Privacy Policy

PRIVACY POLICY - GYM FREAKS GROUP s.c.
Publication/update date: 2025-09-30

1. Personal data controller

Your personal data controller is:
Gym Freaks Group civil partnership
Address: ul. Kazimierza Dzięcielskiego 6B/14, 84-200 Wejherowo, Poland
Email: store@gym-freaks.eu
Phone: +48 785 961 286
VAT-EU: PL5882519355
REGON: 529706510

2. Data Protection Officer (DPO)

We have not appointed a Data Protection Officer in our organization.
For data-related matters, please contact us at: store@gym-freaks.eu.

3. Scope and purposes of data processing and legal bases (GDPR)

We process personal data depending on the purpose:

Order fulfillment and delivery
- Scope: name, delivery address, email address, phone number, order details.
- Legal basis: Art. 6(1)(b) GDPR (contract performance).
Issuing invoices and accounting
- Scope: invoice details (name, VAT number, address), order details.
- Legal basis: Art. 6(1)(c) GDPR (legal obligation).
Handling complaints and claims
- Scope: order details, correspondence, documents.
- Legal basis: Art. 6(1)(b) and (f) GDPR.
Payments (Tpay, Paynow)
- Scope: data necessary for payment processing provided to payment operators (tpay.pl, paynow.pl).
- Legal basis: Art. 6(1)(b) GDPR (contract performance).
Marketing and newsletter
- Scope: email address, marketing preferences; remarketing (Google Ads).
- Legal basis: Art. 6(1)(a) GDPR (consent) or - in justified cases - Art. 6(1)(f) GDPR (legitimate interest). Consent is required where data usage for marketing requires consent (e.g., newsletter sending).
Analytics (Google Analytics)
- Scope: anonymous/pseudonymized data on traffic, user preferences.
- Legal basis: Art. 6(1)(a) GDPR (consent) - if permitted by local law, in anonymized form, Art. 6(1)(f) GDPR (legitimate interest) may also apply. Our service requires consent for analytical cookies before launching Google Analytics.
Security / fraud prevention
- Scope: server logs, IP address, user-agent.
- Legal basis: Art. 6(1)(f) GDPR.

4. Categories of personal data

Processed data include: identification data (name, surname), contact details (address, email, phone), invoice data (tax identification number), transactional data (order history), payment data transmitted to payment operators (Tpay, Paynow), and technical data (IP, logs).

5. Data recipients (processors / data processing entities)

Data may be disclosed to the following categories of recipients:

Payment operators: Tpay S.A. (tpay.pl), Paynow (paynow.pl) - to the extent necessary for payment processing.
Courier / logistics companies: InPost, DPD, GLS or other selected carrier - address and contact data for delivery of the shipment.
IT service providers and hosting: hosting company, email service operator, backup providers - based on data processing agreements.
Analytics and advertising service providers: Google LLC (Google Analytics, Google Ads), Meta Platforms (if used).
Accounting office / accounting - to the extent necessary for accounting purposes (based on data processing agreement).

6. Transfer of data outside the EEA

If data is transferred outside the European Economic Area (e.g., services by Google LLC, which may process data in the USA), we apply appropriate safeguards (e.g., standard contractual clauses, other legal mechanisms indicated by providers). Details are available in the privacy policies of individual providers.

7. Data retention period

Order-related data and accounting documentation: 5 years (tax and accounting requirement).
Customer account data (address, order history): until account deletion + 5 years for evidential purposes.
Marketing data (newsletter, remarketing): until consent withdrawal.
Server logs: 90 days.
Complaints and claims: until the expiration of claims under applicable law.

8. Rights of data subjects

You have the right to:

- access data,

rectification of data,

deletion of data ("right to be forgotten"),
restriction of processing,
data portability,
objection to processing,
withdrawal of consent at any time (without affecting the lawfulness of processing before withdrawal).

To exercise your rights, send a message to: store@gym-freaks.eu or a letter to the company's headquarters. We will respond within 30 days (if necessary, the deadline may be extended by an additional 60 days — we will inform you).

You also have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (UODO).

9. Cookies and similar technologies — details and table

Our website uses cookies and similar technologies. Some are necessary for the store to function, others are for analytics or marketing purposes. Analytical and marketing scripts are only activated after user consent (cookie banner).

Cookies table (example)

Category	Example names / provider	Purpose	Storage period
Essential / functional	`PHPSESSID`, PrestaShop cookie	Session maintenance, cart, basic store functions	session / up to 1 year
Analytical	`_ga`, `_gid` (Google Analytics)	Traffic analysis, statistics	`_ga` — 2 years; `_gid` — 24 hours
Marketing / remarketing	`_gcl_au` (Google Ads), `_fbp` (Facebook)	Remarketing, campaign optimization	until consent is withdrawn
Payments	`tpay_` (Tpay), `paynow_` (Paynow)	Payment session, transaction process	session / dependent on operator
External integrations	cookies from external providers	Integration functions (comparators, maps)	dependent on provider

How to manage consents:

Use the cookie banner available on the website to give or withdraw consent for cookie categories.
You can also manage cookies in your browser settings.
To disable personalized Google ads: https://adssettings.google.com.

10. Specifically: Google Analytics, Tpay, Paynow

Google Analytics / Google Ads (Google LLC) - we use it to analyze traffic and optimize ads. We run analytical scripts only after obtaining user consent. Data is processed in accordance with Google's policy. We use IP address anonymization (anonymize_ip) where possible.
Tpay S.A. (tpay.pl) - a payment operator handling transactions in the store; processes data necessary for payment processing. Details regarding data processing at Tpay are available on the tpay.pl website.
Paynow / Paynow.pl - an alternative payment operator; payment data is transmitted only to the extent necessary to process payments; details at the provider.

