Bli medlem
Bli medlem

Privacy notice
Fitness24Seven

At Fitness24Seven, we protect your personal privacy. This privacy notice explains how we collect and use your personal information. It also describes your rights and how you can enforce them.

It is important that you read and understand the privacy notice and feel secure in our processing of your personal data. You are always welcome to contact us via dpo@f24s .com with any questions.

Using the table of contents below, you can easily navigate to the sections that are of particular interest to you.

This privacy notice was last updated on august 15th 2025.

Table of contents

Controller

Fitness24Seven AB (”F24S”), 556635-4626, is the controller under the EU Data Protection Regulation (”GDPR”) for the personal data processing for which we determine the purposes and means. In accordance with the GDPR, we must provide information on how we as controller process personal data in our business.
The Fitness24Seven Group consists of the following companies:

  • Fitness24Seven AB
  • Fitness24Seven-Lund AB
  • Fitness24Seven Oy
  • Fitness24Seven Norway
  • Fitness24Seven Thailand
  • Fitness24Seven Colombia

If you have any questions concerning our processing of your personal data, you can contact us at: dpo@f24s.com , or

Stora Södergatan 4
222 23 Lund
Sweden

Our data protection officer

F24S has a data protection officer that works with matters relating to our compliance with data protection and personal data processing regulations. Please contact our data protection officer if you have any questions concerning our processing of your personal data.

Email: dpo@f24s.com

Mail: Stora Södergatan 4, 222 23 Lund, att: Data Protection Officer

Personal data and personal data processing

Personal data is any kind of information that can directly (for example name or social security number) or indirectly identify or be linked to a living person. Examples of information that can be indirectly attributed to a living person are images and audio recordings that are processed in a computer without any names being mentioned.

All types of actions taken with personal data constitute personal data processing. Examples of usual processing are collection, registration, organization, structuring, storage, processing, transmission, and deletion.

This is how we process your personal data when you are a member at F24S

When we contact you or you reach out to us, we need to process your personal data for administrative reasons.

Categories of personal data: Name, Phone number, Email

Processing activities: Communicating with members. Providing information to members about changes at the gym, such as gyms being closed for renovation, changes in membership, etc.

Purpose: Administrating contact with members.

Legal basis: Legitimate interest.

Data is collected from: You, when you signed up for a membership. The membership database is not publicly available.

Retention period: Data regarding general enquiries is stored for the duration of the enquiry.

Recipients or categories of recipients of personal data: Supplier of customer and membership management system. Supplier of CRM and customer inquiry system. Personal trainer if you have requested contact regarding these services. Other companies with the Fitness24Seven Group

Any automated decision-making? No.

Is there a legal obligation to provide personal data to us? No, but if you don’t provide us with your personal data, you will not be able to sign up for any of our personal training consultations and we will not be able to communicate with you regarding administrative matters.

Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

When you join our group training sessions, we need to process your personal data to be able to provide the training session to you.

Categories of personal data: Name, Email, Phone number, Membership details, Gym location, Date and time of the session, Number on membership card

Processing activities: Booking a group training session. Cancelling a group training session. Sending out information to members about cancelled training session

Purpose: Administrating group training sessions.

Legal basis: Contract.

The personal data is collected from: You, when you sign up for a group training session. The source is not publicly available.

Retention period: 24 month

Recipients or categories of recipients of the personal data: Supplier of the card reader when booking group training sessions at the gym, Supplier of system used for group training sessions, supplier of customer and membership management system to send SMS regarding cancelled group training and to collect tickets for group training sessions. Other companies with the Fitness24Seven Group.

Is there any automated decision-making, including profiling? No.

Is there a legal obligation to provide personal data to us? No, but if you do not provide us with your personal data, you will not be able to join in any of our group training sessions.

Is it necessary to provide personal data to enter into or to fulfil an agreement? Yes, to be able to provide you with group training sessions as part of the membership agreement you need to provide us with your personal data. If not, you cannot participate in any of our group training sessions.

When you participate in our personal training sessions, we process your personal data to be able to provide you with personal training.

