Privacy Policy

PRIVACY POLICY

This Privacy Policy aims to give you information on how “C.H.S FITNESS CLUB LIMITED” operating the trade name CHS FINTESS CLUB and/or We collect, use, disclose and process your personal data through your use of the website http://www.chsfitnessclub.com.cy/ (hereinafter referred to as “the Website”) and the means by which this is done. This Privacy Policy acts as a means of notifying the Website visitors of their rights in accordance with local law and the EU General Data Protection Regulation (EU) 2016/679.  

This Website is not intended for children and we do not knowingly collect data relating to children.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to CHS FITNESS CLUB. By means of this data protection declaration/policy, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

CHS FITNESS CLUB is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. 

By accessing, browsing and/or using this Website, you consent to the data practices described in this Privacy Policy and acknowledge that you have read, understood, and agree, to be bound by these terms conditions, and notices contained herein and to comply with all applicable laws and regulations.

For the purposes of this Privacy Policy “Personal Data” comprises of any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Additionally “Controller” or “controller responsible for the processing” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

As the Controller, CHS FITNESS CLUB has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

WHO WE ARE

C.H.S FITNESS CLUB LIMITED is a limited liability company organised and existing under the laws of Cyprus with registration number 250378 having its registered office address at 14 Golgon Street, Floor 2, 3021, Limassol Cyprus. C.H.S FITNESS CLUB LIMITED operates and/or manages the fitness facility named CHS FITNESS situated at 250B Leontiou Street, 3020 Limassol.

 If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact C.H.S FITNESS CLUB LIMITED using the details set out below.

Contact Details 

C.H.S FITNESS CLUB LIMITED 

14 Golgon Street, Floor 2, 

 3021, Limassol 

Cyprus

Tel: 25 250101

E-mail: chsgymlimassol@gmail.com

You have the right to make a complaint at any time to the Office of the Commissioner for Data Protection, the supervisory authority for data protection issues in the Republic of Cyprus  (http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/index_gr/index_gr?opendocument).

 We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner for Data Protection therefore please contact us in the first instance.

COLLECTION OF GENERAL DATA AND INFORMATION VIA THE WEBSITE

The Website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, the Website does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, CHS FITNESS analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

CONTACT POSSIBILITY VIA THE WEBSITE

The Website contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

WHY CHS FITNESS COLLECTS YOUR PERSONAL INFORMATION AND LEGAL BASIS FOR DOING SO

In order to operate our business we need to process personal data. We use this to provide you with the services you request, tell you about services you are eligible for, keep in contact with you and manage your account. We are committed to protecting your personal data and will only Process the Data if we need to for a specific purpose and providing we have a legal basis, as explained below.

We have different legal bases for collecting your personal information. We may have your consent to collect your contact details when you sign up to receive newsletters or information about offers or services.  We may enter into a contract with you and process your personal data in order to provide you with gym membership. We may have legitimate interests in processing your personal data in order to promote our services and we may have legal obligations to inform authorities if your safety or the safety of others is at risk.

The information we collect may include any of the following: Information you type into our websites or provide to one of our colleagues such as, but not limited to: when you become a member, complete an enquiry form, provide activity data from a device, make a booking, sign up as a volunteer, or visit our gym. 

This information may include (i) your personal contact data such as full name, gender address, contact information (ii) fitness-related data or relevant medical conditions which have been obtained in order to create personalised fitness workouts for you or health-related data and (iii) emergency contact details. We use this to provide you with the services you request, tell you about services you are eligible for, to keep in contact with you, and manage your account.

If you contact us by email, via the website, in person or by telephone we may keep a record of your contact information and enquiry and may subsequently use your contact details to respond to your enquiry

USE OF YOUR PERSONAL DATA/INFORMATION

We will only use your Personal Data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests. Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).  (Where we need to comply with a legal or regulatory obligation.
  • Where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

 

Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time.

