Welcome to Gympass! We at Gympass know you care about how your Personal Data is used and shared, and we take your privacy seriously.
Gympass offers eligible individuals the opportunity to enroll in a Gympass Subscription. The Gympass Subscription provides access to the services and content of our Third Party Providers. Our network of Third Party Partners varies by location, by Subscription level, and by the fitness or wellness services offered.
If you reside in Brazil, the data controller for your Personal Data is GPBR PARTICIPAÇÕES LTDA. (“GPBR”), CNPJ 15.664.649/0001-84, headquartered at Avenida Engenheiro Luís Carlos Berrini, n° 716, 10th floor, Cidade Monções, CEP 04571-926, São Paulo - SP, a subsidiary of Gympass US, LLC. For Personal Data collected in connection with our Services in the European Economic Area, the United Kingdom, or any other location where applicable law requires, the data controller for your Personal Data is Gympass US LLC,a Delaware limited liability company, with a registered address at 30 Irving Place, 8th floor, New York, NY 10003 (“Gympass US”).
We gather various types of Personal Data from you, as explained in more detail below, and we use this Personal Data in connection with our Services, including to personalize, provide, and improve our Services, to allow you to set up a user account and profile, to contact you and allow other users to contact you, and to fulfill your requests for certain products and services. In certain cases, we may also share some Personal Data with third parties, as described below.
What information does Gympass collect?
Gympass collects the following data:
Contact and Registration Data. If you access our Platform and/ or register for an account, we will collect Personal Data such as your first and last name, username and password, email, mobile or other phone number, mailing address, and zip code, as well as any other Personal Data you choose to provide, including a profile picture and your preferred location. If you have registered for an account, you may log in to review and update your information and preferences.
Transaction Information. If you become a Gympass Subscriber and utilize a direct payment method such as a credit card, we will collect information related to the payment for our Services, such as your credit/debit card information, billing address, and other related transaction information, either directly or through our payment provider. If you pay for our Services by requesting payroll deduction, we will receive confirmation of the transaction from your employer.
Communications, Surveys, and Reviews. We will also collect information when you communicate with us, such as through emails or other communications that you send us, exchanges through the website or app, or exchanges through social media. If we ask you to provide feedback by completing a survey or by offering a testimonial or review, we will collect any information you choose to provide.
Check-in/ Location Data. We may collect location data from your mobile device in order to validate your check-in data to the extent that it is enabled in your device settings.
Data from Social Media Apps. If you link your Gympass account to any social media profile, or otherwise interact with us through a social media site (e.g., by logging in through Facebook or by clicking a Facebook “like” button), the social media network may share information with us. You can access and revise your information-sharing practices in the privacy settings of such social media sites.
Usage Information.We will collect information about how you interact with and use our Services, such as your “check-in” with a Third Party Provider or other proof of your access and/or use of the Services of a Third Party Provider, virtual or in-person classes that you book and/or attend, and workouts you log.
Device Data. When you interact with our Services, either on our website or through our mobile app, we automatically receive and record data which may include your IP address, geolocation data, device identification, “cookie” data (please see below), the type of browser and/or device you're using to access our Services, the page or feature you requested and time of access. If you choose to do so and your Program sponsor allows, you may allow us to collect and analyze information about your wellness and fitness, including but not limited to the number of steps you walked, your fitness and wellness information, using the HealthKit framework from Apple, Inc., or another tool. The information you provide to HealthKit (or such other tool) is governed by Apple’s privacy terms (or the terms of the applicable tool).
Eligibility Information. To offer you our Services and confirm your eligibility for the Gympass Platform, we may collect Personal Data from your employer or other entity who provides you with access to Gympass (or, in the case of a qualifying Family Member, the individual who is the primary account holder for you), which may include first and last name, work email, employee ID or another personal identifier, and/or your status as an active employee.
Referral Information. When our referral services are utilized (for example, to refer a local gym to the Gympass network), we receive the referred person's data or the personal data for a referred company.
Publicly available sources. Gympass may receive data from publicly available sources.
How does Gympass use my Personal Data?
