Privacy Policy
This privacy policy explains the nature of the personal data that we process, the purposes of processing and the locations at which the processing is carried out. It applies in particular to the use of our website PureGym, the services we offer our members and our other services. The privacy policy also informs data subjects whose data we process of their rights.
Additional or further privacy policies and other legal documents such as our General Terms and Conditions (GTC), Terms of Use and Terms of Participation may also apply for individual or additional offers and services.
Data controller (responsible for the processing of personal data):
PureGym AG
Grabenwisstrasse 5
8604 Volketswil
Where other entities assume the role of data controller in individual cases, we will specifically mention this.
2.1 Terminology
Personal data comprises all information relating to an identified or identifiable individual. A data subject is an individual whose personal data is being processed. Processing means every contact with personal data, irrespective of the methods and processes involved, in particular the storage, disclosure, obtaining, collection, deletion, saving, changing, destruction and use of personal data.
2.2 Legal bases
We process personal data in accordance with Swiss data protection law, including in particular the Federal Act on Data Protection (DPA) and the Ordinance to the Federal Act on Data Protection (DPO).
2.3 Nature, scope and purpose
We process personal data that is necessary in order to provide our offering in a sustainable, user-friendly, secure and reliable manner. Such personal data may include information in the following categories: personal contact details and status, browser and device data, content, meta data, peripheral data and usage data, location, sales, contractual and payment data.
We process personal data only for the duration for which the corresponding purpose or purposes are in place or as required by law. Personal data that no longer requires to be processed is anonymised or deleted. Individuals whose personal data we process generally have the right to deletion of their personal data.
We process personal data only when this is permitted on legal grounds, for example to fulfil a contract with the data subject (i.e. to fulfil a membership agreement concluded with us) and for related pre-contract and post-contract measures, to protect our overriding legitimate interests because the processing is evident from the circumstances or according to prior information. Where the law requires the data subject to give consent, you will only process personal data once consent has been given by the data subject.
In particular, we process personal data when you contact us or we contact you, when you engage with our services as a member of our fitness club or when you visit our website. In this context we process information that a data subject personally and voluntarily communicates to us when getting in touch – such as by post, email, our contact form, social media, telephone or in person – or when concluding, extending or terminating a membership agreement. We may add such information to an address book, a Customer Relationship Management (CRM) system or store it and process it with comparable tools. If you provide us with personal data about another individual, you are obliged to ensure the protection of such an individual’s privacy and to ensure that the personal data provided is accurate. We also process personal data that you do not actively communicate to us, in particular when you visit our website.
In addition, we process personal data that we obtain from third parties, obtain from publicly accessible sources, or collect through the provision of our offer, to the extent that and as long as such processing is lawful.
Personal data obtained from job applications is only processed for the purpose of assessing your suitability for employment or to subsequently execute an employment contract. The personal data that is required to apply for a job comprises the information that we request or that you provide, for example in the context of a job advertisement. Applicants may voluntarily provide additional information along with their applications.
2.4 Processing of personal data by third parties, including abroad
We may request third parties to process personal data on our behalf or may process personal data in conjunction with third parties or with the assistance of third parties and communicate personal data to third parties. Such third parties are primarily service providers whose services we engage. We also guarantee an adequate level of data protection in respect of such third parties.
Such third parties are generally located in Switzerland or in the European Economic Area (EEA). However, such third parties may also be located in other states and territories provided that their data protection laws offer an adequate level of protection according to the assessment of the Federal Data Protection and Information Commissioner (FDPIC), or if an adequate level of data protection is ensured by means of a corresponding contractual agreement, in particular on the basis of standard contractual clauses or a corresponding certification. In exceptional cases, such a third party may also be located in a country where there is no adequate level of data protection as long as the requirements under data protection laws are met such as the consent of the data subject.
Data subjects whose personal data we process have rights pursuant to the Swiss data protection laws. These rights include the right to information and the right to correction, destruction or blocking of the processed personal data. Nevertheless, we reserve the right to enforce the restrictions permitted in law, for example if we have an obligation to retain or process the personal data, have an overriding interest in the processing or if we require it in order assert a claim.
