Privacy Policy

Last updated: 12/08/2025

By installing our mobile application or in any way using or accessing our services, you accept the terms of this Privacy Policy and the processing of your personal data in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR).


1. Personal Data Controller

Responsible for the processing of your personal data is:

Company Name:
Gympak AB, org. nr 559373-8411

Address:
Henckels Torg 4, 252 36 Helsingborg, Sweden

E-mail:
hello@gympak.com


2. Information About the Personal Data We Collect

When you register for Gympak services, we collect personal information from you such as:

As you use the Gympak services, you may upload additional personal information to your account, depending on your use of the services, including:

In an ongoing effort to improve our services, additional personal information may be collected. In such cases, we will notify you when the collection occurs.


3. Our Use of Your Personal Data

We only process your personal data in accordance with this Privacy Policy and relevant legislation. Below are the purposes for processing your data.

3.1 Communicate About Our Services

3.2 Manage Orders

3.3 Manage Payments

3.4 Follow Up and Evaluate Customer Relationships

3.5 Marketing & Offers in Various Channels

3.6 Manage Newsletters

3.7 Answer Questions

3.8 Conduct Surveys

3.9 Enable Functionality on Our Websites

3.10 Monitor and Evaluate Use of Our Services

3.11 Ensure Technical Functionality & Security

3.12 Manage and Respond to Legal Requirements

3.13 Fulfil Legal Obligations


4. Your Rights

Under GDPR, you have the right to:

To exercise your rights:
Contact hello@gympak.com or delete your account through the app.


5. Storage of Your Personal Data


6. Sharing of Personal Data

We may share your data with:

Transfers outside the EU/EEA will only be made with appropriate safeguards, such as standard contractual clauses.


7. Security Measures

We use industry-standard technical and organisational measures to protect your personal data, including:

You should also use a strong password, limit device access, and log out after using the Gympak app.


8. Changes to This Privacy Policy

We may update this Privacy Policy when necessary. Any significant changes will be communicated in advance via our website, app, or email.


9. Contact Us

For questions or complaints about our handling of your personal data:
Email: hello@gympak.com

You also have the right to file a complaint with the relevant supervisory authority.


10. Detailed Information on the Handling of Personal Data

10.1 Communicate About Our Services

Personal DataLegal BasisRetention Time
Identity data, Contact details, Profile data, Technical dataFulfilment of a contract – processing necessary to comply with current terms of delivery.Retained as long as your user account is active, then deleted.

10.2 Manage Orders

Personal DataLegal BasisRetention Time
Identity data, Communication, Contact information, Order data, Profile dataLegitimate interest – necessary to manage orders. Fulfilment of agreements – if carried out by an individual company.Retained for as long as necessary to process your order, and 10 years thereafter for legal requirements. Accounting data stored for 7 years from year-end per Swedish Accounting Act (1999:1078).

10.3 Manage Relationships with Customers, Suppliers, and Partners

Personal DataLegal BasisRetention Time
Identity data, Communication, Contact information, Order data, Profile dataLegitimate interest – manage customer/supplier relationships. Fulfilment of agreements – if concluded with an individual company.Retained for as long as there is an active relationship, plus 10 years thereafter. A relationship is active if contact occurred in the previous 12 months.

10.4 Follow Up and Evaluate Relationships with Customers

Personal DataLegal BasisRetention Time
Identity data, Order data, Profile data, Purchase and order history, Communication history, Activity historyLegitimate interest – evaluate customer/supplier relationships.Retained for 27 months from collection. Reports without personal data stored indefinitely.

10.5 Communication Between Employees and External Persons

Personal DataLegal BasisRetention Time
Identity data, Audio/video materials, Communication, Contact information, Order data, Profile dataLegitimate interest – communicate offers in various channels. Consent – for cookies/technologies where applicable.Retained as long as there is an active relationship, plus 12 months thereafter. If no relationship, retained for 3 months from collection.

10.6 Communicate and Provide Offers in Various Channels

Personal DataLegal BasisRetention Time
User-generated data, Identity data, Contact details, Order data, Technical dataLegitimate interest – communicate and provide offers about services in different channels.Retained during customer relationship and 12 months thereafter. If no customer relationship, retained for 3 months from collection.

10.7 Manage Our Newsletters

Personal DataLegal BasisRetention Time
Identity information, Contact informationLegitimate interest – manage newsletter subscriptions.Retained indefinitely until you unsubscribe.

10.8 Answer Questions

Personal DataLegal BasisRetention Time
Identity information, Communication, Contact information, Order information, Organisational informationLegitimate interest – respond to inquiries.Retained during customer relationship and 10 years thereafter. If no customer relationship, retained for 1 year from last communication.

10.9 Conduct Surveys

Personal DataLegal BasisRetention Time
Identity information, Contact informationLegitimate interest – collect feedback.Retained during survey period and 3 months thereafter. Non-personal statistics stored indefinitely.

10.10 Enable Functionality on Our Websites

Personal DataLegal BasisRetention Time
Technical dataLegitimate interest – enable functionality for better user experience.Retained during your visit and 12 months thereafter.

10.11 Monitor and Evaluate the Use of Our Websites, Digital Channels, and Services

Personal DataLegal BasisRetention Time
User-generated data, Technical dataLegitimate interest – monitor and evaluate usage. Includes Leadoo tracking (see Leadoo Privacy Policy).Retained for 3 months. Non-personal statistics stored indefinitely.

10.12 Ensure Necessary Technical Functionality and Security

Personal DataLegal BasisRetention Time
All relevant categories of personal dataLegitimate interest – maintain technical functionality and security.Retained as long as account is active. Logs kept for 12 months from event.

10.13 Handle and Respond to Legal Claims

Personal DataLegal BasisRetention Time
Necessary personal data for the claimLegitimate interest – handle/respond to legal claims.Retained for the period necessary to resolve the claim.

10.14 Fulfil Legal Obligations

Personal DataLegal BasisRetention Time
All necessary categories of personal dataFulfil legal obligation – comply with laws.Retained as required by each legal obligation. Accounting data kept for 7 years per Swedish Accounting Act.

11. Sharing of Personal Data – Detailed Information

11.1 Collaboration Partners (Events and Activities)

Personal DataLegal Basis
Identity information, Communication, Contact informationLegitimate interest – carry out events and activities.

11.2 Social Networking Platforms

Purpose: Communicate and provide offers in various channels.

Personal DataLegal Basis
User-generated data, Identity information, Contact information, Technical dataLegitimate interest – marketing and communication.

Purpose: Communicate about our services.

Personal DataLegal Basis
Identity information, Contact information, Technical dataLegitimate interest – customer communication.

11.3 External Individuals

Purpose: Communication between employees and external individuals.

Personal DataLegal Basis
Identity information, Communication, Contact information, Order informationLegitimate interest – facilitate communication.

11.4 Other Recipients

PurposeLegal Basis
Manage and adhere to legal requirementsLegitimate interest – handle legal requirements.
Fulfil legal obligationsLegal obligation – comply with law.
Respond to legal requestsLegal obligation (if required) or legitimate interest (otherwise).

12. Categories of Personal Data

CategoryExamples
User-generated dataData provided when using services, websites, or digital channels; clicks, visits, behavioural data.
Identity dataName, social security number, username, IP address.
Communication dataEmail content.
Contact dataAddress, phone number, email address.
Payment and purchase dataName, date of birth, card type, expiry date, certain card digits, address, phone number, purchase history.
Order dataService, delivery time, price.
Organisational dataTitle, company name, company address.
Profile settingsInformation about your user profile when using our services.