Privacy policy

Last Updated – 12th May 2022

Introduction

We usually like to focus on the fun stuff here at Gym+Coffee, but there are times when we need to take things a little bit more seriously. We are 100% committed to protecting and respecting your privacy and your personal data. Our community is one of a kind and gaining (and retaining) your trust has always been of huge importance to us, which means keeping your personal data secure is a top priority. 

We know that this data privacy and legal stuff can be confusing, so we have written this privacy statement in plain English to provide a simple guide to how we use and look after your data.

This privacy statement (along with our Cookie Policy) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. In summary, this statement outlines how we are committed to:

  • Being open and transparent about what data we collect
  • Being open and transparent about how we use it
  • Demonstrating our efforts to protect your privacy

If you have any questions about how we process your personal data, drop us a line at dataprotection@gympluscoffee.com. You can also skip straight to the “Getting in touch” section below for more options,

The important legal stuff:

We are Gym+Coffee Limited, a company registered in Ireland under company number 589733 and with our registered office at Gym+Coffee, Latin Hall, Golden Lane, Dublin 8.

Whether you are a customer, part of our community and / or training squad, browsing on our website or a combination of those, Gym+Coffee is a “controller” of your personal data. This means that we make decisions about how and why we process your personal data and are responsible for making sure it is used in accordance with data protection laws.

This statement applies to our websites, app, products, or services (collectively our "services") and where we refer to “personal data” in this privacy statement, we mean data which relates to you, and which personally identifies you either directly or indirectly. 

The term “process” used throughout this statement, means any activity relating to personal data, including collection, storage, use and transmission.

Collecting your personal data

We collect personal data from a variety of sources including when you make an order, apply for a refund, sign up to our mailing list, use our website and / or app, participate in a survey, register for an event or promotion, accept our Cookie Policy or contact us. 

The categories and types of personal data we collect are listed below:

Category

Data Types

Data Sources

Customer Data

Information relating to purchases made either online or in our retails stores including name, shipping address, e-mail address, phone number, birth date, personal and product preferences, marketing and communication preferences
  • Our retail stores
  • Our website
  • Our app

Payment Data

Payment details and billing address which are collected solely for the purpose of processing order payments
  • Our retail stores
  • Our website
  • Our app

Usage Data

Information about your use of our website and / or app including browser settings, domain name, browser type, browser language, device ID, operating system type, device name and model, pages or screens viewed, links clicked, IP address, when and the length of time you visit our website and / or app and the referring URL
  • Our retail stores
  • Our website
  • Our app

Geolocation

Information about your approximate location derived from an IP address or device location services
  • Your device

Communications Data

Information contained in your interactions with us and the communications you exchange with us via letters, emails, calls, social media, survey responses, reviews, and logs of data protection requests
  • Our website
  • Our app
  • Third parties including social media, survey tools or review sites

Competitions, Promotions & Events Data

Information about competition entry, promotion sign-up or event registration and attendance, including those that we run with our partners on third party sites
  • Our website
  • Our app
  • Third parties including competition partners and event management service providers


Using your personal data (and why)

We process your personal data for a number of different reasons which are relevant to your relationship and engagement with us, including to provide our services to you and to communicate with you. 

We are required by data protection law to always have a “lawful basis” for processing your personal data. In the main, we rely on either an individual’s consent, contract, or legitimate interests. 

Legal Basis

Justification

Consent

Where we have asked you to provide explicit permission to process your data for one or more particular purpose, for example:


  • To create an account with us
  • To undertake marketing, advertising or other promotional activities
  • To personalise your online experience where you have chosen to add profile preferences
  • To manage a competition or promotion (and get prizes to winners)

Contract

Where we process your information to fulfill a contractual arrangement we have made with you, for example:


  • To process or fulfill an order that you have placed with us
  • To collect payment from you

Legitimate Interest

Where we rely on our interest as a reason for processing. Generally this is to provide you with the best products and service in the most secure and appropriate way, for example:


  • To provide customer service or support
  • To use geolocation to personalise your online experience by displaying the relevant local website, language or currency 
  • To improve our products or services
  • To prevent or investigate fraud or other illegal activities


We may also be obliged to process certain information in line with our reporting obligations as are set out in statute. An example of this would be certain transaction information must be retained for revenue purposes.

Securing your personal data

We are committed to ensuring the security and confidentiality of your personal data. Taking into account the nature of your personal data and the risks of processing, we have put in place appropriate technical and organisational measures as required by applicable data protection laws to ensure an appropriate level of security and to prevent any accidental or unlawful destruction, loss, alteration, disclosure of or unauthorised access to data.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction, and they are subject to a duty of confidentiality.


Sharing your personal data

We do not, and will not, sell any of your personal data to any third party or distribute any of your personal data to untrusted third parties. However, we share relevant information with select partners as an essential part of being able to provide our services to you. These service providers are chosen carefully and are closely monitored and audited to ensure that appropriate safeguards are in place to protect your personal data. 

