GYMS4YOU d.o.o., Zagreb, Zadarska 80

OIB: 75049241440

Contact: +385 1 2349939

e-mail: info@gyms4you.com

Contact: Osobnipodaci@Gyms4you.com I feralis@feralis.hr

Personal data is collected through this website for specific and lawful purposes. The data is processed for the purpose of responding to submitted inquiries and requests, during which we collect contact information and the content of the messages you provide yourself. In the case of purchasing a membership, the user must register and sign the Agreement for the Use of GYMS4YOU gyms. Therefore, data necessary for the performance of the contract are processed, including identification, contact, and payment information. Such data processing is lawful because it is necessary for providing the requested service or for taking actions prior to its provision, in accordance with the General Regulation. If the necessary data is not provided, we will not be able to fulfill your request. In the context of employment, we may process the data you voluntarily provide, including your CV, cover letter, and basic identification information. Additionally, for marketing purposes, we may use your email address, but solely to deliver notifications about our updates and services, and you may stop this processing at any time. To improve website functionality and user experience, we use cookies, but only those for which you have previously given consent are processed. You can manage your cookie settings at any time, and withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.

In certain situations, personal data may be processed based on our legitimate interests. Processing carried out on this basis includes the following: 

NEWSLETTER - The data processed is your email address, and the purpose of the processing is marketing. The method of collection is directly from the data subject. Through the newsletter, we send information about our services, including special offers and benefits. You have the right at any time to object to the processing of your email address for marketing purposes and may restrict or completely prohibit such processing. 

VIDEO SURVEILLANCE - The purpose of video surveillance is the protection of individuals and property. The retention period of the footage is up to 14 days, and in the case of an incident, up to 6 months. A longer retention period is possible if the footage is needed as evidence in judicial, administrative, arbitration, or other proceedings. Other recipients of video footage may include competent authorities upon request, when necessary for conducting official procedures. The collected data is not processed for other purposes.

Read about the processing of personal data through cookies in our COOKIE POLICY

The pages and profiles we manage on social media platforms (such as Facebook, Instagram, etc.) are always under the official name of the data controller. 

Any personal data collected through these platforms is used solely for the purpose of responding to an inquiry or comment, and is not processed or stored for any other purpose.

Collected personal data may be shared with providers of information and communication solutions and services who act as our data processors. 

These processors provide reasonable assurances and have implemented appropriate technical and organizational safeguards to ensure adequate data protection and compliance with the General Data Protection Regulation (GDPR). A data processing agreement has been signed with such processors, based on the Commission Implementing Decision (EU) 2021/915 on standard contractual clauses between controllers and processors, and forms a specific part of our overall agreement. This agreement clearly defines how personal data must be handled, ensuring that processors may not process personal data without our instructions or forward it to third parties. 

Personal data is not shared with third parties for direct marketing purposes.

We are committed to ensuring transparent and responsible handling of our users' personal data. Personal data is stored only for as long as necessary based on the purpose of processing, or until the expiration of legally mandated retention periods, after which it is permanently deleted from our systems unless there is another legal basis for continued storage. In the case of processing based on legitimate interest, data is processed for as long as such interest exists, unless the user restricts or fully prohibits the processing or unsubscribes from the recipient list (newsletter). Data processed based on consent is stored until the purpose of processing is fulfilled or until you withdraw your consent.

We collect and process personal data in accordance with the General Data Protection Regulation (GDPR), in a manner that ensures appropriate security and confidentiality. Our goal is to implement the principles of data protection effectively, minimize the amount of data collected, limit the scope and duration of processing, and ensure data availability only as needed. To this end, we have implemented appropriate technical and organizational protection measures to ensure a level of security appropriate to the risks posed by the processing and the nature of the personal data. When introducing these measures, we considered their nature and cost to strike an optimal balance between data protection and practical application. 

For web shop users, we ensure the highest level of data protection. Secure data transmission is conducted using PCI DSS standards with TLS 1.2 cryptographic protocols. All personal data, including ID numbers, credit card information, or other payment details provided by users, is transmitted exclusively via secure connection with 128-bit encryption. The data controller does not have access to the data used for payment.  

We regularly review all data processing activities that may pose risks to the rights and freedoms of individuals. We have taken appropriate safeguards to protect personal data from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure, or access. Special attention is given to the protection of data transmitted over networks to prevent any unlawful processing.

Right to access

You may request confirmation at any time whether we are processing your personal data and obtain detailed information about such processing, including its purpose, categories of personal data involved, access to your personal data, recipients or categories of recipients, and the expected period your data is being stored. 

Right of rectification

You have the right to request the correction of inaccurate or the completion of incomplete personal data without undue delay.

Right of erasure

You have the right to request the deletion of your personal data. If the request is justified and there is no legal obligation to retain the data, it will be deleted without undue delay. 

Right to restrict processing

You have the right to request the restriction of processing in cases defined by the GDPR. In particular, you may request restriction of processing based on legitimate interest. 

Right to withdraw consent

Imate pravo u bilo kojem trenutku povući danu privolu. It is important to note that withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

Right to object

You have the right to object to the processing of your personal data in all cases provided by the GDPR. In particular, you may object to processing based on legitimate interest and request restriction or complete prohibition of such processing.

Right to lodge a complaint 

If you believe that your personal data has been processed in violation of the GDPR, you may file a complaint with the supervisory authority – the Croatian Personal Data Protection Agency, located at Metela Ožegovića 16, Zagreb.

For additional information regarding the processing of your personal data or to exercise your rights, please contact us through our Data Protection Officer or other available contact channels. To ensure the highest standards in data protection, the data controller has appointed a professional Data Protection Officer, Ines Krečak, Data Protection Professional, CIPP/E, and Croatian representative at the European Federation of Data Protection Officers. Your safety and trust are of utmost importance to us.

Contact: feralis@feralis.hr I Osobnipodaci@Gyms4you.com 

www.feralis.hr 

Your request will be processed within 30 days from the moment you are successfully identified. Our response will be delivered in a standard electronic format, unless you explicitly request otherwise.

This Privacy Policy is regularly reviewed, updated, and amended to reflect the actual practices of data collection and processing on this website. Please check this policy periodically to stay fully informed about our privacy and data protection practices. If there are changes that may affect your rights as a data subject, especially in cases of changed processing purposes, data disclosures, or transfers to third countries, we will notify you via a pop-up window when you visit this website.

Last update: July 2025