Privacy policy
DATA PRIVACY DECLARATION
The purpose of this data protection declaration is to inform you about how NonStop Gym (also referred to after “we” and “our”), collects and processes personal data.
You will find the following points:
– How to contact us if you have any questions.
– On which legal basis we rely on when processing personal data
– What data we collect and why
– To whom we transmit your personal data
– How we protect your personal data
– What cookies, tracers, and other technologies we use
– How long we process your personal data
– What are your rights about your personal data
– What data protection declaration is in force
1. Our contact information
NonStop Gym is the controller for data processing carried out in accordance with this Data Protection declaration. If you have any questions about this Data Protection declaration, about our use of your personal data or about your rights, you may contact us at:
NonStop Gym SA
Abraham Gevray 6
1201 GENEVA
E-mail: [email protected]
2. Legal basis
NonStop Gym processes personal data in accordance with Swiss data protection law, in particular the Federal Data Protection Act (FDA) and the Ordinance on the Federal Data Protection Act (OFDA) (hereinafter referred to as data protection laws).
3. What data we collect and why
3.1 Definitions
Personal data means all information relating to an identified or identifiable person. A data subject is a person whose personal data are processed. The processing includes all manipulations of personal data, regardless of the means and procedures used, including the storage, disclosure, provision, collection, erasure, modification, destruction and use of personal data.
3.2 Nature, scope and purpose
We process the personal data that is necessary to provide our fitness services and fulfil our contracts. Different types of personal data may be processed:
– historical and contact data,
– navigator and appliance data,
– content data,
– metadata,
– data of training locations
– sales, contractual and payment data.
We process personal data for the period necessary for the respective purpose(s) or to fulfil our statutory obligations (e.g. accounting obligations). Personal data that no longer need to be processed will be deleted. The persons whose data we process have a fundamental right of access, modification, and deletion. We process personal data in accordance with the principles or with justifications required by data protection laws. If the consent of the data subject is required, we process the personal data only after obtaining the consent of the data subject.
3.2.1 Biometric and other sensitive data
As part of the access control to our facilities, we collect a template representing a fingerprint. This template is an unidirectionally encrypted mathematical representation of a few singular points that make up the fingerprint. It is this template that is stored and used for comparison in the access system of our facilities.
This template is automatically deleted 4 months after the end of the contractual relationship.
3.2.2 In some cases, we collect the following information:
– Military march order
– Study/Travel Certificate
– Certificate OPCM / Proof of Moving
– Medical Certificate
– Certificate of curatelle
– Certification imprisonment
These data are only collected if a request is made to suspend the subscription for the reasons mentioned (military service, study trips, relocation, illness, communication in the event of a curatelle, imprisonment).
3.2.3 Video surveillance system
Our rooms are equipped with video surveillance systems for security and evidence purposes. These recordings are automatically erased after 7 days. We can retrieve and preserve excerpts of these recordings for, among other things, handing them over to the authorities upon request in the context of a police action.
3.2.4 Visit of the website (creation of log files) and other electronic offers
Every time our website is visited, the web server automatically enters data and information from the computer system of the visiting computer. This includes, inter alia, information on the type of browser and version used, the user’s operating system, the user’s Internet service provider, the reference URL (websites from which the user’s
system accesses our website), as well as the user’s IP address, date and time of access. These data are stored in the log files of our system (or at third parties) together with other data and are only collected for statistical analysis purposes. We use this data to ensure a smooth connection, a convenient use of the website and
other electronic offerings, to evaluate the security and stability of the system and for other administrative purposes. As a rule, this data does not allow us to draw any conclusions about the identity of the visitor. However, as part of access to your Digital Customer Space, they may be associated with other categories of data – and thus, if
applicable, with your person.
3.2.5 Marketing, Information Emails and Event Registration
We may use your name and mailing address(es) or e-mail address(es) to provide you with our services and to send you information emails, information/invitations to events, publications and the like.
At present:
Sending e-mail may be accomplished by one of the following options:
– Our external CRM partner, Sport Alliance, headquartered in Germany
– Our external customer contact management partner, ZenDesk, headquartered in the USA
– Our own systems, based in Switzerland
– For some marketing campaigns, we use the MailChimp platform, which is based in the USA Sending SMS can be accomplished by one of the following solutions:
– Our external CRM partner, Sport Alliance, headquartered in Germany
– The company SMS UP, based in Switzerland. All these solutions provide the possibility of unsubscription, which is offered with each communication.
You can register for our events by providing your contact details on our registration form.
When registering, the data you provide (surname, first name, email, etc.) will be transmitted to us and stored. By registering, you agree that we will only process this data for this purpose (events).
To the extent that we refer to third party websites for information on products, events,
etc. and that you visit these websites, the corresponding data protection declarations of
the operators of the respective websites apply.
Please also note that data exchanged over the Internet often transits through third countries. This means that your data may end up abroad even if the sender and the recipient are in the same country.
