Privacy Policy

Introduction

Köszönjük, hogy csatlakoztál a csapatunkhoz, és ezzel a BBRSCF Kft. (headquarters: 216 Kossuth Street, 8772 Zalaszentbalázs, company registration number: 20 09 078413, tax number: 25919194-2-20, represented by: Bálint Vörös, managing director, phone: 06303319395) és a BRO-REP Kft. (székhely: 8772 Zalaszentbalázs, Kossuth utca 216., cégjegyzékszám: 20 09 077287, adószám: 25038325-2-20, represented by: Bálint Vörös, managing director, phone: 06303319395), hereinafter referred to as "Service Provider" to the [CrossFit B'Bros] website https://crossfitbbros.com("Website") or paid a personal visit to our gym.

We respect your privacy and protect your personal data. To learn more about how we do this, please read our privacy policy below. In developing our policies, we have taken particular account of Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data ("General Data Protection Regulation" or "GDPR"), the 2011 EU Regulation on the Right to Information Self-Determination and Freedom of Information. Act CXII of 2013 on Information Freedom of Information and Privacy and on the Protection of Personal Data and the Protection of Information about Privacy ("Infotv."), Act V of 2013 on the Civil Code ("Civil Code") and Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities ("Grtv."). The Privacy Statement describes how we collect, use and (in certain cases) transfer personal data. This Privacy Notice also describes the steps we take to protect your personal data. This Privacy Notice also describes our choices about the collection, use and disclosure of personal information.

This Privacy Statement is posted at the CrossFit B'Bros 2 gym (address: 4 Márton Street, Budapest, 1094 hereinafter referred to as "Gym") and on the website operated by the Service Provider. This Privacy Statement also applies to the collection of personal data offline. We are not responsible for the content of websites which are not operated by us but to which a link is provided from the Website or from which a link is provided to our Website.

Concepts

"personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

"processing" means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

"controller" means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law

"data subject's consent" means a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her

"sensitive data" means personal data revealing racial or ethnic origin, nationality, political opinions or opinions, religious or philosophical beliefs, membership of an interest group, sex life, health or medical conditions, or data concerning a pathological condition or a criminal offence

"genetic data" means any personal data relating to the inherited or acquired genetic characteristics of a natural person which contains specific information about the physiology or state of health of that person and which results primarily from the analysis of a biological sample taken from that natural person

"biometric data" means any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data

The above definitions are the same as those used in the GDPR. The text of the GDPR is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&qid=1731398140821 . The list is not exhaustive, if you need further information, please contact us.

Information, data collection and use

1. Collection of information and data

We collect data in various ways in the course of our activities, the purpose of which is to provide you with the information you need to become a member of the Gym and to issue a season ticket so that you can participate in our sessions. Please note that we do not request or process any special, biometric or genetic data from our users or guests in any way. 

The data of the data processor (hosting provider) used for the online processing: 

Websupport Magyarország Kft.
Headquarters: 97-99 Fehérvári Street, Budapest, 1119
Company registration number: 01-09-381419
Tax number: 25138205-2-43
Phone: +36 22 78 76 74
E-mail: support@websupport.hu

a) Registration

You can only register for membership in person at the Gym. When registering, you will be required to provide your name, e-mail address and telephone number, which will be recorded in order to issue your season ticket and to enable you to register for classes.

Please note that your season ticket will also include an identification number, which you did not provide to us, but we will process it in relation to you and it will be considered personal data under the GDPR.

The GDPR provisions do not allow us to process personal data of persons under the age of 16 on the basis of their own consent. As we do not have the technical or GDPR means to verify the age of our users, we can only filter this based on the declaration you make when you sign the registration form to confirm that you are over 16 years of age. It is your responsibility to make this declaration and we cannot be held responsible for its accuracy. If you are under 16, please contact your parents for assistance if you wish to use our services.

The legal basis for the processing of the above data is the performance of the contract (Article 6(1)(b) GDPR), as without these data we cannot issue a rental contract for you, so you cannot register for our classes and therefore you cannot use our services.

Following paper registration, the personal data you provide will also be stored online. The data stored online is stored and processed by OPTIMAL-TIME Kft. (registered office: 9200 Mosonmagyaróvár, Áchim A. utca 14., company registration number: 08-09-024199, tax number: 24136121-2-08, represented by Krisztián János Győrfi, independent managing director, phone: +36 70 420 0365, email: info@optime.hu, web: www.myoptime.eu, www.optime.hu, www.fitness-belepteto.hu, hereinafter referred to as "Optimal Time") as data processor under a separate contract with the Service Provider.

