Gymcatch Limited (Gymcatch) is a UK company. We are registered with the Information Commissioner’s Office in the UK. This data and privacy policy sets out how your information on Gymcatch (which includes all of the Gymcatch applications and gymcatch.com) is collected and retained in accordance with UK data protection laws including GDPR.
Gymcatch processes and stores customer data in the UK using standard industry practices and infrastructure. Gymcatch shares information with third parties and who, how and why this happens is described in this policy.
This policy should be read along side Gymcatch’s Terms of Use (Terms).
Gymcatch enables fitness and wellness professional service providers (PSPs) to sell their services to their clients (Consumers) and allows Consumers to book and buy goods and services. This policy applies to both Consumers and PSPs.
Gymcatch collects and retains information from PSPs and Consumers. For some of this information Gymcatch is the data controller, for other information Gymcatch is the data processor and the PSP is the Data Controller.
This is because some information is provided to Gymcatch to enable users to use Gymcatch and which allows Gymcatch to provide its services and pursue its legitimate business interests. Other information that only relates to a customers’ interactions with their PSP (for example a health questionnaire or PARQ). For this category of information, the PSP is data controller and Gymcatch processes this information on behalf of the PSP.
This Policy will set out what information is collected and how it is used. We make the distinction between information which identifies (or could reasonably be used to identify you) (Personal Information), and information which does not identify you (Non-Personal Information).
What information is collected
Types of information collected by Gymcatch (Gymcatch Controlled Data)
When you use the Gymcatch mobile or web applications (the Apps):
At registration we collect the following information from everyone:
Your name
Your email address (account user name)
Your country
And for PSPs we also collect:
Your business name
Your business type
Card details for billing
Information on how you heard from us
You may add additional profile information when using the Apps:
Photo
Bio text
Home/work location
Address
Telephone
When interacting with the Apps:
Information about the sessions or services that you are booking (what, where, when, price)
Encrypted payment details and other financial data related to the transaction
Email
Phone number
Posts
Direct messages
Data relating to your location provided via your device settings or obtained from your IP address
Technical data such as IP address, OS, device ID, browser errors, crash reports and device type
Content that you post in the Apps including text or images
Cookie (and similar technology) data
Brand affiliations (PSPs only)
When interacting with Gymcatch outside of the Apps:
Information you provide when interacting with our support teams
Information you submit through our website
Information you provide to us through social media channels
Information from public databases
Information we receive from third parties
Types of information collected on behalf of PSPs (PSP Controlled Data)
Participation information:
Your contact details
Emergency contact details
Records of which waivers
Participation questionnaires
Consent to receive marketing communications
When you follow or transact with a PSP, Gymcatch shares your name and profile picture with the PSP.
This information is not used by Gymcatch other than to be processed on instruction from the relevant PSP.
You acknowledge that while you do not have to provide any information to Gymcatch, we may not be able to provide our services to you if you do not. Any Consumer or PSP representative entering information on Gymcatch represents and warrants that they have, and continue to have, the authority to do so.
Gymcatch may also anonymise information collected. We commit to retaining this in a manner that means it cannot be associated with individual users.
How Gymcatch Controlled Data is Used
To provide booking and transaction services for PSPs and Consumers
This includes providing you with support, creating and retaining accurate records of interactions, enabling communication between PSP and Consumer. Sending reminders, confirmations and other notifications relating to in App activity. We engage in these activities with your consent and/or to comply with legal obligations.
Reporting, product maintenance and development
To understand and better serve our PSPs and Consumers we use this data to gain insights that improve our product and our business. We also use this information to identify problems like bugs in the system and to resolve issues that requite Personal Information to diagnose. This information also helps us improve our features and develop new features. We do this because we have a legitimate interest and it enables us to satisfy our contract with you.
Regulatory compliance and business purposes
In order to record and demonstrate that Gymcatch works safely and in compliance with regulation. For our internal accounting, to monitor fraud and money laundering, to prevent malicious attacks and other illegal use of our Apps. We also need to be able to respond to legal requests, protect our users from criminality and other legal infringements. We do this because we have a legal obligation and/or a legitimate interest.
