Privacy Policy at a Glance
1. Who We Are
This Privacy Policy applies to Gym Tech Fitness Service LLC and Gym Tech Sales LTD (collectively, "Gym Tech Fitness," "we," "us," or "our"), operators of gymtechfitness.com and related digital properties.
We are a premium fitness equipment retailer, service provider, and gym design company headquartered in the New York tri-state area, with showroom locations in Forest Hills NYC, Southampton (Hamptons), Woodbury (Long Island), and Greenwich, CT.
We are the data controller for personal information collected through our website, forms, and communications. Our Data Protection contact:
Gym Tech Fitness — Webmaster / Data ControllerEmail: webmaster@gymtechfitness.com
Phone: (866) 496-8324
2. Information We Collect
2.1 Information You Provide Directly
When you complete a contact form, request a quote, or communicate with us, we may collect:
- Identity Data: First name, last name, full name
- Contact Data: Email address, phone number, mailing address
- Inquiry Data: Service type, budget range, purchase timeline, equipment location, equipment type, space details, company name, and any information you provide in message fields
- Marketing Preferences: Consent to receive communications and preferred contact method
- Transaction Data: Purchase history, order details, payment method type (not full card numbers — processed by third-party payment processors)
- Service Data: Equipment repair history, maintenance records, service appointment details
2.2 Information Collected Automatically
- Device & Technical Data: IP address, browser type and version, operating system, device type, screen resolution, language settings
- Usage Data: Pages visited, time spent, links clicked, referring URLs, exit pages, search terms
- Location Data: Approximate geographic location derived from IP address (country, state, city — not precise GPS)
- Session Data: Session ID, start time, pages per session, time on site
- Cookie Data: See Section 8 for full details
2.3 Information From Third Parties
- Advertising Platforms: Meta (Facebook/Instagram) and Google — how you interact with our advertisements
- Analytics Providers: Aggregated and behavioral data from Google Analytics and Microsoft Clarity
- CRM Systems: Contact history and interaction data maintained in HubSpot
- Public Sources: Publicly available business information relevant to commercial inquiries
2.4 Sensitive Information
We do not intentionally collect sensitive personal information such as Social Security numbers, financial account numbers, health or medical information, racial or ethnic origin, political opinions, religious beliefs, or biometric data. Please do not submit such information through our forms.
3. How We Collect Information
- Website Forms: Contact forms, quote requests, callback requests, SMS text-back requests, and our floating contact widget (powered by GymSpotter.AI)
- Cookies and Tracking Pixels: Automated collection via cookies, pixel tags, and similar technologies placed by us and our analytics/advertising partners
- Phone and Email: Information you provide when calling or emailing us, or responding to our communications
- In-Store / Showroom Visits: Business cards, signed service agreements, and purchase forms at our showroom locations
- WooCommerce Checkout: Information provided during online product purchases
- HubSpot: Data collected when you interact with HubSpot-powered forms, chat, or email campaigns
4. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | What We Use | Legal Basis |
|---|---|---|
| Responding to Inquiries | Name, email, phone, inquiry details | Contract performance; Legitimate interest |
| Processing Service Requests | Contact data, equipment data, location | Contract performance |
| Processing Purchases | Contact data, order details, payment info | Contract performance |
| Lead Qualification & Follow-Up | Inquiry data, browsing behavior, form responses | Legitimate interest |
| Email Marketing | Email address, name, preferences | Consent (opt-in required) |
| SMS / Text Marketing | Mobile phone number, preferences | Explicit consent (TCPA compliant) |
| Website Analytics & Improvement | Usage data, device data, behavioral data | Legitimate interest; Consent (cookies) |
| Targeted Advertising | Cookie data, behavioral data, hashed email | Consent (cookie consent) |
| Retargeting Campaigns | Cookie data, pixel data (Meta, Google) | Consent (cookie consent) |
| Customer Service Records | All data you provide | Legitimate interest; Legal obligation |
| Fraud Prevention | IP address, device data, form patterns | Legitimate interest; Legal obligation |
| Legal Compliance | As required | Legal obligation |
5. Third-Party Services and Data Sharing
We share data with third-party service providers who help us operate our business. All third parties are contractually obligated to handle your data securely and only for the purposes we specify.