Categories of personal data:    Name, Email, Phone number, Gym location
Personal data collected via cookie: Information about your lifestyle, such as work, Training habits, Eating habits, Previous and current injuries and illnesses, measurements and weight
Any other information shared with the personal trainer

Processing activities: 
Booking a meeting with a personal trainer
Introduction meeting with a personal trainer to set an individual program.
Training with a personal trainer
Sending out information to members about cancelled training sessions
Purpose: Administrating and providing personal training sessions.
Legal basis: Contract.
The personal data is collected from: You, when you sign up for a personal training session. The source is not publicly available.

Retention period: Data regarding your membership is stored and processed during your membership period.
Recipients or categories of recipients of the personal data: Other companies with the Fitness24Seven Group, Personal trainer, Different applications used to document the personal training sessions.

Is there any automated decision-making, including profiling? No.
Is there a legal obligation to provide personal data to us? No, but if you do not provide us with your personal data, you will not be able to participate in the personal training session.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

When you are a member of our loyalty program, we process your personal data to be able to provide the loyalty program to you.

Categories of personal data: Name, Email, Membership information, Duration of membership
Processing activities: Maintaining and administrating information on members of the loyalty program.
Purpose: Administrating the loyalty program.
Legal basis: Contract.
The personal data is collected from: You, when you bought your membership. The source is not publicly available.
Retention period: Data regarding or related to your membership is stored during your membership period maximum 24month from end date.
Recipients or categories of recipients of the personal data: Supplier of customer and membership management system. Supplier of marketing automation system. Other companies with the Fitness24Seven Group. 

Is there any automated decision-making, including profiling? No.
Is personal data transferred to a third country? No
Is there a legal obligation to provide personal data to us? No
Is it necessary to provide personal data to enter into or to fulfil an agreement? Yes, if you do not provide us with your personal data, we cannot enter into an agreement with you.

Analysing and performing segmentation to be able to improve the business and deliver relevant marketing to you.

Categories of personal data: Gender, Age, Duration of membership, Gym locations visited, Activities chosen, such as personal training or group training sessions. Frequency of visits, include time and which gym location. Entry and exits to the gym
Processing activities: 
Performing analysis on members based on gender, age, duration of membership, gyms visited, and activities chosen by members. 
Performing segmentation using factors such as gender, membership status, age, choice of gym and frequency of visits.  Send communication based on factors such as behaviour, which gym you are using etc.
Performing marketing surveys on members who signed up for a membership via campaigns.
Purpose: Analysing and performing segmentation to be able to improve the business and deliver relevant marketing to you.
Legal basis: Legitimate interest to improve our business and consent for marketing
The personal data is collected from: You, when signed up for a membership. The source is not publicly available.
Retention period: Data is processed for the duration of your membership period
Recipients or categories of recipients of the personal data: Marketing partner for customer and market analyses.
Supplier of marketing automation system. Supplier of customer and membership management system.
Collaborations partners within marketing in different digital channels. Supplier of marketing surveys.
Other companies with the Fitness24Seven Group. 
Is there any automated decision-making? Based on the personal data collected, we profile you based on our assumptions of your possible preferences when creating marketing communication. We also use automated alerts to send personal communication.
Is personal data transferred to a third country? To a company based out of the United States.
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement?    No, but if you do not provide your personal data, you will not receive our surveys or other marketing communication.

We perform different analysis for our marketing activities.

Categories of personal data: Entry and exits to the gym, Age, Gender, Location, Training frequency, Group training sessions, Name, Phone, Email address, Membership details, Payment information. 

If healthcare allowance used, name of the employer.
Processing activities: 
Performing analysis on members. 
Extracting data on gender, age, duration of membership, gyms visited, and activities chosen by members.
Performing segmentation using factors such as gender, membership status, age, choice of gym and frequency of visits.
Performing marketing surveys on members who signed up for a membership via campaigns.
Purpose: Performing analysis for marketing activities.
Legal basis: Legitimate interest
The personal data is collected from: You, when you signed up for a membership. The membership database is not publicly available.
Retention period: The data collected from the different systems for analysis, are deleted once the analysis is complete. The purpose for this is to remove the personal data and only keep the overall result.
Recipients or categories of recipients of the personal data:
Supplier of customer and membership management system.
Supplier of marketing automation system.
Supplier of IT services, such as email, hosting, and other digital tools.
Supplier of marketing surveys.

