Privacy Policy
Gym Plus Privacy Policy
This privacy policy (the “Policy”) sets out how the following entities:
– Galova Limited (trading as Gym Plus Cork);
– Mandabe Limited (trading as Gym Plus Naas);
– Prime Fitness Limited (trading as Gym Plus Ashbourne, Drogheda, Rathfarnham and Swords);
– Prime Fitness (Ballsbridge) Limited (trading as Gym Plus Ballsbridge);
– Prime Fitness (Drogheda) Limited (trading as Gym Plus Drogheda);
collectively trading as the Gym Plus Group (“Gym Plus”, “we” or “us”) uses and protects any personal information that you give Gym Plus when you use our website and clubs. This Policy sets out important information about your rights in relation to the processing of your personal data, and the basis on which any personal data we collect from you, or that you provide to us, will be processed in connection with your use of this website (https://gymplus.ie/) (“our Site” or “the Site”) and/or our services (the “Services”).
Controller
Under this Policy, and unless we have entered into a different agreement with you, we will be what is known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us.
Our privacy culture
We respect your right to privacy and take seriously our responsibilities in relation to the processing of personal data. We do not collect or process personal data unnecessarily.
Gym Plus is committed to ensuring that your privacy is protected. This means that we will only use the personal information you provide in an appropriate way and that we will do all we can to protect it.
If you have any questions about this Policy, including any requests to exercise your legal rights, please contact dataprotection@gymplus.ie.
What we collect
We will collect and process the following data about you for the following purposes: Information you give us.
Your Data. This is information about you that you give us by filling in forms on our Site or by corresponding with us by phone, e-mail, in a club, or otherwise. It includes information you provide when you use our Site, or the Services, or report a problem with our Site.
The information you give us may include:
- Identity Data: your full name, Eircode, e-mail address, phone number, address, age, date of birth, title, your photograph and personal description, member ID, login and password details, attendance history, QR access code, and/or preferences and interests.
- Financial Data: your financial, including bank account or card details, billing contact email address.
- Health Data: data relating to your health.
- Profile Data: your preferences and interests, including your marketing preferences.
Information we collect about you.
Automatically Collected Information. With regard to each of your visits to our Site we will automatically collect the following information:
- Technical Data: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, how often you use the application and other performance data; and
- Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse overs, search queries), methods used to browse away from the page, forms submitted, and any phone number used to call us.
Special categories of personal data and data related to children
For club members or guests under the age of 16, a parent or guardian must give consent for the processing of their child’s personal data. The processing of children’s personal data is required so that we may carry out our contract for services, i.e., as required in relation to their access to and use of our clubs and gym facilities.
In addition to basic identification and demographic data, Health Data is collected as needed when a child is being added to our swim programme and the swim lesson teaching portal. This is to help ensure our instructors are aware of any health issues that might affect the delivery of the lesson or require special arrangements to be made for the child. This information is deleted 6 months after lessons cease, or sooner by request.
Personal data relating to children will not be subject to profiling of automated decision-making and is not used for marketing purposes.
What we do with the information we gather
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
We have set out below, in table format, a description of the ways we plan to use your personal data and the legal basis we rely only to do so. We have also identified our legitimate interests where appropriate:
| Purpose/Activity | Type of data | Legal basis for processing |
| – To provide the Services to you. |
– Identity Data – Financial Data – Technical Data – Usage Data |
– Performance of a contract. |
| – To help ensure your health and safety in providing the Services to you including making any special arrangements in connection with the provision of any swimming lessons or other Services. |
– Identity Data – Health Data |
– Performance of a Contract with you. – Explicit consent. |
| To respond to your queries and to provide you with the information you request from us in relation to our products or services. |
– Identity Data – Technical Data – Usage Data |
– Necessary for our legitimate interests (to respond to new or existing customer queries and grow our business). – Performance of a contract with you. |
| To manage payments, fees and charges and to collect and recover money owed to us. |
– Identity Data – Financial Data |
– Performance of a contract with you. – Necessary for our legitimate interests (to recover debts due to us). |
| To manage our relationship with you, including notifying you about changes to the Services, or our Policy. |
– Identity Data – Technical Data – Usage Data |
– Performance of a contract. – Necessary to comply with a legal obligation. – Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services). |
| To provide you with information about services we offer that are similar to those that you have enquired about. |
– Identity Data – Technical Data – Usage Data |
Necessary for our legitimate interests (to develop our products or services and grow our business). |
| Where you have given us your consent to do so, to provide you with information about other services and special offers we feel may interest you. |
– Identity Data – Technical Data – Usage Data |
Consent |
| To ensure that content is presented in the most effective manner for you and for your computer or device. |
– Identity Data – Technical Data – Usage Data |
Necessary for our legitimate interests (to keep our Site and the Services updated and relevant and to develop and grow our business). |
| To administer and protect our business, our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. |
– Identity Data – Technical Data – Usage Data |
Necessary for our legitimate interests (for running our business and as part of our efforts to keep our Site safe and secure). |
| To use data analytics to improve or optimise our Site, marketing, customer relationships and experiences. |
– Technical Data – Usage Data |
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site and the Services updated and relevant, to develop and grow our business and inform our marketing strategy). |
| To measure or understand the effectiveness of advertising we serve to you and others, and, where applicable, to deliver relevant advertising to you. |
– Identity Data – Technical Data – Usage Data |
Necessary for our legitimate interests (to study how customers use our products or services, to develop them, to grow our business and to inform our marketing strategy). |
| To run customer surveys, promotions and competitions. |
– Identity Data – Profile Data |
Consent |
Change of purpose
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at dataprotection@gymplus.ie. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.
