Notice on the Processing of Personal Data via This Website
The General Data Protection Regulation (GDPR) sets high standards for the protection of personal data. In compliance with these requirements, and by applying the recommended security standards and best practices, this Privacy Policy provides information about the collection and processing of personal data through the website www.gyms4you.com, as well as about processing based on our legitimate interest. For any additional information, please contact us via the contact details provided below.
GYMS4YOU d.o.o., Zagreb, Zadarska 80
OIB: 75049241440
Contact: +385 1 2349939
e-mail: info@gyms4you.com
Personal data is collected through this website for specific and lawful purposes. The data is processed for the purpose of responding to submitted inquiries and requests, during which we collect contact information and the content of the messages you provide yourself. In the case of purchasing a membership, the user must register and sign the Agreement for the Use of GYMS4YOU gyms. Therefore, data necessary for the performance of the contract are processed, including identification, contact, and payment information. Such data processing is lawful because it is necessary for providing the requested service or for taking actions prior to its provision, in accordance with the General Regulation. If the necessary data is not provided, we will not be able to fulfill your request. In the context of employment, we may process the data you voluntarily provide, including your CV, cover letter, and basic identification information. Additionally, for marketing purposes, we may use your email address, but solely to deliver notifications about our updates and services, and you may stop this processing at any time. To improve website functionality and user experience, we use cookies, but only those for which you have previously given consent are processed. You can manage your cookie settings at any time, and withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.
In certain situations, personal data may be processed based on our legitimate interest. The types of processing carried out on this basis include:
NEWSLETTER - The data processed is your email address, and the purpose of the processing is marketing. The method of collection is directly from the data subject. Through the newsletter, we send information about our services, including special offers and benefits. You have the right at any time to object to the processing of your email address for marketing purposes and may restrict or completely prohibit such processing.
VIDEO SURVEILLANCE - the purpose of video surveillance is the protection of individuals and property. Footage is stored for up to 14 days, and in the case of an incident, up to 6 months. A longer retention period may apply if the recordings are required as evidence in legal, administrative, arbitration, or other proceedings. Other recipients of the video footage may include competent authorities upon request, when necessary for the conduct of official procedures. Collected data is not used for any other purpose.
Read about the processing of personal data through cookies in our COOKIE POLICY
The pages and profiles we manage on social media platforms (such as Facebook, Instagram, etc.) are always under the official name of the data controller.
Any personal data collected through these platforms is used solely for the purpose of responding to an inquiry or comment, and is not processed or stored for any other purpose.
Collected personal data may be shared with providers of IT and communication solutions and services who act as our data processors.
These processors provide adequate guarantees and have implemented appropriate technical and organizational measures to ensure suitable data protection and processing in accordance with the GDPR. A data processing agreement has been concluded with such processors, based on the Commission Implementing Decision (EU) 2021/915 on standard contractual clauses between controllers and processors, as an integral part of the contract. This agreement strictly governs the handling of personal data, and processors are not authorized to process personal data without our instructions, nor to forward it to third parties.
Personal data is not shared with third parties for direct marketing purposes.
We are committed to ensuring transparent and responsible handling of our users' personal data. Personal data is stored only for as long as necessary based on the purpose of processing, or until the expiration of legally mandated retention periods, after which it is permanently deleted from our systems unless there is another legal basis for continued storage. In the case of processing based on legitimate interest, data is processed for as long as such interest exists, unless the user restricts or fully prohibits the processing or unsubscribes from the recipient list (newsletter). Data processed based on consent is stored until the purpose of processing is fulfilled or until you withdraw your consent.
We collect and process personal data in accordance with the General Data Protection Regulation (GDPR) in a way that ensures appropriate security and confidentiality during processing. Our goal is to effectively apply the principles of data protection, minimize the amount of data collected, limit the scope of processing, manage retention periods, and ensure availability of data. To achieve this, we have implemented appropriate technical and organizational protection measures to ensure a level of security appropriate to the risks presented by data processing and the nature of the personal data being protected. In introducing these measures, we carefully considered the specific characteristics and associated costs to achieve an optimal balance between data protection and practical applicability.
For web shop users, we ensure the highest level of data protection. Secure data transmission is conducted using PCI DSS standards with TLS 1.2 cryptographic protocols. All personal data, including ID numbers, credit card information, or other payment details provided by users, is transmitted exclusively via secure connection with 128-bit encryption. The data controller does not have access to the data used for payment.
We regularly review all processing activities that could pose risks to the rights and freedoms of individuals. Appropriate protective measures have been taken to ensure that personal data is safeguarded against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Particular attention is given to protecting data during transmission over networks to prevent unlawful processing.
Right to access
You have the right at any time to request confirmation as to whether your personal data is being processed and to obtain detailed information regarding such processing, including the purpose, categories of data being processed, access to your personal data, recipients or categories of recipients, and the anticipated retention period.
Right of rectification
You have the right to request the correction of inaccurate or incomplete personal data without undue delay.
Right of erasure
You may request the deletion of your personal data. If the request is justified and there is no legal obligation to retain the data applies, the data will be deleted without undue delay.
Right of restricting processing
You have the right to request restriction of processing of your personal data in cases provided for under the GDPR. Notably, you may request restriction of processing based on legitimate interest as a lawful basis.
Right to withdraw consent
Imate pravo u bilo kojem trenutku povući danu privolu. It is important to note that withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
Right to object
You have the right to object to the processing of your personal data in all cases defined by the GDPR. You may object to processing based on legitimate interest and request restriction or complete prohibition of such processing.
Right to lodge a complaint
If you believe that your personal data has been processed in violation of the GDPR, you may file a complaint with the supervisory authority – the Croatian Personal Data Protection Agency, located at Metela Ožegovića 16, Zagreb
For additional information regarding the processing of personal data or to exercise your rights, feel free to contact us via our Data Protection Officer or other available communication channels. In order to ensure the highest data protection standards, the data controller has appointed a professional Data Protection Officer, Ines Krečak, Data Protection Professional, CIPP/E, the Croatian representative in the European Federation of Data Protection Officers. Your privacy and trust are of utmost importance to us.
Contact: feralis@feralis.hr I Osobnipodaci@Gyms4you.com
Your request will be processed within 30 days from the moment your identity is successfully verified. Our response will be provided in standard electronic form, unless you explicitly request a different format.
This Privacy Policy is regularly reviewed, updated, and amended to reflect the actual practices of data collection and processing on this website. Please check this policy periodically to stay fully informed about our privacy and data protection practices. If there are changes that may affect your rights as a data subject, especially in cases of changed processing purposes, data disclosures, or transfers to third countries, we will notify you via a pop-up window when you visit this website.
Last updated: July 2025
