PRIVACY AND PERSONAL DATA PROTECTION POLICY OF PHYSICAL SPACE & FT-CLUB WEBSITE
Our company respects the personal data of website visitors, athletes and its partners and takes care of their safe management, therefore we wish to inform you about the way in which we handle the data you entrust to us.
The company “FITNESS TRIP E.E.” under the name “FITNESS TRIP” located on Lassanis Street, no. 4 (Peristeri Attica, Postal Code 12132), with A.F.M. 801838171 (D.O.Y. Peristeriou) (hereinafter “Processing Manager” or “the Gym”) hereby informs in accordance with the provisions of the existing legislation on the protection of personal data and in particular the General Regulation EU 679/2016,
the natural person 1) who uses the website www.ft-club.gr (hereinafter referred to as “Data Subject”) and/or 2) who signs the Athlete Registration Application either for him or herself individually (hereinafter referred to as “Data Subject” ) either as a parent/legal guardian for the minor child of whom he is a parent/legal guardian (also “Data Subject”), 3) the natural person who cooperates as an employee or partner or supplier and/or additional to the Company that collects, processes and stores, both in electronic and printed form, personal data provided by the user of the website, or voluntarily and for the satisfaction of requests submitted by the applicant, athlete or partner or for the requirements of the cooperation, according to the below more specific terms and conditions:
1. Scope of the Privacy Policy
This Privacy Policy applies and applies both to the physical space and all facilities as well as the FT-CLUB website (www.ft-club.gr). The Company, as responsible for the processing of your personal data, is committed to respecting and protecting your privacy, as well as safeguarding your personal data. The vision and goal of our Company is to provide high level services, beyond your highest expectations and for this reason, with respect to the applicable national and European personal data protection framework and in particular the new European General Data Protection Regulation EU 2016/679 (hereinafter GDPR or Regulation), provides with this Privacy Policy in order to inform you about the personal data collected, about the way in which it is used and about your rights. As they arise from the regulation. However, as the Company’s activities and the resulting forms of processing are constantly evolving, other forms of processing may be included in this one and the Company undertakes, in the event that a new form of processing is added, to take care to update this Privacy Policy and, in any case , to provide you with the necessary information before collecting your personal data. Any modification thereof as well as the most updated versions will be posted on the website www.ft-club.gr with the date of the last modification.
2. Identity of the Controller
The company “FITNESS TRIP E.E.” is defined as the controller of your personal data. under the name “FITNESS TRIP” located on Lassanis Street, no. 4 (Peristeri Attica, Postal Code 12132), with A.F.M. 801838171 (D.O.Y. Peristeriou) (hereinafter “Processing Manager” or “the Company”).
The main purpose of the Company is to provide physical exercise and wellness services. As part of its activity, the Company manages FT CLUB gym facilities, which include individual and/or group fitness and training areas, locker rooms, and other physical well-being facilities. Also, the Company maintains and manages the website www.ft-club.gr.