11. Automated decision-making and profiling

We do not make automated decisions (including profiling) significantly affecting user rights, except for marketing profiling (remarketing), which is done only with user consent.

12. Security measures

We apply technical and organizational measures appropriate to the risk, including: transmission encryption (HTTPS), access control to systems, regular backups, data minimization procedures, entrustment agreements with processing entities.

13. Children and minors

The service is not directed at persons under 13 years of age. We do not knowingly collect data from minors; if we suspect that personal data of a minor has been provided without the consent of a legal guardian, we will take action to remove them upon receiving the appropriate notification.

14. Changes to the privacy policy

The policy may be updated - each update will be marked with the publication date at the top of the document. In case of significant changes, we will inform users prominently.

15. Procedure for exercising rights / contact

Please direct requests to the email address: store@gym-freaks.eu or in writing to the company's registered office. We respond within 30 days of receiving the request. Possible extension by another 60 days in complex cases - we will notify you accordingly.

16. Complaints and supervisory authority

You have the right to lodge a complaint with the supervisory authority - in Poland: President of the Personal Data Protection Office (UODO).

Store Terms and Conditions

Delivery policy

Products

Our company

Your account

Store information

GYM FREAKS
ul. Kazimierza Dzięcielskiego 6B/14
84-200 Wejherowo
Poland
Call us: +48 785 961 286
Email us:

Cookie information

This site uses first party cookies to give you the best experience on our site. We also use third party cookies to improve our services, analyze and then display advertisements related to your preferences based on the analysis of your browsing behavior.

Cookie management

Bessesary cookies for the proper functioning of the website. They allow you to remember the user settings, e.g. language, currency, cart, page layout, etc. Functional cookies do not collect any personal data or send any information to external sites.

Cookies	Provider	Purpose	Validity term
PHPSESSID	Gym Freaks Group Spółka Cywilna	The PHPSESSID is a cookie that is used to identify a user's session on a website. A session is a mechanism for preserving state and user information between individual requests during a single connection session. The PHPSESSID cake stores a unique session ID that is required to process requests and responses between the browser and the server. These cookies only last until you close your browser.	Session
PrestaShop-#	Gym Freaks Group Spółka Cywilna	The PrestaShop cookie stores data to keep the user's session open, including currency, language, customer ID, and other necessary information for the shop's proper operation.	480 hours
_x13eucookie	Gym Freaks Group Spółka Cywilna	Remembers cookie preferences.	365 days
_x13eucookie_consent_hash	Gym Freaks Group Spółka Cywilna	Remembers cookie preferences and latest consent date.	365 days
rc::a	Google	It is used to distinguish humans from bots. It is used to properly report on the use of this website.	Session
rc::c	Google	Used to filter and read requests from bots.	Session
__cfduid	CloudFlare	Technical cookie to ensure that trusted web traffic is identified by the CloudFlare CDN provider.	30 day
cookieyes-consent	cookieyes.com	This cookie stores the user’s consent preferences for different categories of cookies. It enables the cookie banner to function correctly, saves the chosen settings, and prevents the cookie notice from appearing again.	1 Year
_ga_43LFZQ50WC	Google	A Google Analytics 4 cookie used to store session information and identify returning visitors. It helps analyze website usage and measure traffic statistics.	2 years

Statistical cookies collect anonymous information about users, such as the number of visitors, sources of links, etc. These information help to understand how users use the site.

Cookies	Provider	Purpose	Validity term
ajs_anonymous_id	gym-freaks.eu	Anonymous user identifier for analytics	52 days
_pk_id.*	Matomo	This Matomo cookie is used to identify returning visitors and store information about visit count and last visit time. It helps analyze how users interact with the website.	13 months
_pk_ref.*	Matomo	This cookie stores the referrer information, allowing the analysis of traffic sources.	6 months
_ga	Google	A Google Analytics cookie used to distinguish users and collect statistical data about website traffic. It helps analyze how visitors interact with the site.	2 years
__utmz	Google	A cookie used by the older version of Google Analytics to store information about how the visitor reached the website, including campaign data and traffic sources. It helps analyze where visits originate from.	6 months
__utma	Google	A Google Analytics cookie used to identify unique users and record the number of their visits, as well as the time of the first, last and current visit. It helps analyze website traffic statistics.	2 years

Marketing cookies are used to track users through websites. The goal is to show ads that are most relevant to the user.

Cookies	Provider	Purpose	Validity term
ads/ga-audiences	Google	Google AdWords cookies are used to re-engage potential customers based on their web activity.	Session
_fbp	Facebook	Google AdWords cookies are used to re-engage potential customers based on their web activity.	3 months
WPabs	Google Ads	This cookie is used by Google’s advertising system to measure the effectiveness of advertising campaigns and to display more relevant ads to users. It enables tracking of ad interactions across websites within the Google network, helping improve ad targeting and reporting.	11 days
_gcl_au	Google	A cookie used by Google Ads to measure ad performance, initialize conversion tracking, and optimize marketing campaigns. It helps link ad clicks to user actions on the website.	3 months

Personalized cookies concern adjusting the website to your requirements. For example, they can display information about products selected for you.

There are no cookies to display

About Cookies

Cookies are small text files that are saved on your computer or mobile device by the websites you visit. They are used for a variety of purposes, such as remembering user login information, tracking user behavior for advertising purposes, and personalizing the user's browsing experience. There are two types of cookies: session and persistent. The former are deleted after the end of the browser session, while the latter remain on the device for a certain period of time or until they are manually deleted.