Gymersion

Privacy Policy

INTRODUCTION

This Privacy Policy (“Policy”) demonstrates the commitment of Gymersion (referred to as “Gymersion,” “we,” “us,” or “our”), to the security and privacy of information collected from users, who are the owners of their personal data (“Data Subject,” “User,” or “you”), and to help you make informed decisions about your privacy.

This Policy clarifies the general conditions for collection, use, storage, and other forms of processing and protection of personal data on our website www.gymersion.com, and social media platforms (“Website”), in compliance with applicable Portuguese and European Union data protection legislation, including:

  • General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679
  • Portuguese Data Protection Law – Lei n.º 58/2019
  • ePrivacy Directive – Directive 2002/58/EC
  • Portuguese Electronic Communications Law – Lei n.º 41/2004

CONTACT FOR PRIVACY MATTERS

For any questions, concerns, or requests regarding your personal data and privacy, please use the contact form on our website.

You may contact us for any questions, concerns, or requests regarding your personal data.

POLICY UPDATES

This Privacy Policy may be updated or modified at any time. Changes will be prominently communicated on our Website and, when significant, via email to registered users.

By using our Website, you freely, informedly, unequivocally, expressly, and fully consent to this Policy.

We recommend careful reading of this document.

TABLE OF CONTENTS

  1. Scope and Target Audience
  2. What is Personal Data Processing
  3. Who Controls Your Personal Data
  4. Information We May Collect
  5. Legal Basis for Processing Personal Data
  6. How We Use Your Personal Data
  7. Sharing of Personal Data
  8. Your Rights as a Data Subject
  9. How We Store and Protect Personal Data
  10. International Data Transfers
  11. Data Retention Period
  12. Communication Policy
  13. Links to Other Websites
  14. Third-Party Services and Policies
  15. Cookies and Tracking Technologies
  16. Children’s Privacy
  17. Your Consent
  18. Contact Information

1. SCOPE AND TARGET AUDIENCE

This Privacy Policy applies to individuals who:

  • Access our Website for fitness information and resources
  • Register for accounts on our platform
  • Subscribe to our newsletters or communications
  • Contact us through our communication channels
  • Use our services, including workout programs, training plans, and premium content
  • Interact with our content on social media platforms

2. WHAT IS PERSONAL DATA PROCESSING

Personal data processing (or “processing data”) means any operation performed with personal data, including:

  • Collection of your data
  • Use and consultation of information
  • Access to data
  • Storage in our systems
  • Disclosure to third parties
  • Deletion or destruction

Personal data is any information relating to an identified or identifiable natural person. Data relating to you as a Gymersion user constitutes personal data.

Special categories of data (sensitive data) include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sexual orientation. We do not intentionally collect or process such data unless explicitly necessary and with your specific consent.

3. WHO CONTROLS YOUR PERSONAL DATA

When you access our Website and use our services, Gymersion acts as the Data Controller of your personal data, operating in accordance with applicable legislation and as described in this Policy.

As a blog operator under GDPR, we determine the purposes and means of processing your personal data and are responsible for ensuring compliance with data protection laws.

Note: As a small-scale blog operation, we are not required to designate a formal Data Protection Officer (DPO) under GDPR Article 37. However, we take data protection seriously and handle all privacy matters with the same level of care and compliance.

4. INFORMATION WE MAY COLLECT

IMPORTANT: You are not obligated to provide us with your information. However, without providing certain information when requested, you may not be able to access some functionalities. In addition to data you provide directly, information is automatically collected whenever you interact with our Website. Such information may not be personally identifiable on its own, but when combined with other data that can be associated with you, it will be treated as personal data.