To provide you with marketing, advertising and other commercial opportunities
So we deliver more relevant advertising of Gymcatch products or other third party products to you directly. This may include surfacing Gymcatch goods and services or other goods and services we chose to promote; promoting e-commerce opportunities; adverting; or sending marketing communications. We may also enable you to participate in market research, competitions or similar promotions. We will engage in this activity with your consent, as part of our contract with you and/or because we have a legitimate interest..
Disclosing Personal Information
The following information may be disclosed to the relevant PSP’s with which a Consumer interacts, to integrated service providers e.g. payment processors, automated email services, financial compliance, customer support, infrastructure, e-commerce, hosting, data analysis etc. (Integrated Service Providers) (listed below).
Your name
Your email address (account user name)
Your country
Your business name
Your business type
Card details for billing
Bank details for billing
Information on how you heard from us
Photo
Bio text
Home/work location
Address
Telephone
Information about the sessions or services that you are booking
Encrypted payment details and other financial data related to the transaction
Email
Phone number
Direct messages (to its intended recipient)
Posts (to the intended audience)
Data relating to your location provided via your device settings or obtained from your IP address
Technical data such as IP address, OS, device ID, browser errors, crash reports and device type
Content that you post in the Apps including text or images
Cookie (and similar technology) data
Brand affiliations (PSPs only)
We may also disclose Personal Information:
in order to send marketing communications, present advertisements or other commercial opportunities in the Apps;
to you as part of our support services;
to other users of Gymcatch if you have posted any Personal Information on any of Gymcatch’s social functionality. Please be mindful that your interactions can be seen, saved and copied by other users;
if Gymcatch is subject to a merger, acquisition or other corporate transaction, Gymcatch will retain a legitimate interest in disclosing or transferring your Personal Information to other parties in the event of, or negotiations toward, any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or shares (including in connection with any bankruptcy or similar proceedings). Such parties may include, for example, a buyer, investor and their advisors; and
any regulatory or law enforcement body if we are satisfied their request is lawful or protects your interests.
Non-Personal Information
Non-Personal Information may be disclosed for any purpose but will be used legitimately and with care. If Non-Personal Information ceases to fall into that category, it will be treated as Personal Information in accordance with this policy.
Notifications
All users can set their notifications from their profile in app at any time. This applies to push notifications and emails. We default certain email notifications to being on as they contain important information for Consumers like booking confirmations and notifications of cancellations.
In App Privacy
Consumers and PSPs can find their privacy settings from their profile and control their privacy settings there.
Children
Gymcatch is not intended for use by people aged under 18.
Information provided by PSPs
Content published by PSPs is made public on Gymcatch consumer applications. This includes your schedule, newsfeed posts, your business information, your public team members and their profiles. You have the ability to edit and remove this content in the Gymcatch platform but some of this information may be stored locally on Consumer devices after you do.
When PSPs affiliate with a brand you do so opting in to the service and agreeing the terms of that affiliation. Some information, like your schedule, and anonymised and aggregated booking figures at a brand may be shared with the brand. You can opt-out of an affiliation at any time.
Testimonials, Ratings and Reviews
If you have submitted a review or similar you consent to us publishing it and your identity. You can get in touch with us to revoke consent at any time.
Integrated Service Providers
The following list are our ISPs.
stripe.com – payment processing and receiving PSP subscriptions
GoCardless.com – payment processing
UniPaaS.com – payment processing
mailchimp.com – product notifications and mailing lists
linode.com – infrastructure
aws.com – infrastructure
intercom.com – customer support
zoom.com – online content delivery
calendal.com – information for booking appointments and joining mailing lists
gravityforms.com – information for booking appointments and joining mailing lists
googleanalytics.com – product usage behaviour and advertising
Cookies & similar technologies
We use Cookies for the following reasons on Gymcatch.
We use a token+ local storage technology to perform your request to “keep me logged in” to our apps. You can untick this at anytime.
We use Google Analytics on our www.gymcatch.com to track usage and analytical data.