On the basis of the data provided offline, Optimal Time will create a user profile for you on the Optimal Time platform, where you can modify your data and register for certain training sessions. In order for us to provide you with the service properly, Optimal Time may access your data, but may not modify or interfere with it in any way.

The purpose of using a data processor is to ensure that access to the Gym is seamless through the system operated by the processor. For more information, please read Optimal Time's Privacy Policy, available at https://fitness-belepteto.hu/wp-content/uploads/2024/01/adatkezelesi-tajekoztato-optime.pdf website.

The Gym also offers you the opportunity to use an All You Can Move (AYCM) card, which gives you discounts on the services we provide. In the event that you wish to use your AYCM card to claim the discount, we need and have a legitimate interest in identifying you through the AYCM system as being eligible to claim the discount.

Identification is only possible by transmitting data to AYCM Magyarország Kft., the operator of the AYCM service (head office: 1053 Budapest, Károlyi utca 11. 1., company registration number: 01-09-698597, tax number: 12688621-2-41, represented by Csaba Kecskés and Tünde Kissné Polgár, jointly by the managing directors, e-mail: info@aycm.hu, telephone: +36 1 445 1563, web: www.aycm.hu, hereinafter referred to as "AYCM").

In such cases, AYCM will also act as a data processor in the same way as Optimal Time, while we will be sub-processors vis-à-vis AYCM. For more information about data protection, please read AYCM's Privacy Notice, available at https://allyoucanmove.hu/content_files/adatkezelesi_tajekoztato.pdf website. 

b) E-mail addresses

On our website and when completing the application form, we provide you with the opportunity to enter your e-mail address for the purposes of requesting information about new services, special offers and for contact purposes. The legal basis for processing your e-mail address in most cases (newsletter subscriptions, marketing or informative e-mails) is your consent, which we will ask you to provide in each case separately for each purpose, online by ticking a checkbox, and on paper by ticking the box at the bottom of the registration form. If the processing of your e-mail address is based on your consent, you can withdraw your consent at any time by clicking on the unsubscribe button at the end of the e-mail or by sending an e-mail to info@crossfitbbros.com.

c) Cookers and other technical equipment

Similar to other websites, we use cookies and other web tools (data collection signals) to make the navigation of our site faster and easier. We also use cookies to recognize you, potentially give you access to your privileges and track your activity on the site. By using cookies, we are able to collect aggregate (non-personal) information to determine which sub-pages of our site are popular, so that we can improve the site to meet the needs of our visitors. When using a website, you may encounter several types of cookies, each with a different purpose. We can distinguish between the following types of cookies: 

  • Essential cookies: these are usually small bits of data on the user's computer that help websites to function. They are needed to provide users with a fast, modern and user-friendly website. Without them, the Website would be slower or even not work at all.
  • Functional cookies: functional cookies are used to remember little details about the last time a user left the site, so that when they come back they find everything exactly the same and in the same place as they left it
  • Statistical and marketing cookies: these are used to learn about different visitor habits. They help web developers to better see what works and what doesn't, and to develop the website accordingly to meet the needs of users. It also helps to see what makes one ad or communication effective and another not. It shows the time spent on different pages, or how a user arrived at a particular page. This information can be used to improve the structure and operation of the website, helping to develop it in a way that is more relevant to the visitor's habits and more convenient to use. It helps to build up a picture of the intensity of visits from which devices, geographical locations and time of day, as well as the trends in visits and returns, and the pages from which users visit the site.

In addition, we distinguish between session cookies and persistent cookies. A single-session cookie only persists until the user closes the browser. Persistent cookiesare persistent and are not automatically deleted when the browser is closed.

But why do they stay there, what's the point?
Well, one example of a persistent cookie is one that helps the site to run faster, remembering things that the user has set for themselves on the site.

How can you delete cookies and how can you disable them?
If you do not want us to use cookies as described above, you can disable them. Blocking cookies is browser-dependent and can be done in different ways. You can find out how to disable them in the most popular browsers by following the links below:

If you do not opt out of cookies, you consent to us storing cookies on your device when you browse our site.

If you do disable them, please note that not all features of our site may be available or site performance may be degraded.

