Gympass Privacy Policy
Welcome to Gympass! We at Gympass know you care about how your Personal Data is used and shared, and we take your privacy seriously.
This Privacy Policy, incorporated into our Terms and Conditions of Use (“Terms”), describes the privacy practices of Gympass (“Gympass,” “we,” or “us”). Any terms we use in this policy without defining them have the definitions given to them in our Terms. This Policy applies to our privacy practices for our websites (including Gympass.com), the Gympass mobile applications (the “Apps”), and our other services. By accessing or using our Services, you acknowledge that you accept the practices and policies outlined in this Privacy Policy.
What does this Privacy Policy cover?
Gympass offers eligible individuals the opportunity to enroll in a Gympass Subscription. The Gympass Subscription provides access to the services and content of our Third Party Providers. Our network of Third Party Partners varies by location, by Subscription level, and by the fitness or wellness services offered.
This Privacy Policy covers the data we collect about you (the “Personal Data”) and how we store, analyze, and share your Personal Data. This Policy does not apply to the practices of companies we do not own or control, including your employer or the organization that provided you with access to the Gympass Services, Third Party Providers, or other parties.
If you reside in Brazil, the data controller for your Personal Data is GPBR PARTICIPAÇÕES LTDA. (“GPBR”), CNPJ 15.664.649/0001-84, headquartered at Avenida Engenheiro Luís Carlos Berrini, n° 716, 10th floor, Cidade Monções, CEP 04571-926, São Paulo - SP, a subsidiary of Gympass US, LLC. For Personal Data collected in connection with our Services in the European Economic Area, the United Kingdom, or any other location where applicable law requires, the data controller for your Personal Data is Gympass US LLC,a Delaware limited liability company, with a registered address at 30 Irving Place, 8th floor, New York, NY 10003 (“Gympass US”).
We gather various types of Personal Data from you, as explained in more detail below, and we use this Personal Data in connection with our Services, including to personalize, provide, and improve our Services, to allow you to set up a user account and profile, to contact you and allow other users to contact you, and to fulfill your requests for certain products and services. In certain cases, we may also share some Personal Data with third parties, as described below.
What information does Gympass collect?
Gympass collects the following data:
Contact and Registration Data. If you access our Platform and/ or register for an account, we will collect Personal Data such as your first and last name, username and password, email, mobile or other phone number, mailing address, and zip code, as well as any other Personal Data you choose to provide, including a profile picture and your preferred location. If you have registered for an account, you may log in to review and update your information and preferences.
Transaction Information. If you become a Gympass Subscriber and utilize a direct payment method such as a credit card, we will collect information related to the payment for our Services, such as your credit/debit card information, billing address, and other related transaction information, either directly or through our payment provider. If you pay for our Services by requesting payroll deduction, we will receive confirmation of the transaction from your employer.
Communications, Surveys, and Reviews. We will also collect information when you communicate with us, such as through emails or other communications that you send us, exchanges through the website or app, or exchanges through social media. If we ask you to provide feedback by completing a survey or by offering a testimonial or review, we will collect any information you choose to provide.
Check-in/ Location Data. We may collect location data from your mobile device in order to validate your check-in data to the extent that it is enabled in your device settings.
Data from Social Media Apps. If you link your Gympass account to any social media profile, or otherwise interact with us through a social media site (e.g., by logging in through Facebook or by clicking a Facebook “like” button), the social media network may share information with us. You can access and revise your information-sharing practices in the privacy settings of such social media sites.
Usage Information. We will collect information about how you interact with and use our Services, such as your “check-in” with a Third Party Provider or other proof of your access and/or use of the Services of a Third Party Provider, virtual or in-person classes that you book and/or attend, and workouts you log.
Device Data. When you interact with our Services, either on our website or through our mobile app, we automatically receive and record data which may include your IP address, geolocation data, device identification, “cookie” data (please see below), the type of browser and/or device you’re using to access our Services, the page or feature you requested and time of access.
