Street Workout

PRIVACY POLICY

Your personal information

This privacy policy explains how we collect and process your personal data. Personal data, or personal information, means any information about an individual from which that person can be identified.  This includes information that you tell us, what we learn from you and the choices you make about the marketing you want us to send to you.  This policy explains how we do this, what your rights are and how the law protects you.

Changes to data protection law

The law in relation to data protection is changing on the 25 May 2018 when the General Data Protection Regulation comes into force in the United Kingdom and across Europe. This version was last updated on 10/07/2018. Your use of our website and services will be subject to the most current version of this privacy policy posted on our website at the time of your use. We recommend that you check the website from time to time to inform yourself of any changes in this policy or any of our other terms, and you are solely responsible for reviewing and becoming familiar with any modifications to this privacy policy.

Who we are and how you can contact us

We are “EPAITHRIA DRASTIRIOTITA ATHINON” (Street Workout Athens), SPORTS CLUB.  Our registered office is at Εmmanuel Benaki 98, 10681, Athens and our athletic venues located at National Gymnasium of Athens I.Fokianos, Vas. Olgas 1, Zappeion, Athens. You can contact us by email at info@streetworkoutathens.gr or by calling us on +306972402562. Our representative for all queries in relation to this policy and your data protection rights is Tonia Gounitsioti (E: info@streetworkoutathens.gr, T: +30672402562).  When we refer to our website, we mean our website at https://www.streetworkoutathens.gr/.

Where we collect your personal information from

We may collect personal information about you in the following ways:

Data you give to us:

  • Data you give to us when you register to use our services and/ or login
  • When you talk to us on the phone or in one of our gyms
  • When you use our website or mobile device apps
  • In emails or letters to us
  • If you take part in our competitions or promotions
  • When you give us feedback

Data we collect when you use our services:

  • Payment and transaction data
  • Profile and usage data, including data we gather from the devices you use to connect to those services such as computers and mobile phones, using cookies and other internet tracking software
  • CCTV: We use CCTV in our clubs for health and security reasons. The images are held securely and only accessed when needed when investigating an incident.

Data from third parties we work with:

Punch Pass – we may receive your information through Punch Pass if you have signed up for our classes through Punch Pass. For further details on how Punch Pass collects and stores your information please click here https://punchpass.com/privacy-policy 

Data we collect about you

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity data – name, username and date of birth
Contact data – billing address, email address or telephone numbers
Financial data – bank account and payment card details
Transaction data – details about payments to and from you
Technical data – internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
Profile data – your username and password, your preferences, feedback and survey responses
Usage data – information about how you use our website and services
Marketing and communications data – your preferences in receiving marketing from us and our third parties and your communication preferences

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any special categories of personal data about you.  This includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we use your personal information

Your privacy is protected by law. We are only allowed to use personal information about you if we have a legal basis to do so, and we are required to tell you what that legal basis is.  We have set out in the table below: the personal information which we collect from you, how we use it, and the legal ground on which we rely when we use the personal information. In some circumstances we can use your personal information if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is.  A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable.  If we are relying on our legitimate interests, we have set that out in the table below.

What we use your personal information for

What personal information we collect

Our legal grounds for processing

Our legitimate interests (if applicable)

To register you as a new customer

Identity

Contact

Performance of a contract with you

 

To deliver our services and provide our facilities to you

Identity

Contact

Transaction

Performance of a contract with you

Legitimate interests

Being efficient about how we deliver our services and fulfil our legal and contractual duties.

