Privacy Policy
Last updated: 12/08/2025
By installing our mobile application or in any way using or accessing our services, you accept the terms of this Privacy Policy and the processing of your personal data in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR).
1. Personal Data Controller
Responsible for the processing of your personal data is:
Company Name:
Gympak AB, org. nr 559373-8411
Address:
Henckels Torg 4, 252 36 Helsingborg, Sweden
E-mail:
hello@gympak.com
2. Information About the Personal Data We Collect
When you register for Gympak services, we collect personal information from you such as:
- Email address
- First and last name
- Height and weight
- Date of birth
- Gender
As you use the Gympak services, you may upload additional personal information to your account, depending on your use of the services, including:
- Activities
- Calorie burning data
- Weight loss/gain goals
- Activity/diet routines
- Body measurements
In an ongoing effort to improve our services, additional personal information may be collected. In such cases, we will notify you when the collection occurs.
3. Our Use of Your Personal Data
We only process your personal data in accordance with this Privacy Policy and relevant legislation. Below are the purposes for processing your data.
3.1 Communicate About Our Services
- Respond to your inquiries and keep you informed about our services.
3.2 Manage Orders
- Register and confirm orders.
- Communicate with you about your purchase.
3.3 Manage Payments
- Process and record your payment.
- Communicate payment confirmations.
3.4 Follow Up and Evaluate Customer Relationships
- Track satisfaction and maintain ongoing relationships.
3.5 Marketing & Offers in Various Channels
- Send tailored offers from us and our partners via email, social media, or other channels.
- Some profiling may be carried out to personalise these offers.
- Opt-out: You can unsubscribe anytime by clicking the unsubscribe link.
3.6 Manage Newsletters
- Send regular newsletters.
- Opt-out: You can unsubscribe at any time.
3.7 Answer Questions
- Handle your queries via email, phone, or other channels.
3.8 Conduct Surveys
- Gather opinions on our services via surveys.
3.9 Enable Functionality on Our Websites
- Store settings and preferences for a better user experience.
3.10 Monitor and Evaluate Use of Our Services
- Collect statistics, satisfaction levels, and usage patterns.
3.11 Ensure Technical Functionality & Security
- Maintain operational security, troubleshoot, and create backups.
3.12 Manage and Respond to Legal Requirements
- Handle disputes or legal processes.
3.13 Fulfil Legal Obligations
- Comply with laws, including accounting and tax regulations.
4. Your Rights
Under GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify incorrect or incomplete personal data.
- Withdraw consent where processing is based on consent.
- Request deletion of personal data, subject to certain legal exceptions.
- Object to processing for legitimate interest reasons.
- Restrict processing in specific situations.
- Data portability – request a copy in a structured format.
- Unsubscribe from marketing communications.
To exercise your rights:
Contact hello@gympak.com or delete your account through the app.
5. Storage of Your Personal Data
- Generally stored as long as you are a registered user.
- Deleted upon account termination or inactivity (after 2 years), unless we must retain it for legal purposes (e.g., accounting).
- Periodic reviews ensure no data is stored longer than necessary.
6. Sharing of Personal Data
We may share your data with:
- Partners – e.g., payment providers for processing payments.
- Social networking platforms – to run campaigns and offers.
- External individuals – for necessary communications.
- Service providers – for IT, hosting, and communication services.
- Authorities & legal bodies – to meet legal obligations or handle legal claims.
- Potential buyers/sellers – if Gympak is involved in a business transaction.
Transfers outside the EU/EEA will only be made with appropriate safeguards, such as standard contractual clauses.
7. Security Measures
We use industry-standard technical and organisational measures to protect your personal data, including:
- Firewalls
- Security software
- Secure passwords and authentication
- Access controls
You should also use a strong password, limit device access, and log out after using the Gympak app.
8. Changes to This Privacy Policy
We may update this Privacy Policy when necessary. Any significant changes will be communicated in advance via our website, app, or email.
9. Contact Us
For questions or complaints about our handling of your personal data:
Email: hello@gympak.com
You also have the right to file a complaint with the relevant supervisory authority.