Is there any automated decision-making, including profiling? Yes
Is personal data transferred to a third country? Yes
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? If you do not provide us with your personal data, we will not be able to send personal marketing communication to you.

When you contact customer service, we process your personal data to handle your inquiries.

Categories of personal data: Name, Email, Personal ID-number, Phone number, Address, Membership details. Information about the inquiry, Bank and payment details, Student identification if applicable, Sick notes and other notes, Social media alias. Frequency of visits to the gym
Processing activities: 
When contacting customer service via email, phone
Receiving and managing questions or complaints from members 
Handling incoming questions or comments via social media on initiative from members
Purpose: Handling inquiries from members.
Legal basis: Legitimate interest.
The personal data is collected from: You, when you contact customer service. 
Retention period: All data in our customer support systems are deleted after 24 months, unless other is agreed or requested.
Recipients or categories of recipients of the personal data: Supplier of customer service platform.
Supplier of IT services, such as email, hosting, and digital marketing tools.
Supplier of CRM and customer inquiry system.
Supplier of customer and membership management system
Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? No, but if you do not provide us with your personal data, we will not be able to help you with your inquiry.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

If an incident occurs at the gym, we need to process your personal data to fulfil our legal obligations.

Categories of personal data: Name, Phone number, Next of kin, Insurance information. Email address of the person who reports the incident, Company name, Company address, Location of the incident, Time of the incident, Root cause and description of the incident. 

Processing activities: Reporting incidents that occur at the gym. Handling incidents that occur at the gym
Purpose: Handling incidents that occur at the gym.
Legal basis: Legal obligation 
The personal data is collected from: You, when you signed up for a membership at the gym. The source is not publicly available.
Retention period: Person data is only stored for the duration of the incident reporting period unless prohibited by other regulation or law. 
Recipients or categories of recipients of the personal data: Supplier of CRM and customer inquiry system. Insurance companies. Ambulance personnel if applicable. Relevant authorities such as The Swedish Work Environment Authority and the Swedish Social Insurance Agency. Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No.
Is there a legal obligation to provide personal data to us? Yes, according to law.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

Product development

Categories of personal data: Name, Phone number, Next of kin, Insurance information
Email address of the person who reports the incident, Company name, Company address, Location of the incident, Time of the incident
Root cause of the incident, Description of the incident
Processing activities: Reporting incidents that occur at the gym
Handling incidents that occur at the gym
Purpose: Handling incidents that occur at the gym.
Legal basis: Legal obligation 
The personal data is collected from: You, when you signed up for a membership at the gym. The source is not publicly available.
Retention period: Person data is only stored for the duration of the incident reporting period unless prohibited by other regulation or law. 
Recipients or categories of recipients of the personal data: Supplier of CRM and customer inquiry system.
Insurance companies. Ambulance personnel if applicable. Relevant authorities such as The Swedish Work Environment Authority and the Swedish Social Insurance Agency. Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No.
Is there a legal obligation to provide personal data to us? Yes, according to law.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

When you exercise your rights under the GDPR, we need to process your personal data to handle your request.

Categories of personal data: Name, Email, Information about the request. Personal number in case of identification.
Processing activities: Receiving and handling of requests from data subjects to exercise their rights under the GDPR.
Performing identification of the person providing the request. 
Communicating in relation to the request and providing answers and materials.
Purpose: Handling requests from data subjects.
Legal basis: Legal obligation
The personal data is collected from: You, when submitted your request. The source is not publicly available.
Retention period: All data in our customer support is deleted after 24 months.
Recipients or categories of recipients of the personal data: Supplier of IT services, such as email and hosting. 
Supplier of CRM and customer inquiry system. 
Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? Yes, according to law.
Is it necessary to provide personal data to enter into or to fulfil an agreement? Yes

If you request to pause your membership, we need to process your personal data to handle your request.

