Privacy Policy
By installing our mobile application or in any way using or accessing our services, you accept the terms of this Privacy Policy and the processing of your personal data.
Personal Data Controller
Responsible for the processing of your personal data is:
COMPANY NAME:
Gympak AB, org.nr 559373-8411
ADDRESS:
HENCKELS TORG 4, 252 36 Helsingborg, Sweden
E-MAIL:
hello@gympak.com
Information about personal data we collect
When you register for Gympak services, we collect personal information from you such as: your email address, first and last name, height, weight, date of birth, and gender.
As you continue to use the Gympak services, you regularly upload personal information to your account, such as, depending on your use of the services; your activities, calorie burning, weight loss goals/weight gain goals, activity/diet routines, and your body measurements.
In an ongoing effort to improve our services, additional personal information may be collected from you. In such cases, we will notify you when the personal data collection occurs.
Our use of your personal data
Your privacy is important to us, and we will only process your personal data in accordance with this privacy policy and relevant data protection legislation.
This is why we process your personal data.
Below we list why we handle personal data in different cases. To read more about which categories of data and with the support of which legal basis we handle personal data for each purpose, see below our detailed information about our handling of personal data.
Communicate about our services
If you use our services, we process your personal data to communicate with you regarding these, e.g., to answer questions you have about the services.
Manage orders
When you order the service, we process your personal data for this purpose, e.g., to register the order and communicate with you regarding the order.
Manage payments
When you pay for our services, we process your personal data for this purpose, e.g., to register the payment and communicate with you regarding the payment.
Follow up and evaluate customer relationships
We process your personal data as a user when necessary to follow up and evaluate customer relationships.
Communicate and provide offers in various channels
We process your personal data to provide offers and customized communication to you from us and our partners in various digital channels, e.g., via email or on social media. You can unsubscribe from mailings at any time by clicking on the unsubscribe link in the mailing. For this purpose, some profiling of your data may take place through analysis of your use of our websites, digital channels, and services.
Manage our newsletters
We process your personal data to manage our newsletter, e.g., to send out the newsletter. You can unsubscribe at any time by clicking on the unsubscribe link in the newsletter.
Answer questions
If you contact us, e.g., via email or phone, we process your personal data that you share with us to be able to answer your question.
Conduct surveys
We process your personal data if you participate in a survey that we conduct, e.g., in our digital channels or in mailings, for the purpose of collecting your opinions about our business and our services.
Enable functionality on our websites
To enable functionality on our websites, e.g., to remember your settings, we process your personal data when necessary. This is to provide a better user experience on our websites.
Follow up and evaluate the use of our services, websites, and digital channels
If you use our services that refer to this policy, websites, or digital channels, we use your personal data to follow up and evaluate how our services and digital channels are used, e.g., to collect and analyze customer satisfaction, visit and user statistics on how you use services, our websites, and digital channels.
Ensure necessary technical functionality and security
We use your personal data to ensure the necessary technical functionality and security in our services and on our websites, e.g., for security logging, error handling, and backup.
Manage and respond to legal requirements
We process your personal data if necessary to manage and respond to a legal requirement, e.g., in connection with a dispute or legal process. For this purpose, we may share certain information with other recipients, see further down for more information.
Fulfill legal obligations
To fulfill legal obligations that we have, we process your personal data when necessary, e.g., to comply with accounting or data protection legislation. For this purpose, we may share certain information with other recipients, see further down for more information.
Your rights
You have certain rights under applicable data protection legislation in relation to the personal data that we have collected about you.
You have the right to:
- Request access to and a copy of the personal data that we store about you.
- Request correction of personal data that you believe is incorrect or incomplete.
- Withdraw your consent when we process your personal data based on your consent.
- Request deletion under certain circumstances, but not if we are, for example, legally obliged to preserve the data.
- Unsubscribe from marketing and mailings, for example by clicking on an unsubscribe link in the mailing.
- Request that the processing of your personal data be restricted under certain circumstances.
- Object to processing that relies on our or someone else’s legitimate interest for reasons related to your specific situation.
- Transfer your data (data portability) under certain circumstances by requesting a copy of the personal data relating to you in a structured format (data portability) that you can transfer to another recipient.
If you want to exercise your rights, please contact us at hello@gympak.com. Alternatively, you can also delete your personal data by deleting your account through the app.