We use your Personal Data to provide you with our Services, confirm eligibility for and administer your Membership and Subscription, respond to your inquiries, deliver a more relevant experience with our Services and Third Party Providers, and meet our other business purposes. We may also use your Personal Data in order to facilitate the administration of your account through your employer or a wellness solution platform that your employer has engaged in order to offer you our Services. We may use this data to contact you or to cross-reference it with other Personal Data we may hold about you in accordance with this Policy. Specifically, we may use your Personal Data for the following purposes and based on the following legal basis under data protection law for each purpose:
|Purpose for processing your Personal Data
|Categories of Personal Data
To provide the Gympass Services
|To confirm eligibility for Gympass
|To manage your Subscription
|To delivery relevant content and news, including making recommendations to you and monitoring trends
|To enable your participation in activities we organize related to the Services, including sweepstakes, competitions, surveys
|To diagnose and fix issues with the Gympass Platform and Services
|To evaluate and develop new features and improvements
|To process your payment and facilitate payment in support of your Membership or Subscription
|To comply with a legal obligation or law enforcement requirement, including to collect applicable taxes
|To fulfill contractual obligations with Third Party Providers
|To take appropriate action with reports of IP infringement or inappropriate conduct on the Platform
|To establish, exercise or defend legal claims
|To conduct business planning reporting, and forecasting
|To detect and prevent fraud
How does Gympass share my Personal Data?
Sponsor for Gympass Services. We may share certain Personal Data (including but not limited to name, surname, email address, your Membership or Subscription, cost of your plan, whether you have Family Members enabled where allowed, and administrative details) with your employer or other third party that offers you an opportunity to use our Services. If enabled by your Sponsor and you choose to join, we may share your data in a challenge or other competition or program type in order to administer the particular program, such as enabling your Sponsor to share a leaderboard. If you sign up for Gympass as a qualifying Family Member, we may share your personal data with the primary account holder who provided you with access to Gympass and with their Sponsor. In specific circumstances and for limited purposes, including but not limited to ensuring proper administration, supporting tax and financial reporting compliance, and reporting on the workforce engagement with the Program to support administration, we share reports containing identifiable information with your Sponsor. Finally, if your activity information indicates that there is a problem or abuse, we may share your information with the Sponsor as required in order to ensure the proper functioning of the Platform.
Indirect Partners. If your Sponsor engaged with Gympass through an indirect channel or other benefits distributor, then we may share limited Personal Data that relates to your participation in the Platform with these services, as directed by your Program Sponsor, in order to facilitate coordination of services across these entities and to administer the Program to you.
Vendors. We may share Personal Data with companies who perform services on our behalf, including providers that help us send communications, analyze data, and maintain our websites and the Gympass Platform.
Social Media and Third-Party Apps.We may share information with social networks when you use our Services to interact with a social media site (e.g. you click a Facebook “like” button), or connect to our Services through social media . You can review the privacy practices of these sites and third-party apps on their respective sites.
Affiliates.We may share your Personal Data with Gympass corporate affiliates, such as parent or sister entities, in order to administer our Services and operate, evaluate, and improve our business.
Legal and Compliance. We may disclose your Personal Data as required or permitted by law, regulation, or legal process, including to respond to an inquiry from a governmental or law enforcement agency or a court order, to investigate suspected or actual fraud, illegal activity, or security incident, to enforce or apply our Terms or other agreement we may have with you, and where we believe disclosure is appropriate to protect the rights, property, health, or safety of Gympass, its affiliates (including Third Party Providers), our users, employees, or others.
Corporate Transactions. We may choose to buy or sell assets and may share and/or transfer customer data in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, your Personal Data could be one of the assets transferred to or acquired by a third party.
User Profiles and Submissions. Certain account data, including your name, location, and any video or image content that you have uploaded to the Services, may be displayed to a Third Party Partner, for example, if you book a Personal Trainer session. Please remember that any content you share , along with any Personal Data or content that you voluntarily disclose online in some manner other Users can view (on discussion boards, reviews, posts, in messages and chat areas, etc. outside of the Gympass Platform) becomes publicly available, and can be collected and used by anyone.
Aggregated or De-identified Data. We may share aggregate usage data with current or prospective Third Party Providers or corporate clients (or allow Third Party Providers or corporate clients to collect that data from you). We reserve the right to provide aggregated and/ or de-identified data to third parties for our own purposes.
How does Gympass communicate with me?
We may send you emails with information about Gympass and its Services. You may opt-out of these communications at any time by clicking on the unsubscribe button in each communication or by contacting us directly. You cannot opt-out of communications regarding transactional or service updates, security, and legal notices.
If you have opted to receive notifications on your mobile device, we may contact you mainly by email and we may on occasions contact you by phone or using text messaging. You always have the option to turn notifications off at the device level.
We may on occasion contact you by phone, but only as allowed under applicable law. You may elect to use text messaging as a way for us to communicate with you. You may opt-out of receiving any phone call or text by following the instructions in the communication. Please note that we may send you a confirmation that you have unsubscribed. Please allow us a reasonable time to process your request.
How does Gympass protect my Personal Data?
We have put in place appropriate technical and organizational measures to help protect the security of your Personal Data. We have implemented various safeguards to protect against unauthorized access to Personal Data in our systems.