Data subjects whose personal data we process may exercise their rights before the courts or contact a responsible supervisor. The supervisory authority for data protection in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
We take appropriate and suitable technical and organisational measures to ensure the protection and in particular the security of data. Nevertheless, the processing of personal data on the Internet can always be subject to security breaches despite such measures. For this reason, we are unable to guarantee complete data security.
Our web offering is accessed via an encrypted connection (SSL/TLS, in particular using the Hypertext Transfer Protocol Secure, or HTTPS for short). Most web browsers identify encrypted connections by displaying a closed padlock in the address bar.
5.1 Cookies
We may use cookies on our website. Cookies, both our own cookies (first-party cookies) and cookies from others whose services we use (third-party cookies), are files that are saved in your web browser. Such files are not necessarily limited to traditional cookie text files. Cookies are not able to execute programs or transfer malicious software such as trojans or viruses.
When you visit our website, cookies may be saved temporarily to your browser in the form of “session cookies” or saved more permanently for a specific period of time. Session cookies are automatically deleted when you close your web browser. Permanent cookies must have a specific retention period. In particular, they allow your web browser to be recognised the next time you visit our website and therefore help measure the reach of our website. However, permanent cookies may also be used for online marketing, for example.
You can deactivate the use of cookies in your web browser settings at any time as well as delete cookies. Our website may no longer be fully available if you opt not to use cookies, however.
For cookies that are used to measure reach and conversions or are used for marketing purposes, there are general («opt-outs») that apply to a range of services. These schemes and their operators include the Network Advertising Initiative (NAI), YourAdChoices (Digital Advertising Alliance) and Your Online Choices (European Interactive Digital Advertising Alliance, EDAA).
5.2 Server log files
Every time our website is accessed we can obtain the following information provided that it is sent by your web browser to our server infrastructure and can be deciphered by our web server. Date and time including time zone, Internet Protocol (IP) address, access status (HTTP status code), operating system including user interface and version, web browser including language and version, individual pages accessed on our website including the volume of data transferred, most recently accessed web page in the same browser window (referrer page).
We save this information, which may include personal data, in log files on the server. The information is required to allow us to provide our web offering sustainably, in a user-friendly and reliable form, and to ensure the security of the data and thus protection of personal data, including with third parties or the help of third parties.
5.3 Tracking pixels
We may use tracking pixels on our website. Tracking pixels are also referred to as web beacons. Tracking pixels, including those transmitted by third parties whose services we use, are small generally transparent image files that are automatically accessed when visiting our website. Tracking pixels allow us to capture the same information as server log files.
We send notifications and messages such as newsletters by email and other communications channels including instant messaging.
6.1 Measurement of reach and conversions
Notifications and messages may contain web links or tracking pixels that allow us to determine when an individual message has been opened and which links in the message have been clicked. Such web links and tracking pixels may also be able of recording individuals’ use of notifications and messages. We require this statistical information regarding the use of our information in order to measure reach and conversions, so that we can effectively offer notifications and messages on the basis of the needs and reading habits of the recipients in a user-friendly, sustainable, secure and reliable manner.
6.2 Consent and objection
Generally, you must give your consent to the use of your email address and other contact details for advertising and marketing purposes unless the use is permitted for other legal reasons such as when you provide us with your contact details in the scope of becoming a member and we send you messages and offers in conjunction with our offering.
You can generally unsubscribe from notifications and messages such as newsletters at any time. A corresponding unsubscribe option is included in every newsletter, or alternatively you can contact us directly with your request. Notifications and messages that are necessary for the provision of our service are excluded from this. When you unsubscribe you can in particular object to the gathering of statistical usage data for the purpose of measuring reach and conversions.
6.3 Service providers used to send notifications and messages
We send notifications and messages using services provided by third parties or with the assistance of third parties. Cookies may be used in this context. We also guarantee an adequate level of data protection in respect of such services.
We use Mailchimpto distribute and manage our newsletters. Mailchimp is a service of The Rocket Science Group LLC based in the United States. Information about the nature and purpose of the data processing can be found in the Privacy Policy, located on the “Mailchimp and European Data Transfers” page and in the Mailchimp “Cookie Statement”.
We maintain a presence on social media and other web platforms in order to communicate with interested parties and provide information about our offering. Such communications may also involve the processing of personal data outside of Switzerland or the European Economic Area (EEA).