Categories of personal data:    Name, Email, Personal ID-number, Phone, Membership data, Information about the matter, Bank and payment details, Information about assessments made.
Reasoning behind the request to pause the account, such as a medical assessment (doctor). Student identification if applicable.

Processing activities: Receiving request to pause membership.
Reviewing information such as reason to pause the membership.
Granting or rejecting the request and marking membership as paused if the request is granted.
Handling payment to reactivate a paused membership account.
Purpose: Handling requests to pause membership.
Legal basis: Contract
The personal data is collected from: You, when you signed up for a membership. The source is not publicly available.
Retention period: All data in our customer support systems are deleted after 24 months, unless other is agreed or requested.
Recipients or categories of recipients of the personal data: Supplier of:
Customer and membership management system. CRM and customer inquiry system. Marketing automation system. IT services, such as email and hosting. Customer service platform. Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? To be able to fulfil the membership agreement. If you do not provide us with your personal data, we will not be able to handle your request to pause the membership.

Conducting our business operations.

Categories of personal data: Name, Address, Personal ID-number, Phone number, Email, Photo, Payment details. Bank details, such as bank account information, Reason behind paused membership
Rating and feedback towards customer service, Membership details, Point of sales data, Information about the inquiry, such as ID-number of the inquiry.
Processing activities: Administrate, measure, analyse, and improve service levels towards our members.
Handling support inquires. General upkeep of internal systems. Internal marketing and communications.
Purpose: Conducting our business operations
Legal basis: Legitimate interest.
The personal data is collected from: You, when you submit an inquiry, when you signed up for a membership, when you used the gym. The sources are not publicly available. 
Retention period: All data in our customer support systems are deleted after 24 months, unless other is agreed or requested.
Recipients or categories of recipients of the personal data: Supplier of CRM and customer inquiry system.
Supplier of customer and membership management system. Supplier of customer service platform.
Supplier of HR-system. IT solution providers and IT systems. IT providers of payment solutions.
Supplier of IT services, such as email, hosting, and digital marketing tools. 
Supplier of entry system. Systems for handling inquiries, Other companies with the Fitness24Seven Group 
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

When you make a purchase at the gym

Categories of personal data: Payment details, Receipt information, Date and time of purchase
Name and amount of the items purchased, Amount of the purchase, Name of the company, Organization number, VAT, Address of the gym/store.
Processing activities: Processing of a transaction at the gym shop. Provide you with a receipt of your purchase. 

Purpose: Making a purchase at the gym shop
Legal basis: Contract
The personal data is collected from: You, when you make a purchase at the gym. The source is not publicly available.
Retention period: Personal data related to your purchase is stored on the basis of the accounting act for 7 years. 
Recipients or categories of recipients of the personal data: IT providers of payment solutions. Other companies with the Fitness24Seven Group. 
Is there any automated decision-making, including profiling? No.
Is there a legal obligation to provide personal data to us? Yes, according to the purchasing agreement.
Is it necessary to provide personal data to enter into or to fulfil an agreement? Yes. If the personal data is not provided, we cannot enter into an agreement with you, and you cannot complete your purchase.

Assessing if a member should be blocked from using gym services.

Categories of personal data: Name, Email, Personal ID number, Phone number, Membership details, Information about assessments made and the reason for the assessment being performed.
Processing activities: Assessing if a member should be blocked due to not following the terms of use. Taking measures to block the member. Informing the member. Noting in internal systems that the member is blocked and the reason and time for it.
Purpose: Assessing and blocking a member if a member should be blocked from using the gym services
Legal basis: Contract.
The personal data is collected from: You, when you signed up for a membership. The source is not publicly available.
Retention period: N/A no retention, data on blocked member is kept for the duration of the block, which can be without limitation in time. After the period of the block the actual block is deleted but the history and notes on it kept.
Recipients or categories of recipients of the personal data:    Supplier of customer and membership management system. Supplier of IT services, such as email and hosting. Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No.
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

When we perform digital marketing activities, we need to handle your personal data.