Storage of your personal data
In addition to where you delete your account, request correction or deletion of relevant personal data, or opt-out of processing related to marketing, we generally store and process your personal data as long as you are a registered user of our services and have a user account. We will cease storage and processing of your personal data if your user account/registration is terminated, if you request correction or deletion, or opt-out of marketing, unless it is necessary for us for applicable purposes to store or process relevant personal data for a longer time (e.g., for accounting purposes).
In addition, we periodically review the need to store or delete your personal data if your account has been inactive, which usually occurs after a period of two years after you have been continuously inactive on Gympak services. These periodic reviews are to ensure that we do not store your personal data for longer than necessary while allowing you to return to using your account after a period of inactivity (which, in our experience, can be common for some users).
Sharing of personal data
When necessary, we share your personal data with various recipients. You can read more about which categories of data and with the support of which legal basis we share your data with different recipients in our detailed information about handling your personal data.
Partners
If you choose to pay for the service, we may receive data from our payment partners so that we can send invoices, process your payment, and provide you with what you have paid for.
Social networking platforms
We use various social networking platforms, e.g., to communicate offers or provide information about our services, and in connection with this, we share certain information with these social networking platforms.
External individuals
When we communicate, e.g., through email, with external individuals, we share the personal data that you or someone else provides to the external individual.
Service providers
To manage personal data, we share personal data with service providers we have engaged. These service providers provide, for example, IT services (e.g., storage) and communication services (which enable us to send messages and newsletters to you). When the service providers process personal data on our behalf, they are our data processors, and we are responsible for the handling of your personal data. They may not use your personal data for their own purposes, and they are legally and contractually obligated to protect your data.
Other recipients
In some cases, when necessary, we share your personal data with other recipients for certain purposes:
- Manage and respond to legal claims,
- Fulfill legal obligations, and
- Respond to a lawful inquiry.
Examples of recipients are external advisors, authorities, courts, police, and potential buyers or sellers if we were to sell the business.
Where we process your personal data
We always strive to save personal data within the EU. In some cases, your personal data is shared with recipients outside the EU/EEA area, e.g., service providers we have engaged.
To ensure that personal data is protected, we ensure that appropriate safeguards are in place with all service providers handling your personal data outside the EU/EEA area, e.g., data transfer agreements.
If you want to know which countries outside the EU/EEA area your personal data is transferred to and what safeguards we have taken, you can contact us at the contact details you find further down.
Security of the personal data we process
The security of your personal data is important to us. In addition to following applicable relevant personal data regulations, we use accepted industry standards, techniques, and procedures, such as firewalls, security software, etc., to protect your personal data and prevent unauthorized access. We also encourage you to use a unique and strong password for your user account on Gympak. You should further limit access to your computer and mobile phone and log out after using Gympak.
Changes to our privacy policy
We may update this privacy policy from time to time. For example, we may collect additional information or use the information for purposes other than those stated in the text. In such cases, we will notify this in advance in an appropriate manner, e.g., by displaying a message on the website or by email. The latest version of the privacy policy is always published on this page.
Questions and contact
If you have any questions or complaints about our processing of your personal data, you are welcome to contact us at hello@gympak.com. You also have the right to submit a complaint to a supervisory authority.
Contact
We will communicate with you via email and messages posted on your mobile device. If you do not want to receive messages on your mobile device, you can always turn off this service.
We welcome your feedback about our services. If you have any questions or suggestions regarding our privacy policy, please contact us at hello@gympak.com.
When we process your personal data
Detailed information on the handling of personal data
See below for detailed information on which categories of personal data we process, on the basis of which legal basis, and for how long we store the data for each processing purpose.
Communicate about our services
Personal Data
Legal Basis
- Identity data
- Contact details
- Profile data
- Technical data Fulfilling a contract. The processing is necessary to comply with the current terms of delivery.
Retention time: Personal data is retained for this purpose as long as your user account is active, after which the data is deleted.
To manage orders
Personal data
- Identity data
- Communication
- Contact information
- Order data
- Profile data
Lawful basis
Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest in managing orders.
Fulfilment of agreements. If the order is carried out by an individual company, we process the data to fulfil our agreement with you.
Retention period: Personal data is retained for this purpose for as long as is necessary in order to process your order and for a period of 10 years thereafter in order to manage and meet legal requirements. Personal data in accounting material is stored for up to 7 years from the end of the calendar year in which the relevant financial year ended in order for us to fulfil our legal obligations (bookkeeping and accounting requirements in the Companies Act 2006 and the Swedish Accounting Act (1999:1078)).