To manage payments or collect and recover money owed to us

Identity

Contact

Transaction

Performance of a contract with you

Legitimate interests

To recover any debts owed to us

To manage our relationship with you, including notifying you about changes to our terms or privacy notices

Identity

Contact

Transaction

Performance of a contract with you

Necessary to comply with a legal obligation

Legitimate interests

To keep our records up to date

To enable you to partake in a prize draw, competition or to complete a survey

Identity

Contact

Transaction

Performance of a contract with you

Legitimate interests

To study how customers, use our services and to grow our business

To administer and protect our business and our website

Transaction

Technical Usage

Legitimate interests

Running our business, provision of administration and IT services, network security

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

Identity

Contact

Marketing and communications

Usage

Profile

Legitimate interests

To study how customers use our services, to develop them, to grow our business and to inform our marketing strategy

To use data analytics to improve our website, products / services, marketing, customer relationships and experiences

Technical

Usage

Profile

Legitimate interests

To define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy

To make suggestions and recommendations to you about services that may be of interest to you

Identity

Contact

Marketing and communications

Technical

Profile Usage

Legitimate interests

To develop our services and grow our business

Who we share your personal information with
We may share your personal information with any of the following organizations, for the purposes of providing the services which you have requested from us:
We require all organizations who we share your data with to respect the security of your personal data and to treat it in accordance with the law.  We do not allow any of our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Failing to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Third party links

Our website may include links to third party websites, plug-ins and applications.  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy notice or policy of every website you visit.

Transferring your personal information outside the EEA

The EEA is the European Economic Area, which consists of the EU Members States, Iceland, Liechtenstein and Norway. If we transfer your personal information outside the EEA we have to tell you. 

We will only send your data outside the EEA:

  • If you have instructed us to do so;
  • To comply with a legal duty; or
  • To work with our suppliers who help us provide our services.
  • We may share your personal data with some third-party companies such as data processors to provide technology for email, subscription and payment support. Some of these companies may be based outside the EEA.
  • Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
  • We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
  • Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (including the ICO) of a breach where we are legally required to do so.

How long do we keep your personal information

We will keep your personal information for as long as you are our customer.
After you stop being a customer, because you have stopped regularly using our services, we may keep your personal information for up to one year for one of the following reasons:
To respond to any questions or complaints from you
To maintain our records and for financial reporting
To comply with laws applicable to us

Marketing

We may use your personal information to tell you about relevant services and any upcoming offers. We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest to do so. You can ask us to stop sending you marketing messages at any time – you just need to contact us, or use the opt-out links on any marketing message sent to you. We will get your express opt-in consent before we share your personal data with any company other than us for marketing purposes.  You can ask a third party company to stop sending you marketing messages at any time, by adjusting your marketing preferences in relation to that company or by using the opt-out links on any marketing message sent to you. Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of purchasing services or any other transaction between you and us.

Your rights

You have certain rights which are set out in the law relating to your personal information.  The most important rights are set out below. Getting a copy of the information we hold. You can ask us for a copy of the personal information which we hold about you, by asking any member of our staff at one of our gyms or by emailing us at info@streetworkoutathens.gr. This is known as a data subject access request. You will not have to pay a fee to access your personal data, unless we believe that your request is clearly unfounded, repetitive or excessive.  In such circumstances we can charge a reasonable fee or refuse to comply with your request. We will try to respond to all legitimate requests within one month.  Occasionally it may take us longer than a month and in that case we will notify you and keep you updated.

Telling us if information we hold is incorrect

You have the right to question any information we hold about you that you think is wrong or incomplete.  Please contact us by email at info@streetworkoutatahens.gr if you want to do this and we will take reasonable steps to check its accuracy and, if necessary, correct it.

Telling us if you want us to stop using your personal information

You have the right to:

  • object to our use of your personal information (known as the right to object); or
  • ask us to delete the personal information (known as the right to erasure); or
  • request the restriction of processing; or
  • ask us to stop using it if there is no need for us to use it (known as the right to be forgotten).

There may be legal reasons why we need to keep or use your data, which we will tell you if you exercise one of the above rights.

Withdrawing consent

You can withdraw your consent to us using your personal information at any time.  Please contact us by email at info@streetworkoutatahens.gr if you want to withdraw your consent.  If you withdraw your consent, we may not be able to provide you with certain products or services.

Request a transfer of data

You may ask us to transfer your personal information to a third party.  This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Making a complaint

Please let us know if you are unhappy with how we have used your personal information by contacting us by email at info@streetworkoutatahens.gr 
You also have a right to complain to the Information Commissioner’s Office. We would be grateful for the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.