The General Terms and Conditions (GTC), Terms of Use, Privacy Policies and other conditions of the individual platform operators apply. These provisions provide information on the rights of data subjects, in particular the right to information.
8.1 Google Analytics
We use Google Analyticsto analyse how our website is used, enabling us to measure the reach of our website and the success of third-party links to our website (conversion). This a service offered by Google LLC from the United States. Google’s Irish company Google Ireland Limited is responsible for users located in the European Economic Area (EEA) and Switzerland.
Google also tries to capture the details of visits to our website by individuals using multiple web browsers and devices (Cross-Device Tracking). Cookies may be used in this context. Your Internet Protocol (IP) address is required for Google Analytics, but it is not cross-referenced with other data held by Google.
In any case, we tell Google to anonymise your IP address before analysing any data. In general, as a result your complete IP address is not sent to Google in the United States.
Further information about the nature, scope and purpose of data processing can be found in the Google Privacy and Security Principles and Privacy Policy, in the Google Product Privacy Guide (including Google Analytics), in How Google Uses Information From Sites Or Apps That Use Our Services and in How Google Uses Cookies. In addition, you can use the Google Analytics Opt-out Browser Add-on and deactivate Ad Personalisation .
8.2 Google Tag Manager
We use Google Tag Managerto integrate and manage Google’s analytics and advertising and other third-party services on our website. This a service offered by Google LLC from the United States. Google’s Irish company Google Ireland Limited is responsible for users located in the European Economic Area (EEA) and Switzerland. No cookies are used, although cookies may be used by services integrated and managed in this way. We provide information on the processing of personal data by such services in this Privacy Policy.
When you visit our premises, in particular the gym areas of our fitness club, we may record video in appropriately sign-posted areas for security and documentary purposes and to ensure our Qualitop certification.
We use services from third parties to provide our offering in a sustainable, user-friendly, secure and reliable manner. Such services are also used to embed content on our website. These services, including hosting and storage services, video services and payment services, require your IP address as otherwise they are not able to transfer the relevant content. The services may be located outside Switzerland and the European Economic Area (EEA) as long as an adequate level of protection is guaranteed.
Third parties whose services we use may also collect data in conjunction with our offering and process this in aggregate, anonymised or pseudonymised form in combination with data from other sources, including cookies, log files and tracking pixels, for their own security, statistical or technical purposes.
10.1 Digital infrastructure
We use third-party services to provide the required digital infrastructure for our offering. These include hosting and storage services from specialist providers.
10.2 Contact options
We use third-party services to improve our communications with you and other individuals. We also guarantee an adequate level of data protection in respect of such third parties.
10.3 Social media functions and social media content
We use social plugins from Facebook, to embed Facebook functions and Facebook content on our website. Such functions include “Like” and “Share”. Cookies may be used in this context. Further information can be found on the Facebook Social Plug-ins page.
Social Plugins are provided by Facebook Ireland Ltd. located in Ireland and Facebook Inc in the United States. If you are logged in to Facebook when using our offer, Facebook can link your use of our web offer with your Facebook profile. Further information about the nature, scope and purpose of data processing can be found in the Facebook Privacy Policy.
10.4 Maps
We use Google Mapsto embed maps on our website. Cookies may be used in this context. Google Maps is a service offered by Google LLC from the United States. Google’s Irish company Google Ireland Limited is responsible for users located in the European Economic Area (EEA) and Switzerland. Further information about the nature, scope and purpose of data processing can be found in the Google Privacy and Security Principles and Privacy Policy in the Google Product Privacy Guide (including Google Maps), in How Google Uses Information From Sites Or Apps That Use Our Services and in How Google Uses Cookies. You can also opt out of Ad Personalisation.
10.5 Fonts and icons
10.5.1 Font Awesome
We use Font Awesometo embed certain icons on our website. Cookies may be used in this context. This service is offered by Fonticons Inc. in the United States, which claims to respect European data protection laws. Further information about the nature, scope and purpose of data processing can be found in the Font Awesome Privacy Policy.
10.5.2 Google Fonts
We use Google Fonts, to embed certain fonts on our website. No cookies are used in this context. This is a service offered by Google LLC from the United States, independently of the other Google services. Google’s Irish company Google Ireland Limited is responsible for users located in the European Economic Area (EEA) and Switzerland. Further information about the nature, scope and purpose of data processing can be found in the Google Privacy and Security Principles and Privacy Policy.