Categories of personal data:    Phone number, Name, Address, Email, Username, Password, Date, Date of birth, Gender, General occupation, Other demographic information, Pictures, Competition contribution. Social media alias if the competition is held on social media.
Personal interests or preferences, including purchase history, marketing preferences and publicly available social media profile information.
IT information such as IP addresses, usage data, cookies data, online navigation data, location data and browser and app data.

Processing activities: Sending digital marketing via various tools. Storing member data and potential member data in systems. Handling and accessing member data for marketing purposes in systems.
Sharing data from these systems with external marketing partners. Collecting leads through various means, i.e., events, competitions. Publishing pictures of members, and other individuals. Performing B2B-sales and corporate sales. Storing information in the CRM-system and on the backend of the website.
Purpose: Performing digital marketing activities
Legal basis: Consent.
The personal data is collected from: You, when you sign up for our marketing activities. Some of the data are collected from our customer and membership management system, which is not publicly available.
Retention period: Data about passive members is saved up to 24 months
Recipients or categories of recipients of the personal data: Supplier of customer and membership management system. Supplier of marketing automation system. Media agencies and advertising agencies. Cooperation partner for an event. Marketing partners. Supplier of B2B system
Social media platforms such as Meta, Instagram, TikTok, LinkedIn
Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is personal data transferred to a third country? To a company based out of the United States.
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? Yes.

When you participate in different events and competitions, we need to handle your personal data.

Categories of personal data:    Phone number, Name, Address, Email, Username, Password, Date, Date of birth, Gender, General occupation, Other demographic information, Pictures, Competition contribution. Social media alias if the competition is held on social media.
Personal interests or preferences, including purchase history, marketing preferences and publicly available social media profile information. IT information such as IP addresses, usage data, cookies data, online navigation data, location data and browser and app data.
Processing activities: Sending digital marketing via various tools.
Storing member data and potential member data in systems. Handling and accessing member data for marketing purposes in systems. Sharing data from these systems with external marketing partners. Collecting leads through various means, i.e., events, competitions. Publishing pictures of members, and other individuals. Performing B2B-sales and corporate sales. Storing information in the CRM-system and on the backend of the website.
Purpose: Performing digital marketing activities
Legal basis: Consent.
The personal data is collected from:You, when you sign up for our marketing activities. Some of the data are collected from our customer and membership management system, which is not publicly available.
Retention period: Data about passive members is saved up to 24 months
Recipients or categories of recipients of the personal data:    Supplier of customer and membership management system. Supplier of marketing automation system. Media agencies and advertising agencies. Cooperation partner for an event. Marketing partners. Supplier of B2B system. Social media platforms such as Meta, Instagram, TikTok, LinkedIn. Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is personal data transferred to a third country? To a company based out of the United States.
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

------------------------------------

Categories of personal data: Phone number, Name, Address, Email, Username, Password, Date, Date of birth, Gender, General occupation, Other demographic information, Pictures, Competition contribution. Social media alias if the competition is held on social media. Personal interests or preferences, including purchase history, marketing preferences and publicly available social media profile information.
IT information such as IP addresses, usage data, cookies data, online navigation data, location data and browser and app data.
Processing activities: Sending digital marketing via various tools. Storing member data and potential member data in systems. Handling and accessing member data for marketing purposes in systems. Sharing data from these systems with external marketing partners. Collecting leads through various means, i.e., events, competitions. Publishing pictures of members, and other individuals. Performing B2B-sales and corporate sales. Storing information in the CRM-system and on the backend of the website.
Purpose: Performing digital marketing activities
Legal basis: Consent.
The personal data is collected from: You, when you sign up for our marketing activities. Some of the data are collected from our customer and membership management system, which is not publicly available.
Retention period: Data about passive members is saved up to 24 months
Recipients or categories of recipients of the personal data: Supplier of customer and membership management system. Supplier of marketing automation system. Media agencies and advertising agencies. Cooperation partner for an event. Marketing partners. Supplier of B2B system. Social media platforms such as Meta, Instagram, TikTok, LinkedIn. Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

When you participate in different events and competitions, we need to handle your personal data.

