Gymshark Privacy Notice

We are committed to respecting your privacy. This Notice is intended to inform you about how we collect, use and protect any personal information we collect about you. It sets out how we comply with the data protection laws and what your rights are.


This Notice applies to you if we process your personal information and you are not an employee. You could be an individual customer, a sole trader, a partnership, a user of our Website, www.uk.gymshark.com , a user of our App, someone who works at a supplier or customer of ours or another organisation that we deal with, someone who enters one of our marketing competitions or attends one of our marketing events, a recruitment candidate or someone else who is affected by our activities.


We are Gymshark Limited (“Gymshark”) of GSHQ, Blythe Valley Park, 3, Central Boulevard, Solihull, B90 8AB, United Kingdom and we are a Data Controller registered with the UK Information Commissioner’s Office with registration number ZA317295. Our Data Protection Officer can be contacted by email on dpo@gymshark.com and by post at Data Protection Officer, GSHQ, Blythe Valley Park, 3, Central Boulevard, Solihull, B90 8AB, United Kingdom References to we, our or us in this Notice are references to Gymshark.


This Notice provides details about:

  • What personal information we collect
  • Where we collect your personal information from
  • The legal basis for using personal information provided to us
  • How we use your personal information
  • Information about cookie;
  • Who we share your personal information with
  • How we aim to protect your privacy
  • How long we will keep your personal information
  • International transfers of your information
  • Your legal rights relating to your personal information

WHAT PERSONAL DATA DO WE COLLECT?

We may collect the following information about you:

  • Contact details such as your name, address (including billing and delivery addresses), telephone number (including mobile number) and email address.
  • Identification information such as your passport and other official identification details, information from a third party money laundering check provider, Companies House information and your national insurance number.
  • Details of your education and work history, including qualifications, roles, responsibilities and professional qualifications, and other information connected with your business (where you are a sole trader).
  • Personal information including your age or date of birth, gender, marital status, family details and dietary requirements.
  • Your social media handles, posts and information about your followers and the people that follow you.
  • Details of financial and transaction data including purchases, orders, returns and refunds.
  • Online browsing activities on our Website including which items you store in your shopping cart.
  • Your usage of our App and your username and password.
  • Information about the device you use to browse our Website or access our App including the IP address, device type, usernames, account details and passwords.
  • Information connected with any purchases made on our Website or via our App including financial and transaction data.
  • Communication and marketing preferences.
  • Interests, preferences, feedback and competition and survey responses.
  • Your real-time location.
  • Correspondence and communications with us including relating to complaints, allegations, disputes and claims.
  • Other publicly available personal information, including any which you have shared via a public platform (such as LinkedIn, Instagram, YouTube, Twitter or a public Facebook page).
  • Advisors appointed by you, including lawyers and other advisors.
  • Business information, such as where you are a sole trader, a partner or a company director.
  • Creditworthiness, where we are required to undertake investigations in order to establish whether to enter into or continue a business relationship with you or the organisation you work for.
  • Details of your performance when working with or for us or in relation to any project or work we are engaged in.
  • Videos, photographs and audio recordings which you or other people take and provide to us or we take ourselves.
  • CCTV images if you visit any of our premises which are covered by our CCTV system.
  • Your usage of our IT systems when you visit our premises such as visitor internet and Wi-Fi facilities.
  • Subscription Information such as when you subscribe to one of our blogs or other materials.

This list is not exhaustive and in specific instances, we may need to collect additional data for the purposes set out in this Notice.

Special Categories of Personal Information

There are limited situations in which we collect, store and use the following “special categories” of more sensitive personal information including:

 

  • Information about your race or ethnicity, religious beliefs and sexual orientation;
  • Information about your health, including any medical condition, health and sickness records, medical records and health professional information; and
  • Information about your health and biometric data including your height and weight.

Where we do collect any special category personal information, we will do so on the basis of your explicit consent.

We may collect, store and use any criminal records information in relation to you; in which case we will do so on the basis of legal obligation or your explicit consent.

WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?

You

We may collect your personal information directly or indirectly from you, for example when you:

 

  • Engage with us during the course of our relationship with you or the organisation you work for;
  • Set up an online account on our Website and /or purchase products from us;
  • Download our App to your device;
  • register to use our App, Website or other services we provide;
  • communicate with us regarding one of our App, Website or services, to ask a question, report a problem or for any other reason;
  • attend one of our events or enter into one of our competitions;
  • enquire about or submit an application to become an employee of ours;
  • enquire about and/or become one of our content contributors; and
  • raise a query, complaint, claim, legal dispute on behalf of yourself or the organisation you work for.

