Welcome to Gympass! We at Gympass know you care about how your Personal Data is used and shared, and we take your privacy seriously.
Gympass offers eligible individuals the opportunity to enroll in a Gympass Subscription. The Gympass Subscription provides access to the services and content of our Third Party Providers. Our network of Third Party Partners varies by location, by Subscription level, and by the fitness or wellness services offered.
If you reside in Brazil, the data controller for your Personal Data is GPBR PARTICIPAÇÕES LTDA. (“GPBR”), CNPJ 15.664.649/0001-84, headquartered at Avenida Engenheiro Luís Carlos Berrini, n° 716, 10th floor, Cidade Monções, CEP 04571-926, São Paulo - SP, a subsidiary of Gympass US, LLC. For Personal Data collected in connection with our Services in the European Economic Area, the United Kingdom, or any other location where applicable law requires, the data controller for your Personal Data is Gympass US LLC,a Delaware limited liability company, with a registered address at 30 Irving Place, 8th floor, New York, NY 10003 (“Gympass US”).
We gather various types of Personal Data from you, as explained in more detail below, and we use this Personal Data in connection with our Services, including to personalize, provide, and improve our Services, to allow you to set up a user account and profile, to contact you and allow other users to contact you, and to fulfill your requests for certain products and services. In certain cases, we may also share some Personal Data with third parties, as described below.
What information does Gympass collect?
Gympass collects the following data:
Contact and Registration Data.If you access our Platform and/ or register for an account, we will collect Personal Data such as your first and last name, username and password, email, mobile or other phone number, mailing address, and zip code, as well as any other Personal Data you choose to provide, including a profile picture and your preferred location. If you have registered for an account, you may log in to review and update your information and preferences.
Transaction Information.If you become a Gympass Subscriber and utilize a direct payment method such as a credit card, we will collect information related to the payment for our Services, such as your credit/debit card information, billing address, and other related transaction information, either directly or through our payment provider. If you pay for our Services by requesting payroll deduction, we will receive confirmation of the transaction from your employer.
Communications, Surveys, and Reviews.We will also collect information when you communicate with us, such as through emails or other communications that you send us, exchanges through the website or app, or exchanges through social media. If we ask you to provide feedback by completing a survey or by offering a testimonial or review, we will collect any information you choose to provide.
Check-in/ Location Data.We may collect location data from your mobile device in order to validate your check-in data to the extent that it is enabled in your device settings.
Data from Social Media Apps. If you link your Gympass account to any social media profile, or otherwise interact with us through a social media site (e.g., by logging in through Facebook or by clicking a Facebook “like” button), the social media network may share information with us. You can access and revise your information-sharing practices in the privacy settings of such social media sites.
Usage Information.We will collect information about how you interact with and use our Services, such as your “check-in” with a Third Party Provider or other proof of your access and/or use of the Services of a Third Party Provider, virtual or in-person classes that you book and/or attend, and workouts you log.
Device Data. When you interact with our Services, either on our website or through our mobile app, we automatically receive and record data which may include your IP address, geolocation data, device identification, “cookie” data (please see below), the type of browser and/or device you’re using to access our Services, the page or feature you requested and time of access.
Eligibility Information.To offer you our Services and confirm your eligibility for the Gympass Platform, we may collect Personal Data from your employer or other entity who provides you with access to Gympass (or, in the case of a qualifying Family Member, the individual who is the primary account holder for you), which may include first and last name, work email, employee ID or another personal identifier, and/or your status as an active employee.
Referral Information.When our referral services are utilized (for example, to refer a local gym to the Gympass network), we receive the referred person’s data or the personal data for a referred company.
Publicly available sources. Gympass may receive data from publicly available sources.
How does Gympass use my Personal Data?