Eligibility Information. To offer you our Services and confirm your eligibility for the Gympass Platform, we may collect Personal Data from your employer or other entity who provides you with access to Gympass (or, in the case of a qualifying Family Member, the individual who is the primary account holder for you), which may include first and last name, work email, employee ID or another personal identifier, and/or your status as an active employee.
Referral Information. When our referral services are utilized (for example, to refer a local gym to the Gympass network), we receive the referred person’s data or the personal data for a referred company.
Publicly available sources. Gympass may receive data from publicly available sources.
How does Gympass use my Personal Data?
We use your Personal Data to provide you with our Services, confirm eligibility for and administer your Membership and Subscription, respond to your inquiries, deliver a more relevant experience with our Services and Third Party Providers, and meet our other business purposes. We may also use your Personal Data in order to facilitate the administration of your account through your employer or a wellness solution platform that your employer has engaged in order to offer you our Services. We may use this data to contact you or to cross-reference it with other Personal Data we may hold about you in accordance with this Policy. Specifically, we may use your Personal Data for the following purposes and based on the following legal basis under data protection law for each purpose:
|
Purpose for processing your Personal Data |
Legal basis |
Categories of Personal Data |
|
To provide the Gympass Services |
|
|
|
To confirm eligibility for Gympass |
|
|
|
To manage your Subscription |
|
|
|
To delivery relevant content and news, including making recommendations to you and monitoring trends |
|
|
|
To enable your participation in activities we organize related to the Services, including sweepstakes, competitions, surveys |
|
|
|
To diagnose and fix issues with the Gympass Platform and Services |
|
|
|
To evaluate and develop new features and improvements |
|
|
|
To process your payment and facilitate payment in support of your Membership or Subscription |
|
|
|
To comply with a legal obligation or law enforcement requirement, including to collect applicable taxes |
|
|
|
To fulfill contractual obligations with Third Party Providers |
|
|
|
To take appropriate action with reports of IP infringement or inappropriate conduct on the Platform |
|
|
|
To establish, exercise or defend legal claims |
|
|
|
To conduct business planning reporting, and forecasting |
|
|
|
To detect and prevent fraud |
|
|
How does Gympass share my Personal Data?
We may share your Personal Data as described in this Privacy Policy or where we have provided you with prior notice and, to the extent applicable law requires, obtained your consent. Gympass may share your Personal Data with the following parties for the reasons discussed below:
Third Party Providers (including gyms and studios). We may share your Personal Data with Third Party Providers (such as a gym, studio, third-party wellness app, or booking partner) in order to facilitate your use of their services, including to ensure your check-in if required, to facilitate and process your booking and the payment to the Provider, and to allow the Third Party Provider to operate their business as disclosed in that Third Party’s terms and privacy policy.
Sponsor for Gympass Services. We may share certain Personal Data (name, surname, email address, if you have a Membership or Subscription and cost of your plan) with your employer or other third party that offers you an opportunity to use our Services. If you sign up for Gympass as a qualifying Family Member, we may share your personal data with the primary account holder who provided you with access to Gympass.
Vendors. We may share Personal Data with companies who perform services on our behalf, including providers that help us send communications, analyze data, and maintain our websites and the Gympass Platform.
Social Media and Third-Party Apps. We may share information with social networks when you use our Services to interact with a social media site (e.g. you click a Facebook “like” button), or connect to our Services through social media . You can review the privacy practices of these sites and third-party apps on their respective sites.
Affiliates. We may share your Personal Data with Gympass corporate affiliates, such as parent or sister entities, in order to administer our Services and operate, evaluate, and improve our business.
Legal and Compliance. We may disclose your Personal Data as required or permitted by law, regulation, or legal process, including to respond to an inquiry from a governmental or law enforcement agency or a court order, to investigate suspected or actual fraud, illegal activity, or security incident, to enforce or apply our Terms of Use or other agreement we may have with you, and where we believe disclosure is appropriate to protect the rights, property, health, or safety of Gympass, its affiliates (including Third Party Providers), our users, employees, or others.