Within the limits permitted by applicable legislation, Gymersion may process the following personal data:

4.1 Information You Provide Directly

SourceData CollectedPurpose
Newsletter SubscriptionEmail address, name (optional)To send fitness content, blog updates, and newsletters you’ve subscribed to
Contact FormsName, email address, message contentTo respond to your inquiries, questions, or feedback
Account Registration (if applicable)Name, email address, password (encrypted)To create an account for accessing premium content or personalized features (if offered)
Comments (if enabled)Name, email address, website (optional), comment contentTo display and manage comments on blog posts

4.2 Information Collected Automatically

SourceData CollectedPurpose
Website NavigationIP address, browser type and version, device type, operating system, date and time of access, pages viewed, duration of visit, referral source, clickstream dataTo analyze website usage, improve functionality, ensure security, and personalize content
Cookies and Similar TechnologiesCookie IDs, device identifiers, tracking pixels, web beaconsTo enable essential website features, remember preferences, analyze usage patterns, and deliver relevant advertising. See our Cookie Policy for details
Device InformationDevice model, manufacturer, operating system version, unique device identifiers, mobile network informationTo optimize website performance for different devices and troubleshoot technical issues
Log FilesServer logs, access logs, error logs, security logsTo maintain security, diagnose problems, and comply with legal obligations
Geolocation DataApproximate location based on IP address (country/city level)To provide location-relevant content, comply with regional laws, and detect fraudulent activity

4.3 Social Login Information

SourceData CollectedPurpose
Social Media Authentication (Google, Facebook, Apple)Name, email address, profile picture, user ID from social platformTo enable quick account creation and login using your existing social media accounts. We only access information you’ve authorized the social platform to share

4.4 Information from Third-Party Sources

We may receive information about you from third-party services, such as:

  • Analytics providers (e.g., Google Analytics)
  • Advertising partners
  • Social media platforms
  • Payment processors

4.5 Data Minimization Principle

We do not intentionally collect, store, or process excessive or unnecessary personal data beyond what is required for the stated purposes. We specifically do not intentionally collect sensitive personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sexual orientation) unless explicitly necessary with your express consent.

If you inadvertently provide sensitive data, please refrain from doing so. If we become aware of inadvertent collection of such data, it will be deleted from our records.

5. LEGAL BASIS FOR PROCESSING PERSONAL DATA

Under GDPR, we must have a lawful basis for processing your personal data. We process your data based on one or more of the following legal grounds:

5.1 Consent (GDPR Article 6(1)(a))

You have given clear, informed, specific, and unambiguous consent for us to process your personal data for specific purposes, such as:

  • Marketing communications and newsletters
  • Optional cookies and tracking
  • Personalized content recommendations

You can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

5.2 Contractual Necessity (GDPR Article 6(1)(b))

Processing is necessary for:

  • Performing our contract with you (providing services you’ve subscribed to)
  • Taking steps at your request before entering into a contract (account registration)

Examples include:

  • Creating and managing your account
  • Processing payments
  • Delivering subscribed content and services

5.3 Legal Obligation (GDPR Article 6(1)(c))

Processing is necessary to comply with legal obligations, such as:

  • Tax and accounting requirements
  • Responding to lawful requests from authorities
  • Maintaining security and access logs as required by law

5.4 Legitimate Interests (GDPR Article 6(1)(f))

Processing is necessary for our legitimate interests or those of third parties, provided these interests do not override your fundamental rights and freedoms. Examples include:

  • Improving our services and user experience
  • Detecting and preventing fraud and security threats
  • Conducting analytics and research
  • Direct marketing (where consent is not required)
  • Network and information security

You have the right to object to processing based on legitimate interests.

6. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

6.1 Content Delivery

  • Provide access to fitness content, articles, and blog posts
  • Deliver newsletter and email updates (with your consent)
  • Enable commenting features (if applicable)
  • Provide access to any premium content (if offered)
  • Personalize content recommendations based on your interests

6.2 Communication

  • Send service-related notifications (account updates, password resets, subscription confirmations)
  • Respond to your inquiries, questions, and support requests
  • Send newsletters, promotional content, and fitness tips (with your consent)
  • Conduct surveys and gather feedback

6.3 Improvement and Development

  • Analyze website usage and user behavior to improve functionality
  • Develop new features and services
  • Conduct research and analytics
  • Test new technologies and approaches