5.1 Analytics & Advertising Partners
We use Google Analytics 4 (GA4) to understand how visitors interact with our website. Google Tag Manager deploys tracking tags without modifying our site code.
- Data collected: Page views, session data, events, device info, approximate location, referral source, UTM parameters
- IP anonymization: GA4 is configured with IP anonymization enabled
- Data retention: We retain Google Analytics data for 14 months
- Opt-out: Google Analytics Opt-out Browser Add-on
- Privacy policy: policies.google.com/privacy
Microsoft Clarity records user sessions and generates heatmaps to help us understand how users interact with our website.
- Data collected: Mouse movements, clicks, scrolls, session replays, device info, IP address (masked)
- Session recordings: Sensitive data (passwords, payment info) is automatically masked
- Opt-out: Microsoft Privacy Dashboard
- Privacy policy: privacy.microsoft.com
The Meta Pixel measures the effectiveness of our Facebook and Instagram advertising campaigns and enables retargeting audiences.
- Data collected: Page views, events (form submissions, product views), hashed email addresses, device data, IP address
- Custom audiences: We may upload hashed customer email lists to create custom audiences
- Lookalike audiences: Meta may use your data to find similar potential customers
- Opt-out: Facebook Ad Preferences or optout.aboutads.info
- Privacy policy: facebook.com/policy
HubSpot is our customer relationship management (CRM) platform and email marketing automation tool.
- Data stored: Contact information, inquiry history, email engagement (opens, clicks), website visit tracking
- HubSpot cookie: Tracks interactions with our website and emails
- Data location: HubSpot servers (United States)
- Privacy policy: legal.hubspot.com/privacy-policy
GymSpotter.AI powers the contact widget on our website (the floating "Get Quote" button), processes form submissions, and manages lead routing via automated n8n workflows.
- Role: Data processor acting on our documented instructions only
- Data processed: Name, email, phone, inquiry details, service type, qualifying responses, metadata (IP address, page URL, UTM parameters, submission timestamp), user agent
- Purpose: Routing inquiries to Gym Tech team members; lead qualification; Google Sheets logging; Gmail notification
- Data location: GymSpotter's n8n cloud instance and Google Workspace (United States)
- Retention: GymSpotter retains data only as long as necessary. Primary control of all lead data stays in our Google Sheets and HubSpot CRM.
- Security: All data transmitted over HTTPS/TLS; processed only under contract with Gym Tech Fitness
- Privacy policy: gymspotter.ai/privacy
- Data processed: Purchase history, billing address, shipping address, email, phone, product preferences
- Payment processing: Payment card details processed by our gateway provider — we do not store full card numbers
5.2 Other Permitted Disclosures
- Legal Requirements: When required by law, court order, subpoena, or governmental authority
- Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
- Protection of Rights: When necessary to protect the rights, property, or safety of Gym Tech Fitness, our customers, or others
- With Your Consent: For any other purpose with your prior explicit consent
6. Email Marketing Communications
We send marketing emails only to individuals who have explicitly consented, consistent with the CAN-SPAM Act and New York State consumer protection laws.
What We May Send
- New product arrivals and featured equipment
- Promotional offers, seasonal sales, and special events
- Gym design tips and fitness space inspiration
- Service reminders and maintenance tips
- Company news, showroom events, and announcements
- Transactional emails (order confirmations, service updates — not marketing; may be sent without marketing consent)
How We Obtain Email Consent
- Form Opt-In: A clearly labeled, un-pre-checked checkbox on contact forms, quote forms, or checkout
- Purchase Relationship: Existing customers may receive marketing for similar products unless they opt out
- Newsletter Sign-Up: When you voluntarily subscribe to our newsletter
We never add you to a marketing list without your knowledge or consent. Every marketing email includes a clear unsubscribe mechanism.