How long we keep your information.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For more information about our data retention policies please contact us at dataprotection@gymplus.ie.
Disclosure of your information
We do not sell your personal information to third parties for marketing purposes. We may disclose information to third parties if you consent to us doing so as well as in the following circumstances:
You agree that we have the right to share your personal information with the following recipients or categories of recipients:
- Any department or authorised person within our company or any member company within our group.
- Selected third parties including:
- business partners, suppliers, instructors and sub-contractors for the performance of any contract we enter into with them or you in relation to the Services;
- analytics and search engine providers that assist us in the improvement and optimisation of our Site;
- credit reference agencies for the purpose of assessing your credit score to the extent this is a condition of us entering into a contract with you.
We will disclose your personal information to third-party recipients:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of our business or assets.
- if Gym Plus or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- if we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or other agreements.
- to protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organisations for the maintenance and security of the Site and Services.
How we look after your information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your rights relating to your personal information
Accessing your Personal Data
You may request access at any time to a copy of the personal data we hold about you. Any such request should be submitted to us in writing and sent to dataprotection@gymplus.ie. We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested.
There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances.
Right of Restriction.
You may restrict us from processing your personal data in any of the following circumstances: • you have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data;
- the processing of your personal data is unlawful and you request the restriction of use of the personal data instead of its erasure;
- we no longer require your personal data for the purpose of processing but you require this data for the establishment, exercise or defence of legal claims; or
- where you have contested the processing (under Article 21(1) of the GDPR) pending the verification of our legitimate grounds.
Corrections or Erasure (Right to Rectification and Right to Be Forgotten)
If we hold personal data concerning you which are no longer necessary for the purposes for which they were collected or if you withdraw consent for us to process your personal data, you can request the deletion of this personal data. This right, however, will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health. If the personal information we hold about you is inaccurate, you may request to have your personal information updated and corrected. To do so at any time, please contact us by email at dataprotection@gymplus.ie.
Your Right to Object
You have the right to object to the processing of your personal data at any time:
- for direct marketing purposes;
- for profiling to the extent it relates to direct marketing; and
- where we process your personal data for the purposes of legitimate interests pursued by us, except where we can demonstrate compelling legitimate grounds for this processing which would override your interests, rights and freedoms or in connection with the enforcement or defence of a legal claim.
To exercise your right to object at any time, please email dataprotection@gymplus.ie.
Should this occur, we will no longer process your personal data for these purposes unless doing so is justified by a compelling legitimate ground as described above. For more information about our marketing practices, please see the Marketing Communications section below.
Data Portability
Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.
Profiling
Profiling is an automated form of processing personal data often used to analyse or predict personal aspects about an individual person. This could relate to a person’s performance at work, economic situation, health, personal preferences, reliability, behaviour, location, or movements. An example of this would be where a bank uses an automated credit scoring system to assess and reject a loan application.
You have the right to be informed if your personal data will be subject to automated decision-making, including profiling. You also have the right not to be subject to a decision based solely on automated process, including profiling, where that decision impacts on your legal rights. There are some exceptions to this rule, where, for example, the decision is necessary in connection with the performance of a contract between us, is authorised by law or where you have given your explicit consent to this automated processing. In this case, however, we do not engage in profiling or automated processing for profiling purposes.
