How do we comply with European data protection standards?

The provisions under the GDPR always apply of course to you and your customers.
Like every company, we use contractors who provide services for us relating to web hosting and also use cloud- and web-based software solutions from third parties, which enable us to manage and host personal data in the cloud at external contractors. This means we can ensure, among other things, that we work with up-to-date and above all secure and certified software solutions from leading providers. These contractors and processors may only store the data exclusively according to our instructions, and in particular may not use it for their own purposes.
If such contractors work outside the EU, naturally we ensure that the processor guarantees a high level of data protection, and that all legal requirements of the GDPR are strictly adhered to. We also make certain of course that the contractors possess internationally recognised certification for data processing and security, as well as extensive technical and organisational security measures.

What data is collected from studio members/ end users?

The only data collected are those required to provide optimal use of EGYM and the associated benefits for members. Users therefore have full control over what data are collected from them. The following personal data, for example, are collected from users to facilitate the use of EGYM products and their features.

• General user information (e.g. name, email address, etc.)
• Information regarding their membership and use of the fitness facilities (e.g. member status, verification of membership, training plans devised by trainers, taking part in challenges, claiming rewards, booking courses, etc.), so-called ‘studio data’ 
• Technical data (e.g. studio machines data)

Many features of EGYM products allow the user to track their training, whilst also combining EGYM products with, for example, their wearables and fitness trackers. Users can in addition take advantage of features such as health and strength measurements, and have their biological age calculated based on the data entered (BioAge). Since this involves sensitive data, such features are only offered when the user has first given express consent and wishes to use them at all.
When the user has given express consent, studio data from the user’s fitness facilities can be added to the EGYM user profile and synchronised. The user can then benefit from other relevant features of EGYM products (e.g. access to the training schedule created by the trainer in the Member App, management of your membership in the fitness facilities, etc.). And conversely, again, when then user has provided their consent, EGYM data can be made available to the studio or the trainer in the studio. The aim is to ensure the trainer can offer the best possible support to the member with the help of the EGYM Trainer App (e.g. from the display of training data, the analyses of health and strength test results, the user’s BioAge, etc.).

Who is responsible for the data?

A distinction should be made here between data processed by EGYM as a processor or contractor of the studio on behalf of the studio, and data EGYM collect under its own responsibility:

EGYM as processor/contractor of the studio.
As part of the services provided by EGYM, we process in part data from the studio as a processor. We conclude a processing agreement with the studio for this purpose. In particular, this applies to data transmitted to the EGYM Cloud via the studio’s management software if the studio has integrated it (e.g. data specifically referring to the user’s membership of the studio), and which is processed by us for the studio. This includes in addition certain features of our EGYM products specific to the studio (e.g. as part of our Branded Member App, using the EGYM Club Portal, which studios can use to send, for example, push notifications to users or to view users’ feedback).

EGYM as data controller:
The user must create an EGYM account to be able to use some features of the Connected Training Floor. This is subject to the usage and data protection policies of EGYM. EGYM itself is the data controller under data protection law for data collected in connection with the user’s EGYM account by EGYM and naturally complies under its own responsibility with all obligations according to the applicable laws, including data protection laws. Your benefits: EGYM will ensure compliance with data protection regulations regarding all of this data.

Which companies and products make up the EGYM group?

Based in Munich, EGYM GmbH is the parent company of the EGYM Group, which also includes the corporate sports network Qualitrain and local sales companies, among others. The White Label Fitness App for studios, previously operated under the name Netpulse, is also part of the product portfolio under the new name Branded Member App. EGYM GmbH as parent company can thus guarantee trouble-free usage of the group’s full range of services We also use other companies from the EGYM Group in our capacity as a processor (see above), which also processes personal data for us in accordance with statutory provisions and subject to an order processing agreement, for example in connection with the performance of development and support services for our products and applications. The data protection standards of the Munich-based parent company apply to all associated fitness products of the EGYM Group.

Please feel free to address any questions regarding data protection to datenschutz@egym.com.
EGYM’s data protection information is available at http://www.egym.com/uk/privacy.