With regard to data protection, a distinction must be made between the "Privacy Policy for Visiting the Studio Website" and the "Privacy Information on Processing Member Data During Membership". In both cases, different data is processed and stored.
Many studio operators leave it at the privacy policy for the website. In doing so, they totally forget that personal data is processed, for example, during registration in the studio, the anamnesis in the initial interview, or even when creating training plans. Here, too, data protection must be observed.
Generator from the Internet: yes or no
For the first part of the privacy policy, where it is about the use of the studio website, you can also use a generator if it takes into account all common analysis tools, cookie settings, newsletter formats, social media plugins, etc.
However, the important second part, fulfilling your information obligations under the General Data Protection Regulation (GDPR), is much more individual. It would be far too time-consuming and error-prone to query exactly how you design your check-in, what you ask for in your medical history interview, etc.
What needs to be in it
Nonetheless, you need to let your members know, for example, if you have video surveillance, what membership software you use, and what data is stored and for how long. The same applies to apps used (e.g. mysports) and video telephony providers for online courses (e.g. Zoom).
The easiest way to fulfill this information obligation is to create a privacy information for members in addition to the privacy policy for the use of the website and store the information there.
Here is an example of the wording that must be included in the second part of the privacy policy:
- "To become a member, you must fill out an application for membership. In doing so, the following data is collected and processed in our membership system: ..."
- "The studio uses the software ... for membership administration. The collected data is stored on the studio's local computer / in the cloud ..."
- "For communication with members, we use the instant messaging service WhatsApp. The data transmitted to us ..."
Meanwhile, data protection authorities are looking more and more closely and it does not only hit the big ones. The fitness studios Body Tonic and Gerco Fit each had to pay €2,000.00 for not taking care to process member data in a DSGVO-compliant manner. Stop relying on "it'll be fine" and secure yourself all around in data protection as well.
Further interesting information for gym operatorsaround legal topicscan be found here:
Legal tips for fitness studios
Author: Julia Ruch - Lawyer
Source: aktivKANZLEI
Image source: # / stock.adobe.com
Published on: 8 March 2023