6.4 Security and Fraud Prevention

  • Detect and prevent fraudulent activities
  • Protect against security threats and unauthorized access
  • Monitor for violations of our Terms of Service
  • Maintain audit logs and security records

6.5 Legal Compliance

  • Comply with legal obligations and regulations
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service
  • Protect our legal rights and interests

6.6 Marketing and Advertising

  • Send promotional communications about our services (with your consent)
  • Display personalized advertisements
  • Measure effectiveness of marketing campaigns
  • Conduct market research

7. SHARING OF PERSONAL DATA

We respect your privacy and only share your personal data when necessary to achieve the purposes described in Section 6, within the limits and purposes of our business, in accordance with the purpose of data processing, and as authorized by applicable legislation.

7.1 Third-Party Service Providers

We may share your data with trusted third-party service providers who assist us in operating our business:

CategoryPurposeExamples
Hosting ServicesHost and manage websiteWordPress, Wix, Squarespace, or custom hosting provider
Email ServicesSend newsletters and communicationsMailchimp, ConvertKit, SendGrid, or similar
Analytics ProvidersAnalyze website traffic and user behaviorGoogle Analytics, Matomo
Content Delivery NetworksDeliver content efficientlyCloudflare, or hosting provider CDN
Comment SystemsManage blog comments (if enabled)Disqus, WordPress native comments, or similar
Social Media PlatformsShare content and engage with audienceFacebook, Instagram, YouTube, Twitter/X

All service providers are contractually obligated to:

  • Process data only for specified purposes
  • Implement appropriate security measures
  • Comply with GDPR and applicable data protection laws
  • Not use data for their own purposes

7.2 Legal Requirements

We may disclose your personal data to:

  • Law enforcement or regulatory authorities when legally required
  • Courts and tribunals in response to valid legal processes
  • Government agencies to comply with legal obligations
  • Tax authorities for tax compliance purposes

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

7.4 With Your Consent

We may share your data with other third parties when you have provided explicit consent for such sharing.

7.5 No Sale of Personal Data

We do not sell your personal data to third parties for their marketing purposes.

8. YOUR RIGHTS AS A DATA SUBJECT

Under GDPR and Portuguese data protection law, you have the following rights regarding your personal data:

8.1 Right of Access (GDPR Article 15)

You have the right to:

  • Confirm whether we process your personal data
  • Obtain a copy of your personal data
  • Receive information about how we process your data

8.2 Right to Rectification (GDPR Article 16)

You have the right to:

  • Correct inaccurate personal data
  • Complete incomplete personal data

8.3 Right to Erasure / “Right to be Forgotten” (GDPR Article 17)

You have the right to request deletion of your personal data when:

  • Data is no longer necessary for the purposes collected
  • You withdraw consent (where processing is based on consent)
  • You object to processing and there are no overriding legitimate grounds
  • Data has been unlawfully processed
  • Data must be erased to comply with legal obligations

Note: This right is not absolute and may be limited by legal obligations to retain certain data.

8.4 Right to Restriction of Processing (GDPR Article 18)

You have the right to request restriction (temporary suspension) of processing when:

  • You contest the accuracy of data (while we verify)
  • Processing is unlawful but you don’t want erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing (while we verify legitimate grounds)

8.5 Right to Data Portability (GDPR Article 20)

You have the right to:

  • Receive your personal data in a structured, commonly used, machine-readable format
  • Transmit your data to another controller where technically feasible

This right applies when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

8.6 Right to Object (GDPR Article 21)

You have the right to object to:

  • Processing based on legitimate interests
  • Direct marketing (including profiling for marketing)
  • Processing for scientific, historical research, or statistical purposes

8.7 Right Not to Be Subject to Automated Decision-Making (GDPR Article 22)

You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal or similarly significant effects, unless:

  • Necessary for contract performance
  • Authorized by law
  • You have given explicit consent

8.8 Right to Withdraw Consent (GDPR Article 7(3))

When processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.9 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority:

Portuguese Data Protection Authority (CNPD)
Comissão Nacional de Proteção de Dados
Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa, Portugal
Phone: +351 21 392 84 00
Email: geral@cnpd.pt
Website: https://www.cnpd.pt

8.10 How to Exercise Your Rights

To exercise any of these rights, please use the contact form on our website.

