Privacy policy

Last updated: August 25, 2025

This Privacy Policy explains how Personal Gym Box sp. z o.o. (“Website” and any form of the personal pronoun “we”) collects, uses, and discloses the personal information of a User who visits the website or uses our services through the website, or makes a purchase on the website at personalgymbox.pl (“Website”), or otherwise communicates with us in connection with the Website (collectively, the “Services”). For the purposes of this Privacy Policy, the term “User” means the user of the Services, whether a customer, website visitor, or any other individual whose information we collect in accordance with this Privacy Policy.

The controller of your personal data is Personal Gym Box sp. z o.o., with its registered office at ul. Wadowicka 7, 30-347 Kraków, Poland. NIP (Tax ID): 6793316898, REGON: 540399780, KRS: 0001143847.

Please read this Privacy Policy carefully. By using and accessing the Services, you acknowledge that you are aware of this Privacy Policy and understand the rules of collecting, using, and disclosing your data as described herein.

Personal Information We Collect and Process

When we use the term “personal information”, we mean information that identifies you or can reasonably be linked to you. Personal information does not include data collected anonymously or data that has been anonymized in a way that prevents identification or association with you. Depending on how you use the Services, your place of residence, and the extent permitted or required by applicable law, we may collect or process the following categories of personal information, including inferences drawn from them:

  • Contact details including name, address, billing address, shipping address, phone number, and email address.
  • Financial data including credit card numbers, debit card numbers, bank account numbers, payment card data, transaction details, payment methods, payment confirmations, and other payment-related data.
  • Account information including username, password, security questions, preferences, and settings.
  • Transaction details including items you view, add to your cart, add to your wishlist, purchase, return, exchange, or cancel, as well as past transactions.
  • Communications with us including information provided when contacting customer service.
  • Device information including data about your device, browser, or network connection, IP address, and other unique identifiers.
  • Usage information including data about your interactions with the Services, such as how and when you use or navigate them.
  • CCTV recordings including the time you spend at Personal Gym Box gyms.

Sources of Personal Information

We may collect personal information from the following sources:

  • Directly from you, such as when creating an account, visiting or using our Services, communicating with us, or otherwise providing us with personal information.
  • Automatically through the Services, such as from your device when using our products or services or visiting our websites, including through the use of cookies and similar technologies.
  • From service providers, when we cooperate with them to provide certain technologies and when they collect or process your personal information on our behalf.
  • From our partners or other third parties
  • From CCTV recordings at Personal Gym Box gyms.

How We Use Personal Information

Depending on how you interact with us and the Services you use, we may use your personal information for the following purposes:

  • Providing, customizing, and improving the Services. This includes processing payments, fulfilling orders, remembering preferences and products of interest, sending account-related notifications, processing purchases, returns, exchanges, or other transactions, creating and maintaining your account, organizing shipping, enabling returns and exchanges, publishing reviews, and creating personalized shopping experiences, such as recommending products related to your previous purchases.
  • Marketing and advertising. We may use your personal information for marketing and promotional purposes, such as sending marketing emails, text messages, or direct mail, and displaying online ads within our Services or on other websites, including based on items you purchased or added to your cart or other activities in the Services.
  • Security and fraud prevention. We use your personal information to authenticate your account, ensure secure payments and purchases, detect and investigate potentially fraudulent, illegal, unsafe, or malicious activity, and take appropriate steps to address them, as well as protect public safety and our Services.
  • Communication with you. We use your personal information to provide customer service, respond to inquiries, deliver effective services, and maintain business relationships.
  • Legal purposes. We may use your personal information to comply with applicable law or respond to lawful requests, such as those from law enforcement or government authorities, to conduct investigations or participate in proceedings in civil cases, potential or actual litigation, or other adversarial processes, and to enforce or investigate potential violations of our terms or policies.

CCTV Monitoring

Purpose of monitoring

Gym facilities and their surroundings are under video surveillance to ensure the safety of gym users and protect property.

Legal basis

The legal basis for processing personal data under monitoring is the legitimate interest of the Controller (Article 6(1)(f) GDPR).

Scope

Monitoring covers the gym area, especially the entrance, parking lot, and main workout area. It does not cover areas where privacy could be violated, such as changing rooms or restrooms.

Retention

CCTV recordings are stored for up to 30 days, unless they constitute evidence in proceedings or there is a justified reason to believe they may constitute evidence, in which case the retention period is extended until the proceedings are concluded.

