Privacy Policy

1. Introduction

This is our privacy policy. Please take the time to read the privacy policy carefully so you know exactly what happens with your personal data and who has access to it.

2. Contact Information

A Corporation GmbH Westendhof 10 D-45143 Essen T +4915731059727 Email: support@agym.io

3. Important Terms

You can find the official explanation of the privacy policy (GDPR) at this link (https://dejure.org/gesetze/DSGVO/4.html).

4. What Information Do We Collect?

We will now explain what data we collect. If there is anything you do not understand, simply send an email to our support team. We will respond as quickly as possible! To use our app, you must create a user account. This account is required to provide you with app features, such as access to our studios. When you create a new user account, we collect the following data:
  • Your phone number
  • Your name
  • Your email address
  • Your date of birth
  • Your address

Why Do We Collect This Data?

Your phone number is needed to authenticate you. Your name, date of birth, and address are used for invoicing purposes and to provide other features in the app (such as displaying your profile to other members or sending your welcome package). We send our terms of service and subscription information to your email address.

5. Who Do We Share Your Data With?

We share your data with two external service providers (Stripe & Google Firebase). We use Stripe for payment processing and Google Firebase to enable secure and simple login procedures and data storage. We use the following Google Firebase services (+ certifications):
  • Firebase Authentication (ISO 27001)
  • Cloud Firestore (ISO 27018)
  • Cloud Functions (ISO 27018)
  • Firebase Cloud Messaging (ISO 27001)

Firebase Authentication

Requires your email address, password, and IP address (for added security). The IP address is stored for a few weeks. Storage location: USA (Firebase is certified under the EU-US Privacy Shield).

Cloud Firestore

Firestore is our database where we store your name, courses, and assignments, for example. Firestore's storage location is Belgium.

Cloud Functions

With Cloud Functions, we can run scripts on the server. Your IP address is temporarily stored during this process. The storage location for Cloud Functions is also Belgium.

Firebase Cloud Messaging

To notify you of important updates and open assignments, we use Firebase Messaging. The Instance ID (https://developers.google.com/instance-id/) is temporarily processed. The Instance ID is used to send push notifications to specific devices, ensuring notifications are sent only to your devices. You can find more information in the privacy policies of Stripe (https://stripe.com/en-de/privacy) and Google Firebase (https://firebase.google.com/support/privacy?hl=en#firebase_data_processing_and_security_terms).

6. How Long Do We Store Your Data?

The duration of storage of personal data is based on legal retention periods and obligations (e.g., from commercial or tax law). Once the period expires, the data will be deleted by the end of the month unless required for initiating, executing, or terminating a contract and/or there is a legitimate interest on our part in processing it.

7. What Are Your Rights?

  1. The right, according to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if not collected by us, as well as the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details.
  2. The right, according to Art. 16 GDPR, to request the immediate correction of incorrect or incomplete personal data stored by us.
  3. The right, according to Art. 17 GDPR, to request the deletion of your personal data stored by us, provided that the processing is not necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims.
  4. The right, according to Art. 18 GDPR, to request the restriction of processing of your personal data, provided the accuracy of the data is disputed by you, the processing is unlawful, but you object to its deletion, and we no longer need the data, but you need it for asserting, exercising, or defending legal claims, or you have objected to the processing according to Art. 21 GDPR.
  5. The right, according to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another responsible party.
  6. The right, according to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of the federal state where our headquarters are located or, if applicable, your usual place of residence or workplace.

Questions

If you have any questions, contact us via email at: support@agym.io Your A Team.