Third Parties

We may also collect personal data from third parties who have your consent or some other lawful basis for doing so including:

 

  • professional bodies;
  • credit reference agencies;
  • Companies House;
  • social media platforms including such as LinkedIn; Instagram, YouTube, Twitter or public Facebook page;
  • referrals and recommendations, usually given by other people who know you or have a working relationship with you;
  • your employer or the organisation you work for;
  • our professional advisors including lawyers, accountants and other advisors;
  • your professional advisors including lawyers, accountants and other advisors; and
  • Government, local authorities or relevant regulators.

Our Website, App and any other service we provide is not intended for use by anyone under the age of 16 years and we do not knowingly collect data relating to anyone under the age of 16 years.


HOW WE USE YOUR DATA

Purpose

Personal Information Used

Lawful Basis

To carry out identity and credit checks

Contact details and payment information relating to you or the organisation you work for

 

We may have a legal obligation to undertake identification

 

We also have a legitimate interest in knowing your identity and carrying out money laundering checks and ensuring that we are likely to be paid

To enter into and perform contracts, where we may be supplying products/services to you and/or the organisation you work for and/or you may be supplying products/services to us and/or the organisation you work for or where we may be involved in similar arrangements with third parties

All the personal information we collect

To enter into and perform contracts with either yourself or the organisation that you represent

 

We have a legitimate interest to properly perform contracts with third parties

 

To deal with queries, complaints, claims, legal disputes submitted by you or the organisation you work for and to make queries, complaints, claims, legal disputes in which relate you or the organisation you work for

All the personal information we collect

This may be necessary to perform a contract with you or the organisation that you represent

 

We have a legitimate interest to improve the services and/or products we provide

 

To defend, bring or establish legal claims

To maintain and improve  our services and/or products

All the personal information we collect

We have a legitimate interest to improve the services and/or products we provide

 

Data analytics, statistical analysis and other research to help us improve our online services

How you use our Website or App

 

We have a legitimate interest to improve the online services we provide and user experience

Security of our IT systems

All the personal information we collect

We have a legitimate interest in ensuring the security of our IT systems

 

Direct marketing

Contact details and services and products that we have determined may be of interest to you or your organisation and/or which you or your organisation has purchased in the past

We may ask for your consent to process your data for this purpose, you may revoke your consent at any point. Alternatively if you or your organisation has purchased similar services or products from us previously we may market similar products or services as a legitimate interest in developing our business.  You have the right to opt out from such marketing at any time. For more details see the ‘Marketing’ section below.

Holding events

Your contact details, details of attendance, your comments in response forms and dietary requirements and CCTV images

We have a legitimate interest in holding events and tracking attendance and providing appropriate food and drinks at events

 

We may also have a legal obligation to comply with health and safety requirements

For the prevention, detection or investigation of crime or the prosecution of offenders

All of the personal data we collect

We have a legitimate interest in protecting our rights and interests (for example in court cases) and in protecting the rights and interests of our employees, customers and any other third party with who we engage.

 

To comply with any legal obligations and regulatory requirements

To comply with our legal and regulatory obligations

All the personal information we collect

To comply with any legal obligations and regulatory requirements

To manage our relationship with you or the organisation you work for and to operate and manage our business and internal reporting

All the personal information we collect

We have a legitimate interest to operate our business in an efficient way and to expand our business

 

To enter into and perform contracts with either yourself or the organisation that you represent

Storage of records relating to you and also records relating to our business

All the personal information we collect

To be able to manage and fulfil any contract with you, we may have a legal obligation to do so and we also have a legitimate interest to keep proper records


For some of your personal information you may have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information we may not be able to properly perform our contract with you or the organisation you represent or comply with legal obligations and we may have to terminate our relationship. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly provide you with our goods and services or perform our arrangements with you or the organisation you represent.


Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contact us” section below. We will generally only process your personal information based on your consent in relation to direct marketing or in relation to the processing of special category data and information relating to criminal convictions and offences.


Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on a basis other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide marketing information to you.


We may anonymise and aggregate any of the personal information we hold (so that it does not identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site and developing new products and services and for any other purpose.


