Personal data protection policy


Company GYMS4YOU d.o.o. Strojarska cesta 20, Zagreb, OIB 75049241440 (hereinafter „GYMS4YOU“) provides the sport recreation service in modern equipped fitness centers on the territory of the Republic of Croatia. The User signs a Contract with the GYMS4YOU company, which acquires the right to use the services at all GYMS4YOU fitness centers or gives explicit permission to process personal data to GYMS4YOU in the event of a one-time use of the service. In such a way GYMS4YOU handles personal user data and is considered the Personal Data Processing Manager. Below the text you can read how we handle the personal information of the User.

Data we collect about Users

Depending on the type of ser’s membership, the Personal Data Processing Manager collects and / or records the following data; name and surname, personal identification number, address of residence, telephone number, e-mail, birth date, photo and fingerprint. Collected personal information enables us to provide you with uninterrupted and safe use of our non-stop services, all 7 days a week, from 0 to 24 hours.

If you selected the option of using GYMS4YOU during a non-stop reception, all 7 days a week, from 0 to 24 hours we have collected for the User his fingerprint. The fingerprint is stored exclusively on the membership card used by the User for identification when using the GYMS4YOU, 24 hours a week for individual identification and secure access, and there is only one copy of the membership card. The membership card is in the possession of the User after the issuance. GYMS4YOU confirms and warrants that it does not store in any form the fingerprint of the User in his or her database.

When registering, GYMS4YOU stores and processes the User’s photograph solely to prevent unauthorized access to third-party using the User’s membership card.

Surveillance is performed in our premises for the security of the User, which is automatically deleted every two weeks unless they are necessary for the fulfillment of legal obligations or used as evidence in court proceedings.

If you make payment through credit and debit cards, VISA and MASTERCARD, Personal Data Processing Manager will share your personal information with PAYU S.A., Grunwaldzka 182, 60-166 Poznań, Poland.
The applicable regulations are Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and the free movement of such data and the Implementing Act of the General Regulation on the Protection of Personal Data (Official Gazette 42/18).
Consent is voluntary. You have the right to withdraw your consent at any time, in which case the Personal Data Processing Manager may not warrant that you will fully or partially fulfill your obligations under the GYMS4YOU use contract.

How we use your personal information

We use your personal information appropriately in situations where processing of your personal information is required, for example:

  • to provide Users with efficient, fast and easy access to all fitness centers (gyms) in the Republic of Croatia;
  • in order to identify a User who does not respect the General Conditions of Use;
  • in order to monitor the fulfillment of the Contractual Obligations of the User;
  • in order to remind User of the fulfillment of Contractual Obligations in case of delays;
  • meeting legal requirements (eg. issuing invoices);

Who do we share user data with?

Trusting third parties that we entrust a series of business tasks they perform on our behalf. In this case, we provide third parties with only the personal information necessary to perform the services and prohibit the use of the personal data of the User for any other purpose. For example, we can share your personal data processing services with:

  • third parties that assist us in providing technical support such as platform providers or server hosting, database support, and maintenance, as well as software that may contain your personal information (such services sometimes imply access to your data so that you can perform the necessary tasks) ;
  • to third parties providing access control to authorized Users in all Fitness Centers in the Republic of Croatia,
  • to third persons providing accounting services;
  • to third parties providing bill collection services (debt collection agencies and / or attorneys), and in the event that the User fails to meet their obligations within the deadline;
  • public-law entities, when acting in good faith we have reason to believe that it is necessary to act according to legal obligation;

User Rights

One of the fundamental goals of the Personal Data Protection Regulation (Regulation (EU) 2016/679) is to protect and defend the rights of individuals with respect to privacy protection. Even if we are already processing certain Personal Information of the User, you have certain rights.

To accomplish these rights, please contact us. We will process your request without delay. Please keep in mind that we will keep track of the requests received so that we can resolve any potential disagreements.

Based on the Personal Data Protection Act, you have the following rights:

Right to Objection

This right allows Users to object to processing of personal information in cases where personal data processing is performed on the basis of legitimate interests or processing is necessary for the performance of tasks of public interest. You can object to file processing at any time if your personal data processing is based on these basics.

