To help us give you more of what you love, we capture information about you in order to improve your experience of the Gymshark Community.
We are Gymshark Limited of GSHQ, Blythe Valley Park, 3, Central Boulevard, Solihull, B90 8AB, United Kingdom and we are a Data Controller registered with the UK Information Commissioner’s Office with registration number ZA317295. Our Data Protection Officer is Emma Brundrett and is contactable via firstname.lastname@example.org.
This notice is to inform you about how we collect and protect any personal information you provide to us and how you can control what personal information we collect from you and what we do with it. It sets out how we intend to use your information, who we will share it with and what rights you have about use of your information.
This notice applies however you provide personal information to us, whether you go online to our websites, contact us via social media, visit our events and stores , enter competitions, engage in research activities or whether you telephone, email, write to or text us.
We may collect the following information about you:
This list is not exhaustive and in specific instances, we may need to collect additional data for the purposes set out in this Notice. Some personal data is collected directly, for example when you set up an online account on our website or send an email to our Customer Support team. Other personal data is collected indirectly, for example when you browse our websites or undertake online shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources. We may anonymise and aggregate personal data for insight and research but this will not identify anyone.
Our websites are not intended for children and we do not knowingly collect data relating to children.
Gymshark Limited (and trusted partners acting on our behalf) use your personal data:
To ensure you are kept up to date with the Gymshark experience, we use personal data for marketing purposes and may send you postal mail, texts and/or emails to update you on the latest offers and events. We may also show you online media communications through external social media platforms such as Facebook and Instagram and external digital advertisers such as Google.
You have the right to opt out of receiving promotional communications at any time, by:
This may not stop service messages such as order updates.
Personalisation and Automated Decision Making
If you visit any of our websites, you may receive personalised banner advertisements whilst browsing websites of other companies. Any banner advertisements you see will relate to your browsing activity on our website from your computer or other devices.
We may collect data directly from you, as well as analysing your browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to ensure that we contact you with information on products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated decision making. We may do this to decide what marketing communications are suitable for you and this activity is based on our legitimate interests to develop and improve our products and services.
Also to provide more personalised services and experiences, we may review data held by external social media platform providers about you, for example, details on your Twitter or Facebook profiles that you have chosen to make publicly accessible such as your name, date of birth. Some of our services enable you to sign-in via external social media platform providers such as Facebook. If you choose to sign-in via a third party app, you will be presented with a dialog box which will ask your permission to allow us to access your personal information (e.g. your full name, date of birth, email address and any other information you have made accessible).
We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process data by profiling and segmenting, identifying what our customers like and ensuring messages we send them are relevant based on their demographics, interests, purchase behaviour, online web browsing activity and engagement with previous communications. We may also use your data to exclude you from communications which we feel are irrelevant to you. For example, we may exclude someone from resends of marketing emails when we know that person has already opened the original email sent.
Another example of how we may tailor our communications with you is that we may group individuals with similar interests using this data so we can send them product news or promotional offers that are relevant to that shared interest.
You have the right to opt out of any automated processing, including profiling, at any time by:
In order to make certain services available to you and to help us better understand your preferences, we have partnered with certain trusted third parties including logistics and marketing service providers. We may need to share your personal information with some of our service partners. We only allow our service providers to handle your personal information when they have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your information to provide services to us and to you, and for no other purposes. We may provide outside companies with aggregated and anonymised information and analytics about our customers but that would never identify you and we will never sell or rent your personal information to other organisations for any purposes.
To help you understand which partners we share data with, here are the types of companies with whom we share data in order to provide and promote our goods and services:
|External Service Provider||Reason for sharing your data||Example|
|Companies that help us provide our goods to you including providers of ecommerce platforms and payment, logistics, delivery, courier and returns management services.||We have help from outside organisations in order to ensure we can provide our products and services to you.||Making sure that the courier knows where to deliver your order.|
|Vision Critical Research Solutions (UK) Limited whose registered office is at 17, Hatfields, 2nd Floor, London, SE1 8DJ who host our Gymshark Insiders Community platform.||In order to better understand you we organise a Community of likeminded people and share their details with the company that operates the platform.||Organising competitions and new product reviews through our Insiders platform to assess how relevant our products are to you.|
|Companies that help us provide a better Gymshark experience tailored to you including providers of intelligence tools and social media platforms, providers of website hosting, marketing and advertising services and organisers of discount and loyalty schemes.||We want to make sure that we are always relevant, completely understand you and give you the best customer journey to ensure we can tailor your experience, reach you in the platforms you enjoy using and save you time.||Using information about your previous purchases and what you store in your shopping cart to show you, through channels such as social media or emails, product recommendations and let you know when new products release.
The optional use of sign in for our website through external site operators such as Facebook and Student Beans.
Understanding the device that you use to browse our websites to improve your shopping experience.
|Fraud Prevention agencies.||To help tackle fraud we pass data through fraud prevention tools operated by external companies.||Validating your details when you make a purchase on our website.|
We may also share your data with:
We are required to set out the legal basis for our processing of your personal data.
We collect and use customers’ personal data:
You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
Gymshark Limited is committed to keeping your personal data safe and secure.
Our security measures include: -
You should always be cautious when sharing your personal data. No one from our company will ever ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Gymshark Limited asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety: -
We will not retain your data for longer than necessary for the purposes set out in this Notice. Different retention periods apply for different types of information, and our Data Retention Policy sets out the length of time we will usually retain personal data and where these default periods might be changed.
In summary, various laws, accounting and regulatory requirements applicable to us require us to retain certain records for specific amounts of time. In relation to your personal data, we will hold this only for so long as we require that personal data for legal or regulatory reasons or for legitimate organisational purposes. We will not keep your data for longer than is necessary for the purposes for which we collect them.
To deliver products and services to you, it is sometimes necessary to share your personal information outside of the European Economic Area (the EEA). This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws.
If we transfer your personal information outside the EEA, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are to be taken as regards the data in the overseas location; alternatively, we use standard data protection clauses.
You have the following rights:
If you wish to exercise any of the above rights, you can always contact us either by email to email@example.com. or by post to the Data Protection Officer, Gymshark Limited, GSHQ, Blythe Valley Park, 3, Central Boulevard, Solihull, B90 8AB, United Kingdom.
You have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom if you believe we have not handled your personal data in accordance with the law. Further information, including contact details, is available at https://ico.org.uk.Gymshark Limited
Version 3 May 2018