Corporate Transactions. We may choose to buy or sell assets and may share and/or transfer customer data in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, your Personal Data could be one of the assets transferred to or acquired by a third party.
User Profiles and Submissions. Certain account data, including your name, location, and any video or image content that you have uploaded to the Services, may be displayed to other Users to facilitate user interaction within the Services or address your request for our Services. Please remember that any content you upload to your public user profile, along with any Personal Data or content that you voluntarily disclose online in some manner other Users can view (on discussion boards, reviews, posts, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your username may also be displayed to others if you interact with others, such as by sending messages, comments, or uploading content.
Aggregated or De-identified Data. We may share aggregate usage data with current or prospective Third Party Providers or corporate clients (or allow Third Party Providers or corporate clients to collect that data from you). We reserve the right to provide aggregated and/ or de-identified data to third parties for our own purposes.
Does Gympass use cookies?
For more information on how Gympass uses cookies and similar tracking technologies, please review our Cookie Policy.
You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. Again, this Privacy Policy does not cover the use of cookies by any third parties, and we are not responsible for their privacy policies and practices.
How does Gympass communicate with me?
We may send you emails with information about Gympass and its Services. You may opt-out of these communications at any time by clicking on the unsubscribe button at the bottom of each communication or by contacting us directly. You cannot opt-out of communications regarding transactional or service updates, security, and legal notices.
If you have opted to receive notifications on your mobile device, we may contact you mainly by email and we may on occasions contact you by phone or using text messaging. You always have the option to turn notifications off at the device level.
We may on occasion contact you by phone, but only as allowed under applicable law. You may elect to use text messaging as a way for us to communicate with you. You may opt-out of receiving any phone call or text by following the instructions in the communication. For example, you may opt-out from receiving text messages at any time by replying “STOP” to a text you have from Gympass. Please note that we may send you a confirmation that you have unsubscribed. Please allow us a reasonable time to process your request.
How does Gympass protect my Personal Data?
We have put in place appropriate technical and organizational measures to help protect the security of your Personal Data. We have implemented various safeguards to protect against unauthorized access to Personal Data in our systems.
Be aware that no system is ever totally secure, and we encourage you to take appropriate steps to protect yourself. For example, you should protect your account against unauthorized access to your password, mobile device, and computer by, among other actions, signing off after using a shared computer, selecting and protecting your password and/or other sign-on mechanisms appropriately, and limiting access to your computer or device and browser by signing off after you have finished accessing your account. We are not responsible for any lost, stolen, or compromised passwords, or for any activity in your account via unauthorized password activity.
Retention and Data Transfers
Gympass retains your Personal Data only for as long as is necessary for the purposes set out in this Policy, for as long as your Membership is active, or as needed to provide you with Eligibility to the Platform. If you no longer want Gympass to process your Personal Data to provide the Services to you, you may close your account. Gympass retains and uses your Personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your Personal Data to comply with applicable tax or revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this Policy. We may also retain Personal Data where our legitimate business purposes require, such as ensuring site safety and security, improving the functionality of our Services, or when we are legally obligated to retain the data for a longer period. In some circumstances, we may anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information without further notice to you.
Gympass operates a global business, and thus it shares Personal Data internationally with Gympass group of companies, vendors, and partners when carrying out the processing described in this Policy. To ensure that each data transfer complies with all applicable law, Gymapss relies on approved legal mechanisms such as the EU Standard Contractual Clauses.
Data Subject Rights
Where required by applicable law, you may have the following rights with respect to your Personal Data:
If you would like to manage, change, or delete your Personal Data, you can do so through the settings in the Gympass Platform. Alternatively, you may exercise any of the rights listed above by contacting us.
Deleting or limiting the use of your Personal Data will impact features and uses within the Platform that rely on that information. Please note that we may verify your identity before we are able to process any of the requests described in this section, and in our discretion, may deny your request if we are unable to verify your identity. As part of this process, government or other identification may be required. Where allowable under applicable law, you may designate an authorized agent to make a request on your behalf by contacting us through the Help Center but you must provide the required documentation including the requestor’s valid government issued identification, the authorized agent’s valid government issued identification, notarized authority to act on behalf of the requestor, and other information as needed to verify the request’s authenticity.