Recipients

Access to recordings is limited to authorized employees of the Controller and entities providing security and monitoring system services, only to the extent necessary for the monitoring purpose.

Rights of recorded individuals

Individuals recorded by CCTV have the right to access their data, request deletion, restrict processing, and object, within the limits set by law.

How We Disclose Personal Information

In certain circumstances, we may disclose your personal information to third parties for legitimate purposes, as described in this Privacy Policy. These circumstances may include:

  • To vendors and other third parties that provide services on our behalf (e.g., IT management, payment processing, data analysis, customer service, cloud storage, order fulfillment, and shipping).
  • To business and marketing partners for marketing purposes and to display personalized ads via third-party services based on your online activity across different vendors and websites. Our partners will use your data in accordance with their own privacy policies. Depending on your location, you may have the right to opt out of sharing your information for such purposes.
  • When you instruct us to disclose certain information to third parties, request it, or consent to it - for example, for shipping products or using social media widgets or login integrations.
  • With our affiliates or within our corporate group.
  • In connection with a business transaction such as a merger or bankruptcy. To comply with legal obligations (e.g., subpoenas, search warrants), enforce applicable terms, or protect the Services, our rights, your rights, or the rights of others.

Third-Party Websites and Links

The Services may contain links to websites and online platforms operated by third parties. If you navigate to third-party websites not affiliated with or controlled by us, you should review their privacy and security policies and other terms. We do not guarantee or take responsibility for the privacy or security of such websites, including the accuracy, completeness, or reliability of the information found there. Information you provide in public or semi-public areas, including third-party social media platforms, may also be visible to other users without restrictions. Posting such links does not imply endorsement of their content or their operators, unless otherwise specified within the Services.

Security and Data Retention

Please note that no security measures are perfect or impenetrable, and we cannot guarantee “absolute security”. Additionally, any information transmitted to us may not be secure in transit. We discourage using insecure channels to transmit sensitive or confidential information.

The length of time we retain your personal information depends on factors such as whether we need it to operate your account, provide the Services, comply with legal obligations, resolve disputes, or enforce applicable agreements and policies.

Your Rights and Choices

Depending on your place of residence, you may have some or all of the following rights regarding your personal information. These rights are not absolute and may apply only in certain circumstances. In some cases, we may deny your request as permitted by law:

  • Right of access/information: You may have the right to access the personal information we hold about you.
  • Right to deletion: You may have the right to request the deletion of your personal information.
  • Right to rectification: You may have the right to request correction of inaccurate personal information we hold about you.
  • Right to data portability: You may have the right to obtain a copy of your personal information and request its transfer to a third party under certain circumstances.
  • Right to manage communication preferences: You may opt out of receiving promotional emails from us at any time by using the unsubscribe option included in those emails. Even if you opt out, we may still send you non-promotional emails, such as those related to your account or orders.

If you are a resident of the UK or the European Economic Area (EEA), and subject to local exceptions and limitations, you may also have the following rights:

  • Right to object and restrict processing: You may request that we stop or restrict processing of your personal information for certain purposes.
  • Right to withdraw consent: Where we rely on your consent to process personal information, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

We will not discriminate against you for exercising these rights. We may need to verify your identity before fulfilling your request, as permitted by law. You may also authorize a representative to act on your behalf. Before accepting such requests, we will require proof of authorization and may ask you to confirm your identity directly. We will respond within the time required by law.

Complaints

If you have complaints regarding how we process your personal data, please contact us using the details below. Depending on your residence, you may also have the right to appeal our decision or file a complaint with your local data protection authority. A list of supervisory authorities in the EEA can be found here.

International Data Transfers

We may transfer, store, and process your personal information outside your country of residence.

If we transfer your personal information outside the EEA or the UK, we rely on recognized data transfer mechanisms such as the European Commission’s Standard Contractual Clauses or equivalent agreements issued by the UK supervisory authority, unless the destination country has been deemed to provide an adequate level of protection.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this page, update the “Last Updated” date, and notify you of significant changes as required by law.

Contact

If you have any questions regarding our privacy practices or this Privacy Policy, or if you wish to exercise any of your rights, please contact us by phone at +48 732 220 202, by email at info@personalgymbox.pl or by mail at Wadowicka 7, Kraków, 30-347, Polska. In accordance with applicable data protection laws, we are the controller of your personal information.