We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of Rise Gym.
Facebook: https://www.facebook.com/RiseGym.RiseAbove/
Instagram: https://www.instagram.com/risegym/
What data do we process from you and for what purposes do we use it?
We process your data in accordance with the provisions of the UK’s Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). Which data is processed in detail and how it is used depends largely on the services you use.
Types of data processed
- Inventory data (e.g., names, addresses)
- Contact data (e.g., e-mail, telephone numbers if provided)
- Content data (e.g., text entries, messages)
- Usage data (e.g., website visited, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Processing of special categories of data
No special categories of data are processed.
Categories of persons concerned by the processing
- Visitors/ interested parties / suppliers
- Visitors and users of the online offer
In the following, we also refer to the data subjects collectively as “users”.
Purpose of processing
- Provision of the online offer, its contents, and functions.
- Provision of contractual services, service, and customer care
- Answering contact requests and communication with users
- Marketing, advertising, and market research
- Security measures
Relevant legal basis
In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:
- the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR,
- the legal basis for processing in order to fulfil our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR,
- the legal basis for processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR, and
- the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
Below you will find an overview of the individual purposes and the legal basis on which the respective processing is based:
Contract initiation and fulfilment
In order to accept and process your membership or order, we collect the following data from you during the ordering process:
- First name, surname and title
- E-mail address
- Billing address
- Telephone number, if applicable
- Payment details
- Purchased products and returns, if any
- Date and time of order
The processing of data in the course of the membership or ordering process is carried out in order to fulfil the contract with you in accordance with Art. 6 Para. 1 lit. b GDPR. If we collect further data from you when creating the customer account, this is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to maintain a customer relationship with you.
Service providers for order processing
In connection with the processing of your membership or an order, we use various service providers or partner companies to assist us in processing orders, providing customers with information and providing services. These companies are our order processors according to Art. 28 GDPR and may only use your data to fulfil their tasks on our behalf. Rise Gym is responsible for ensuring that these service providers comply with data protection regulations and has concluded corresponding order processing agreements with the service providers.
Payment Processing
Payment by credit card and SEPA direct debit is made via our payment service provider, to which we pass on your mandatory details provided during the registration or order process, together with information about your booked memberships or goods purchased, in accordance with Art. 6 Para. 1 lit. b GDPR for payment processing. Your data will only be passed on for the purpose of payment processing with the payment service provider and only insofar as it is necessary for this purpose.
The provider of our payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.
Customer communication
In order to communicate with you by e-mail, telephone or post in connection with contact enquiries, complaints etc., we process the following data from you:
- Contact information, such as telephone number, mobile phone number, e-mail address and postal address.
- First and last name
- Customer/ Membership and/or order number
- Order/ Membership history
- Other data that you provide to us in the course of communication.
The processing of this data is based on the legal basis of Art. 6 (1) lit. b GDPR, provided that the communication is in connection with the execution of your order. Processing for other communication is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.
Newsletter
If you register for our newsletter, we will use your email address to inform you about Rise Gym-related topics, e.g., products, (store) promotions and offers from our partners related to the product range. The processing is carried out on the legal basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can unsubscribe from the newsletter at any time at info@fanesis.com.
The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organised and analysed. When you enter data for the purpose of receiving newsletters (e.g., email address), this data is stored on MailChimp’s servers in the USA.
With the help of MailChimp, we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web-beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g., time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g., email addresses for the member area) remain unaffected by this.
For more details, please refer to the privacy policy of MailChimp at: https://mailchimp.com/legal/terms/.
We have concluded a so-called “data processing agreement” with MailChimp, in which we oblige MailChimp to protect our customers’ data and not to pass it on to third parties. This agreement can be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.
Use of cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use cookies, pixels, web beacons and similar technologies (hereinafter: “cookies”). These are small text files that are stored on your terminal device. The cookies can be transmitted to a page when it is called up and thus enable the user to be identified. Cookies help to simplify the use of Internet pages for users. Some of the cookies we use are deleted again after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your browser on your next visit (so-called persistent cookies). You can set your browser so that you exclude the acceptance of cookies for certain cases or generally. You can delete cookies that have already been set. If you do not accept cookies, the functionality of our website may be limited. Cookies from third-party providers are also used on our website (e.g., when tracking tools are used to evaluate user behaviour). For details of this, please refer to our Cookie Policy.
Collection of access data and log files
We collect data on every access to our website on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. GDPR, we collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the web site accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of seven days and then deleted. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Facebook Remarketing
Within our website, so-called “Facebook pixels” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”), are used. With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our offer as a target group for the display of advertisements, so-called “Facebook ads”. Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our website. This means that with the help of the Facebook pixel we want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.
