Logo GymsWithSauna.com

Privacy Policy

Last Updated: October 30, 2025

1. Introduction

Welcome to GymsWithSauna.com. This Privacy Policy outlines how we (“we”, “our”, or “us”) collect, use, share, and protect your personal data when you use our gym directory service.

By using our website, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Data Collection

Types of Data Collected

We collect the following personal data:

Information You Provide:

  • Contact Information: Name and email address when you submit gym suggestions through our contact form
  • Gym Information: Details about gyms you suggest, including name, address, website, and amenities

Information We Collect Automatically:

  • Usage Data: Pages visited and referring websites (collected via server logs for security and operational purposes)
  • Device Information: IP address, browser type and version, operating system, and device identifiers (collected via server logs and Cloudflare for security and operational purposes)
  • Location Data: General location information (city/state level) derived from IP address by Cloudflare for security purposes
  • Cookies: Small text files stored on your device (see our Cookie Policy for details)

Methods of Data Collection

Data is collected through:

  • Contact form submissions
  • Essential cookies required for security
  • Server logs and security monitoring

3. Data Usage

We use your personal data for the following purposes:

  • Service Delivery: To provide our gym directory service and display gym listings
  • Communication: To respond to your inquiries and gym suggestions
  • Security: To detect and prevent fraud, abuse, and security threats
  • Operational: To maintain website functionality and troubleshoot technical issues
  • Legal Compliance: To comply with applicable laws and regulations

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Legitimate Interests (GDPR Article 6(1)(f)): To operate our gym directory service and ensure security
  • Legal Obligation (GDPR Article 6(1)(c)): To comply with applicable laws and respond to legal requests
  • Contractual Necessity (GDPR Article 6(1)(b)): To provide the services you request through our website

5. Data Sharing

We share your data with trusted third parties as necessary to operate our services effectively:

Service Providers:

  • Cloudflare: Provides hosting, CDN, security, and DDoS protection. May process IP addresses and technical data.

Legal Requirements:

  • Law enforcement or regulatory authorities when required by law
  • To protect our rights, property, or safety, or that of our users

Business Transfers:

  • In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

All third parties are contractually obligated to process your data only as necessary and in accordance with applicable data protection standards.

6. International Data Transfers

Some of our service providers (e.g., Google, Cloudflare) may be located outside the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally compliant transfer mechanisms

These safeguards ensure an adequate level of protection for your personal data.

7. Data Protection

We implement the following security measures to protect your personal data:

  • Minimal Data Collection: We collect only the minimum necessary personal information
  • Encryption: HTTPS/TLS encryption for all data transmitted to and from our website
  • Secure Infrastructure: Protected servers and secure hosting with Cloudflare
  • Access Controls: Limited access to personal data by authorized personnel only
  • Security Monitoring: Regular monitoring for security threats and vulnerabilities
  • Trusted Partners: We work with service providers that meet high standards of security and compliance

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure.

8. Data Retention

We retain different categories of data for different periods:

Contact Form Submissions:

  • Retained for up to 2 years after submission for customer service purposes
  • Deleted upon request, subject to legal obligations

Log and Security Data:

  • Retained for up to 90 days for security and troubleshooting

Cookie Data:

  • Session cookies: Deleted when you close your browser
  • Persistent cookies: Retained for periods specified in our Cookie Policy

We only retain personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including for compliance with legal, regulatory, or reporting requirements. When data is no longer needed, it is securely deleted or anonymized.

9. Your Rights Under GDPR

If you are located in the European Union, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of Access: Request a copy of your personal data and information about how it is processed
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data in certain circumstances
  • Right to Restriction: Request limitation of how your data is processed
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing

To exercise any of these rights, contact us at [email protected] with the subject line “Data Subject Access Request”. We will verify your identity and respond within 30 days as required by law.

If you believe your rights under data protection law have been violated, you have the right to file a complaint with your local Data Protection Authority. In the EU, you can find your local authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

10. Cookies and Tracking Technologies

We use only functional (essential) cookies necessary for security and core website operation. Specifically, we use the cf_clearance cookie set by Cloudflare to validate human visitors for bot protection and JavaScript detections.

We do not use analytics, advertising, or preference cookies.

For detailed information about the cookie we use, please see our Cookie Policy.

Our website may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site.

We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

12. Children’s Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from anyone under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. If we become aware that we have collected personal data from anyone under 13 without verification of parental consent, we take steps to remove that information from our servers.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent’s consent before we collect and use that information.

13. California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you may have certain rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Note: CCPA compliance requirements apply to businesses that meet any of the following criteria:

  • Annual gross revenue exceeding $25 million
  • Buys, sells, or shares personal information of 100,000 or more California residents or households
  • Derives 50% or more of annual revenue from selling or sharing personal data

Your CCPA/CPRA Rights

As a California resident, you may have the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell (we do not sell personal data)
  • Right to Access: Request access to your personal information and how it has been used or shared
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information (Note: We do not sell or share personal information)
  • Right to Limit: Limit the use and disclosure of sensitive personal information, if applicable
  • Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights

How to Exercise Your Rights

To exercise any of these rights, please contact us:

  • Email: [email protected]
  • Subject Line: “CCPA Request”
  • Include: Your full name, email address, and specific request

We will verify your identity and respond within 45 days as required by law.

Additional Disclosures

  • No Sale of Personal Information: We do not sell or share your personal information for cross-context behavioral advertising
  • No Discrimination: We do not discriminate against users for exercising their privacy rights
  • Authorized Agents: You may designate an authorized agent to make requests on your behalf by providing written authorization

For more information about your rights as a California resident, please visit the official website of the California Privacy Protection Agency (CPPA) at https://cppa.ca.gov/.

14. Log Files and Security Monitoring

To maintain the security, stability, and performance of our services, we automatically collect and store technical data in server logs and Cloudflare security logs. This data is collected automatically as part of normal web server operations and includes:

  • IP address
  • Browser type and version
  • Device and operating system information
  • Referring URLs and pages visited
  • Date and time of access requests
  • Error messages or system logs

This data is used to:

  • Detect and prevent fraud, abuse, and DDoS attacks
  • Implement rate-limiting and other security measures
  • Monitor system health and performance
  • Diagnose and resolve technical issues

This processing is based on our legitimate interest in ensuring the secure and reliable operation of our services (GDPR Article 6(1)(f)). Log data is stored securely, accessible only to authorized personnel, and retained only as long as necessary for these purposes (typically up to 90 days). We do not use this data for analytics tracking or user behavior analysis.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will:

  • Update the “Last updated” date at the top of this policy
  • Notify you of significant changes via email and/or a prominent notice on our website
  • Post the updated policy on this page

We encourage you to review this Privacy Policy periodically. Changes to this Privacy Policy are effective when posted on this page.

16. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

For cookie-specific questions, please see our Cookie Policy.