How to Opt Out of Email Marketing
- Unsubscribe link: Click "Unsubscribe" or "Manage Preferences" at the bottom of any marketing email
- Email us: webmaster@gymtechfitness.com — include "Unsubscribe" in the subject
- Call us: (866) 496-8324
CAN-SPAM Act Compliance
- A physical mailing address is included in every marketing email
- The "From" name and email address accurately identify us
- Subject lines accurately reflect the content
- All marketing emails are clearly identified as commercial messages
- Every email contains a clear, conspicuous opt-out mechanism
- Opt-out requests are honored promptly and permanently
7. SMS / Text Message Communications & TCPA Compliance
We send text messages (SMS/MMS) only to individuals who have provided express written consent as required by the Telephone Consumer Protection Act (TCPA) and applicable state law.
Types of Text Messages We Send
- Service Communications: Appointment confirmations, reminders, technician arrival notifications, service completion updates
- Inquiry Follow-Up: Responses to text-back requests submitted through our website
- Transactional Messages: Order confirmations, delivery scheduling, status updates
- Marketing Messages (with separate consent only): Promotional offers, event invitations, new product announcements
How We Obtain SMS Consent
- Website SMS Form: A clearly labeled consent checkbox disclosing: sender identity, message types, rates, opt-out instructions, and a link to this Privacy Policy
- In-Store: Written consent on paper forms at our showrooms
- Phone/Verbal: Verbal consent recorded in our CRM for service-related communications
How to Opt Out of Text Messages
- Reply STOP to any text from us to unsubscribe immediately from all marketing texts
- Reply HELP to any text for assistance
- Email webmaster@gymtechfitness.com with your number and "Remove from SMS" in the subject
- Call us at (866) 496-8324
After opting out you will receive one confirmation text and no further marketing texts. Transactional texts related to active orders or service appointments may continue unless you also opt out of those.
TCPA Compliance Statements
- We do not use automated telephone dialing systems for marketing calls without prior express written consent
- We do not send texts to numbers on the National Do Not Call Registry without prior consent
- Consent to receive texts is never a condition of purchasing any product or service
- We maintain records of all SMS consents including date, time, method, and phone number
- We honor opt-out requests within one business day
9. Data Retention
We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.
| Data Type | Retention Period | Reason |
|---|---|---|
| Inquiry / lead contact data | 3 years from last interaction | Sales follow-up; legal claims period |
| Customer purchase records | 7 years | Tax and accounting legal obligations |
| Service and repair records | 5 years from service date | Warranty and liability purposes |
| Email marketing consent records | Duration of consent + 3 years | CAN-SPAM compliance; legal evidence |
| SMS consent records | Duration of consent + 4 years | TCPA compliance; legal evidence |
| Google Analytics data | 14 months | Analytics purposes |
| Website server logs | 90 days | Security and fraud prevention |
| Deleted / unsubscribed contact data | Suppression list retained indefinitely | To prevent re-adding opted-out contacts |
When no longer needed, personal data is securely deleted or anonymized. Data may be retained longer if required by applicable law or legal proceedings.
10. Your Privacy Rights
Depending on your location and applicable law, you may have the following rights. We honor these for all users regardless of location.
Right to Know / Access
Request a copy of the personal information we hold about you and how we use it.
Right to Correct
Request correction of inaccurate or incomplete personal information we hold.
Right to Delete
Request deletion of your personal information, subject to certain legal exceptions.
Right to Object / Restrict
Object to certain processing (e.g., direct marketing) or request restriction in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format to transmit to another controller.
Right to Withdraw Consent
Withdraw consent for processing (e.g., email, SMS) at any time without affecting prior processing.
How to Exercise Your Rights
- Email: webmaster@gymtechfitness.com — include "Privacy Rights Request" in the subject line
- Phone: (866) 496-8324
We respond within 30 days. We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.
California Residents
California residents have additional rights under the CCPA and CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information as defined by CCPA.