Categories of personal data: Membership number, Phone number, Name, Email, Date, Pictures, Competition contribution. And Social media alias if the competition is held on social media
Processing activities: Handing out QR-codes during events and providing a landing page on a website form.
Publishing pictures of members. Storing information in the CRM-system and on the backend of the website. Arranging marketing events and competitions, such as membership nights. Marketing events internally and externally. Performing evaluations after arranged event to improve upcoming events. Performing registration of members when arriving and participating at an event.
Purpose: Conduct, manage participation and evaluate events and competitions.
Legal basis: Legitimate interest.
The personal data is collected from:
You, when you sign up for our events and competitions. Some of the data are collected from our customer and membership management system, which is not publicly available.
Retention period: Data is processed for the duration of your membership period. Personal data related to non-members are deleted per request of automatically after 24 months. 
Recipients or categories of recipients of the personal data: Supplier of customer and membership management system.
Supplier of marketing automation system.
Cooperation partner for an event.
Social media platforms such as Meta, Instagram, TikTok, LinkedIn
Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

We process your personal data when we perform evaluations, surveys, and feedback questionnaires.

Categories of personal data: Email address, Name, Personal ID number, Age, Gender, Answers and feedback filled out in the form.
Processing activities: Performing customer satisfaction surveys and analysing the result to improve the business. 
Performing evaluations and collecting feedback after termination of a membership. Performing evaluations and collecting feedback after contacting customer service.  Performing evaluations and customer surveys for members in another country.
Purpose:  Performing evaluations, surveys, and feedback questionnaires
Legal basis: Legitimate interest
The personal data is collected from: You, when you perform evaluations, surveys, and feedback questionnaires. The source is not publicly available.
Retention period: All data in our support systems are deleted by request or after 24 month.
Recipients or categories of recipients of the personal data: IT solution providers, such as providing IT support. Supplier of system for performing evaluations, surveys, and feedback questionnaires. Supplier of IT services, such as email and hosting. Supplier of CRM and customer inquiry system. Supplier of customer and membership management system. Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No, but if you do not provide us with your personal data, you will not be able to take part in evaluations, surveys, or answer our questionnaires.

Product development

Categories of personal data: Statistics from entry and exits to the gym including date and time. Membership details such as which type of membership has been sold. Group training sessions, information on who has participated in or who has cancelled a session. Information about personal training. Results from surveys, evaluations or questionnaires. 
Processing activities: Analysing personal data for product development purposes
Purpose: Product development purposes
Legal basis: Legitimate interest.
The personal data is collected from: You, when you signed up for and used a membership, answered our surveys or evaluations or questionnaires. The source is not publicly available.
Retention period: Data is processed for the duration of your membership period
Recipients or categories of recipients of the personal data: Supplier of customer and membership management system. Supplier of IT services, such as email and hosting. Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

Perform tracking, tags, monitoring traffic to collect data for further use

Categories of personal data: Company name and email, IP-address, Personal data collected through various cookies. ID-number, email, name, optout/optin, created date, changed date, language, mobile number, customer ID, personal ID, name, gender, member, birth date, city, activity on certain alerts, device tracking.
Membership details, Pixels and geotags. 
Content of the email such as receipt information.
If you fill in a form on the website, the data from the form is processed.
Processing activities: Targeting and retargeting (understand where members who have bought a membership come from, i.e., Meta or other platforms). Performing segmentation. Tracking the behaviour of members, potential new members for marketing purposes and product development. Performing general analysis on the tracking data
Purpose: Tracking, tags, monitoring traffic to collect data for further use.
Legal basis: Contract
The personal data is collected from: You, when you accept cookies and signed up for a membership. The sources are not publicly available.
Retention period: Data is processed for the duration of your membership period
Recipients or categories of recipients of the personal data: Other companies with the Fitness24Seven Group
Supplier of customer and membership management system. Supplier of marketing automation system. Supplier of IT services, such as email, hosting, and digital marketing tools. Marketing partners, media agencies and advertising agencies. Cookie partners, Social media platforms.
Is there any automated decision-making, including profiling? No
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

