For the purpose of Data Protection Laws (as defined below) (the ‘data controller’) is Kondylis Fitness Centre Limited, of 1st of April 28, Mesa Gitonia, 4003, Limassol, with reg. no. HE 120443, a centre offering fitness and wellness services and programs to anyone who becomes a member (hereinafter “Kondylis”).
For the purpose of the Data Protection Laws ‘personal data’ is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’, or a combination of the aforesaid which may identify the data subject. ‘Sensitive personal data’ is data concerning a specific set of “special categories” that must be treated with extra security. These categories are:
- Racial or ethnic origin;
- Political opinions;
- Religious or philosophical beliefs;
- Trade union membership;
- Genetic and biometric data; and
- Data concerning health, sex life or sexual orientation.
Our use of your personal data is subject to your instructions, if applicable, and the Data Protection Laws.
“Data Protection Laws” means the following legislation as applicable:
- the General Data Protection Regulation (2016/679) (“GDPR”)
any law, statute, declaration, decree, legislative enactment, order, ordinance, regulation, rule or other binding instrument of any EU member state where the Parties have a presence which implements the Data Protection Directive (95/46/EC), the GDPR or the Directive on Privacy and Electronic Communications (2002/58/EC); and
- National Law No. 125(I)/2018 as amended from time to time.
PERSONAL DATA WE COLLECT ABOUT YOU
The list below sets out the personal data we will or may collect in the course of offering our services including, but not limited to, when you fill out an enquiry or registration/application form, where all the necessary details relating to our KYC procedures will be required. This policy, inter alia, explains what types of personal information will be gathered when you visit and use Kondylis’s website and booking services and/or when you become a member of the centre and how this information will be used. Personal data we will or may collect depending on why you have instructed us:
- Your full name, ID or Passport number, residential address (if necessary) and personal telephone number;
- Electronic contact details;
- Your gender and sexual orientation;
- Any relevant medical report; and
- Other personal identifying information (if necessary).
HOW YOUR PERSONAL DATA IS COLLECTED
WHAT WE COLLECT
In order for you to become a member of the centre (and consequently enable you to use the gym and participate in classes) and enable us to provide our services to you (e.g. facility bookings/activities or sports related memberships), we will ask you to fill out our registration/application form and provide some personal information. We may also ask you to provide some personal information when filling out the contact us form on our website or to give feedback, request support or request further services from us.
We also collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our webmasters. This allows us to ensure that content from our site is presented in the most effective manner for you and for your computer.
By providing Kondylis with this data you are consenting to us holding and using your data for the purposes for which it was provided to us for a reasonable length of time.
PHOTOGRAPHY AND FILMING
Certain training and/or exercising classes and/or sessions and/or social functions may be photographed and/or filmed and some of this content may be used for future marketing materials, member communications, products or services. This will usually be as part of general filming of the venue(s) and will not usually focus on specific individuals. We also operate CCTV cameras throughout the building.Should you have any concerns with regards to this, or do not wish to be featured in any of these materials please contact us at email@example.com or by telephone at 25750476.
HOW AND WHY WE USE YOUR PERSONAL DATA
Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform our services (and creating a client account for you);
- Where we need to comply with a legal obligation;
- Where you have given your consent and that consent has not subsequently been withdrawn by you.
We may also use your personal information in the following circumstances, which are likely to be rare:
- Where we need to protect your interests (or someone’s interests),
- Where it is needed in the public interest,
- To personalize your needs/requirements (your information helps us to better respond to your individual requests), and
- To improve our website (we strive to improve our website offerings based on the information and feedback we receive from you).
The situations where we will process your personal data are listed below:
- creating a client account for you;
- to provide you with our services;
- to provide you with information about our services;
- to invite you to events or classes that may be of interest to you;
- for marketing and advertising purposes, including promotional communications (for more information on promotional communications) please see below section of this policy); and
- for debt collection purposes.
Sensitive Personal Information and Special Categories of Data
We may also collect, store and use, the below “special categories” of more sensitive personal information for the purpose of providing our services to you i.e.:
- Information about health, including sickness records, medical conditions and other records.
- Information about race or ethnicity, religious beliefs and sexual orientation.
We will only process these ‘special categories of personal data’ with your explicit written consent which you can withdraw at any time.
WHAT ARE YOU DOING WITH MY DATA?
Personal information provided to Kondylis by you will only be used for the purposes stated when the information is requested. Personal information will not be sold to third parties, or provided to direct marketing companies or other such organisations without your permission. Personal information collected and/or processed by Kondylis is held in accordance with the provisions of the Data Protection Laws.
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.
We may use your personal data to send you updates on our services, newsletters and other promotional material about our products and services.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, for example for electronic marketing communications, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never share it with other organisations for marketing purposes without your explicit written consent.
You have the right to opt out of receiving promotional communications at any time by contacting us at firstname.lastname@example.org.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
WHO WE SHARE YOUR PERSONAL DATA WITH
We routinely share personal data with our IT providers, accountants and/or auditors. We may share your information to third parties where this is reasonably necessary and/or for the purposes set out in the policy including analytics and search engine providers that assist us in the improvement and optimisation of our site.
HOW DO WE STORE YOUR INFORMATION?
Information which you provide to us will ordinarily be stored on our own secure servers or the servers of our service providers. Kondylis works with third party organisations, who provide certain functions and or features of our services to you. Accordingly, information that we collect from you may be transferred to a 3rd party company to allow us to carry out our day to day business.
We may also disclose your personal information to third parties if we are under a duty to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of Kondylis, its members or others.
HOW LONG YOUR PERSONAL DATA WILL BE KEPT
We will keep your personal data for any such period that we might be required to retain such personal data by Law.
ACCESS TO INFORMATION
You have the right to access information held about you. For further information about this right and how to exercise it, please see below.
Data Subject Rights
Under certain circumstances, you have the right to:
- Access your information
You are entitled to request access to the information we hold about you (known as a ‘data subject access request’). You are entitled to receive a copy of the personal information we hold about you and to check that it is being lawfully processed.
- Correct your information
If the information we hold for you is incomplete or incorrect, you have the right to request a correction.
- Request erasure
Where there are no reasons for continuing the processing of your personal information, you are able to request the removal or deletion of the personal information.
- Object to processing
Where the firm relies on legitimate interest for the processing of your personal information, or for the purposes of direct marketing, you have the right to object to the processing.
- Request the restriction of processing
You are entitled to request for a suspension for the processing of your personal information, for example, if you are awaiting the reasons for the processing of the information or require us to establish its accuracy.
- Transfer your personal information
You are able to request the transfer of your personal information to another party.
It is important that the personal information we hold for you is accurate and up to date. If you would like to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact us by email at email@example.com.
For further information on your rights, including the circumstances in which they apply, please visit the website of the Cyprus’ Information Commissioner’s Office at http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_en/home_en?opendocument.
If you would like to exercise any of those rights, please:
- Email us at firstname.lastname@example.org or call us at 25750476.
- let us have enough information to identify you (your full name, address and client reference number);
- let us have proof of your identity and address (a copy of your ID or passport); and
- let us know what right you want to exercise and the information to which your request relates.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights).
KEEPING YOUR PERSONAL DATA SECURE
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union or EEA state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Cyprus may be contacted by email at email@example.com or telephone: +357 22818456.
HOW TO CONTACT US
By email at firstname.lastname@example.org.