As C.H.S Fitness Club Limited We use your information to help us provide and improve our services for you. We may use your information in the following ways:

  • to provide you with any services that you have purchased or receive free as part of a health or other scheme
  • to check your identity
  • to check your eligibility where appropriate
  • to update our records with any new information you give us
  • to notify you if we will be unable to provide a service you have booked before
  • to provide marketing communications (if you have given us your permission)
  • for research and analysis so we can develop and improve our services for your benefit
  • to tailor our communications to you to ensure relevance (if you do not want us to do this please contact us using the details below)
  • to comply with legal obligations
  • to safeguard users of our services

YOUR RIGHTS AS USER ON THE WEBSITE

Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. Such rights are as follows: 

  • Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your Personal Data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

DATA PROTECTION PROVISIONS ABOUT THE APPLICATION AND USE OF FACEBOOK

On the Website, the Controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

DATA PROTECTION PROVISIONS ABOUT THE APPLICATION AND USE OF INSTAGRAM

On the Website, the Controller has integrated components of the service Instagram. Instagram is a service that may be qualified as an audiovisual platform, which allows users to share photos and videos, as well as disseminate such data in other social networks.

The operating company of the services offered by Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, United States.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram. During the course of this technical procedure, Instagram becomes aware of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in at the same time on Instagram, Instagram detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the data subject. This information is collected through the Instagram component and is associated with the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, then Instagram matches this information with the personal Instagram user account of the data subject and stores the personal data.

Instagram receives information via the Instagram component that the data subject has visited our website provided that the data subject is logged in at Instagram at the time of the call to our website. This occurs regardless of whether the person clicks on the Instagram button or not. If such a transmission of information to Instagram is not desirable for the data subject, then he or she can prevent this by logging off from their Instagram account before a call-up to our website is made.

Further information and the applicable data protection provisions of Instagram may be retrieved under https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

USE OF COOKIES

The Website consists of “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. 

Through the use of cookies, the Website can provide users with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

CCTV

We use closed circuit television (CCTV) images for the prevention, identification and reduction of crime.  Our gym is monitored by CCTV. CHS Fitness Club Ltd reserves the right for its employees and contractors to review footage as required and by entering any of our gyms you consent to your image being recorded and reviewed and waive any and all claims in relation to the same. 

All cameras are located within public and staff view. All CCTV surveillance is automatically recorded and any breach of this siting policy will be detected via controlled access to the CCTV System and auditing of the CCTV System. 

The images produced by the equipment will as far as possible be of a quality that is effective for the purpose(s) for which they are intended. Upon installation, all equipment is tested to ensure that only the designated areas are monitored and suitable quality pictures are available in live and play back mode. All CCTV equipment is maintained under contract. 

Prior to any camera installation we will ensure that the installation complies with this Privacy Policy and that the use of any camera is justified, necessary and proportionate. We will regularly assess whether the use of any camera and the CCTV System as a whole continues to be justified, necessary and proportionate. 

The purpose of the use of the CCTV Systems and the collection and processing of CCTV images is for: 

  1. the prevention or detection of crime or disorder, 
  2. apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings), 
  3. interest of public and employee Health and Safety,
  4. protection of public health
  5. the protection of the our property and assets. 

Recorded CCTV footage will be stored securely and retained in compliance with the GDPR. 

All images are digitally recorded and stored securely within the system’s hard drives. 

Access to, and disclosure of, the images recorded by our CCTV System and similar surveillance equipment is restricted and carefully controlled. This ensures that the rights of individuals are preserved and the continuity of evidence remains intact should the images be required for evidential purposes e.g. a police enquiry or an investigation being undertaken as part of an internal procedure. Access to and disclosure of images is permitted only if it supports the purpose for which such images were collected. 

You have the right to request access to CCTV images which contain your personal data. This access request must be submitted formally in writing, with sufficient details to identify the section of footage with which you are concerned and to enable C.H.S Fitness Ltd to satisfy itself that the person making the request is the data subject of that specific recording. By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. 

INTERNATIONAL TRANSFERS   

In the instance that your Personal Data will be transferred out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

 

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission in accordance with Article 46 of the GDPR.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. 

DATA RETENTION 

 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

CHANGES TO THIS STATEMENT

C.H.S FITNESS CLUB LTD will occasionally update this Privacy Policy to reflect company and customer feedback. C.H.S FITNESS CLUB LTD will notify you of any changer to this Privacy Policy but  encourages you to periodically review this Privacy Policy to be informed of how C.H.S FITNESS CLUB LTD

is protecting your information. 

TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

THIRD-PARTY MARKETING  

We will get your express opt-in consent before we share your personal data with any company outside C.H.S FITNESS CLUB LTD for marketing purposes.