If we are unable to prove that we have a credible and legitimate basis for processing your personal information beyond the User’s rights and interests, we will cease processing your personal information.

Right to withdraw Approval

In cases where the User has given the Approval of certain acts, You are authorized to withdraw the given Approval at any time and we will cease using personal data for this purpose unless we consider that there is an alternative legal basis for further processing of personal data in that purpose, in which case we will inform the User thereof.

Right to access

At any time, the User is entitled to request a copy of the information we have, as well as request that we modify, update or delete this information. There is a possibility that we will ask the User for additional request-related information. If we allow the User to access the information we have, we will do so without charge, unless the processing of the request is ‘obviously unfounded or excessive’. In case you request additional personal information copies, it is possible to charge a reasonable administrative cost. The User’s request may be rejected in cases where it is legally and legally permissible.

Right to delete

Under certain circumstances, the User is entitled to request that we “delete” personal information. For example, such a right exists in the following cases:

  • data is no longer needed for the purpose for which it was initially collected;
  • a personal data processing Approval has been withdrawn and there is no other legal basis for proceeding with the processing of personal data (in cases where the legal basis for the processing of personal data is Approval);
  • the data were processed without a valid legal basis;
  • it is necessary to delete the data in order to comply with our obligations under the law; or
  • you objected to the processing of personal information, and we are unable to prove the existence of a legitimate legal basis for personal information.

We are authorized to reject the request for deletion of User data only in a limited number of cases and we will provide you with detailed explanations of the reasons for the rejection in such cases. This right is limited in the case of Users who are prohibited from accessing the fitness centers for violation of the General Conditions of Use.

The right to limit processing

Under certain circumstances, the User has the right to request that we restrict the processing of personal information, for example, in the event that the User objects to the accuracy of the personal information we have or if the objections are processed by personal data based on a legitimate interest.

Right to data correction

The User has the right to request correction of any inaccurate or incomplete information we have. In case we share data with third parties, we will notify them of the correction unless it is possible or would cause disproportionate difficulties. You are also authorized to request third-party information that we have provided inaccurate or incomplete personal information. In the event that we consider that it is not reasonable to act upon the request of the User, we will inform the User about this and explain the reasons for such decision.

Right to data transfer

If you wish, you are authorized to request the transfer of your personal data to another processing manager. This right actually means that it is possible to request that the personal data of the User be transferred or transferred to a third party. In order to enable this, we will provide Personal Data to the User in a standard, machine-readable form so that the User can transfer personal information to a third party. This right is applicable if it is: (1) the data we process automatically (without a human factor); (2) in the case of the information provided to us by the User; and (3) in the case of data we collect and process on the basis of a privation or for the purpose of fulfilling the contract.

User Personal Data Retention Period

In accordance with your rights as a User, we will keep the information in accordance with the applicable regulations, with custody times depends to fulfillment of the contractual or legal obligation. Personal Information of Users Disabled Access due to non-compliance with the Terms of Use and similar offenses shall be kept in the database for the protection of other Users. In any case, when it is established that your data is no longer required and that the legal deadlines for keeping such records and data have expired, the same will be deleted.

Right to complain

The user is entitled to file a complaint with the Privacy Protection and Personal Data Protection Authority:

Personal Data Protection Agency

Martićeva ulica 14

HR – 10 000 Zagreb

Tel. 00385 (0)1 4609-000

Fax. 00385 (0)1 4609-099



How to contact us

In the event that the User wishes to use any of the above mentioned rights or to withdraw the Approval given for personal data processing (in cases where the legal basis for processing of your personal data is requested), please contact us. We will keep track of our communications so that we can resolve any disputed issues in a timely manner.

You can contact us at any time and in any way:

GYMS4YOU d.o.o.

Strojarska cesta 20,

HR – 10 000 Zagreb

OIB 75049241440

Tel. 00385 (0)1 78 88 891



This Personal Data Privacy Policy comes into force on May 25th, 2018.