(i) Cookies are pieces of information stored in text format by your internet browser on your computer's hard drive. Most internet browsers are set to accept cookies by default. You can set your browser to refuse cookies or to remove them from your hard drive, based on the information available at the link above, but if you do so, we cannot guarantee that you will be able to access all the features of the website. We need to use cookies to allow you to select, add to basket and purchase products. If you do, we will store your browsing activity and purchases. Cookies from the sites cannot infiltrate the user's hard drive and collect confidential information from there. Our cookies are not spyware.

(ii) Data collection signals are used to deliver cookies and to help determine whether a website has been visited and, if so, how many times. For example, an electronic image on a web page, such as a banner, can act as a data collection signal.

(iii) We may use third party assistance to tailor the content of our website to users or to display advertisements on our behalf. These companies may use cookies and data collection signals to measure the effectiveness of advertising (such as which pages were visited or what products were purchased and in what quantities.) The information collected by third parties through cookies and data collection signals is not linked to any personal information we collect.

(iv) For example, Facebook collects certain information through cookies and data collection signals to determine which pages have been visited or which products have been purchased. Please note that the information Facebook collects through cookies and data collection signals is not linked to the personal information we collect.

d) Log files

As is true for most websites, the site server automatically detects the Internet URL from which the user accesses the site.

The IP address, Internet Service Provider, and date/time stamp may also be logged by us for system administration purposes, to check orders, support internal marketing activities, or to perform system troubleshooting.

Please note that, as we have no control over this, you are responsible for the truthfulness and accuracy of the personal information you provide. If you provide false information or inaccurate information, we will not be liable for any delay or damage resulting therefrom. If you become aware that you have provided inaccurate personal data, you have the right to have your data clarified, corrected or corrected or amended. 

If you become aware of the latter, you must notify us immediately using any of our contact details so that we can correct or amend your data as soon as possible and (where applicable) pass on the correct data to our partner. Please also note that if you provide us with any personal data in addition to the above, we will promptly de-identify and irretrievably delete it and exclude our liability for any data voluntarily provided by you without our request.

2. Use and disclosure of information

a) Internal use

We use your personal data to fulfil your membership rights. In addition, we may also use it internally to improve the content and layout of our sites, to contact you and to improve our marketing activities (promotion of our products and services).

In order to facilitate such use and to facilitate such use. However, the transfer of your data may only take place with your express consent.

b) Communication with users

We also use personal information to communicate with you about our website and your membership.

We may send you a confirmation email that you have registered. We may send you service-related communications in rare cases (e.g., if we need to temporarily suspend our operations, perhaps for maintenance).

Your email address may be requested during your personal registration, or if you have requested to receive our newsletter or other special offers.

If you provide us with your e-mail address, we will use it to send you information. In all cases, you will be given the opportunity to unsubscribe from future mailings.

c) External use

We strive to offer excellent services and a wide range of choices. We do not sell, rent, trade or disclose your personal information to anyone other than us or Optimal Time, the operator of the class application.

(i) Like most service providers, in some cases we may use others to perform certain tasks on our behalf. When we disclose to a provider of such a servinformation ice, we do so so that they can perform their function. For example: in order to be able to register for our classes, we need to share certain information.

(ii) We may disclose such information when requested by law enforcement agencies, to conduct official investigations, in response to subpoenas, court orders, or for other reasons for which we are legally required to disclose such information. We may also disclose personal information when we need to protect our own rights, enforce our Terms of Use (TOS) or our cooperation, or protect ourselves from others. For example: we may share information to reduce the risk of fraud, or if someone uses it to commit fraud or attempts to use it to commit fraud in an illegal activity.

(iii) We will not sell (trade or rent) personally identifiable information to other companies. We may, however, acquire or merge with other companies or make our assets available to them. If this happens, however, the disclosure of personal information to other companies will be in accordance with applicable data protection legislation and this Privacy Policy.

(iv) We may share non-personal information (such as the number of visitors to a particular page per day or the size of an order on a particular day) with third parties, such as an advertising partner. Such information will not, however, directly deprive users of personally identifiable information.

(v) Users may view and edit their personal data after logging in to Optime.com by clicking on My Profile.

If you wish to have your data deleted, you can request this by sending an email to info@crossfitbbros.com. You will then be removed from our system and we will confirm this by email.

Cameras in the Gym

Please note that we operate a camera system in the Gym for security reasons. The camera system records images of the entrance, corridors, gym, rooms and lobby of the Gym, but not of the changing rooms, toilets and showers in the Gym. 