Nevada Residents
Nevada residents may opt out of the sale of personal information under Nevada Revised Statutes Chapter 603A. We do not sell personal information, but you may submit a request by emailing webmaster@gymtechfitness.com.
11. Opt-Out Options — Complete Summary
| What to Opt Out Of | How to Opt Out | Timeframe |
|---|---|---|
| Marketing Emails | Click "Unsubscribe" in any email, or email webmaster@gymtechfitness.com | 10 business days |
| Marketing SMS / Text Messages | Reply STOP to any text, or email us with your number | 1 business day |
| Google Analytics Tracking | GA Opt-out Add-on or adjust cookie settings | Immediate |
| Meta / Facebook Ad Tracking | Facebook Ad Preferences | Immediate |
| Microsoft Clarity / Bing Tracking | Microsoft Privacy Dashboard | Immediate |
| All Third-Party Ad Targeting | optout.aboutads.info or networkadvertising.org | Varies by network |
| HubSpot Tracking | Adjust browser cookies; opt out via HubSpot email unsubscribe | Immediate / 10 days |
| Sale / Sharing of Data | Email webmaster@gymtechfitness.com — we do not sell data but will document your request | 30 days |
| All Data — Deletion Request | Email webmaster@gymtechfitness.com with "Delete My Data" in subject | 30 days |
12. Children's Privacy
Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at webmaster@gymtechfitness.com and we will delete that information.
If you are between 13 and 18 years of age, please ensure you have parental or guardian consent before submitting any personal information through our website.
13. Data Security
We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction.
Security Measures We Use
- HTTPS/TLS encryption for all data transmitted between your browser and our website
- Secure web hosting with reputable managed hosting providers
- Access controls — only authorized personnel have access to personal data
- Third-party payment processing — we do not store full card numbers; handled by PCI-DSS compliant processors
- Regular security updates to WordPress, WooCommerce, and plugins
- Honeypot and bot detection on all web forms
- Secure transmission of form data to our CRM and n8n workflow processor via HTTPS/TLS
Data Breach Response
- Investigate and contain the breach promptly
- Notify affected individuals as expeditiously as possible (NY SHIELD Act requirement)
- Notify relevant regulatory authorities as required
- Take corrective action to prevent future incidents
14. International Data Transfers
Gym Tech Fitness is based in the United States and primarily serves customers in the NY tri-state area. Personal information you submit may be transferred to, stored, and processed in the United States where our servers and service providers are located.
If you are accessing our website from outside the United States, please be aware your information may be processed in a country with different data protection laws than your country of residence. By using our website and services, you consent to this transfer.
15. Links to Other Websites
Our website may contain links to third-party websites, social media platforms, financing portals, and manufacturer websites. This Privacy Policy applies only to gymtechfitness.com. We are not responsible for the privacy practices of external sites and encourage you to review the privacy policies of any third-party site you visit.
16. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Effective Date" at the top of this policy
- Post a notice on our website for a reasonable period after the change
- For significant changes, send an email notification to customers with active accounts or recent interactions
Your continued use of our website after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.
Previous versions of this Privacy Policy are available upon request by emailing webmaster@gymtechfitness.com.
17. Contact Us — Privacy Questions
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Webmaster / Data Controller:
Privacy Contact
Gym Tech Fitness Service LLC
Attention: Privacy / Webmaster
Phone: (866) 496-8324 | General: info@gymtechfitness.com
We respond to privacy inquiries within 5 business days and data rights requests within 30 days as required by law.
16. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Effective Date" at the top of this policy
- Post a notice on our website for a reasonable period after the change
- For significant changes, send an email notification to customers with active accounts or recent interactions
Your continued use of our website after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.
Previous versions of this Privacy Policy are available upon request by emailing webmaster@gymtechfitness.com.
17. Contact Us — Privacy Questions
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Webmaster / Data Controller:
Privacy Contact
Gym Tech Fitness Service LLC
Attention: Privacy / Webmaster
Phone: (866) 496-8324 | General: info@gymtechfitness.com
We respond to privacy inquiries within 5 business days and data rights requests within 30 days as required by law.