Personal Rights
The rights described in this section are personal rights and are exercisable only by the individual person (or data subject) concerned.
Marketing Communications
General
We will not use your data to send marketing communications to you about promotions, competitions, updates and new products or services that may be of interest to you unless we have your permission to do so.
Your right to object
You have the right to object to the processing of your personal data for our marketing purposes. To object or if you change your mind at any later time, you can withdraw your consent to the processing of your personal data for such marketing purposes by contacting us at dataprotection@gymplus.ie. You may also opt out of receiving marketing communications at any time by selecting the unsubscribe option when you receive an electronic marketing communication from us. The withdrawal of your consent will not impact upon the lawfulness of processing based on your consent prior to the withdrawal.
Acceptance of these terms
By taking out a membership, filling in a contact form on our Site or using a mobile app we provide to you, you agree and accept that we may gather, process, store and/or use the personal data submitted in the way we outline in this Policy. If you are under the age of 16, Gym Plus will not collect or process your details unless we have also received the consent of an adult who has parental responsibility for you. To the extent any processing of your personal data is based on your consent, you have the right to withdraw your consent at any time unless by doing so you prevent us from delivering the Service set out in your membership agreement. To withdraw consent to the processing of your personal data, please write to dataprotection@gymplus.ie.
CCTV
CCTV is used in our clubs to provide security for our members, their property and the security of the club. All visitors to the club should be aware that CCTV is in use, as per the signs displayed in the clubs.
Cookies
A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer browser from our Site and is stored on your device’s hard drive in the form of a text file. Cookies are used to control an online session and provide security such as a time-out function. We collect cookies from our users after obtaining their express or implied consent, which may be given by clicking “Accept” on the cookies banner displayed on our website.
How we use cookies
- Strictly necessary cookies. Strictly necessary cookies allow core Site functionality such as user login and account management. The Site can not be used properly without strictly necessary cookies.
- Targeting cookies. Targeting cookies are used to identify visitors between different websites, e.g., content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.
- Performance cookies. Performance cookies are used to see how visitors use the website, e.g., analytics cookies. Those cookies can not be used to directly identify a certain visitor.
For a detailed explanation of how Google Analytics cookies work please visit: https://developers.google.com/analytics/resources/concepts/gaConceptsCookies
Links to other websites
Our Site may contain links to other websites of interest. However, once you have used these links to leave our Site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question.
Third-Parties
We always endeavour to deal with vendors and other third parties who are GDPR compliant or, in the case of the third parties located outside of the EEA, who use appropriate mechanisms to transfer personal data (such as the Standard Contractual Clauses), or who have adequate security measures in place to safeguard the security of personal data. That said, we, our employees, agents, holding company and subsidiaries, accept no liability howsoever arising for the content or reliability of any third
party materials or websites referenced by hyperlink or other means on the Site or for the data collection and use practices or security measures used by such third parties. If you submit personal data to any of those sites, your personal data is governed by their privacy policy. We encourage you to carefully read their privacy policies.
Personal data collected by us and stored via our Site or our mobile app is processed on our behalf by Perfect Gym Solutions, Spolka Akcjna, str. Franciska Klimczaka 1, 02-797 Warsaw, Poland EU/VAT 9512387811 and in the case of our swimming lessons by CAP2, a trading name of Fitronics Limited, a registered company in England and Wales with company registration number 04530620 and VAT registration number GB691316824 with a registered office at 18 Monmouth Place, Bath, BA1 2AY. We have appropriate legal agreements in place with both service providers.
Changes to this Policy
Any changes made to this Policy from time to time will be published on the Site.
Any material or other change to the data processing operations described in this Policy which is relevant to or impacts on you or your personal data, will be notified to you in advance by email or in-club. In this way, you will have an opportunity to consider the nature and impact of the change and exercise your rights under the GDPR in relation to that change (e.g., to withdraw consent or to object to the processing) as you see fit.
Questions or Complaints
Contact Us. If you have any questions or complaints relating to this Policy, please contact us at: dataprotection@gymplus.ie.
Supervisory Authority. We are committed to complying with the terms of the GDPR and to the processing of personal data in a fair, lawful and transparent manner. If, however, you believe that we have not complied with our obligations under the GDPR, you have the right to lodge a complaint with the Data Protection Commission: https://www.dataprotection.ie