Direct Marketing

To ensure you are kept up to date with the Gymshark experience, we use personal information for marketing purposes and may send you postal mail, texts and/or emails to update you on the latest offers and events. We may also show you online media communications through external social media platforms such as LinkedIn, Instagram, YouTube, Twitter and Facebook, and external digital advertisers such as Google.


You have the right to opt out of receiving marketing communications from us at any time, by:

  1. informing us that you wish to change your marketing preferences by contacting our customer support team at support@gymshark.com;
  2. making use of the simple “unsubscribe” link in emails or the “STOP” number for texts; and/or
  3. contacting our Data Protection Officer via email at dpo@gymshark.com or by post to the Data Protection Officer, Gymshark Limited, GSHQ, Blythe Valley Park, 3, Central Boulevard, Solihull, B90 8AB.

This will not stop service messages such as order updates and other non-marketing communications.

Personalisation and Automated Decision Making

If you visit our Website or App, you may receive personalised banner advertisements whilst browsing website of other companies. Any banner advertisements you see will relate to your browsing activity on our website from your computer or other devices.


These advertisements are provided by us via external market leading specialist providers using techniques such as pixels, web beacons, ad tags, mobile identifiers and ‘cookies’ placed on your computer or other devices (see further information on the use of cookies in our Cookie Policy ). You can remove or disable cookies at any time.


We may analyse your browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us decide what marketing communications are suitable for you and to ensure that we contact you with information on products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated decision making.


This allows us to provide more personalised services and experiences, we may review personal information held by external social media platform providers about you, such as the personal information available on social media platforms such as Twitter, Instagram, YouTube, Twitter and Facebook. Some of our services enable you to sign-in via external social media platform providers such as Facebook. If you choose to sign-in via a third party app, you will be presented with a dialog box which will ask your permission to allow us to access your personal information (e.g. your full name, date of birth, email address and any other information you have made accessible).


We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process personal information by profiling and segmenting, identifying what our customers like and ensuring messages we send them are relevant based on their demographics, interests, purchase behaviour, online web browsing activity and engagement with previous communications. We may also use your personal information to exclude you from communications which we feel are irrelevant to you. For example, we may exclude someone from resends of marketing emails when we know that person has already opened the original email sent.


Another example of how we may tailor our communications with you is that we may group individuals with similar interests using this data so we can send them product news or promotional offers that are relevant to that shared interest.


You may have the right to opt out of some automated processing, including profiling, at any time by:

 

  1. informing us that you wish to opt out of automated processing by contacting our customer support team at support@gymshark.com; and/or
  2. contacting our Data Protection Officer via email to dpo@gymshark.com or post to Data Protection Officer, Gymshark Limited, GSHQ, Blythe Valley Park, 3, Central Boulevard, Solihull, B90 8AB.

Cookies

Our Website uses cookies to capture personal information such as the browsing and purchasing behaviours of people who visit our Website including the pages viewed, products purchased and the journey around our Website.


We currently use a cookies tool on our Website which relies on implied consent of users. In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR. This will apply to the non-necessary cookies. We will ensure any necessary cookies for functionality and security are marked so that they are not deleted by the tool.


Detailed information about how we use cookies in our Cookie Policy. This will allow you to make an informed choice as to whether you wish to accept our cookies.

Cookie Policy

What are cookies?

Like most websites, our Website uses cookies to collect information. Cookies are small data files which are placed on your computer or other devices (such as smartphones or tablets) as you browse our Website and are essential for the effective operation of our websites and to help you shop with us online.


What are cookies used for?

Cookies are used to ‘remember’ when your computer or device accesses our Website; they also allow us to remember whether you are logged in to the site and what items you had in your shopping basket.


Cookies are also used with our marketing partners to tailor the products and services advertised to you as you browse other sites on the internet, based on your browsing activity while on our site.


Cookies allow us to work alongside our web analytics partner, Google Analytics, to see how you like to use our website and which pages or special functions you prefer and help us to make them better. We may match the data we capture through cookies with personal information that we already hold about you to better understand you; this helps us to continually improve the relevance of our promotional communications, your shopping experience and our products and services. The main purposes for which cookies are used are: -

 

  1. for functional purposes essential to effective operation of our websites, particularly in relation to online transactions, site navigation and preferences;
  2. for marketing and advertising, particularly web banner advertisements and targeted updates through digital channels and social media;
  3. to enable us to collect information about your browsing and shopping behaviour, helping us to improve your shopping experience and to monitor performance; and
  4. to enable us to meet our contractual obligations to make payments to third parties when a product is purchased by someone who has visited our website from a site operated by those parties.

