The General Data Protection Regulation (GDPR) sets high standards for the protection of personal data. In compliance with these requirements and by applying recommended security standards and best practices, this Privacy Policy provides information about the collection and processing of personal data through this application, including processing based on our legitimate interests. For any additional information, please contact us via the contact details provided below.
GYMS4YOU d.o.o., Zagreb, Zadarska 80
OIB: 75049241440
Kontakt: +385 1 2349939
e-mail: info@gyms4you.com
Contact: feralis@feralis.hr I Osobnipodaci@Gyms4you.com
Through this application, personal data is collected for several specific and lawful purposes. Data is processed for the purpose of responding to submitted inquiries and requests, during which contact information and the content of your message are collected as provided by you. In the case of purchasing a membership, the user is required to register and sign a Membership Agreement for the use of GYMS4YOU gyms, which involves processing of data necessary for contract execution. This includes identification, contact, and payment data. Such data processing is lawful because it is necessary for providing the requested service or for taking steps prior to its provision, in accordance with the GDPR. If the required data is not provided, we will not be able to deliver the requested service. For marketing purposes, we may use your email address if you subscribe to our newsletter, with the option to unsubscribe at any time.
In certain situations, personal data may be processed based on our legitimate interest. The types of processing carried out on this basis include:
NEWSLETTER - the data processed is the email address, and the purpose is marketing. The newsletter includes information about our services, as well as special offers and benefits. You have the right to object to the use of your email address for marketing purposes at any time, and you may restrict or completely prohibit this processing.
VIDEO SURVEILLANCE - the purpose of video surveillance is the protection of individuals and property. Footage is stored for up to 14 days, and in the case of an incident, up to 6 months. A longer retention period may apply if the recordings are required as evidence in legal, administrative, arbitration, or other proceedings. Other recipients of the video footage may include competent authorities upon request, when necessary for the conduct of official procedures. Collected data is not used for any other purpose.
Collected personal data may be shared with providers of IT and communication solutions and services who act as our data processors.
These processors provide adequate guarantees and have implemented appropriate technical and organizational measures to ensure suitable data protection and processing in accordance with the GDPR. A data processing agreement has been concluded with such processors, based on the Commission Implementing Decision (EU) 2021/915 on standard contractual clauses between controllers and processors, as an integral part of the contract. This agreement strictly governs the handling of personal data, and processors are not authorized to process personal data without our instructions, nor to forward it to third parties.
Personal data is not shared with third parties for direct marketing purposes.
We are committed to ensuring transparency and accountability in handling our users’ personal data. Personal data is stored only for as long as necessary for the purpose for which it is processed, or until the expiration of legally mandated retention periods, after which it is permanently deleted from our systems unless there is another legal basis for its continued storage. In the case of processing based on legitimate interest, data is processed as long as that interest exists, unless the user restricts or completely prohibits the processing, or unsubscribes from the recipient list (e.g., newsletter).
We collect and process personal data in accordance with the General Data Protection Regulation (GDPR) in a way that ensures appropriate security and confidentiality during processing. Our goal is to effectively apply the principles of data protection, minimize the amount of data collected, limit the scope of processing, manage retention periods, and ensure availability of data. To achieve this, we have implemented appropriate technical and organizational protection measures to ensure a level of security appropriate to the risks presented by data processing and the nature of the personal data being protected. In introducing these measures, we carefully considered the specific characteristics and associated costs to achieve an optimal balance between data protection and practical applicability.
We provide our users with the highest level of data protection. For secure data transmission, we use PCI DSS standards with TLS 1.2 cryptographic protocols. All personal data, including personal identification numbers, credit card numbers, or other payment information provided by users, is transmitted exclusively through a secure connection with 128-bit encryption. The data controller does not have access to any payment data.
We regularly review all processing activities that could pose risks to the rights and freedoms of individuals. Appropriate protective measures have been taken to ensure that personal data is safeguarded against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Particular attention is given to protecting data during transmission over networks to prevent unlawful processing.
Right to access
You have the right at any time to request confirmation as to whether your personal data is being processed and to obtain detailed information regarding such processing, including the purpose, categories of data being processed, access to your personal data, recipients or categories of recipients, and the anticipated retention period.
Right of rectification
You have the right to request the correction of inaccurate or incomplete personal data without undue delay.
Right of erasure
You may request the deletion of your personal data. If the request is justified and there is no legal obligation to retain the data applies, the data will be deleted without undue delay.
Right of restricting processing
You have the right to request restriction of processing of your personal data in cases provided for under the GDPR. Notably, you may request restriction of processing based on legitimate interest as a lawful basis.
Right to object
You have the right to object to the processing of your personal data in all cases defined by the GDPR. You may object to processing based on legitimate interest and request restriction or complete prohibition of such processing.
Right to lodge a complaint
If you believe that your personal data has been processed in violation of the GDPR, you may file a complaint with the supervisory authority – the Croatian Personal Data Protection Agency, located at Metela Ožegovića 16, Zagreb
For additional information regarding the processing of personal data or to exercise your rights, feel free to contact us via our Data Protection Officer or other available communication channels. In order to ensure the highest data protection standards, the data controller has appointed a professional Data Protection Officer, Ines Krečak, Data Protection Professional, CIPP/E, the Croatian representative in the European Federation of Data Protection Officers. Your privacy and trust are of utmost importance to us.
Contact: feralis@feralis.hr I Osobnipodaci@Gyms4you.com
Your request will be processed within 30 days from the moment your identity is successfully verified. Our response will be provided in standard electronic form, unless you explicitly request a different format.
This privacy policy is regularly reviewed, updated, and amended to reflect the actual state of personal data collection and processing through this application. We encourage you to review it periodically to stay fully informed about our privacy practices. In the event of changes that may affect your rights as a data subject or substantially alter previous processing notices — especially if the purpose of processing, data disclosure, or international data transfers are changed — a notice will be prominently displayed in a pop-up window when you access the application.
Last updated: July 2025