Additional Information for California Users
California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes. Subject to certain limitations, California consumers have certain rights over their personal information such as the right to request details about the categories or specific pieces of personal information we collect and to delete personal information. Gympass does not “sell” (as such term is defined under California law) the personal information we collect from you (and will not sell it without providing a right to opt out). Please note that we do use third party cookies for advertising purposes as further described in our Cookie Policy.
To submit a request to exercise your rights as provided under California law, please follow the process as outlined in the section above on Data Subject Rights.
Children
As noted in our Terms, you must be at least 16 years of age or the age of legal majority in your jurisdiction (if different than 16) to register as a primary account holder for Gympass Services and become a Gympass Member. While individuals under the age of 16 may utilize the service through a Family Member account in some circumstances, they may do so only with the involvement, supervision, and approval of a parent or legal guardian as the primary account holder. If you extend the registration opportunity to a child and authorize payment for this account, you are expressly consenting to the collection and use of the child’s Personal Data in accordance with this Privacy Policy. If you are a parent or guardian of a minor who has registered for or used the Services without your consent, please contact us and we will delete any personal data collected as quickly as possible.
Information for Supplemental Services
This section provides information on how Gympass collects and processes your personal data when you agree to receive communications regarding Gympass products, services, or events before creating a Gympass account (for example, when you sign up for a Gympass webinar on wellness or you download a white paper from our website on a wellness topic). By agreeing to receive communications regarding products, services or events, you acknowledge that any personal data provided by you will be processed in accordance with this Privacy Policy.
Important information. Gympass US acts as the controller of such personal data where required under applicable law, except that GPBR acts as the data controller if you reside in Brazil. The personal data Gympass directly collects and processes from you may include the following categories of personal data: contact information, such as your name, job title, company name, address, phone number, email address, username and password, and any other information you voluntarily chose to share. We process your personal data to send you information, product recommendations and other non-transactional communications (for example, marketing newsletters) about us, our affiliates and partners. When processing your personal data we rely on your prior consent.
How we share your personal data. Your personal data may be disclosed to relevant third parties involved in the communications (for example, to a vendor who provides support services if you register for a webinar or to another entity if they are a co-sponsor of an event), to other Gympass affiliates, and as disclosed in the Gympass Privacy Policy.
International transfers and Retention. We may transfer, store and process your personal data outside of your country of residence for the purposes of organizing communications in accordance with applicable law, and as explained in this Policy. As explained in this Policy, Gympass will delete your data once the applicable retention period has expired in accordance with applicable law.
Your Preferences and Your Legal Rights. You may manage your receipt of communications from Gympass by following the directions provided in the communication (for example, by clicking on the “unsubscribe” link located at the bottom of Gympass marketing email). Please note that you may still receive important business communications regarding your current relationship with Gympass even if you opt out of marketing communications. You have a right to request access,update, delete or correct your personal data, where these rights are provided by applicable law and subject to certain exceptions. To exercise your rights, please contact us.
Changes to the Privacy Policy
We are constantly improving our Services, so we may need to update this Privacy Policy from time to time. If you decide to use and/or access the Services after any changes to the Privacy Policy have been posted, you have expressly consented to such changes and the revised Privacy Policy will apply.
Contact us
If you have any questions, contact Gympass’ support team via our Help Center.
If you have questions relating to this Policy or Gympass’ privacy practices, you may send an email to Gympass’ Data Protection Officer at dpo@gympass.com.
Without prejudice to any other rights you may have to file a complaint with your local data protection regulator, you may also contact the Dutch Data Protection Authority, Gympass’ Lead Supervisory Authority, if you are located in the European Union. The Dutch DPA can be reached at the following address:
Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ DEN HAAG
+31 (0) 70 - 888 85 00
Effective Date: December 16, 2022