GDPR Compliance Statement

At Gymscanner, we are committed to protecting the privacy and data rights of our users in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This GDPR compliance statement outlines our approach to data protection and the measures we have implemented to ensure the security and privacy of personal data collected and processed through our platform.

1. Lawful Basis for Processing

We ensure that all processing of personal data is conducted lawfully, fairly, and transparently. We rely on one or more lawful bases for processing personal data, including user consent, contractual necessity, legal obligations, vital interests, and legitimate interests pursued by Gymscanner or third parties.

2. Data Minimization

We collect and process only the personal data that is necessary for the purposes for which it is collected. We do not collect excessive or irrelevant personal data, and we minimize the processing of sensitive personal data whenever possible.

3. User Rights

We respect the rights of individuals regarding their personal data and provide mechanisms for users to exercise their rights under the GDPR, including the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing. Users can contact Gymscanner's Data Protection Officer (DPO) to exercise their rights or seek assistance regarding the processing of their personal data.

4. Data Security

We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, protect against unauthorized access, disclosure, alteration, or destruction, and prevent data breaches. These measures include encryption, access controls, regular security assessments, and employee training on data protection practices.

5. Data Transfer

If personal data is transferred outside the European Economic Area (EEA), we ensure that adequate safeguards are in place to protect the data in accordance with GDPR requirements. This may include implementing standard contractual clauses, obtaining user consent, or ensuring the receiving country has an adequate level of data protection.

6. Data Processing Agreements

We enter into data processing agreements with third-party service providers who process personal data on our behalf, ensuring that they adhere to GDPR requirements and provide sufficient guarantees regarding the security and confidentiality of personal data.

7. Data Breach Notification

In the event of a data breach involving personal data, we have procedures in place to promptly assess the breach, mitigate risks, and notify the relevant supervisory authorities and affected individuals in compliance with GDPR requirements.

8. Data Protection Officer (DPO)

Gymscanner has appointed a Data Protection Officer (DPO) responsible for overseeing GDPR compliance and handling data protection matters. Users can contact the DPO regarding any questions, concerns, or requests related to the processing of their personal data.

9. Compliance Monitoring and Review

We regularly monitor our data processing activities, conduct privacy impact assessments where necessary, and review our data protection practices to ensure ongoing compliance with GDPR requirements and other relevant data protection laws.

By adhering to these GDPR principles and implementing appropriate measures, Gymscanner demonstrates its commitment to protecting the privacy and data rights of its users and complying with applicable data protection laws.