3. Data collection
3.1. When registering at the gym with your express consent as a Member:
1) Member details (name and surname, patronymic, residential address)
2) Date of birth (it is emphasized that registration in the gym is only allowed for people over 14 years old). The registration of minors as members, as well as the renewal of membership and the purchase of special (individual or special) programs, in addition to the basic membership, is only possible by the person exercising his care upon his consent for the registration of the minor as a member and the approval of the terms of the Regulation. However, it is noted that, especially with regard to the area of our website, it is not always possible to determine the age of the persons who have access to and use our website and for this reason we encourage parents or legal guardians to contact us in case to observe the unauthorized provision of data by minors so that they can exercise their rights accordingly. 3) home and/or work contact phone number (landline / mobile) and emergency contact number. 4) e-mail address (e-mail), 5) Furthermore, each member is required to provide a medical certificate from a Doctor at the time of registration, certifying his fitness for physical exercise. In the event that the certificate is not presented within one month of activation of the membership, the gym reserves the right not to allow the member to enter until it is presented. A corresponding certificate must be submitted annually. 6) During the registration of the member, his photograph is taken by the reception staff, as a necessary element, it is included in the membership card with a code which is stored in the computer database, to prove his identity upon entering the gym.7 ) copy of the TIN, 8) VAT number and VAT number if the issuance of an invoice is requested, 9) In the case of interbank transactions, we may collect, upon notification by you or on behalf of the financial institutions, additional details of your credit card or your bank account. Our Company provides the possibility to pay via POS of the Cardlink Company with which it has contracted and accepts that the collection and processing of personal data in the context of the supply and use of Terminal Equipment for carrying out card transactions, as described in the terms of the above contract which is available at https://cardlink.gr/terms-of-pos-supply/, is governed by the Privacy Policy available at https://cardlink.gr/gdpr/. 10) Closed circuit video surveillance operates in the gym premises with special signage near them, which, according to current legislation, may be used for security purposes and we adopt a relevant policy which is also posted on our website. 11) By using the Membership Card we collect the
information about your visits to the Gym and about the remainder of your membership time or active plans. In any case, for the sake of the smooth operation of the FT gym and for security reasons, members are required to present their membership card upon entering the gym and display it at the special identification device located at the gym’s reception (card reader). 12) Finally, the Company may keep a record of the written letters, e-mails or other messages and generally any written communications you have exchanged with the FT gym for any reason and especially regarding your cooperation with it.
3.2. Websites, Apps,
The Company through its website uses technology that allows the collection of information about the users of the ft-club.gr website. In any case, FT Club will provide you with the necessary information so that you are able to give prior consent for the processing your personal data for one or more specific processing purposes. You may also be asked to provide us with information about your location or your personal preferences and interests in order to provide you with more personalized services. Specifically, through our website, a) Traffic monitoring is carried out using Google Analytics and we use this data to determine the number of people using our website, to better understand how people find and use our website and to be informed about their progress within the website. b) Contact forms. In the event that you choose to contact us via the contact form, none of the data you provide will be stored by this website or transferred or processed by any third party data processor. c) Newsletters – Communication. If you choose to subscribe to our newsletters, providing your name and email address (e-mail) to access communication/promotional/advertising material of FTT GYM as well as to follow our activities and be informed of actions and events and to be in touch with us. E-mail addresses will be used exclusively for the purposes of the website and only in the context of their consent. Also, those who choose can unsubscribe at any time. d) Social plugins (Social plugins). Our Company’s website may use social plugins related to different online social networks (Facebook, Instagram, etc.). Our Company is not responsible and has no control over the scope and type of data collected and stored by social network providers through plugins. Social network providers maintain their own policies, and if you do not agree with them, we recommend that you avoid using the respective plugins. e) Google Maps (Google Maps). Our website www.ft-club.gr uses the map service “Google Maps” (Google Maps) through an application programming interface (API). The provider is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Please be aware that in order to use the functions of Google Maps it is necessary to store your Internet Protocol (IP) address and this information is usually transmitted to a server of Google LLC in the USA and stored there. F) Finally, through our website it is possible to provide links to websites of third parties – providers who are not connected to us. In the event that you choose to visit this link, our Company has no relationship and responsibility arising from and associated with the collection, processing and utilization of any personal data that may be transmitted to third parties after clicking on the link
3.3. Special Categories of Personal Data – Sensitive Personal Data
With the term “special categories of personal data” or “sensitive personal data”, the Regulation (GDPR) refers to personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as and the collection of genetic data, biometric data for the purpose of unambiguous identification of the natural person, data related to health or data related to a natural person’s sex life or sexual orientation. We may collect such data, and specifically only biometric data, only if you provide it to us voluntarily or if we ask you to do so and we have obtained your prior express consent in the context of using our services.