We have our Facebook PSP Pixel which helps us re-target Facebook advertisements to business customers: https://www.facebook.com/business/learn/facebook-ads-pixel
We use this GDPR Cookie Consent: https://www.cookiebot.com/ .
Responsibility of PSPs on Gymcatch
PSPs should only collect and retain Consumer personal information as set out in this agreement and in compliance of all relevant data and privacy laws. The permissions which Consumers grant PSP to collect and retain information under this agreement are limited to uses for the responsible uses required of a fitness or wellness business for the Consumer to be able to use the PSP’s services.
PSPs should not retain customer information for longer than necessary and should not share it outside of its organisation without consent.
Team members with access to personal data at PSPs should be properly trained in respect of data protection requirements.
If PSPs want to collect Consumer data for purposes not set out in this agreement it should be done with a separate Consumer opt-in and opt-out, outside of Gymcatch.
PSPs should only share Consumer data collected on Gymcatch with the consent of the Consumer or in compliance with applicable laws.
PSPs authorise Gymcatch to process PSP Controlled Data but acknowledge that as data controller for PSP Controlled Data, Gymcatch will be processing this data on behalf of the PSP.
Data Retention
Because there is a tripartite relationship on Gymcatch between PSP, Consumer and Gymcatch we employ a data retention policy that protects everyone’s rights and obligations. Personal Data is retained:
while the PSP has an active account and has not removed personal information from Gymcatch; and/or
a Consumer has an active account (i.e. not deleted account); and/or
if there is a legal obligation to retain the information e.g. for record keeping of financial transactions, tax records etc.; and/or
if retaining the data is advisable to protect our legal position.
In addition to the above, Gymcatch uses industry standard backup procedures and will retain backups of our database for up to 30 days after any deletion.
Cancellation and revoking consent
If you would like to request to cancel your account and revoke your consent for Gymcatch to process your data, you can do this by contacting support@gymcatch.com.
If you cancel your account we Gymcatch will terminate your account and remove your generic information and registration information. If you have used any Gymcatch services we may hold records of those transactions separately and you will have options to opt out of those services independently.
Consumer’s booking, attendance and transaction history and participation information and message records at any PSP with which you have interacted will be retained in line with their policies.
If a Consumer wishes their booking, attendance and transaction history and participation information and message records to be removed then they should make that request to the relevant PSP who will decide if and when they are able to comply with that request. Consumers should contact their PSP directly to make this request but please note that PSPs may require to keep some or all of this information for a period of time for the legitimate reasons set out above.
When a PSP terminates its account with Gymcatch it will lose access to all booking, attendance and transaction history and participation information and message records as well as their own personal Gymcatch accounts.
Consumers will continue to have access to their accounts, including booking, attendance and transaction history, participation information and message records after a PSP that it has interacted with has terminated its Gymcatch account. Gymcatch can, on request, remove a Consumer’s booking, attendance and transaction history and participation information and message records at a PSP which has terminated its Gymcatch account.
At any time, upon request, we will provide a list of PSPs that have access to your personal data and the information you have provided directly to Gymcatch. If you would like to revoke your consent for a PSP to process your data please submit this request to the PSP you have interacted with.
Security
We use reasonable and proportionate data security measures for a business of our type and size. A security fact sheet can be made available on request.
International Transfers
Gymcatch operates globally but all data is stored on computers physically located within the United Kingdom. All data collected internationally will be transferred to, processed, and stored within the United Kingdom.
The use of certain PSP’s will require that data is transferred outside of the UK. Gymcatch has data processing agreements in place with all PSPs which detail how those PSP’s process data. You may also be asked to enter into direct agreements with PSPs.
Location, governing law and jurisdiction
All data processed and stored on Gymcatch is in the United Kingdom. For users outside of the United Kingdom this means that data is being transferred into the United Kingdom. This agreement is governed by English law and under the jurisdiction of the courts of England and Wales.
Contact
If you need any further information or want to request an account cancellation please contact us at support@gymcatch.com.
Gymcatch Limited is a private limited company registered in England and Wales with registered number 8545573. Our registered office is at ℅ Bright Grahame Murray, Emperor’s Gate, 114a Cromwell Road, London, SW7 4AG.