We use your Personal Data to provide you with our Services, confirm eligibility for and administer your Membership and Subscription, respond to your inquiries, deliver a more relevant experience with our Services and Third Party Providers, and meet our other business purposes. We may also use your Personal Data in order to facilitate the administration of your account through your employer or a wellness solution platform that your employer has engaged in order to offer you our Services. We may use this data to contact you or to cross-reference it with other Personal Data we may hold about you in accordance with this Policy. Specifically, we may use your Personal Data for the following purposes and based on the following legal basis under data protection law for each purpose:
Purpose for processing your Personal Data
Categories of Personal Data
To provide the Gympass Services
To confirm eligibility for Gympass
To manage your Subscription
To delivery relevant content and news, including making recommendations to you and monitoring trends
To enable your participation in activities we organize related to the Services, including sweepstakes, competitions, surveys
To diagnose and fix issues with the Gympass Platform and Services
To evaluate and develop new features and improvements
To process your payment and facilitate payment in support of your Membership or Subscription
To comply with a legal obligation or law enforcement requirement, including to collect applicable taxes
To fulfill contractual obligations with Third Party Providers
To take appropriate action with reports of IP infringement or inappropriate conduct on the Platform
To establish, exercise or defend legal claims
To conduct business planning reporting, and forecasting
To detect and prevent fraud
How does Gympass share my Personal Data?
Sponsor for Gympass Services.We may share certain Personal Data (name, surname, email address, if you have a Membership or Subscription and cost of your plan) with your employer or other third party that offers you an opportunity to use our Services. If you sign up for Gympass as a qualifying Family Member, we may share your personal data with the primary account holder who provided you with access to Gympass.
Vendors. We may share Personal Data with companies who perform services on our behalf, including providers that help us send communications, analyze data, and maintain our websites and the Gympass Platform.
Social Media and Third-Party Apps.We may share information with social networks when you use our Services to interact with a social media site (e.g. you click a Facebook “like” button), or connect to our Services through social media . You can review the privacy practices of these sites and third-party apps on their respective sites.
Affiliates.We may share your Personal Data with Gympass corporate affiliates, such as parent or sister entities, in order to administer our Services and operate, evaluate, and improve our business.
Corporate Transactions.We may choose to buy or sell assets and may share and/or transfer customer data in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, your Personal Data could be one of the assets transferred to or acquired by a third party.
User Profiles and Submissions.Certain account data, including your name, location, and any video or image content that you have uploaded to the Services, may be displayed to other Users to facilitate user interaction within the Services or address your request for our Services. Please remember that any content you upload to your public user profile, along with any Personal Data or content that you voluntarily disclose online in some manner other Users can view (on discussion boards, reviews, posts, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your username may also be displayed to others if you interact with others, such as by sending messages, comments, or uploading content.
Aggregated or De-identified Data.We may share aggregate usage data with current or prospective Third Party Providers or corporate clients (or allow Third Party Providers or corporate clients to collect that data from you). We reserve the right to provide aggregated and/ or de-identified data to third parties for our own purposes.
How does Gympass communicate with me?
We may send you emails with information about Gympass and its Services. You may opt-out of these communications at any time by clicking on the unsubscribe button at the bottom of each communication or by contacting us directly. You cannot opt-out of communications regarding transactional or service updates, security, and legal notices.
If you have opted to receive notifications on your mobile device, we may contact you mainly by email and we may on occasions contact you by phone or using text messaging. You always have the option to turn notifications off at the device level.
We may on occasion contact you by phone, but only as allowed under applicable law. You may elect to use text messaging as a way for us to communicate with you. You may opt-out of receiving any phone call or text by following the instructions in the communication. For example, you may opt-out from receiving text messages at any time by replying “STOP” to a text you have from Gympass. Please note that we may send you a confirmation that you have unsubscribed. Please allow us a reasonable time to process your request.
How does Gympass protect my Personal Data?
We have put in place appropriate technical and organizational measures to help protect the security of your Personal Data. We have implemented various safeguards to protect against unauthorized access to Personal Data in our systems.