We will respond to your request:

  • Within 30 days (may be extended by 2 months for complex requests)
  • Free of charge (except for manifestly unfounded or excessive requests)
  • In writing (electronically or by post, as you prefer)

We may request additional information to verify your identity before processing requests.

9. HOW WE STORE AND PROTECT PERSONAL DATA

9.1 Security Measures

Gymersion implements appropriate technical and organizational measures to protect your personal data against:

  • Unauthorized access or disclosure
  • Accidental or unlawful destruction
  • Loss, alteration, or damage
  • Unauthorized processing

Security measures include:

Technical Safeguards:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication and access controls
  • Regular security testing and vulnerability assessments
  • Firewalls and intrusion detection systems
  • Secure backup and disaster recovery procedures

Organizational Safeguards:

  • Strict access controls and need-to-know basis
  • Employee training on data protection
  • Confidentiality agreements with staff and contractors
  • Data protection impact assessments for high-risk processing
  • Incident response procedures
  • Regular policy reviews and updates

9.2 Access Control

Access to personal data is restricted to:

  • Authorized employees and contractors
  • Only those who need access for specified purposes
  • Subject to confidentiality obligations

9.3 Third-Party Security

We require all third-party service providers to:

  • Implement appropriate security measures
  • Process data only for specified purposes
  • Comply with GDPR requirements
  • Report security incidents promptly

9.4 Limitation of Liability

Important Notice: While we implement industry-standard security measures, no internet-based system is completely secure. We cannot guarantee absolute security against all unauthorized access or breaches.

You acknowledge that:

  • Internet transmission carries inherent risks
  • We are not liable for unauthorized access beyond our reasonable control
  • You should take precautions to protect your account credentials
  • You should report suspected security incidents immediately

9.5 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the supervisory authority within 72 hours of becoming aware
  • Notify affected individuals without undue delay when there is a high risk
  • Document the breach including facts, effects, and remedial action

10. INTERNATIONAL DATA TRANSFERS

10.1 Data Storage Location

We prioritize storing your personal data within the European Economic Area (EEA) whenever possible. However, some of our service providers may be located outside the EEA, including in:

  • United States
  • United Kingdom
  • Other countries with adequate data protection frameworks

10.2 Transfer Safeguards

When transferring personal data outside the EEA, we ensure adequate protection through:

Standard Contractual Clauses (SCCs):

  • EU-approved Standard Contractual Clauses with data processors
  • Ensures equivalent level of protection as GDPR

Adequacy Decisions:

  • Transfers to countries recognized by the EU Commission as providing adequate protection
  • Examples: UK, Switzerland, Canada (commercial organizations)

Additional Safeguards:

  • Supplementary measures when necessary
  • Regular assessment of transfer mechanisms
  • Encryption and pseudonymization

10.3 Your Rights

You have the right to:

  • Obtain information about safeguards for international transfers
  • Receive copies of Standard Contractual Clauses (where applicable)
  • Object to transfers in certain circumstances

11. DATA RETENTION PERIOD

11.1 General Retention Principles

We retain your personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal, accounting, or reporting obligations
  • Establish, exercise, or defend legal claims
  • Protect our legitimate interests

11.2 Specific Retention Periods

Data CategoryRetention PeriodLegal Basis
Newsletter SubscriptionsUntil you unsubscribe + 30 daysConsent
Contact Form Messages2 years from submissionLegitimate interests
Account Information (if applicable)Duration of account + 30 days after deletionContract performance
Comments (if enabled)Indefinitely (unless deletion requested or content removed)Legitimate interests, public interest
Website Logs12 monthsLegal obligation, security
Cookies and AnalyticsAs specified in Cookie Policy (typically 13-26 months)Consent, legitimate interests

11.3 Termination of Processing

Processing of your personal data will terminate when:

  • The purpose for collection has been achieved
  • Data is no longer necessary for the purpose
  • You withdraw consent (where processing is based on consent)
  • You exercise your right to erasure
  • Retention period expires
  • Legal obligation requires termination

