Privacy statement

This is a report on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).

Privacy statement

This is a report on the processing of personal data in accordance with the EU General Data Protection Regulation (679/2016).

Contacts on data protection issues

In all matters relating to the processing of personal data and in situations involving the exercise of one’s rights, the data subject is advised to contact the above-mentioned contact person.

The grounds and purpose of the processing of personal data

The legal basis for the processing of personal data is the contractual relationship between the data subject and the register holder. The purpose of processing personal information is to enable our customer relationship. Otherwise, we will not be able to serve you in the best possible way.

In addition to this, we use data in:

– Marketing

– Customer communication

– Customer loyalty

– Order fulfillment, handling and archiving

–  Improving the website and services

– Improving customer experience

– Analytics and statistics

Processed personal data

The register holder will only collect personal data from data subjects that are relevant and necessary for the purposes described in this privacy statement.

The following information of registered users is processed:

We collect all of the information you provide to us using the forms and contact channels on this website. In addition, our web servers collect log files from you, which include e.g. in addition to the browser you are using, your IP address with timestamps. The log files also show the login attempts to our services. Our analytics service also collects the sites from which you arrive to our website, the times you visit and the time you leave.

Disclosure of personal data

Personal data will not be disclosed to third parties unless required by law. Thus, data may exceptionally be disclosed to authorities, for example, as required by law.

Transfers of personal data to third countries

Personal data will not be transferred outside the EU and the European Economic Area.

Cookies

We use cookies on our website to implement our services and their analytics. You can prevent the use of cookies by making changes to your browser settings, but this may result in the service not working on your device.

Gymduke.com uses cookies and other similar technologies, such as your browser’s local storage. Cookies are small text files between the device’s browser and the server. Cookies and other tags have an expiration date, after which the browser deletes the file. We use these technologies to implement functions, personalize them, perform analytics and marketing targeting.

Functional cookies and local storage are used e.g. for customer identification, login maintenance, delivery time estimates, and shopping cart functions. The use and acceptance of cookies and local storage for these activities is mandatory. The functional cookies and local storage variables set by the server remain in the browser for 15 min – 24 months, unless they are specifically deleted from the browser settings. Visiting the site resets cookies and local storage variables if the browser allows it.

The partners and technologies we use for analytics and marketing targeting, such as pixel tags and cookies, gives us better understanding of our customers’ behavior and tells us which products, features and services interest our customers. The data used is anonymized whenever possible. Otherwise, we treat the data as personal in those respects as the identifier contains customer targeting data, such as an IP address. Tags that can be associated with a customer in some way are also treated as personal data. The validity of the tags is 24 h -24 months.

We utilize Google Analytics, Google Tag Manager, Google AdWords, Google Display Network, and Google DoubleClick to analyze our site usage, popular products, trends, and sales, and, with your consent, to target marketing. The information you send to Google is anonymized. In addition to account management functions privacy identifiers used for targeted marketing you may refuse by using the browser’s Do Not Track feature and setting your browser to reject third-party cookies. When logged in to a customer account, the account manager’s privacy settings override the browser’s Do Not Track feature.

Data retention period

The register holder processes personal data from 24 hours to 24 months. At the end of this period, the holder shall delete or anonymise the data in accordance with its removal processes. The controller may be required to process some of the personal data in the register for longer than stated above in order to comply with legislation or regulatory requirements.

Rights of the registered user

Right to gain access to personal data. The registered user has the right to receive confirmation as to whether personal data concerning them are being processed and, if so, the right to receive a copy of their personal data. Right to rectification of data. The registered user has the right to request the rectification of inaccurate and incorrect personal data concerning them. The registered user also has the right to have incomplete personal data supplemented by providing the necessary additional information. Right of erasure. The registered user has the right to request the erasure of personal data concerning them if a. The personal data are no longer needed for the purposes for which they were collected; or b. personal data have been processed unlawfully. Right to restrict processing. The registered user has the right to restrict the processing of personal data concerning them if a. The registered user disputes the accuracy of their personal data; b. the processing is unlawful and the registered user opposes the deletion of their personal data and instead requests that their use be restricted; or c. the controller no longer needs personal data for the original purposes of the processing, but the registered user needs them to write, present or defend a legal claim. Right to transfer data from one system to another. The registered user has the right to receive personal data concerning them and provided by them in a structured, commonly used and machine-readable form and the right to transfer such data to another register holder. The right to make a complaint to the supervisory authority. The national supervisory authority for personal data matters is the office of the Data Protection Commissioner attached to the Ministry of Justice. You have the right to refer the matter to the supervisory authority if you consider that the processing of personal data concerning you violates the relevant legislation.

Changes in privacy policies

The register holder is constantly improving its operations and may need to change and update its privacy policies as necessary. Changes may also be based on changes in data protection legislation. If the changes involve new purposes for the processing of personal data or the changes are otherwise significant, the register holder shall give prior notice and, if necessary, request consent.