3.4. Employees and partners
The Company’s employees and partners provide us with their consent certain data and information that are absolutely necessary for the fulfillment of the contractual relationship with the Company. Such data, indicatively, are: first name, patronymic, matrimonial name, date of birth, place of birth, gender, citizenship, residential address, e-mail address, contact telephone numbers, Identity Card Number (IDN), Tax Registration Number (TIN), Social Security Number (AMKA) and other insurance fund registration numbers, health record, criminal record, work permit, bank account number (IVAN), curriculum vitae, educational qualifications, information regarding their health, their family status and details of dependent members, their education and training, their previous service, as each time these apply to the exercise of the Company’s legal obligations. Employees and partners are always provided with information on the processing of their personal data, as an annex to their contract, with absolute respect for their privacy and rights regarding the protection of their personal data.
4. Purpose of processing
The data is processed exclusively for the provision of the services offered by the Company and the FT CLUB Gym. These include the use of contact information to inform our members about issues related to our services offered, correspondence related to solving any problems and questions that arise during the use of our services, as well as possible communications for information about offers of FT CLUB GYM to its members.
Our Company expressly declares that it does not use the data for purposes other than those related to the correct provision of its services at the best possible satisfactory level and security, always with a view to providing high-level services but also to the company’s compliance with the current legislation. It is expressly stated that under no circumstances does the Company sell, rent, or in any other way grant or transmit personal information, submitted voluntarily, to third parties except in the case in which the disclosure of information is required by an express provision of the law and exclusively and only to the competent authorities. The users of the website or the services provided to the FT Gym by our Company are responsible for any submission of personal data of third parties without relevant authorization, as well as for the submission of false, untrue or inaccurate information and data through negligence, or with the intention of deceiving or misleading.
5. Personal Data Retention Period
The “Processor” will keep and process the above personal data for as long as it is necessary to serve the aforementioned processing purposes as well as for as long as it is necessary to comply with its legal obligations (in particular tax) as well as for the exercise of his legal rights or obligations. After the above period of time, the data is permanently deleted.
6. Information Security
The “Processor” collects, processes and keeps data that is convenient, relevant and necessary, for which it is collected. The above personal data are processed in a way that ensures this privacy by all reasonable means, as the appropriate technical and organizational security measures are observed, while strict rules and procedures are followed to prevent unauthorized access, prohibited dissemination, disclosure, loss, unfair destruction or processing. It is noted, however, that no online transmission method or electronic storage method is one hundred percent secure and we inform you that our Company takes all possible physical, technical and organizational security measures to protect the personal data it collects and processes from accidental or unlawful destruction, loss, alteration and disclosure or access use without permission. You are informed that your personal data is kept in a local database that is not connected to the Internet and to which only the Management of the FT CLUB GYM and the Company have full access, while some employees of the FT CLUB GYM have partial access. The security measures are reviewed and modified every whenever it is deemed necessary to meet the conditions and specifications set by the current legislation.
7. Your Rights
The “Data Subject”, i.e. each member, employee, supplier, etc. maintains in accordance with the GDPR, whenever he wishes and submits a relevant request (an application form is provided upon request to the Secretariat or via the online address www.ft-club.gr to exercise the following rights:
a) The right to information: You have the right from the GDPR to be informed about the nature and purpose of the processing, as well as the means of protecting your personal data.
b) The right of access: He has the right to request access to his personal data.
c) The right to correct or complete data: You have the right to request the correction of inaccurate or incomplete data of yours
d) The right to delete the data: He has the right to request the deletion of his data, when and if he no longer wishes to process and maintain them, under the conditions set by law and if they are not kept for a legal reason.
e) The right to restrict the processing of data: Under conditions set by the GDPR, he can request the restriction of the processing of his personal data
f) The right to object to the processing: He has the right to object to the processing of his personal data at any time, under the conditions set by law
g) The right to data portability: He has the right to request the transfer of his data, in an appropriate format, and their transmission to another Processor.
h) The right to withdraw his consent: He has the right to withdraw his consent at any time.
The above rights are exercised at any time under the conditions of the GDPR and subject to the legal rights and obligations of the “Data Processor”, either by completing the corresponding application-form available both at the gym’s Secretariat and on the website, which can send either to the address of the “Processor” (Lassanis, no. 4, Peristeri Attica, P.K. 12132) or to the email address info@fitnesstrip.gr.