11.4 Data Deletion

Upon termination of processing, unless legal obligations require retention:

  • Data will be securely deleted or anonymized
  • Deletion will be performed within 90 days
  • If immediate deletion is not possible, data will be isolated from further processing until deletion is possible

11.5 Exceptions

We may retain personal data longer when:

  • Required by law or regulation
  • Necessary for legal claims or proceedings
  • You have provided specific consent
  • Required for archiving in the public interest, scientific/historical research, or statistical purposes

12. COMMUNICATION POLICY

12.1 Types of Communications

We may send you the following types of communications:

Service-Related Communications:

  • Responses to your contact form submissions
  • Confirmation of newsletter subscriptions
  • Account notifications (if accounts are enabled)
  • Important blog updates or policy changes

Marketing Communications (Require Consent):

  • Weekly/monthly fitness newsletters
  • Blog post notifications
  • Fitness tips and content recommendations
  • Special announcements

12.2 Email Best Practices

We strive to:

  • Send only valuable, relevant fitness content
  • Respect your communication preferences
  • Not overwhelm you with excessive emails
  • Provide clear unsubscribe options in every email

12.3 Unsubscribing from Emails

You can opt out of our emails at any time:

  • Click the “Unsubscribe” link at the bottom of any email
  • Reply to any email with “UNSUBSCRIBE” in the subject
  • Use our contact form on the website to request removal
  • Adjust preferences in your account settings (if accounts are enabled)

Note: If you unsubscribe, you’ll stop receiving blog updates and newsletters. Essential communications about your account (if applicable) may still be sent.

12.4 Anti-Fraud and Security Warning

IMPORTANT SECURITY NOTICE:

Be aware that fraudsters sometimes impersonate blogs and websites to obtain personal information.

GYMERSION WILL NEVER:

  • Request your password via email
  • Ask for financial information (we don’t process payments directly)
  • Request personal information through unsolicited communications
  • Ask you to click suspicious links claiming to be from us

IF YOU RECEIVE SUSPICIOUS EMAILS claiming to be from Gymersion:

  • Do not click links or download attachments
  • Do not provide any personal information
  • Check the sender’s email address carefully (look for misspellings or odd domains)
  • Use our contact form to report suspicious emails
  • Delete the suspicious email

Legitimate emails from Gymersion will always:

  • Come from @gymersion.com domain
  • Have proper branding and grammar
  • Never pressure you to act urgently
  • Include an easy way to unsubscribe

13. LINKS TO OTHER WEBSITES

13.1 Third-Party Links

Our Website may contain links to third-party websites, platforms, or services. These links are provided for your convenience and to enhance the content and services we offer.

13.2 No Control or Endorsement

Important Notice:

  • We do not control third-party websites
  • We are not responsible for their content, products, or services
  • We do not endorse third-party websites or their practices
  • Inclusion of links does not imply recommendation or approval

13.3 No Responsibility

Gymersion is not responsible for:

  • Privacy policies of third-party websites
  • Data collection practices of external sites
  • Security measures of linked websites
  • Content accuracy or legality on third-party sites
  • Products or services offered by third parties
  • Losses or damages resulting from use of third-party websites

13.4 Recommendation

We strongly recommend:

  • Reading privacy policies of third-party websites carefully
  • Reviewing terms of service before using external services
  • Understanding data collection and use practices
  • Being cautious when providing personal information to third parties

13.5 Social Media Platforms

Links to social media platforms (Facebook, Instagram, YouTube, etc.) are subject to those platforms’ privacy policies and terms of service, which are independent of Gymersion’s policies.