Information collected

Some cookies collect information about browsing and purchasing behaviour when you access our Website or App via the same computer or device. This includes information about pages viewed, products purchased and your journey around our Website. Data passed by cookies will never contain individual detail such as your name, address, telephone number or payment information but may contain our customer reference number that is unique to you. For more detailed information about how cookies work, please visit www.allaboutcookies.org.


How are cookies managed?

The cookies stored on your computer or other device when you access our Website are designed by:

  • Gymshark or on our behalf, and are necessary to enable you to make purchases on our websites;
  • third parties who participate with us in marketing programmes; and
  • third parties who publish web banner advertisements for us.

Marketing cookies

Gymshark work with partners who serve advertisements or present online offers on our behalf. Most of these marketing partners use both session and persistent cookies. These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. All data collected by third party cookies is anonymous and will never contain your name, address, telephone number, email address or payment details.


What type of cookies do we use?

There are two types of cookie that may be used during your visit to our site:


1. Session cookies

Session cookies are deleted after each visit to our Website. For example, when you are browsing our Website, it will remember you for the duration of your visit, but the cookie will be removed from your computer as soon as you close down your internet browser. Session cookies allow you to add an item to the basket and then move through the checkout. Disallowing these cookies via your web browser will mean you are unable to place an order on our Website.


2. Persistent cookies

Persistent cookies remember you for a set period of time, allowing wishlist and/or previously viewed products to be displayed the next time you visit our Website and whether you were logged into your account.


Turning off and deleting cookies

Most web browsers will provide the option to turn off or disallow cookies. How you do this depends on the web browser you are using. Instructions for disallowing cookies can usually be found in the browser's 'Help' menu. Note that in common with most other transactional websites, if you only disable third party cookies, you will not be prevented from making purchases on our Website but refusing the cookies we have used via your web browser will mean that you are unable to make a transactional purchase on our Website. You may also find that the functionality of many other websites and services will be affected. Cookies can be deleted using your web browser. However, unless they are disallowed they will be re-applied the next time you visit a website.


If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular desktop browsers are set out here (these may vary depending on operating system and browser version):

For Microsoft Internet Explorer:

1. Choose the menu “Tools” then “Internet Options”
2. Click on the “Privacy” tab
3. Select “Advanced”
3. Choose the appropriate settings

For Google Chrome:

1. Choose “Settings” and click on “Advanced”
2. Under "Privacy and Security" click “Content Settings”
3. Click “Cookies”

For Safari:

1. Choose Preferences > Privacy
2. Click on “Block all cookies”

For Mozilla Firefox:

1. Click on the menu icon then select “Options”
2. Click on the icon “Privacy & Security”
3. Find the menu “cookie” and select the relevant options

For Opera 6.0 and further:

1. Choose the menu icon and select “Settings”
2. Click on “Privacy & Security”
3. Choose the appropriate settings

WHO WE SHARE YOUR DATA WITH

We may share your personal information with the following third parties:

  • The organisation that you represent.
  • Other companies within our group.
  • Other companies within our supply chain so that they can contact you about any issues in the supply chain or where your personal information is relevant to a subcontractor or party above us in the supply chain.
  • Purchasers, investors, funders and advisers if we sell or negotiate to sell all or part of our business or assets or restructure our business whether by merger, re-organisation or otherwise.
  • Third parties who ask for or want referrals for example we may provide your details to a third party who is seeking services/products which are the same or similar to those that you provide.
  • Other service providers and advisors to us including companies that support our IT, help us analyse the data we hold, process payments, send communications to our customers, provide us with legal, property or financial advice and generally help us deliver our products and services to you or the organisation that you represent or for us to purchase them from you or the organisation you represent.
  • Your advisors including legal or other advisors.
  • Credit reference agencies and other identification agencies so that we can assess you creditworthiness or verify your identity.
  • Governmental bodies, regulators, law enforcement agencies, security services, courts/tribunals and insurers including where we are required to do so in order to comply with our legal obligations and the administration of justice.

