.png)
.Untitleddesign3-9f3a0b7d276f89218622cb785738acb49a92298e63616624c0b78b1086155655.png)
Welcome to gym2me – the flexible way to rent fitness kit and get moving at home. We want you to feel completely confident about how we look after your personal information. This page explains, in plain English first and then in legal detail, what we collect, why we collect it, and the rights you have.
Quick Read Snapshot
- Who we are: gym2me Limited, company no. 16499991, 6‑7 Masonic Street, Llandudno, Conwy, LL30 2DU. Questions? Email [email protected] or ring 01492 200 345.
- Why we collect data: To deliver/collect rented equipment, manage your account, take payments, run our online community, keep things safe and legal, and (with your permission) send you offers and tips.
- Your key rights: Access, correction, deletion, portability, restriction, objection, withdraw consent, complain to the ICO.
- How long we keep it: No longer than UK law (e.g. 6 years for tax records). Full timetable below.
- Sharing: Only with trusted partners who help us run the service or where the law requires. We never sell your data.
- Cookies: We use functional, analytics and advertising cookies. You choose to accept, reject or tailor them via our cookie banner.Want the detail? Read on.
1. Who we are
| Item | Details |
|---|---|
| Controller | gym2me Limited (trading as gym2me) |
| Registered office | 6‑7 Masonic Street, Llandudno, Conwy, United Kingdom, LL30 2DU |
| Company number | 16499991 |
| Telephone | 01492 200 345 |
| [email protected] | |
| Data Protection Officer | Andy Boyd ("DPO") |
Throughout this document “we”, “our” or “us” means gym2me Ltd, and “you” means the person using our website or renting equipment.
2. The data we collect
Below is the information we currently gather or may gather in future. Items marked (optional) will only be collected if you choose to provide them. Any health‑related fields will only be introduced after a separate consent process.
| Category | Examples | Source |
| Account basics | Full name, email, telephone, billing & delivery addresses | Registration form / checkout |
| Identity checks | Date of birth, driving‑licence or passport image | Verification form / credit‑reference agencies |
| Payment details | Card token (stored by Stripe), last‑4 digits, payment history | Stripe API |
| Order & membership info | Order number, rental term, plan type, membership tier, delivery & collection dates | Booqable platform |
| Website & device data | IP address, browser type, device identifiers, log files | Automatic via cookies, server logs |
| Usage analytics | Page views, clicks, time on site, marketing attribution | Google Analytics, Meta, TikTok, LinkedIn pixels |
| Marketing preferences | Opt‑in boxes, unsubscribe flags | Forms / preference centre |
| Community interactions (future) | Forum posts, likes, PT messages | 3rd‑party community platform |
| Automated decisions | Credit‑worthiness score, identity match score | Credit‑reference & fraud‑prevention agencies |
We do not currently collect health or fitness data, nor do we monitor physical usage of equipment.
3. How we collect your data
- Directly from you – when you register, place an order, upload ID, join the community or fill in a survey.
- Automatically – via cookies, pixels and similar tech on our site or emails.
- From third parties – payment provider (Stripe), identity and credit‑checking services, analytics providers, social networks (if you interact with our ads), couriers (delivery confirmations).
4. Why we use your data and our lawful bases
| Purpose | Activities | Legal basis | Legitimate interest (if applicable) |
| Provide the rental service | Create account, process orders, deliver & collect equipment, handle payments | Contract | – |
| Identity & credit checks | Verify identity, assess credit risk, prevent fraud | Legitimate interests / Legal obligation | Protect business & customers from fraud |
| Customer support | Answer queries, arrange repairs or replacements | Contract | – |
| Membership community & content | Give access to videos, forums, PT check‑ins | Contract / Legitimate interests | Provide value‑added services to members |
| Marketing | Email newsletters, SMS offers, social ads | Consent | Grow the business respectfully |
| Analytics & improvements | Measure site performance, develop new features | Legitimate interests | Improve user experience & service |
| Legal & tax compliance | Accounting, HMRC, FCA, insurance claims | Legal obligation | – |
| Security & fraud prevention | Monitor log‑ins, enforce MFA, detect abuse | Legitimate interests | Keep platform and users secure |
Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, we have balanced those interests against your rights and find them proportionate.