The images captured by the camera system are stored up to the maximum storage capacity of the hard disk of the camera system, but not longer than 2 days. Older recordings are automatically deleted when the hard disk is full and overwritten by newer recordings. Only the Service Provider's executives have access to the recordings, Service Provider's employees are not entitled to view the recordings. 

We refrain from violating the privacy of our guests, so the recorded recordings will only be viewed if there is a suspicion of a violation of the law or a criminal offence.

Data protection

Our sites include physical, electronic and administrative processes to ensure that personal information is kept confidential. 

Access to your personal information is restricted. Only our staff and coaches whose work requires it will have access to your personal data, as this is the only way we can keep track of who actually attends each session. 

We rely on third parties to protect our computers and other hardware. We believe their security procedures are adequate. For example: when a user visits one of our sites, they are given access to servers that are located in a secure physical environment, in a locked room, and protected by a software firewall. Although we take industry standard precautions to protect personal data, we cannot guarantee complete protection. Unfortunately, 100% protection and security does not exist either online or offline. 

Deleting/restoring user data, user rights

Duration of data processing, time limit for deletion of data: we will process your data for the shortest period of time necessary in accordance with the principles laid down by the GDPR. In the case of membership, until 2 months after the termination of your membership, in the case of newsletter subscription, until you unsubscribe from the newsletter, and in the case of online registration, until the deletion of your user account.

At your request:
a) correct or update your personal information,
b) we will not send you any mail, and/or
c) block your user account so that no one else can use your membership
d) if you request deletion of your personal information, you can request it by sending an email to info@crossfitbbros.com.

We will send you an email confirmation that your request has been granted. If you find it more convenient, you may also communicate the above requests to us by telephone by contacting us by telephone or by email at info@crossfitbbros.com

In relation to the processing of your personal data, you have the following rights, as defined by the GDPR:

right of withdrawal: you may withdraw your consent to data processing at any time, but this does not affect the lawfulness of the processing carried out on the basis of the consent given before the withdrawal;

right of access: as our guest, you have the right to receive feedback on whether your personal data is being processed and to request information on the provisions of Article 15(1) of the GDPR;

right to rectification: you have the right to obtain, at your request and without undue delay, the rectification of inaccurate personal data relating to you and the right to request the completion of incomplete personal data;

the right to erasure: you also have the right to obtain, at your request, the erasure of personal data relating to you without undue delay and we are obliged to erase personal data relating to you without undue delay where one of the grounds set out in Article 17(1) of the GDPR applies;

the right to restriction of processing: you also have the right to restrict processing at your request if one of the conditions set out in Article 18(1) of the GDPR is met;

the right to data portability: you have the right to receive personal data relating to you and provided by you to us in a structured, commonly used, machine-readable format and to transmit such data to another controller. We ask that you do not exercise any of the above rights inappropriately, but only if there is a valid basis for doing so or if one of the conditions set out in the GDPR is actually met.

Collection, use and transfer of information offline

As you would expect, we collect most of the information we collect offline and a small amount through our website. However, this Privacy Policy applies to personal information obtained by any means.

In all cases, we will use our best efforts to protect your personal information. Where we need to store information (such as information required to issue a pass), we will upload it to our database via an encrypted SSL channel (see Privacy Policy for more information).

If you register at the hall, the registration form you fill in will be stored in a lockable cabinet and when it is no longer needed, it will be destroyed by shredder.

Data protection incident handling

A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

We will notify a data breach to the competent data protection authority without undue delay and, where possible, no later than 72 hours after the data breach comes to our attention.

If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will inform you of the personal data breach without undue delay.

We will be happy to answer any questions you may have about data processing and protection at any of our contact points.

If you have further questions about data protection, you can contact the following authority.

Name: National Authority for Data Protection and Freedom of Information
Headquarters: 9-11 Falk Miksa Street, Budapest, 1055
Address for correspondence: 1363 Budapest, Pf. 9.
Telephone: +36 1 391 1400
Email: ugyfelszolgalat@naih.hu
Honlap: Website: https://www.naih.hu/

Update of the Privacy Policy

In the event that this Privacy Policy is changed or updated, we will communicate this on our site so that our guests are kept up to date on our collection, use and disclosure of personal information.

However, we encourage you to review this Privacy Policy from time to time to be aware of any changes or updates to this policy.

If you have any questions about this Privacy Policy, please contact us at + 36 1 784 1708 or by email at hello@crossfitbbros2.hu.

Scroll to Top