Be aware that no system is ever totally secure, and we encourage you to take appropriate steps to protect yourself. For example, you should protect your account against unauthorized access to your password, mobile device, and computer by, among other actions, signing off after using a shared computer, selecting and protecting your password and/or other sign-on mechanisms appropriately, and limiting access to your computer or device and browser by signing off after you have finished accessing your account. We are not responsible for any lost, stolen, or compromised passwords, or for any activity in your account via unauthorized password activity.
Retention and Data Transfers
Gympass retains your Personal Data only for as long as is necessary for the purposes set out in this Policy, for as long as your Membership is active, or as needed to provide you with Eligibility to the Platform. If you no longer want Gympass to process your Personal Data to provide the Services to you, you may close your account. Gympass retains and uses your Personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Data to comply with applicable tax or revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Policy. We may also retain Personal Data where our legitimate business purposes require, such as ensuring site safety and security, improving the functionality of our Services, or when we are legally obligated to retain the data for a longer period. In some circumstances, we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information without further notice to you.
Gympass operates a global business, and thus it shares Personal Data internationally with Gympass group of companies, vendors, and partners when carrying out the processing described in this Policy. To ensure that each data transfer complies with all applicable law, Gymapss relies on approved legal mechanisms such as the EU Standard Contractual Clauses.
Data Subject Rights
Where required by applicable law, you may have the following rights with respect to your Personal Data:
If you would like to manage, change, or delete your Personal Data, you can do so through the settings in the Gympass Platform. Alternatively, you may exercise any of the rights listed above by contacting us.
Deleting or limiting the use of your Personal Data will impact features and uses within the Platform that rely on that information. Please note that we may verify your identity before we are able to process any of the requests described in this section, and in our discretion, may deny your request if we are unable to verify your identity. As part of this process, government or other identification may be required. Where allowable under applicable law, you may designate an authorized agent to make a request on your behalf by contacting us through the Help Center but you must provide the required documentation including the requestor’s valid government issued identification, the authorized agent’s valid government issued identification, notarized authority to act on behalf of the requestor, and other information as needed to verify the request’s authenticity.
Additional Information for California Users
To submit a request to exercise your rights as provided under California law, please follow the process as outlined in the section above on Data Subject Rights.
Information for Supplemental Services
Important information. Gympass US acts as the controller of such personal data where required under applicable law, except that GPBR acts as the data controller if you reside in Brazil. The personal data Gympass directly collects and processes from you may include the following categories of personal data: contact information, such as your name, job title, company name, address, phone number, email address, username and password, and any other information you voluntarily chose to share. We process your personal data to send you information, product recommendations and other non-transactional communications (for example, marketing newsletters) about us, our affiliates and partners. When processing your personal data we rely on your prior consent.
International transfers and Retention. We may transfer, store and process your personal data outside of your country of residence for the purposes of organizing communications in accordance with applicable law, and as explained in this Policy. As explained in this Policy, Gympass will delete your data once the applicable retention period has expired in accordance with applicable law.
Your Preferences and Your Legal Rights. You may manage your receipt of communications from Gympass by following the directions provided in the communication (for example, by clicking on the “unsubscribe” link located at the bottom of Gympass marketing email). Please note that you may still receive important business communications regarding your current relationship with Gympass even if you opt out of marketing communications. You have a right to request access,update, delete or correct your personal data, where these rights are provided by applicable law and subject to certain exceptions. To exercise your rights, please contact us.
If you have any questions, contact Gympass’ support team via our Help Center.
If you have questions relating to this Policy or Gympass’ privacy practices, you may send an email to Gympass’ Data Protection Officer at email@example.com.
Without prejudice to any other rights you may have to file a complaint with your local data protection regulator, you may also contact the Dutch Data Protection Authority, Gympass’ Lead Supervisory Authority, if you are located in the European Union. The Dutch DPA can be reached at the following address:
PO Box 93374
2509 AJ DEN HAAG
+31 (0) 70 - 888 85 00
Effective Date: December 16, 2022