The Facebook pixel is directly integrated by Facebook when our web sites are accessed and can save a so-called cookie, i.e., a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our website will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. The processing of the data by Facebook takes place within the framework of Facebook’s data usage policy. Accordingly, you can find more information on how the remarketing pixel works and generally on the display of Facebook ads, in Facebook’s data usage policy: https://www.facebook.com/policy.php
You can object to the collection by the Facebook pixel and use of your data for the display of Facebook ads. To do so, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads or declare the objection via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent. The settings are platform-independent, i.e., they are applied to all devices, such as desktop computers or mobile devices.
Other processing purposes
In addition to the above-mentioned processing purposes, we also process your data for the following purposes:
- To comply with our legal obligations to retain data or obligations under data protection law. This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR.
- To exercise any legal rights or defend ourselves against claims. This processing is based on the legal basis of Art. 6 (1) lit. f GDPR.
- To respond to and comply with official requests. This processing is based on the legal basis of Art. 6 (1) lit. c GDPR.
To whom do we transfer your data?
We use external service providers in the provision of our services who process your data on our behalf. These include companies in the following categories. With regard to the specific recipients, we refer to the information on the purposes of data processing above.
- Technical service providers in the areas of IT and telecommunications (e.g., maintenance of IT systems and monitoring of system stability)
- Marketing service providers in the areas of marketing activities
- Affiliated companies of Rise Gym and other service providers in the context of customer and membership management
- Service providers for fraud and abuse prevention in connection with the web shop
- Service providers for customer communication
Is your data transferred to recipients in a third country?
Our main operations are based in the UK and your personal information is generally processed, stored and used within in the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your personal information is protected in the same way as if it was being used within the UK and the EEA.
Where we need to transfer your data outside the UK or the EEA, we will use one of the following safeguards:
- The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
- Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA.
How long do we keep your data?
We will only retain your data for as long as is necessary to fulfil the purposes set out above. In addition, we are subject to various storage and documentation obligations, which result, among other things, from the UK`s Commercial Requirements. The retention and documentation periods specified there are up to six years. Finally, the storage period is also assessed according to the statutory limitation periods.
What are your data protection rights?
As a data subject, you can assert the following rights against us at any time. To do so, please contact us.
- a) Revocation of your consent to data processing
Insofar as we process your data on the basis of your consent, you can revoke this at any time for the future. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
- b) Right to data portability
You can have your data, which we process automatically on the basis of your consent or in fulfilment of a contract with you, handed over to you or to a third party in a common, machine-readable format. If you request that the data be transferred directly to another controller, this will only be done insofar as it is technically feasible.
- c) Right to information
You have the right to obtain information about your data stored by us at any time and, if applicable, a copy of this data.
- d) Right to rectification
You have the right to demand the immediate correction of your data stored by us if this data is incorrect or incomplete.
- e) Right to deletion
Within the framework of the applicable legal provisions, you have the right to demand that we delete your data stored by us.
- f) Right to restriction of processing
Subject to legal requirements, you have the right to request us to restrict the processing of your data.
- g) Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of data relating to you which is carried out on the basis of Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR. If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
In addition, you have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Article 77 of the GDPR if you believe that the processing of your data is not lawful. The right of appeal is without prejudice to any other administrative or judicial remedy. The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Is there an obligation for you to provide the data?
When you use our website, your browser automatically transmits your usage data. Without this technical data, it is not possible to display our website for you. With regard to the respective services offered you must provide the data that is required for the respective service or that we are legally obliged to collect. Without this data we will not be able to offer the respective service.
To what extent is there automated decision-making including profiling in individual cases?
Both when using our website and in connection with the services offered there, no automated decision-making pursuant to Art. 22 GDPR takes.
Security measures
We take appropriate technical and organisational measures in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input of, disclosure of, assurance of availability of, and separation of, the data relating to them. We also have procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise.
Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR). The security measures include in particular the encrypted transmission of data between your browser and our server.
Data Subject Access Request
For clarification, you have the right to request confirmation from us at any time as to what information we hold about you and to request that we amend, update, or delete that information. We may comply with your request in response. In addition, we have the following options: Ask you to confirm your identity, or ask you for more information about your request, and were permitted by law, refuse your request. (However, in this case we will explain the reasons for the refusal).
Children Data
If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
Changes
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
If you have any questions, please do not hesitate to contact us.