10. Detailed Information on the Handling of Personal Data
10.1 Communicate About Our Services
| Personal Data | Legal Basis | Retention Time |
| Identity data, Contact details, Profile data, Technical data | Fulfilment of a contract – processing necessary to comply with current terms of delivery. | Retained as long as your user account is active, then deleted. |
10.2 Manage Orders
| Personal Data | Legal Basis | Retention Time |
| Identity data, Communication, Contact information, Order data, Profile data | Legitimate interest – necessary to manage orders. Fulfilment of agreements – if carried out by an individual company. | Retained for as long as necessary to process your order, and 10 years thereafter for legal requirements. Accounting data stored for 7 years from year-end per Swedish Accounting Act (1999:1078). |
10.3 Manage Relationships with Customers, Suppliers, and Partners
| Personal Data | Legal Basis | Retention Time |
| Identity data, Communication, Contact information, Order data, Profile data | Legitimate interest – manage customer/supplier relationships. Fulfilment of agreements – if concluded with an individual company. | Retained for as long as there is an active relationship, plus 10 years thereafter. A relationship is active if contact occurred in the previous 12 months. |
10.4 Follow Up and Evaluate Relationships with Customers
| Personal Data | Legal Basis | Retention Time |
| Identity data, Order data, Profile data, Purchase and order history, Communication history, Activity history | Legitimate interest – evaluate customer/supplier relationships. | Retained for 27 months from collection. Reports without personal data stored indefinitely. |
10.5 Communication Between Employees and External Persons
| Personal Data | Legal Basis | Retention Time |
| Identity data, Audio/video materials, Communication, Contact information, Order data, Profile data | Legitimate interest – communicate offers in various channels. Consent – for cookies/technologies where applicable. | Retained as long as there is an active relationship, plus 12 months thereafter. If no relationship, retained for 3 months from collection. |
10.6 Communicate and Provide Offers in Various Channels
| Personal Data | Legal Basis | Retention Time |
| User-generated data, Identity data, Contact details, Order data, Technical data | Legitimate interest – communicate and provide offers about services in different channels. | Retained during customer relationship and 12 months thereafter. If no customer relationship, retained for 3 months from collection. |
10.7 Manage Our Newsletters
| Personal Data | Legal Basis | Retention Time |
| Identity information, Contact information | Legitimate interest – manage newsletter subscriptions. | Retained indefinitely until you unsubscribe. |
10.8 Answer Questions
| Personal Data | Legal Basis | Retention Time |
| Identity information, Communication, Contact information, Order information, Organisational information | Legitimate interest – respond to inquiries. | Retained during customer relationship and 10 years thereafter. If no customer relationship, retained for 1 year from last communication. |
10.9 Conduct Surveys
| Personal Data | Legal Basis | Retention Time |
| Identity information, Contact information | Legitimate interest – collect feedback. | Retained during survey period and 3 months thereafter. Non-personal statistics stored indefinitely. |
10.10 Enable Functionality on Our Websites
| Personal Data | Legal Basis | Retention Time |
| Technical data | Legitimate interest – enable functionality for better user experience. | Retained during your visit and 12 months thereafter. |
10.11 Monitor and Evaluate the Use of Our Websites, Digital Channels, and Services
| Personal Data | Legal Basis | Retention Time |
| User-generated data, Technical data | Legitimate interest – monitor and evaluate usage. Includes Leadoo tracking (see Leadoo Privacy Policy). | Retained for 3 months. Non-personal statistics stored indefinitely. |
10.12 Ensure Necessary Technical Functionality and Security
| Personal Data | Legal Basis | Retention Time |
| All relevant categories of personal data | Legitimate interest – maintain technical functionality and security. | Retained as long as account is active. Logs kept for 12 months from event. |
10.13 Handle and Respond to Legal Claims
| Personal Data | Legal Basis | Retention Time |
| Necessary personal data for the claim | Legitimate interest – handle/respond to legal claims. | Retained for the period necessary to resolve the claim. |
10.14 Fulfil Legal Obligations
| Personal Data | Legal Basis | Retention Time |
| All necessary categories of personal data | Fulfil legal obligation – comply with laws. | Retained as required by each legal obligation. Accounting data kept for 7 years per Swedish Accounting Act. |
11. Sharing of Personal Data – Detailed Information
11.1 Collaboration Partners (Events and Activities)
| Personal Data | Legal Basis |
| Identity information, Communication, Contact information | Legitimate interest – carry out events and activities. |
11.2 Social Networking Platforms
Purpose: Communicate and provide offers in various channels.
| Personal Data | Legal Basis |
| User-generated data, Identity information, Contact information, Technical data | Legitimate interest – marketing and communication. |
Purpose: Communicate about our services.
| Personal Data | Legal Basis |
| Identity information, Contact information, Technical data | Legitimate interest – customer communication. |
11.3 External Individuals
Purpose: Communication between employees and external individuals.
| Personal Data | Legal Basis |
| Identity information, Communication, Contact information, Order information | Legitimate interest – facilitate communication. |
11.4 Other Recipients
| Purpose | Legal Basis |
| Manage and adhere to legal requirements | Legitimate interest – handle legal requirements. |
| Fulfil legal obligations | Legal obligation – comply with law. |
| Respond to legal requests | Legal obligation (if required) or legitimate interest (otherwise). |
12. Categories of Personal Data
| Category | Examples |
| User-generated data | Data provided when using services, websites, or digital channels; clicks, visits, behavioural data. |
| Identity data | Name, social security number, username, IP address. |
| Communication data | Email content. |
| Contact data | Address, phone number, email address. |
| Payment and purchase data | Name, date of birth, card type, expiry date, certain card digits, address, phone number, purchase history. |
| Order data | Service, delivery time, price. |
| Organisational data | Title, company name, company address. |
| Profile settings | Information about your user profile when using our services. |