14. THIRD-PARTY SERVICES AND POLICIES

14.1 Services We Use

Gymersion uses various third-party services to operate our platform. Below are key services and their privacy policies:

14.2 Google Services

We use Google services, including:

  • Google Analytics – Website analytics and user behavior tracking
  • Google Ads – Advertising and marketing
  • YouTube API Services – Embedded video content
  • Google Fonts – Typography and design
  • Google Cloud Platform – Hosting and infrastructure (if applicable)

By using our Website, you agree to comply with:

  • Google Privacy Policy: https://policies.google.com/privacy
  • Google Terms of Service: https://policies.google.com/terms
  • YouTube Terms of Service: https://www.youtube.com/t/terms

Google Analytics:

  • We use Google Analytics to understand how users interact with our website
  • Google Analytics collects information anonymously and reports website trends
  • You can opt out using: https://tools.google.com/dlpage/gaoptout

14.3 Social Media Platforms

Facebook/Meta Services:

  • Facebook Login (if applicable)
  • Facebook Pixel for advertising
  • Instagram integration
  • Privacy Policy: https://www.facebook.com/privacy/policy/

Other Social Platforms:

  • Twitter/X integration
  • LinkedIn sharing features
  • TikTok content (if applicable)
  • Each governed by their respective privacy policies

14.4 Email Service Providers

We use email service providers for newsletters and communications:

  • Mailchimp, ConvertKit, SendGrid, or similar services
  • Used for sending newsletters, blog updates, and email communications
  • Subject to their respective privacy policies

Common Email Services:

  • Mailchimp: https://mailchimp.com/legal/privacy/
  • ConvertKit: https://convertkit.com/privacy
  • SendGrid: https://sendgrid.com/policies/privacy/

14.5 Hosting Providers

Website hosting and infrastructure:

  • WordPress.com, Wix, Squarespace, or custom hosting providers
  • Used for secure website hosting and data storage
  • Subject to their respective privacy and security policies

Common Hosting Services:

  • WordPress.com: https://automattic.com/privacy/
  • Wix: https://www.wix.com/about/privacy
  • Custom hosting providers (VPS/dedicated servers)

14.6 Comment Systems (if applicable)

If we enable blog comments:

  • Disqus – https://help.disqus.com/en/articles/1717103-disqus-privacy-policy
  • WordPress Native Comments – Subject to hosting provider privacy policy
  • Facebook Comments Plugin – Subject to Facebook privacy policy

14.7 Your Responsibilities

By using our services, you acknowledge and accept that:

  • Third-party services have their own privacy policies
  • You should review third-party policies independently
  • We are not responsible for third-party data practices
  • You consent to necessary data sharing with these services

15. COOKIES AND TRACKING TECHNOLOGIES

15.1 What Are Cookies

Cookies are small text files stored on your device when you visit websites. They help websites remember your preferences, improve functionality, and analyze usage.

15.2 Types of Cookies We Use

Essential Cookies (Strictly Necessary):

  • Required for website functionality
  • Enable account login and security features
  • Remember items in your cart (if applicable)
  • Cannot be disabled without affecting website functionality

Functional Cookies:

  • Remember your preferences (language, region)
  • Enhance user experience
  • Provide personalized features

Analytics/Performance Cookies:

  • Measure website traffic and user behavior
  • Help us improve website performance
  • Understand how users interact with content
  • Examples: Google Analytics

Marketing/Advertising Cookies:

  • Deliver relevant advertisements
  • Track effectiveness of marketing campaigns
  • Prevent repetitive ads
  • Enable targeted marketing

15.3 Third-Party Cookies

We may use third-party cookies from:

  • Google (Analytics, Ads)
  • Facebook (Pixel)
  • Other advertising partners

15.4 Cookie Consent

Required Under ePrivacy Directive:

  • We obtain your consent before placing non-essential cookies
  • You can manage cookie preferences at any time
  • Essential cookies do not require consent

15.5 Managing Cookies

You can control cookies through:

Browser Settings:

  • Block all cookies
  • Accept only first-party cookies
  • Delete existing cookies
  • Receive notifications before cookies are stored

Our Cookie Consent Tool:

  • Accessible via banner on first visit
  • Manage preferences through settings

Opt-Out Tools:

  • Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
  • Network Advertising Initiative: http://optout.networkadvertising.org/
  • Your Online Choices (EU): http://www.youronlinechoices.eu/

15.6 Consequences of Disabling Cookies

Disabling cookies may:

  • Prevent certain website features from functioning
  • Limit personalization
  • Require repeated login
  • Affect user experience

15.7 Other Tracking Technologies

In addition to cookies, we may use:

  • Web beacons/Pixels – Track email opens and website visits
  • Local Storage – Store data locally on your device
  • Device Fingerprinting – Identify devices for security purposes

15.8 Do Not Track (DNT)

Currently, there is no industry standard for responding to DNT signals. We do not respond to DNT browser settings at this time. However, you can control tracking through our cookie settings and browser preferences.