Automated decision‑making
If we make an automated credit or identity decision that significantly affects you, you have the right to request a human review before a final decision is made.
5. Who we share data with
We only disclose your information when strictly necessary and with written agreements in place.
| Category | Typical recipients | Safeguards |
| Core service platforms | Booqable (rental software), Stripe (payments), web‑hosting & database provider | UK/EU data centres or Standard Contractual Clauses (SCCs) |
| Delivery & logistics | Couriers / 3PL partners | UK only |
| IT & security | Managed‑service provider (MSP), cloud backup, email service | ISO‑certified suppliers |
| Analytics & advertising | Google, Meta, TikTok, LinkedIn | SCCs / adequacy |
| Professional advisers | Lawyers, accountants, insurers | Confidentiality agreements |
| Group companies | Other 2Me brands for consolidated customer care | Intra‑group agreement |
| Regulators & law enforcement | HMRC, FCA, police | Legal obligation |
A full up‑to‑date list of processors is available on request.
6. International transfers
Some suppliers are based outside the UK. When this happens, we ensure your information receives an equivalent level of protection through one of the following:
- The destination country has an adequacy decision from the UK Government; or
- We put in place Standard Contractual Clauses (SCCs) plus additional safeguards where needed.
7. How long we keep your data
| Record type | Retention period | Reason |
| Rental contracts & invoices | 6 years after the end of the tax year | HMRC record‑keeping |
| Identity documentation | 5 years from last transaction | Anti‑fraud & KYC standards |
| Marketing records (consent logs) | Until you opt out + 2 years | Demonstrate compliance |
| Support tickets | 3 years | Resolve repeat issues |
| Website logs | 12 months | Security & troubleshooting |
| Cookie identifiers | 13 months (analytics) / as set in banner | ICO guidance |
We then securely delete or anonymise the data.
8. Cookies and similar technologies
Our website uses:
- Strictly necessary cookies – to remember your cart, keep you logged‑in, and process payments via Booqable.
- Analytics cookies – Google Analytics, to understand how visitors find and use our site.
- Advertising cookies – Meta, TikTok, LinkedIn pixels so we can show relevant ads and measure their performance.
- Preference cookies – store your cookie choices and site settings.
Our cookie banner lets you accept all, reject all or customise. You can change your mind anytime via the “Cookie Settings” link at the bottom of this page.
9. How we keep your data secure
- TLS encryption for all data in transit
- Industry‑standard encryption at rest for databases
- Multi‑factor authentication (MFA) for staff and admin accounts
- Role‑based staff access on a need‑to‑know basis
- Regular backups and penetration testing
- Supplier due‑diligence and confidentiality clauses
10. Children
gym2me is for adults aged 18 and over. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
11. Your rights
You can exercise the following rights under UK GDPR:
- Access – request a copy of your data.
- Rectification – correct inaccuracies.
- Erasure – ask us to delete data in certain circumstances.
- Restriction – limit how we use your data.
- Portability – receive your data in a machine‑readable format.
- Objection – object to processing based on legitimate interests or direct marketing.
- Withdraw consent – for any processing based on consent.
- Human review – of automated decisions.
How to make a request
Email [email protected] or write to the address above. We aim to respond within one calendar month. We may need to verify your identity first.
12. Complaints
If you are unhappy with how we handle your data, please tell us so we can put it right. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF – https://ico.org.uk – 0303 123 1113. Our ICO registration number: ZB909419.
13. Changes to this policy
We may update this notice from time to time; the latest version will always be posted here with the “Last updated” date. Significant changes will be highlighted on our website or emailed to active account holders.
Thank you for choosing gym2me. We’re here to keep your fitness journey smooth, secure and privacy‑friendly.