In case of exercising one of your rights mentioned above, the “Processing Manager” will take all possible measures to satisfy your request in a timely manner, within one (1) month or within a higher time limit within two (2) months, if there is reason extension of the above deadline, as specifically defined and under the conditions of the Personal Data Legislation, informing the applicant in writing of the satisfaction of his request or of the reasons that prevent him from exercising, or the satisfaction of one or more of the above mentioned rights, according to the definitions of the Personal Data Legislation. Finally, every “Data Subject” has the right, if he considers that the processing of his personal data is not lawful or wishes to exercise any other right, to file a complaint before the Independent Authority for the Protection of Personal Data based in Athens (Kifisias 1 -3, P.O. 115 23) and on the phone 2106475600 and fax 2106475628 or at the email address complaints@dpa.gr.
8. Cookies Policy
Our Company maintains and manages the website ft-club.gr, on which cookies are applied. Our Company adopts a strict policy to protect the privacy of website visitors and wishes to inform you that they are small files with information that a website stores on a user’s computer, so that every time the user connects to the website. The website can retrieve said information and offer the user related services. A typical example of such information is the user’s preferences on a website, as indicated by the choices the user makes on the specific website (e.g. selection of specific “buttons”, searches, advertisements, etc.). Cookies are used on the website www.ft-club.gr so that the Company can manage the sessions on the website www.ft-club.gr to manage the sessions, to provide personalized web pages and to adapt advertising and other content to reflect your particular needs and interests. Cookies can also be used for statistics that allow the Company to understand how the public uses the website www.ft-club.gr and help to improve its structure and content. It is not possible for the Company to verify your personal identity from this information. You can modify your browser settings to reject some or all Cookies. You should be aware that some features are only available through the use of Cookies and if you choose to reject Cookies, these features may not be available. Absolutely necessary Cookies are essential for the proper functioning of the website. They allow you to browse and use its functions, such as accessing secure areas or using the shopping cart. They do not recognize your individual identity in any way. Without them, the Company cannot offer efficient operation of the website. Performance Cookies collect information about how visitors use the website. They also collect aggregated, anonymous information that does not identify any visitor. They are used exclusively to improve the performance of a website. Functionality Cookies allow the website to remember user choices such as username or region to provide enhanced and personalized features. The information collected by this type of Cookies is anonymous and it is not possible to track browsing activity on other websites. Targeting Cookies are used to deliver content that is more relevant to you and your interests. They may be used to display targeted advertising/offers, limit ad impressions or measure the effectiveness of an advertising campaign. Social Media Cookies are used because they are necessary for the interaction of your accounts on social networks with our website. However, these cookies are not necessary for browsing our website. The cookie policies of the social networks adopted by each network are available on their website. Indicatively, we mention the electronic addresses where the privacy policies of three of the largest social networks are published Facebook: http://www.facebook.com/about/privacy/ Instagram: https://instagram.com/legal/cookies/ YouTube: https://www.youtube.com/static?template=privacy_guidelines. It is worth noting that all the data we collect from the use of cookies through our website are processed and stored exclusively in the form of anonymous statistical data and do not bear any direct connection to your person. Also, our Company does not sell or trade data collected in this way. Upon entering the main page of our website, you will be informed of a relevant note on the use of Cookies, which is in a visible position and refers to this usage policy. In the event that you decide to browse the subpages of our website and if you have properly configured your web browser, you freely provide your explicit and specific consent for this use. Otherwise, you must refrain from browsing our website or disable the use of cookies in your browser settings. In the event that you wish to activate or deactivate the use of Cookies from your browser settings, depending on your browser, visit the respective websites in order to learn about the necessary actions. For your convenience, we list the e-mail addresses that include information about the procedure to follow to manage Cookies in some of the existing browsers:
Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Microsoft edge: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Apple Safari: https://support.apple.com/kb/ph21411?locale=en_US
Microsoft internet explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Opera: https://www.opera.com/help/tutorials/security/privacy/ .