16. CHILDREN’S PRIVACY

16.1 Age Restriction

Gymersion services are intended for individuals aged 18 years or older. We do not knowingly collect personal data from children under 18.

16.2 Parental Consent

If you are under 18:

  • You must obtain parental or guardian consent before using our services
  • We may request verification of parental consent
  • Parents/guardians are responsible for minors’ use of our services

16.3 Inadvertent Collection

If we become aware that we have inadvertently collected personal data from a child under 18 without proper parental consent:

  • We will take steps to delete such information
  • We will terminate the account
  • Parents/guardians may contact us to request deletion

16.4 Reporting

If you believe we have collected data from a minor without consent, please contact us immediately through our contact form on the website.

17. YOUR CONSENT

17.1 Consent to This Policy

By using Gymersion’s Website and services, you:

  • Acknowledge you have read this Privacy Policy
  • Understand how we collect, use, and protect your personal data
  • Consent to the processing described in this Policy
  • Agree to the terms and conditions outlined

17.2 Informed Consent

We ensure your consent is:

  • Freely given – You have genuine choice and control
  • Specific – Consent is for specific, clearly defined purposes
  • Informed – You understand what you’re consenting to
  • Unambiguous – Consent is through clear affirmative action

17.3 Withdrawal of Consent

You may withdraw your consent at any time:

  • Use our contact form on the website
  • Adjust settings in your account (if applicable)
  • Unsubscribe from communications using the link in emails
  • Request account deletion through our contact form

Note: Withdrawal does not affect lawfulness of processing before withdrawal.

17.4 Consent Records

We maintain records of:

  • When consent was obtained
  • What you were informed of
  • How consent was given
  • Whether consent has been withdrawn

18. CONTACT INFORMATION

18.1 Gymersion Blog

Website: gymersion.com
Location: Portugal

18.2 Privacy Inquiries

To contact us regarding privacy matters, security concerns, or general inquiries:
Please use the contact form available on our website.

18.3 Supervisory Authority

Portuguese Data Protection Authority (CNPD)
Comissão Nacional de Proteção de Dados
Av. D. Carlos I, 134, 1º
1200-651 Lisboa, Portugal
Phone: +351 21 392 84 00
Email: geral@cnpd.pt
Website: https://www.cnpd.pt

ACCEPTANCE AND AGREEMENT

By accessing and using Gymersion, you acknowledge that:

  1. You have read and understood this Privacy Policy in its entirety
  2. You consent to the collection, use, and processing of your personal data as described
  3. You understand your rights as a data subject under GDPR
  4. You agree to the terms and conditions outlined in this Policy
  5. You may withdraw consent or exercise your rights at any time

This Privacy Policy is effective as of January 21, 2026.

FINAL NOTES

Data Accuracy:
Gymersion is not responsible for the accuracy, truthfulness, authenticity, completeness, or currency of data provided by Users. It is your exclusive responsibility to provide accurate, truthful, authentic, complete, and up-to-date information.

Language:
This Privacy Policy has been drafted in English. In case of translation into other languages, the English version shall prevail in case of discrepancies, to the extent permitted by applicable law.

Severability:
If any provision of this Policy is found invalid or unenforceable, the remaining provisions shall remain in full force and effect.

Governing Law:
This Privacy Policy is governed by Portuguese law and EU data protection regulations (GDPR).

Last Updated: January 21, 2026
Version: 1.0

For questions, concerns, or to exercise your data protection rights, please use the contact form on our website.