Gymrail Concept Ltd

Privacy Policy, Gymrail Concept Ltd

Who is the data controller for the processing of your data?

Address: Lähdetie 2, 62800 Vimpeli, Finland


What type of personal information do we collect?

Gymrail Concept Ltd receives your personal information when you buy from our online store or register for our service or contact our customer service. In these situations we receive e.g. your name and contact information and relevant customer service information.

When you visit our website we may obtain information such as e.g. your IP address, what type of device you use, which website you visit and what you purchase from our online store.

We may also use cookies. We use cookies to make our website more user-friendly, more efficient and more secure. Cookies may also be used, for example, to analyze visits to our websites so that we can better develop the website, marketing and customer service.

When you pay for a purchase in our online store, you will be taken to the service of our payment operator, where you will provide your personal information, for example such as the credit card number, required for the payment transaction. We may not and will not process this information. For more information, see your payment service provider´s privacy policy.

For more information regarding payment service provider’s privacy policies, please visit and read the following links:

Stripe privacy policy and Klarna privacy policy

For what purpose do we process your personal data?

Your personal data will be processed for the following purposes, whichever apply:

– Management of your registration.

– Management of online sales and purchases and communication related to online sales.

– Developing of our website, marketing and customer experience.

– Prevention, detection and control of abuse and fraud in the use of our services.

How long do we keep your personal data?

We will keep your personal data only for a period that is reasonably necessary given the requirements to respond to issues that are raised or to resolve problems, make improvements, activate services and fulfil the requirements of the applicable legislation. This means that it may keep your personal data for a reasonable time, including after you have stopped using our services or have stopped using our website. After this period, your personal data will be blocked on our systems.

What is the lawful basis to process your personal data?

We have the following lawful bases to process your personal data:

  • Execution of the contract, e.g. when you make a purchase in our online store.
  • Fulfillment of a legal obligation, e.g. in the management of the sale and purchase invoice.
  • Consent, e.g. when you approve us to send you our newsletter or direct marketing.
  • Legitimate interest, e.g. sending of satisfaction surveys on products purchased or services used by you, in order to ask for your opinion and be able to offer improvements.

Regular sources of information

Personal data is collected throughout the customer lifecycle directly from the data subject. Personal data may also be collected and updated from the commercial register or other similar public and private registers.

Regular disclosure of data

For the purposes identified above, Gymrail Concept Ltd´s personnel may use personal data in the performance of their duties. In limited tasks our subcontractors may use personal data. For example an accounting firm, IT system providers and logistic companies.

Transferring data outside the EU / EEA

The processing of your personal data takes place mainly in EU territory. In certain cases (e.g. Microsoft, Google) the data may be processed outside EU as well.

Data security

We use data security technologies, for example such as firewalls and access control procedures to prevent any unauthorized access to data and guarantee data confidentiality. In online store payment transactions we use trusted payment operators who take care of the security in payments.

What are your privacy rights in relation to your personal data?

According to European Unions´ General Data Protection Regulation you have

  • Right to obtain confirmation whether we have personal data that concerns you and the access to your personal data.

  • Right to request us to rectify your personal data when it is incorrect.

  • Right to request that your personal data is erased .

  • Right to request the restriction of the processing of your data.

  • Right to receive personal data in a structured, commonly used and machine readable format, and to transmit them to another controller when the treatment is based on consent or a contract, and is transmitted electronically.

  • Right to object to the processing of your personal data

  • Right not to be subject to a decision based solely on automated processing, including profiling

  • You have the right to lodge a complaint before the Finnish Data Protection Ombudsman or the competent local authority.
    Contact information:
    Office of the Data Protection Ombudsman (Finland)
    Postal address: P.O. Box 800, 00531 Helsinki, Finland


Switchboard: +358 (0)29 566 6700

Shopping Basket
Scroll to Top