When you sign up for and use your membership online or at a gym

Categories of personal data: Membership card details, such as membership ID, membership card number.
Statistics from entry and exits to the gym. Social media alias, Payment details. Receipt information, Date and time of purchase. Amount of the purchase, Phone number, Email address, Address, Personal ID-number, Bank account information, Photo for membership card, Gym membership agreement
Order and membership details
Processing activities: Creating a membership account, including "my pages" and profile. Using the membership to gain access to the gym and the facilities such as changing rooms, lockers, and training equipment. Offering, and if relevant signing up for insurance as an addition to the membership. Checking if the membership is valid to gain access to a gym in another country, such as Thailand or Colombia. Signing up either via a benefits portal, or using a healthcare allowance. 

Purpose: Signing up for and using a membership online or at a gym
Legal basis: Contract
The personal data is collected from: You, when you sign up and use the membership. Source is not publicly available.
Retention period: Personal data is anonymized 24 months after the membership has been cancelled.
Recipients or categories of recipients of the personal data: Other companies within the Fitness24Seven Group
Supplier of customer and membership management system. Supplier of IT services, such as email, hosting, digital signatures, and digital marketing tools. IT solution providers and IT systems, IT providers of payment solutions, Providers for debt collection, Supplier of entry system, The Police Authority, Insurance companies. Banks, Partner provider of the insurance, Benefit platforms.
Is there any automated decision-making, including profiling? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement?    Yes, if you do not provide us with your personal data, you will not be able to sign up for a membership agreement.

To prevent misuse of our services, carry out product liability investigations or to prevent and investigate crimes against the company or accidents that have occurred.

Categories of personal data: Entries and exits to the gym. 
Recorded material from camera surveillance. Information about situations that may occur in the gym. Name and contact details

Processing activities. Downloading and providing camera surveillance material to relevant authorities or insurance companies as necessary. Investigating potential fraudulent behaviour amongst people entering the gym.  Evaluating the use of the gym to prevent accidents or fraudulent behaviour. Managing and filming using camera surveillance at the gyms.

Purpose: To prevent misuse of our services, carry out product liability investigations or to prevent and investigate crimes against the company or accidents that have occurred.
Legal basis: Legal obligation (if such exists), determine or defend legal claims (if such exits) or legitimate interest. In case no legal obligation exits, the processing is necessary for the purposes of our legitimate interest to prevent misuse of our services, carry out product liability investigations or to prevent and investigate crimes against the company or accidents that have occurred.
The personal data is collected from: You, when you signed up for a membership. Material collected through camera surveillance. The source is not publicly available.
Retention period: Camera surveillance, 30 days or as long as required for ongoing investigation.
Recipients or categories of recipients of the personal data: Relevant authorities, e.g., the Police Authority 
Insurance providers, Supplier of camera surveillance, Other companies with the Fitness24Seven Group
Is there any automated decision-making, including profiling? No.
Is there a legal obligation to provide personal data to us? No.
Is it necessary to provide personal data to enter into or to fulfil an agreement? No.

To provide a safe environment at the gym locations

Categories of personal data: Camera surveillance material such as video and images (no audio).
Log data of access to the camera surveillance material
Processing activities:  Operating and running the camera surveillance at the gym. Analysing material from camera surveillance in case of suspected activity. Sharing material with the Police Authority or insurance companies as reasonably and lawfully requested.
Purpose: To provide a safe environment at the gym locations.
Legal basis: Legitimate interest.
The personal data is collected from: You, when you use our gym. The camera surveillance material is not publicly available.
Retention period: Automatic deletion, 30 days.
Recipients or categories of recipients of the personal data: Other companies with the Fitness24Seven Group
Supplier of camera surveillance. Relevant authorities such as the police. Supplier of customer and membership management system. Insurance providers
Is there any automated decision-making, including profiling? No.
Is there a legal obligation to provide personal data to us? No
Is it necessary to provide personal data to enter into or to fulfil an agreement?    No.

Recipients of the personal data

Employees at Fitness24Seven AB

Your personal data will be shared with our employees who need access to them to perform their work duties.