10.5.3 MyFonts (by Monotype)
We use MyFonts (by Monotype)to embed certain fonts on our website. Cookies may be used in this context. This service is offered by Monotype Imagine Holdings Inc., a company in the United States that specialises in the design of digital fonts. Further information on the nature, scope and purpose of data processing can be found in the Monotype Privacy Policy and on the page containing the Web Font Tracking Privacy Policy Web Font Tracking Privacy Policy Privacy Policy.
10.6 Payments
We use payment providers to allow our members’ payments to be processed securely and reliably. Payment processing is subject to the terms and conditions of the payment service provider, including General Terms and Conditions (GTC) and privacy policies.
In particular we use:
- PayPal including Braintree: Payment processing; providers: PayPal (Europe) S.à.r.l. et Cie, S.C.A (Luxembourg) / PayPal Pte. Ltd. (Singapore); Data protection information: Privacy Policy, “Statement on Cookies and Tracking Technologies”.
- PostFinance: E-payment solutions; provider: PostFinance AG (Switzerland); Data protection information: “Legal Information and Accessibility”, “Data Protection” (including “Privacy Policy”).
10.7 Credit checking / Collection of payments
We can obtain credit information about members or potential new members and share payment experiences with Intrum AG, the Swiss Creditreform association or other collection agencies.
We may send personal data to Intrum AG or other collection agencies for the purpose of collecting due payments. Further information about the nature, scope and purpose of data processing can be found in the Intrum AG Privacy Policy.
10.8 Advertising
10.8.1 Facebook Ads
We use Facebook AdsWe use Facebook Ads to place targeted advertising for our offer on Facebook. Facebook Ads is offered by Facebook Ireland Ltd. in Ireland and by Facebook Inc. in the United States. Cookies may be used for Facebook Ads.
With such advertising we hope to reach individuals who are interested in our web offering or already use our web offering. For this purpose, we send information including personal data to Facebook, in particular using the Facebook-Pixel, (Custom Audiencesincluding Lookalike Audiences).). We can also establish whether our advertising has been successful, i.e. whether it has resulted in a visit to our website (Conversion Tracking).
Further information about the nature, scope and purpose of data processing can be found in the Facebook Privacy Policy. In addition, Facebook users can configure advertising preferences to determine what ads they see on Facebook and what advertising Facebook will serve them in the future.
10.8.2 Google Ads
We use Google Ads (formerly AdWords), , to place targeted ads in the Google search engine and elsewhere on the web including on other websites, including in response to specific search queries. Google Ads is offered by Google LLC from the United States. Google’s Irish company Google Ireland Limited is responsible for users located in the European Economic Area (EEA) and Switzerland. Cookies may be used for Google Ads. Google uses various domain names for Google Ads, in particular doubleclick.net, googleadservices.com and googlesyndication.com.
With such advertising we hope to reach individuals who are interested in our web offering or already use our web offering. We send information – potentially including personal data – to Google for this purpose (Remarketing). We can also establish whether our advertising has been successful, i.e. whether it has resulted in a visit to our website (Conversion Tracking).
Further information about the nature, scope and purpose of data processing can be found in the Google Privacy and Security Principles and Privacy Policy in How Google Uses Information From Sites Or Apps That Use Our Services and in How Google Uses Cookies.
We participate in affiliate programmes. These pay us for mentioning third-party offers or linking to third-party offers. We may also pay third parties for mentioning our offer or linking to our web offer (Affiliate Marketing). In this context information including personal data may be processed about the use of offers and clicking of links. Cookies may be used in this context.
We use Google reCAPTCHAto protect against bots and spammers using our contact forms and ensure that they can be used reliably by humans. Cookies may be used in this context. This a service offered by Google LLC from the United States. Google’s Irish company Google Ireland Limited is responsible for users located in the European Economic Area (EEA) and Switzerland. Further information about the nature, scope and purpose of data processing can be found in the Google Privacy and Security Principles AND Privacy Policy and in How Google Uses Cookies.
We may amend or update this Privacy Policy at any time. We will provide appropriate information of such amendments and updates, in particular by publication of the currently applicable Privacy Policy on our website.