GDPR Compliance
Last updated: February 1, 2026
Our Commitment to GDPR
gymbtq is committed to protecting your data and complying with the General Data Protection Regulation (GDPR).
This page explains our approach to GDPR compliance and how we help you meet your obligations as a data controller.
Data Controller vs Data Processor
Legal Basis for Processing
We process personal data based on the following legal bases.
- Consent: For marketing communications and optional features
- Contractual Necessity: To provide our service as agreed in our terms
- Legitimate Interests: To improve and secure our service
- Legal Obligation: To comply with applicable laws and regulations
Your Rights Under GDPR
The GDPR provides you with specific rights regarding your personal data.
Right of Access
Request a copy of your personal data
Right to Rectification
Correct inaccurate personal data
Right to Erasure
Request deletion of your data
Right to Restriction
Limit how we process your data
Right to Portability
Receive your data in a portable format
Right to Object
Object to certain types of processing
International Data Transfers
We store data in EU-based servers. When data is transferred outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.
Data Retention
We retain your personal information for as long as your account is active or as needed to provide you services. Data is deleted within 30 days of account closure unless legal requirements dictate otherwise.
Security Measures
We implement appropriate technical and organizational measures to protect your data.
- Encryption at rest and in transit
- Regular security audits
- Access controls and authentication
- Employee training and awareness
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
Data Protection Officer
For GDPR-related inquiries, contact our Data Protection Officer.
Contact DPO