These organisations can be broken down into the following categories of service provider:

Supplier / Service Provider

Services

Digital Service Providers

IT systems and software providers that ace as processors, including our primary business systems for Finance (NetSuite), E-Commerce (Shopify), Customer Relationship Management (Klaviyo), and Customer Service (Zendesk)

Payment Gateway Providers

Third party payment processing services such as Apple Pay, Google Pay, Paypal and Klarna

Order Fulfillment Providers

Companies that help us get your purchases to you, such as the provision of logistics, warehousing and distribution services, return and exchange services and order status notification services for your purchased items

Marketing and Advertising Providers

Service providers that we work closely with to help us run things day to day and provide better customers experiences, such as marketing agencies, advertising partners and affiliates

No other third parties will receive your personal identifiable information. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may share such information with service providers and brand partners for the purposes of identifying patterns and market trends.

We may also be legally obliged to share your data with government agencies, for example for the purposes of financial compliance.

Transferring your personal data internationally

Your personal information is generally processed within the EU or European Economic Area (“EEA”). In some cases we work with suppliers and partners that are based outside of the EU or EEA or who make use of cloud / hosted technology that is based across multiple geographies. In these cases we take additional steps to ensure there is an appropriate level of security applied to protect your information in the same way as if it was in the EEA. 

Your data is always processed in accordance with the relevant data protection laws.

Retaining your personal data

We hold on to your information for as long as is necessary for the purpose for which it was collected, or as required or permitted for legal and regulatory purposes and legitimate business purposes.

As per our retention policy, we will only keep what we absolutely need to, and for no longer than is necessary. We will take all necessary steps to ensure that the privacy of information is maintained for the period of retention.

Your rights and how to exercise them

The GDPR and other applicable data protection laws give you certain legal rights in relation to any personal data about you which we hold. These rights are not absolute, and some limitations and conditions do apply – the details are set out below:

Your Right

What it Means

Limitations and Conditions

Right of Access

You are entitled to request access to the personal data we hold about you at any time. Also commonly known as a "data subject access request"

We must be able to verify your identity. If possible, it is helpful to specify the type of information you would like to see to ensure that our disclosure is meeting your expectations

Right to
Data Portability

You have the right to request a copy of your data in a structured, machine-readable format to be transferred to you or to another party

This only includes the personal data you have submitted to us and applies if the basis of the processing is consent or contract

Right to Request Correction

You have the right to request that we correct any errors in the information we hold about you, including the right to have incomplete personal data completed

You can update your details on our GDPR Compliance page or alternatively by getting in contact with our customer service team

Right to Erasure

You have the right to have your personal data erased (also known as the “right to be forgotten”) where your personal data is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful

We may not be in a position to erase your personal data, if for example, we need it to comply with a legal obligation, exercise or defend legal claims or any other applicable exemption under Article 17(3) of General Data Protection Regulation (GDPR) (EU) 2016/679

Right to Object to Processing

You have the right to object to the processing of your personal data at any time

We will not continue to process your personal data unless there is a legitimate basis for the process which overrides your interests and rights or due to legal claims

Right to Withdraw Consent

Where our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time

If consent is withdrawn, this will only take effect for future processing

Right to Unsubscribe from Marketing Communications

We would really hate to see you go, but you have the right to unsubscribe from marketing communications at any time

You can opt-out by clicking the unsubscribe link on any email sent by Gym+Coffee to you or alternatively by getting in contact with our customer service team


If you would like to exercise your rights, you can visit our GDPR Compliance page to raise a request or alternatively, please use our contact details below to get in touch!

All requests should be resolved within one month. This, however, may take longer for requests that require a more complex resolution. We will inform you of any delays that may be required, along with justification.

Getting in touch

We always love to hear from our community, so feel free to reach out with any issues or queries you have. Here’s when to get in touch: 

  • If you have any questions or feedback about this privacy statement
  • If you want to exercise any of your rights mentioned above
  • If you have a complaint - if you feel we’ve let you down or there are any areas we could do better, we want to know about it!

Our data protection team are always happy to answer any questions you may have by dropping us a line through our contact us page or at dataprotection@gympluscoffee.com

Or if you’d prefer to, you can always write to us at:

Data Protection

Gym+Coffee
Latin Hall
Golden Lane
Dublin 8

You have the right to lodge a complaint with the relevant data protection authority if you are unhappy with how we process your personal data. We do ask that you contact us first with any concerns. We recommend contacting the DPC (Ireland) or ICO (UK) only if you are still unsatisfied after attempting to resolve any issues with us directly.

Ireland - The Office of the Data Protection Commissioner (DPC) 

https://www.dataprotection.ie/en/contact/how-contact-us

UK - The Information Commissioner's Office (ICO)

https://ico.org.uk/global/contact-us/ 

Updates to this privacy statement

We continue to review how we work, and we may update this privacy statement from time to time to reflect changes to the type of personal data that we process and / or the way in which it is processed. The date at the top of this page will be amended each time this statement is updated. 

We encourage you to check this statement on a regular basis.