HOW WE PROTECT YOUR DATA

Our controls

Gymshark is committed to keeping your personal data safe and secure and so we have numerous security measures in place to protect the loss, misuse and alteration of information under our control. Our security measures include: 

  • encryption of personal information;
  • regular cyber security assessments of all service providers who may handle your personal information;
  • regular planning to ensure we are ready to respond to cyber security attacks and data security incidents;
  • daily penetration testing of systems;
  • security controls which protect our IT systems infrastructure and our premises from external attack and unauthorised access;
  • internal policies setting out our data security rules for our personnel; and
  • regular training for our employees.

We take data security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.

WHAT YOU CAN DO TO HELP PROTECT YOUR DATA

You should always be cautious when sharing your personal information. No one from our company will ever ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Gymshark asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety: ¬-

  • When creating a password, use a difficult word/number combination of at least 8 characters and something that is not easily guessed or something that cannot be easily obtained such as your name, email address, or other personal data that can be easily obtained.
  • Frequently change your password (you can do this in your account settings.
  • Avoid using the same password for different online accounts.

HOW LONG WE KEEP YOUR DATA

We will not retain your personal information for longer than necessary for the purpose for which is has been obtained and then for as long as there is any risk of a potential claim, which will be dependent upon the limitation period for the particular type of claim. Various laws, accounting and regulatory requirements applicable to us also require us to retain certain records for specific amounts of time. In relation to your personal information, we will hold this only for so long as we require that personal information for legal or regulatory reasons or for legitimate organisational purposes. We will not keep your data for longer than is necessary for the purposes for which we collect them.


Our Data Retention Policy sets out the length of time we will usually retain personal information and where these default periods might be changed. We have set out below the main retention periods which will apply:

It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move position or work for a different organisation or change your phone number or email address. You can contact us by using the details set out in the “Contact us” section below.


INTERNATIONAL TRANSFERS

The personal information we collect may be transferred to and stored in countries outside the UK and the European Union. This will typically occur when service providers are located outside the UK and the European Union or if you are based outside the UK and the European Union. These transfers are subject to special rules under data protection laws.


Some of these jurisdictions require different levels of protection in respect of personal information and, in certain instances, the laws in those countries may be less protective than the jurisdiction you are typically resident in. We will ensure that your personal information is only used in accordance with this Notice and applicable data protection laws and is respected and kept secure and where a third party processes your personal information on our behalf we will ensure that one of the following safeguards is implemented:

 

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the UK and the European Union; and
  • where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe Union and the US.

Our directors and other individuals working for us may in limited circumstances access personal information outside of the UK and European Union if they are on holiday abroad outside of the UK or European Union. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to English Law and the same legal protections that would apply to accessing personal data within the UK.


In limited circumstances the people to whom we may disclose personal information as mentioned in the “Who We Share Your Personal Information With” section above may be located outside of the UK and European Union. In these cases we will impose any legally required protections to the personal information as required by law before it is disclosed.


For further details please contact us by using the details set out in the “Contact us” section below.


YOUR RIGHTS

You have the following rights in relation to your personal information:

  • The right to be informed about how your personal information is being used.
  • The right to request access to personal information we hold about you.
  • The right to ask us to update and correct any out-of-date or incorrect personal information that we hold about you.
  • The right to object to processing of your personal data and/or to withdraw any consent you have given us and to opt out of any marketing communications that we may send you.
  • The right to restrict processing of your personal information.
  • The right to object to certain automated decision making processes using your personal information including profiling.
  • The right to request that we erase your personal data in certain circumstances (the right to be forgotten) for example when the data are no longer necessary for the purpose for which we collected them.
  • The right to have your personal data provided to you by us in a structured, commonly used and machine-readable format and transmitted to another data controller. This is known as the right to data portability.

You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. However some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Whilst this Notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the Information Commissioner’s website at https://ico.org.uk/for-the-public/.

If you wish to exercise any of the above rights, you can always contact us using the details set out in the 'Contact Us' section below.


You have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom if you believe we have not handled your personal data in accordance with the law. Further information, including contact details, is available at https://ico.org.uk.

CHANGES TO THIS NOTICE

We may update this Notice from time to time. When we change this Notice in a material way, we will update the version date at the bottom of this Notice. For significant changes to this Notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.

CONTACTING US

In the event of any query or complaint in connection with the information we hold about you, please email dpo@gymshark.com or write to us at Data Protection Officer, Gymshark Limited, GSHQ, Blythe Valley Park, 3, Central Boulevard, Solihull, B90 8AB, United Kingdom.

Version 4 January 2019