Processors

We use suppliers to provide the following services:

•    Supplier of customer and membership management system.
•    Supplier of CRM and customer inquiry system.
•    Supplier of customer service platform.
•    Supplier of marketing automation system.
•    Marketing (print and distribution, digital media, media agencies or advertising agencies).
•    Supplier of IT services, such as email, hosting and digital marketing tools.
•    Supplier of HR-system.
•    IT solution providers and IT systems
•    IT services (companies that manage the necessary operation, technical support, cloud service provider, maintenance of our IT solutions).
•    IT providers of payment solutions (card processing companies and other payment service providers)
•    Supplier of entry system.
•    Systems for handling inquiries

Processors who are engaged may only process personal data in accordance with the purposes of the processing defined in a data processing agreement and the instructions that we have issued concerning the processing.

Automated decisions and profiling 

Profiling means that we analyse personal data about you to predict certain personal aspects about you. We profile you to be able to understand you as a member and to create personal marketing communications for you. 

Examples of profiling activities that we could perform.

  • Based on data we collect such as gender, age, gym locations, duration of membership, we analyse and create a profile to predict which offers that are most relevant to you or to members that have a similar profile or interests.
  • Understand which social channels you use or prefer based on your profile or interests to provide you with personal communications and offers.
  • We analyse data from our members and their behaviour to be able to improve the business.

We do not carry out any so-called automated decision-making that has legal consequences or otherwise significantly affects you.

Transfer of personal data to a third country

In connection with our processing of your personal data, there might be transfer of data to a third country.

The country (US) for which there is a decision from the European Commission that the United States ensures an adequate level of protection. We ensure adequate security level to protect your privacy. 

Risks and security measures

Fitness24Seven AB takes technical and organizational security measures to protect your personal data against loss and unauthorized access. This includes, for example, secure and private connections (such as VPN), encryption, and that access to your personal data is always limited to those employees who must have access to your personal data to perform their work duties. We continuously evaluate our systems and routines as well as our policies to ensure that they are safe and protected.

For more information, please contact us. Use the contact details at the top of this privacy notice.

Which rights do you have in relation to our processing of your personal data? 

You have several rights under the GDPR. If you wish to exercise any of your rights or have any questions, you can contact us. Contact details can be found at the top of this privacy notice.

Right to be informed: You have the right to receive information about how we process your personal data, which we provide through this privacy notice.

Right of access: You can request information on whether we process personal data relating to you and, if so, receive a copy of the personal data processed.

Right to rectification: If you consider that personal data relating to you is incorrect or incomplete, you have the right to request that the information be corrected.

Right to object: You have the right to object to the processing of your personal data at any time if we process it within the framework of our legitimate interest. If we cannot show legitimate grounds for continuing the processing, we must cease the processing. You always have the right to object to your personal data being processed for direct marketing purposes.

Right to withdraw consent: If our processing of your personal data is based on your consent, you can withdraw consent at any time by contacting our DPO. Withdrawal of consent does not affect the legality of the processing that took place before the withdrawal.

Right to restriction of processing: In certain cases, such as if you have objected to the processing, you can request a restriction of the processing of your personal data.

Right to erasure: In certain cases, you can obtain the erasure of your personal data. When your personal data is necessary for the purposes for which it was collected, needed to fulfill a legal obligation, or when we need to establish, assert, or defend legal claims, we cannot erase the data.
Right to data portability: If we process personal data relating to you to fulfill an agreement, you have the possibility in certain cases to obtain your personal data to use it elsewhere, such as transferring the data to another data controller.

Comments about our processing?

If you have any comments about our processing of your personal data, please contact us. You can find our contact details on top of this Privacy Notice.

You can also file a complaint at the Swedish Authority for Privacy Protection. Information about filing complaints is found on their website at https://www.imy.se/en/individuals/forms-and-e-services/file-a-gdpr-complaint/ 

If you have suffered damages because your personal data has been processed in violation of applicable law, you may be entitled to compensation.

You can then request damages from us or file a claim for damages in a general court. You can find our contact details on top of this Privacy Notice. 

Cookies
©2018-2025 Fitness 24Seven AB

Andra marknader