Be aware that no system is ever totally secure, and we encourage you to take appropriate steps to protect yourself. For example, you should protect your account against unauthorized access to your password, mobile device, and computer by, among other actions, signing off after using a shared computer, selecting and protecting your password and/or other sign-on mechanisms appropriately, and limiting access to your computer or device and browser by signing off after you have finished accessing your account. We are not responsible for any lost, stolen, or compromised passwords, or for any activity in your account via unauthorized password activity.
Retention and Data Transfers
Gympass retains your Personal Data only for as long as is necessary for the purposes set out in this Policy, for as long as your Membership is active, or as needed to provide you with Eligibility to the Platform. If you no longer want Gympass to process your Personal Data to provide the Services to you, you may close your account. Gympass retains and uses your Personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Data to comply with applicable tax or revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Policy. We may also retain Personal Data where our legitimate business purposes require, such as ensuring site safety and security, improving the functionality of our Services, or when we are legally obligated to retain the data for a longer period. In some circumstances, we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information without further notice to you.
Gympass operates a global business, and thus it shares Personal Data internationally with Gympass group of companies, vendors, and partners when carrying out the processing described in this Policy. To ensure that each data transfer complies with all applicable law, Gymapss relies on approved legal mechanisms such as the EU Standard Contractual Clauses.
Data Subject Rights
Where required by applicable law, you may have the following rights with respect to your Personal Data:
If you would like to manage, change, or delete your Personal Data, you can do so through the settings in the Gympass Platform. Alternatively, you may exercise any of the rights listed above by contacting us.
Deleting or limiting the use of your Personal Data will impact features and uses within the Platform that rely on that information. Please note that we may verify your identity before we are able to process any of the requests described in this section, and in our discretion, may deny your request if we are unable to verify your identity. As part of this process, government or other identification may be required. Where allowable under applicable law, you may designate an authorized agent to make a request on your behalf by contacting us through the Help Center but you must provide the required documentation including the requestor's valid government issued identification, the authorized agent's valid government issued identification, notarized authority to act on behalf of the requestor, and other information as needed to verify the request's authenticity.
Additional Information for Residents of Certain US States
Disclosures for California Users
This section uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020) and its implementing regulations (collectively, the “CCPA”).
We collect the following categories of CCPA personal information from consumers:
To submit a request to exercise your rights as provided under California law, please follow the process as outlined in the section above on Data Subject Rights.
Information on Other US State Privacy Laws
To the extent applicable under US State Privacy Laws, you may have the following rights in connection with your personal information:
As described above, you may assert these rights only where we receive a verified request from you. If you are a resident in a jurisdiction that includes the ability to use an authorized agent, the agent may submit a request on your behalf by following the process outlined above.
Finally, you may file an appeal of our decision to refuse your request to exercise your rights if you are in a jurisdiction that recognizes your right to appeal any decision we make under applicable US State Privacy Laws. You may request any such appeal by contact email@example.com. Please provide the state where you reside, accompanied by relevant documentation to support your claim. If you do not have a Gympass account, we may not be able to respond to requests to exercise your rights including, for example, the right to delete or the right to know personal information.
Information for Supplemental Services
Important information. Gympass US acts as the controller of such personal data where required under applicable law, except that GPBR acts as the data controller if you reside in Brazil. The personal data Gympass directly collects and processes from you may include the following categories of personal data: contact information, such as your name, job title, company name, address, phone number, email address, username and password, and any other information you voluntarily chose to share. We process your personal data to send you information, product recommendations and other non-transactional communications (for example, marketing newsletters) about us, our affiliates and partners. When processing your personal data we rely on your prior consent.
International transfers and Retention. We may transfer, store and process your personal data outside of your country of residence for the purposes of organizing communications in accordance with applicable law, and as explained in this Policy. As explained in this Policy, Gympass will delete your data once the applicable retention period has expired in accordance with applicable law.
Your Preferences and Your Legal Rights. You may manage your receipt of communications from Gympass by following the directions provided in the communication (for example, by clicking on the “unsubscribe” link located at the bottom of Gympass marketing email). Please note that you may still receive important business communications regarding your current relationship with Gympass even if you opt out of marketing communications. You have a right to request access,update, delete or correct your personal data, where these rights are provided by applicable law and subject to certain exceptions. To exercise your rights, please contact us.
If you have any questions, contact Gympass' support team via our Help Center.
If you have questions relating to this Policy or Gympass' privacy practices, you may send an email to Gympass' Data Protection Officer at firstname.lastname@example.org.
Without prejudice to any other rights you may have to file a complaint with your local data protection regulator, you may also contact the Dutch Data Protection Authority, Gympass' Lead Supervisory Authority, if you are located in the European Union. The Dutch DPA can be reached at the following address:
PO Box 93374
2509 AJ DEN HAAG
+31 (0) 70 - 888 85 00
Effective Date: Dec 19, 2023