Thank you very much for taking the time to learn about our Privacy and Personal Data Protection and Cookies Policy. We are at your disposal.
The FT Club Directorate
FT-CLUB VIDEO SURVEILLANCE SYSTEMS OPERATION POLICY
1. SCOPE AND PURPOSE
1.1. This policy describes the terms of installation and operation of the FT-CLUB GYM video surveillance system through closed circuit television cameras (CCTV). Also, the measures taken in order to protect the personal data concerning natural persons that may be videotaped by the closed-circuit cameras of the FT-CLUB GYM are defined. This is posted on the FT-CLUB website and at the same time, it is available in print at the GYM secretariat.
1.2. The installation of video surveillance systems in the premises of the FT-CLUB GYM provides the ability to receive and/or transmit images and/or sound to projection screens or recording machines, respecting the principle of proportionality.
1.3. The purpose of video recording is exclusively the safety and protection of the company’s staff, customers, visitors, office premises, goods, merchandise, vehicles and other assets and information.
2. PROCESSOR – PROCESSOR OBLIGATIONS
2.1. As the controller, the Company, “FITNESS TRIP E.E.” under the name “FITNESS TRIP” located on Lassanis Street, no. 4 (Peristeri Attica, Postal Code 12132), with A.F.M. 801838171 (D.O.Y. Peristeriou] has all the obligations deriving from GDPR 2016/679, law 4624/2019 and the Guidelines of the Personal Data Protection Authority (PDPA).
2.2. The company as data controller has the obligation to satisfy the information rights of the subjects (posting of a special information sign, publication of this policy on the company website, information of employees, etc.), access (by payment of a reasonable fee of 10 euros, an amount corresponding to the cost of storage medium material, USB Stick, and the related employment of staff) and objection of the data subjects, obligation to observe the confidentiality and security of the processing.
3. POLICY OF OPERATION OF VIDEO SURVEILLANCE SYSTEMS
3.1. The video surveillance system of the FT-CLUB GYM has been installed in strict compliance with the principle of proportionality, for the purposes of security of facilities, employees, customers, suppliers, protection of persons and goods from criminal acts and when weighing the interests at stake, the FT-CLUB GYM concluded that the existing video surveillance (CCTV) system is still absolutely necessary, adequate and the mildest possible means of ensuring the intended level of security and protection of persons and property.
3.2. With a view to enhancing privacy protection, the Company has taken appropriate measures so that the video surveillance system does not proceed with the capture and special processing, (e.g. enlargement, special targeting, indexing, analysis of special characteristics) of images that reveal “special categories data”. Video surveillance cameras are basically fixed and transmit data via the Internet (web cameras).
4. VIDEO SURVEILLANCE AREAS
4.1. The video surveillance cameras, with or without recording, monitor the movement at the entrances and exits or inside the FT-CLUB GYM, while they have been placed by the installer in appropriate places that ensure that the monitoring is expressly limited to the areas absolutely necessary to achieve the intended purpose purpose which is the safety of the attendees.
4.2. Video surveillance cameras have NOT been installed in locker room areas, locker room entrances, areas where massage services, tanning services are provided, and areas where individual pilates classes are held, at points aimed at a street or points where an image is taken from an external public area or nearby buildings.
4.3. It is expressly stated that the video surveillance system is not used to monitor and evaluate employees within their work offices.
4.4. The operation of these cameras during working and non-working hours ensures increased protection of the FT-CLUB premises (such as prevention and proof of criminal acts, e.g. theft, violence, vandalism, early detection of malicious actions, flood control or fire), especially when the FT-CLUB GYM operates at night, when the risks are increased. The corridors are not monitored during the hours when employees and visitors of the FT-CLUB GYM are active there and therefore their privacy is not violated.
5. VIDEO SURVEILLANCE DATA
5.1. The video surveillance system of the FT-CLUB GYM consists of special recording machines and fixed cameras, which operate twenty-four (24) hours a day, seven (7) days a day. The video surveillance system of the FT-CLUB GYM records the movement in the monitored area together with the date and time. The image from the cameras that are working at any time is available in real time in the office of the Gymnasium Management.