To manage relationships with customers, suppliers, and partners
Personal data
- Identity data
- Communication
- Contact information
- Order data
- Profile data
Lawful basis
Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest in managing our customer or supplier relationships.
Fulfilment of agreements. If the agreement has been concluded with an individual company, we process the data to fulfil our agreement with you.
Retention period: Personal data is retained for this purpose for as long as there is an active relationship and for a period of 10 years thereafter in order for us to fulfil our legitimate interest in managing and adhering to legal requirements. The relationship is active if you have had contact with us during the previous 12-month period.
To follow up on and evaluate relationships with customers
Personal data
- Identity data
- Order data
- Profile data
- Purchase and order history
- Communication history
- Activity history
Lawful basis
Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest in following up on and evaluating our customer or supplier relationships or collaborations.
Retention period: Personal data is retained for this purpose for a period of 27 months from the time of collection. General reports which do not contain personal data or statistics are retained indefinitely or until they are deleted.
Communication between employees and external persons
Personal data
- Identity data
- Audio and video materials
- Communication
- Contact information
- Order data
- Profile data
Legal basis
Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest in communicating offers, via various channels, regarding our products and services.
Consent. If you have given your consent to our use of cookies and similar technologies for this purpose, your personal data is processed with the support of your consent.
Retention period: Personal data is retained for this purpose for as long as there is an active relationship and for a period of 12 months thereafter for the same purpose. If there is no relationship, the data is retained for this purpose for a period of 3 months after the data is collected.
Communicate and provide offers in various channels
Personal Data
- User-generated data
- Identity data
- Contact details
- Order data
- Technical data Legitimate interest.
Legal Basis
The processing is necessary to fulfil our legitimate interest in communicating and providing offers in various channels about our services in different channels.
Retention period: Personal data is retained for this purpose during the customer relationship and for a period of twelve (12) months thereafter to fulfil our legitimate interest in re-recruitment. If we do not have a customer relationship, the data is retained for this purpose for a period of three (3) months from the collection of the data.
Manage our newsletters
Personal Data
- Identity Information
- Contact Information Legitimate interest.
Legal Basis
The processing is necessary to fulfill our legitimate interest in managing our newsletters.
Retention period: Personal data is retained for this purpose indefinitely and until you unsubscribe from the newsletter.
Answer questions
Personal Data
- Identity Information
- Communication
- Contact Information
- Order Information
- Organizational Information
Legal Basis
Legitimate interest. The processing is necessary to fulfill our legitimate interest in answering your question.
Retention period: Personal data is retained for this purpose during the customer relationship and for a period of ten (10) years thereafter to handle and respond to legal claims. If we do not have a customer relationship, personal data is retained for this purpose for a period of one (1) year from the time of the most recent communication in the same conversation.
Conduct surveys
Personal Data
- Identity Information
- Contact Information Legitimate interest.
Legal Basis
The processing is necessary to fulfill our legitimate interest in conducting surveys to collect your opinions on our business and services.
Retention period: Personal data is retained for this purpose during the time the survey is conducted and for a period of three (3) months thereafter to compile the responses in a report. Statistics that do not contain personal data are stored indefinitely or until the statistics are deleted.
Enable functionality on our websites
Personal Data
• Technical Data. Legitimate interest.
Legal Basis
The processing is necessary to fulfill our legitimate interest in enabling functionality on our websites to provide a better user experience.
Retention period: Personal data is retained for this purpose during your visit and for a period of twelve (12) months thereafter to fulfill our legitimate interest in providing a better user experience.
Monitor and evaluate the use of our websites, digital channels, and our services
We use your personal data to follow up and evaluate how our services, websites, and digital channels are used, e.g., to collect and analyze customer satisfaction, visit and user statistics. In addition to our methods, we use Leadoo’s tracking service to monitor user actions on the site and integrate this behavioral data with other data we gather, for example, from chat interactions. Leadoo utilizes etag tracking, which functions similarly to cookie-based tracking, to associate a user’s behavior across multiple sessions. For detailed information on what is tracked and your rights concerning this data, please review Leadoo Marketing Technologies Ltd’s Privacy Policy (Leadoo Privacy Policy). In our relationship with Leadoo, they serve as the Processor, and we operate as the Controller in accordance with GDPR standards. If you wish to opt-out of this tracking, you may do so by clearing your browser’s cache after your visit. Further details on how Leadoo complies with GDPR as a processor can be found here: Leadoo Privacy Policy for Processors.
