Client Information on Personal Data Processing

This document is valid from January 1, 2024.

On this page, you will find the types of data we process, the legal basis, purposes, and processing periods.

Dear clients, please familiarize yourself with this information regarding the processing of your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, "GDPR").

Who are we and where can you find us?

Your personal data is processed by GymRoom CZ s.r.o., with a registered address at V Horkách 1404/13, Nusle, 140 00 Prague 4, Identification Number: 21136947. This company is the so-called controller, referred to in this document as "we" or "the company". Our company operates the GymRoom fitness center. If you have any questions regarding personal data, you can contact us by email at info@gymroom.cz or by mail at the mentioned address.

Contractual Documentation:

By approving our General Terms and Conditions ("GTC") through the registration and booking system ("RBS") or upon entering the GymRoom premises, or, in the case of clients under 16 years of age, by completing the registration form through a responsible representative, you have entered into a service agreement with us. The personal data you provided during registration in the RBS, especially your first name, last name, email, and phone number, as well as data on reserved and used services, subscriptions (credits), and payments for services and goods, are processed for the purpose of providing services, recording subscription (credit) usage, and payment accounting. The legal basis for processing is the performance of the contract in accordance with Article 6 of the GDPR ("Lawfulness of Processing"), paragraph 1(b). Additionally, if it involves a framework agreement with your employer or the use of another group benefit, the legal basis is the legitimate interest of the controller and its contractual partner in recording services provided under such an agreement. After the termination of the contract, we will continue to process this data for our legitimate interest, which is the assertion, proof, and defense of legal claims, typically for a period of 4 years from the first possibility to assert a claim.

Accounting Agenda:

We also record data on the content of services, subscriptions for services (credits), and payments for tax records and accounting purposes, based on the legal and tax obligation (especially the obligations under Act No. 563/1991 Coll. on Accounting) for the period specified by regulations, typically 10 years.

Camera System:

The GymRoom premises are equipped with one camera with audio and video recording capabilities. Camera recordings are created to prevent security incidents, such as thefts, threats to clients, visitors, and employees, disturbances, and other events that may constitute criminal offenses or misdemeanors. These recordings enable us to address such incidents in subsequent proceedings related to misdemeanors, criminal offenses, or in proceedings where we assert our legal claims against offenders. The camera located at the entrance also monitors compliance with the GTC and manages entry, particularly to detect potential misuse or unauthorized use of entry codes or non-compliance with time slots. Personal data is processed to protect the security and property of the controller and visitors to the controller's premises, and to assert, prove, and defend legal interests. The legal basis is the legitimate interest in preventing incidents and asserting, proving, and defending legal claims under Article 6, paragraph 1(e) of the GDPR. Recordings are typically retained for 240 hours. If an incident is recorded, the recordings are processed until the incident's resolution or the settlement of all claims.

Statistics, Research, and Archiving:

Without a specific legal basis, we may process data for archival purposes, scientific research, or statistical purposes in accordance with Article 89 of the GDPR. This purpose serves for archiving when we process data after the original purpose has ceased, for the period determined by regulations.

Health Data:

GymRoom does not process clients' health data except in the following cases:

(a) Data processing required by the controller as a legal obligation under regulations or decisions of the relevant Czech authority (especially for the purpose of public health protection). In such cases, data is processed based on a legal obligation under Article 6, paragraph 1(c) of the GDPR for the period specified by the relevant regulation or order, and based on the exception under Article 9, paragraph 2(g) or (i), or

(b) If the client has given consent for processing by any of the center's employees. In such cases, personal data is processed on the legal basis of consent under Article 9, paragraph 2(a) of the GDPR, for the period specified in such consent. Consent may be revoked at any time. Clients are advised that authorized trainers during individual training sessions are not employees of the company, and the controller does not process personal data provided by clients to trainers, nor is it responsible for their processing, and this information does not apply to their processing.

Marketing:

We use your personal data for marketing purposes based on your consent until it is revoked. Providing consent is voluntary, and you may revoke it at any time. If you are our client, we may use your contact personal data for marketing based on legitimate interest. For such purposes, we process data for up to 5 years from your last visit. This processing is subject to the right to object.

Cookies:

When using our web portal or the registration and booking system portal, small files (cookies) may be stored on your computer, which may transmit and store data. Necessary cookies are processed based on the legitimate interest under Article 6, paragraph 1(f) of the GDPR, which is the proper functioning of the web portal and the registration and booking system. In the current web portal settings, only technical cookies are used to ensure the proper functioning of the website. We only store cookies that serve to maintain user session continuity, complete reservations, registration, and login. We do not process any other types of cookies (except technical ones).

Categories of Processors or Other Data Recipients

External Collaborators:

External trainers whose names are published on the GymRoom website (www.gymroom.cz) may process clients' contact and identification data, reservations, and payment details.

If you pay for your reservation through the payment gateway directly on the GymRoom website or using credits in your user account, payment information is processed solely by GymRoom, and trainers and external partners do not have access to such data.

Payment Processing:

Payment gateway provider (payment card details, payer identification, and fee).

Internal Administration:

Providers of the reservation system software and client record software, providers of access code software and credit record software, providers of data storage and payment processing software, who are legal entities based in the Czech Republic, particularly BRJ, operator Jan Barášek, ID No. 05103118, may process electronically collected and stored data from the website, storage, and access system.

Such recipients of personal data include:

Legal Claims:

Companies engaged in debt collection, tax and financial advisors, legal advisors (may process identification data, data on rights and obligations, data on claims, data needed to prove, assert, or defend legal claims).

We also provide or make your data accessible to public authorities if required by law.

Zde je překlad textu: ```typescript

Transfers:

We store personal data within the territory of the European Union member states in a secure manner with our contractual hosting partners.

Withdrawal of Consent:

If we process data based on your consent, you have the right to withdraw this consent at any time. Consent can be withdrawn by email at info@gymroom.cz or by sending a notice by mail to the company's address. The withdrawal of consent does not affect the lawfulness of the processing of personal data before its withdrawal.

Objection:

If we process data based on legitimate interest, you have the right to object to the processing of such personal data at any time for reasons related to your specific situation. You may exercise your rights in person at the controller's office, by email at info@gymroom.cz, or by sending a notice by mail to the company's address.

Your Other Rights:

You may exercise your rights in person at the company, by email at info@gymroom.cz, or by sending a notice by mail to the company's address. When exercising rights, we are entitled to verify your identity.

If you are not satisfied with our response to the exercise of your rights, or if you believe that we process your data in violation of the regulations, you have the right to file a complaint with the Office for Personal Data Protection of the Czech Republic (www.uoou.cz).

Data Protection Officer

This Data Protection Officer oversees and manages the processing of personal data for GymRoom. If you have any concerns about the processing of personal data or wish to make an objection, please contact this individual.

GymRoom CZ s.r.o.
Email: info@gymroom.cz
Registered address: V Horkách 1404/13, Nusle, 140 00 Prague 4
Identification Number: 21136947

Здоровий спосіб життя до вашого e-mail.

Статті про тренування, здоровий спосіб життя та GymRoom. Не пропустіть жодної статті.

ComGate
© GymRoom 2024
Developed by