6. PERIOD OF DATA RETENTION
6.1. The duration of storage of the taped material in a safe place is limited to a maximum period of fifteen (15) days and then the data is deleted automatically unless there are exceptions (criminal acts, requests of prosecuting authorities, police and prosecution authorities, etc.).
6.2. In the event of a security-related incident, the relevant recorded material can be kept beyond 15 days and in accordance with the provisions of the directive of the APDPH. In particular, the data can be extracted from the system and kept in a separate file for up to 30 days. If the event concerns a third party, the images can be kept for up to 3 months. Access to video surveillance data is strictly limited to a small number of authorized operators.
7. PROTECTION OF VIDEO SURVEILLANCE DATA
7.1. The video surveillance system includes special machines (eg recorders) that are installed in special areas with controlled and classified access, are connected to a network and protected from unauthorized access by the use of passwords. Access to the video surveillance system and the personal data it collects, including real-time images and recorded material, is limited to a small number of clearly defined individuals belonging to the Management and staff of the FT-CLUB GYM.
7.2. The Company defines the access rights, which are determined according to the specialized work roles, in order to ensure that the system operators see only the information relevant to their tasks. The Company uses external partners / processors of personal data on its behalf for guarding and security of its office premises in order to protect people and goods (providing technical coverage services for security systems – access control – CCTV – fire safety and extinguishing).
8. EXTERNAL PROCESSORS
8.1. The technical support for the processing of personal data through a video surveillance circuit is carried out via a network and additionally includes visits by each subcontractor, installer or maintainer to the office premises of the FT-CLUB GYM for the control of internal and external system circuits as well as the creation of backup copies of the control and recording software. The above external partners / processors are bound by a contract that ensures the confidentiality and security of the processing.
8.2. The operators of the system are aware of the purpose of the processing and of the permitted uses of the system. Apart from the aforementioned small number of clearly defined persons who have access to the data of the video surveillance system due to their role, the data is not shared or transmitted to third parties except with the consent of the persons depicted in the relevant records or if this is required by the competent judicial, prosecutorial and police authorities in the exercise of their duties, while transmission is also permitted, under the terms of the law, to the person depicted in the records kept as a victim or perpetrator of a criminal act. Any breach of personal data collected by the video surveillance system is recorded in the Incident Log File and the company’s Data Protection Officer is informed as soon as possible.
9. RIGHTS OF DATA SUBJECTS
9.1. As a data subject, every person has the right to access the data of a video surveillance system concerning them. He also has the right to request a copy of the video material, by submitting a written request on a special form provided by the head of the secretariat. The application submitted contains the identity information (ID card, passport, etc.) and mention of the legal reason for requesting it as well as the other information (date and time of taking pictures) and is accompanied by the payment of a reasonable administrative fee of 10 euros.
9.2. If the video surveillance system records a criminal act in which someone is involved as a victim or perpetrator, the latter may request to be granted the relevant videotaped part of the data, subject to the existence of a relevant prohibition by a competent judicial authority.
9.3. The requests to exercise the rights of the subjects are examined by the Company and are satisfied in the shortest possible time and according to the provisions of the current legislation. If the company finds that the objection request is legitimate and must be satisfied, it must delete or block (“lock”) the corresponding data, as well as adjust the operation of the system in general to avoid corresponding illegal processing in the future.
9.4. Special treatment is required when the images to be presented also include third parties, such as obtaining consent from the third parties, using editing techniques or partial satisfaction of the request. In the event that the protection of their personal data is affected by the Company in any way, the subjects have the right to appeal to the Data Protection Officer (DPO) of the GYM info@ft-club.gr and if they are not satisfied, to the Personnel Data Protection Authority Character (APDPH) (http://www.dpa.gr).
GYMNASTIRIO FT-CLUB may periodically revise this policy, whenever this is considered appropriate or necessary and the current policy is posted on the website www.ft-club.gr with a note of the date of the last update.
DATE OF LAST UPDATE 16/01/2023