Personal Data
- User-generated data
- Technical Data Legitimate interest.
Legal Basis
The processing is necessary to fulfill our legitimate interest in monitoring and evaluating the use of our websites, digital channels, and services.
Retention period: Personal data is retained for a period of three (3) months for this purpose. Statistics that do not contain personal data are stored indefinitely or until the statistics are deleted.
Ensure necessary technical functionality and security
Personal Data
All relevant categories of personal data.
Legal Basis
Legitimate interest. The processing is necessary to fulfill our legitimate interest in ensuring necessary technical functionality and security on our websites and in our services.
Retention period: Personal data is retained for this purpose as long as your user account is active. Personal data in logs is retained to fulfill our legitimate interest in managing troubleshooting and incidents for a period of twelve (12) months from the time of the log event.
Handle and respond to legal claims
Personal Data
All categories of personal data necessary to handle and respond to the legal claim in each case.
Legal Basis
Legitimate interest. The processing is necessary to fulfill our legitimate interest in handling and responding to legal claims.
Retention period: Personal data is retained for the period necessary to handle and respond to the legal claim.
Fulfill legal obligations
Personal Data
All categories of personal data necessary to fulfill the legal obligation.
Legal Basis
Fulfill legal obligation. The processing is necessary for us to fulfill our legal obligations.
Retention period: Personal data is retained for the period necessary for us to fulfill each respective legal obligation. For example, personal data in accounting materials is retained for seven (7) years from the end of the calendar year in which the relevant accounting year ended according to the Accounting Act (1999:1078).
When we share your personal data with different recipients
See below for detailed information on which categories of personal data we share with different categories of recipients for various purposes and with the support of which legal basis.
Collaboration partners
Carry out events and other activities
Personal data
- Identity information
- Communication
- Contact information
Legal basis for the transfer
Legitimate interest. The processing is necessary to fulfill our legitimate interest in carrying out events and other activities.
Social networking platforms
Communicate and provide offers in various channels
Personal data
- User-generated data
- Identity information
- Contact information
- Technical data
Legal basis for the transfer
Legitimate interest. The processing is necessary to fulfill our legitimate interest in communicating and providing offers in various channels about our services in different channels.
Communicate about our services
Personal data
- Identity information
- Contact information
- Technical data
Legal basis for the transfer
Legitimate interest. The processing is necessary to fulfill our legitimate interest in communicating about our services.
External individuals
Communication between employees and external individuals
Personal data
- Identity information
- Communication
- Contact information
- Order information
Legal basis for the transfer
Legitimate interest. The processing is necessary to fulfill our legitimate interest in enabling communication between employees and external individuals.
Other recipients
To manage and adhere to legal requirements
Purpose
Only the personal data that is necessary for this purpose is shared with the recipient.
Legal basis for the transfer
Legitimate interest. Processing is necessary in order for us to fulfil our legitimate interest in handling and meeting legal requirements.
To fulfil legal obligations
Purpose
Only the personal data that is necessary for this purpose is shared with the recipient.
Legal basis for the transfer
Fulfilling a legal obligation. Processing is necessary in order for us to fulfil our legal obligations.
To respond to a legal request
Purpose
Only the personal data that is necessary for this purpose is shared with the recipient.
Legal basis for the transfer
Legitimate interest or to fulfil a legal obligation. To the extent that we are obliged to respond to a legal request, personal data is processed in order to fulfil this legal obligation. Otherwise, processing is based on a balance of interests when it is necessary to fulfil our and the requester’s legitimate interest in our responding to the enquiry.
Categories of Personal Data
In the table below you will find further information about the categories of data we process.
Categories of Personal Data | Examples of Data |
User-Generated DataData you provide when using our services, websites, and digital channels. | Data on clicks and visits and other behavioral information on our websites, digital channels, and services. |
Identity DataData that enables us to identify you. | Name, social security number, username, IP address. |
Communication DataData included in communication with us. | Email content. |
Contact DataData that enables us to contact you. | Address, phone number, email address. |
Payment and Purchase DataData that enables you to pay for our services. | Name, date of birth, credit or debit card type, expiration date, and certain digits of your card number, address, phone number, and purchase and transaction history. |
Order DataData about ordered service. | Service, delivery time, price. |
Organizational DataData related to your organization. | Title, company or organization name, address of the company or organization. |
Profile settings.Data about your user profile when using our services. | Information about your user profile when using our services. |