic Area (EEA) on a specific legal ground. Gympass uses the following legal grounds to process your Personal Data:
6. Sharing and Disclosing Personal Data
We do not rent, sell or transfer your Personal Data to anyone, except as expressly provided below. We may share your Personal Data with third parties as described below:
Gyms and Booking Partners:
We may share some of your Personal Data with Gyms so that they can verify you as a User in the system and allow you to access their services. The only data we share with Gyms is your full name, telephone number, e-mail address and the Daily Token generated by our system. We may also share your Personal Data with booking partners that you chose to book classes with, but that will only happen if you agree, each time, to book for a class.
We currently use MindBody as a booking partner and the terms and privacy policy of such partner can be found at https://www.mindbodyonline.com/terms-of-service and https://www.mindbodyonline.com/privacy-policy.
Your Employer:
We may share your Personal Data with your Employer. This may include your name, e-mail address, your employee ID number, your status as an active User, the type of Plan you purchased and the payment method. In some situations, this is necessary for the performance of the agreement we have with you. For example in case you chose to pay through payrolling.
Data that has been de-identified:
Besides the Personal Data being shared as per this Privacy Policy, we may anonymize your Personal Data so that you are not identified as an individual and provide that data to the Gyms, a corporate client (i.e., your employer) or our commercial partners. We may also provide anonymized usage data to the Gyms or corporate clients (or allow Partners or corporate clients to collect that data from you), who may use such data to understand how often and in what ways Users use our Services, so that they, too, can provide you with an optimal experience. However, such data will never be disclosed in a manner that would identify you as an individual, either directly or indirectly.
Our Agents:
We employ other companies and people to perform tasks on our behalf and need to share your data with them to provide products or services to you; for example, we use a payment processing company to receive and process your credit card transactions for us. Unless we tell you differently, our agents do not have any right to use the Personal Data we share with them beyond what is necessary to assist us.
User Profiles and Submissions:
Certain account data, including your name, location, and any video or image Content that you uploaded to the Services, may be displayed to other Users to facilitate User interaction within the Services or address your request for our Services. Please remember that any Content you upload to your public User profile, along with any Personal Data or Content that you voluntarily disclose online in some manner other Users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your User name may also be displayed to other Users if and when you send messages or comments or upload images or videos through the Services and other Users can contact you through messages and comments. Additionally, if you sign into the Services through a third party social networking site or service, your list of “friends” from that site or service may be automatically imported to the Services, and such “friends,” if they are also registered Users of the Services, may be able to access certain non-public data you have entered in your Services User profile. Again, we do not control the policies and practices of any other third-party site or service.
Business Transfers:
We may choose to buy or sell assets and may share and/or transfer customer data in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Data could be one of the assets transferred to or acquired by a third party.
7. Security
Your account is protected by a password for your privacy and security. If you access your account via a third-party site or service, you may have additional or different sign-on protections via that third-party site or service. You must prevent unauthorized access to your account and Personal Data by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Data we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of User data at any time.
All data is encrypted in transit using TLS 1.2 and AES 256 for data at rest.
8. International Transfers
Gympass is based in the following countries.
Gympass B.V.: is a company based in Amsterdam, the Netherlands and the data we collect is governed by EU law (the General Data Protection Regulation).
Gympass US LLC is a company based in the United States of America (USA).
GPBR Participações Ltda. is a company based in Brazil.
Gympass servers are hosted at Amazon.com (AWS) services facilities in the USA. Amazon participates in the EU-US Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries.
By accessing or using the Gympass Services or otherwise providing data to us, you consent to the processing, storage and transfer of data in and to the U.S. and Brazil. In particular, your data may be accessible to Gympass’ staff in the USA or Brazil or stored on Gympass servers in the USA.
Gympass uses approved data transfer mechanisms to transfer your Personal Data out of the European Economic Area (EEA). We rely on European Commission–approved Standard Contractual Clauses as a legal mechanism for any data transfers from the EEA to the U.S. and Brazil.
9. Your Rights
Access Your Data:
Through your account settings, you can access and edit the data you’ve provided to us. If you wish to exercise your rights (for a summary of your rights, please check below), and that option is not yet available through your account settings, please contact us at the e-mail below and we will address your request as soon as we can.
The data you can view and update may change as the Services change. If you have any questions about viewing or updating data, or to request that we delete Personal Data that we have on file about you, please contact us at support@Gympass.com. Please note that we own and may use aggregated and anonymized data derived from or incorporating your Personal Data after you provide it to us but will delete any specific Personal Data upon request.
What rights do I have?
You are free to decide not to share any Personal Data with Gympass. Please keep in mind that without providing us with the data we need to create your account, you will not be able to use our Services or features that require this information.
You may be able to add, or update data as explained above. When you update data, however, we may maintain a copy of the data in our records. You may request the cancellation of your account by phone +44 (0) 20 3868 7759, email support@Gympass.com or via chat support. Some data may remain in our records after you request the cancellation of your account in the manner described above. We own and may use any aggregated data derived from or incorporating your Personal Data after you update or delete it, but not in a manner that would identify you personally.
Below, we have listed all the rights you have under the GDPR. The rights you have over your data under the GDPR are:
10. Data Protection Officer
Individuals located in the European Economic Area, can contact our Data Protection Officer at the following email address: dpo@gympass.com.
11. Data Protection Authorities
Subject to applicable law, you also have the right to (i) restrict Gympass’s use of your Personal Data and (ii) lodge a complaint with your local data protection authority (email - dataprotectionfee@ico.org.uk) or the Dutch Data Protection Authority, which is Gympass’s lead supervisory authority in the European Union.
The Dutch Data Protection Authority contact information is as follows:
Postal Address:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ DEN HAAG
Telephone:
0031 88 - 1805 250
12. Contacting Gympass
If you have any questions or concerns regarding our Privacy Policy, or regarding how you can exercise your rights, you can contact us via support@Gympass.com.
Gympass may update this Privacy Policy from time to time. If an amendment will have a serious impact, Gympass will endeavor to actively inform you about such amendments. Gympass will publish an up-to-date Privacy Policy on the Website www.gympass.com at all times, indicating the latest amendments
Last Modified: 28 February 2019