3.2.6 E-mail contact
We offer you the option of contacting us via the e-mail address(es) posted on our website. In this case, we store the data transmitted. We process personal data, for example, when you contact us or we contact you, when you use our services as a member of our fitness clubs or when you visit our website. In
this context, we process the information that a data subject provides himself or herself and of his or her own free will when he or she contacts us, e.g. by post, e-mail, contact form, via social media, by telephone or in our facilities. We may store and process this information, for example, in a Customer Relationship Management (CRM) system or similar tools.
3.2.7 HEALTH DATA
We didn’t collect neither access to any personal health data.
4. Transmission of personal data
We will only communicate your personal data to third parties in the course of our business activities and for the purposes described in this data protection declaration if we are obliged to do so by law, a court decision or official regulations, if the transfer is necessary for the establishment, exercise or defence of legal claims or for the performance of contracts and business activities or on the basis of your consent. In such cases, these third parties are primarily located in Switzerland or Europe, but they may also be in the United States.
Third parties may be:
– Subcontractors such as service providers for evaluating the usefulness of the website (for marketing purposes), IT service providers (data management, data storage, technical support; sending newsletters, etc.), service providers in the field of recruitment, talent management, human resources, or other services.
– External business partners (e.g. payment solutions, banks, collection
companies)
– National or foreign authorities, administrative services, or courts.
– Our partners “personal trainers” (self-employed persons under Swiss law) within the framework of a contact request from members
– The Caisse Juridique Suisse (headquartered in Switzerland) for the collection of unpaid invoices
– The company Finion Capital (headquartered in Germany) for on line payment of subscriptions or invoices.
Note that personal data exchanged over the Internet often transits through third countries. This means that the data may end up abroad even if the sender and the recipient are in the same country.
5. Data security
We take appropriate technical and organisational measures at the system level to protect the data we have stored against loss, destruction, alteration, and unauthorised access by third parties. Security measures of a technical nature include, for example, encryption, pseudonymisation of data, logging, access restrictions and storage of back-up copies. Our security measures are continuously adapted to technological developments. However, absolute protection cannot be guaranteed.
6. Cookies/Tracking and Other Technologies
6.1. Use of cookies
Our website uses cookies. The use of cookies is intended to make the use of our website more personalised. We use so-called session cookies to recognise that you have already visited certain pages of our site. These are automatically deleted after you leave our site. We also use statistics cookies to optimise our offerings and, if necessary, to display information specifically tailored to your needs (online marketing). These cookies are automatically deleted after a defined period. The personal data collected are pseudonymised by technical measures. The user may enable or disable the use of cookies when opening our website for the first time. If cookies are disabled, some features of the website may no longer be used. The procedure for controlling and deleting cookies depends on the browser you are using. You can find information about this in the help menu of your browser (usually under the keyword “Data Protection”).
6.2. Use of Google Analytics
On our website, we use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA, USA) and Google Ireland Ltd (Google Building Gordon House, Barrow St, Dublin 4, Ireland); both together referred to as “Google”, Google Ireland Ltd being our subcontractor. Google Analytics uses cookies and similar technologies to collect certain information about the behaviour of individual users on or on the relevant website and on the device used for this purpose (tablet, PC, smartphone, etc.) to analyse the use of the website. The information generated by these performance cookies about your use of the website (including your IP address) is transmitted to and stored by Google on servers in the USA. We have configured the services in such a way that the IP addresses of users of the websites are shortened by Google in Europe before they are transmitted to the USA and thus cannot be traced. Google provides us with reports and may be regarded as our subcontractor for this purpose. However, Google also processes certain data for its own purposes.
Google may, under certain circumstances, draw conclusions about the identity of visitors to the web pages based on the data collected and thus compile personal profiles and link the resulting data to any existing user accounts of such persons. Google may also transfer this information to third parties if required to do so by law or if third parties process the data on Google’s behalf. If you consent to the use of Google, you explicitly consent to such processing, which also includes the transfer of personal data to the United States and other states.
7. Duration of processing of your personal data
We will only process your personal data if it is necessary for the intended purpose and to fulfil our contractual and statutory obligations, including statutory retention obligations (usually 10 years after the termination of the contractual relationship). We will continue to process your personal data for as long as we have a legitimate interest in retaining it. This may be the case, for example, when we need personal data to assert rights or defend ourselves, for archiving purposes and to ensure IT security.
8. Your rights
If you decide to provide personal data or if you provide it to us as part of our business relationship, you have, under certain circumstances and to the extent provided for by applicable data protection laws, the right to access, rectify or delete your data.
Your rights are not absolute. We reserve the right to enforce any legal restrictions on our part. We will inform you accordingly.
9. Reservation of modification
NonStop Gym reserves the right to amend and supplement this data protection declaration at any time. Changes and additions will be communicated in an appropriate
form, including by publishing the applicable data protection declaration on our website.persokd