Privacy policy

Privacy Policy

Last updated: December 2025

Gymfit ("we", "us", "our"), operated by SKYLINE STRATEGIES LIMITED, is committed to protecting your personal data and processes it exclusively in accordance with the GDPR (EU) 2016/679 and other applicable data protection laws.

Controller under Article 4, point 7 of the GDPR

SKYLINE STRATEGIES LIMITED (Gymfit)
Unit 2A, 17/F Glenealy Tower
No. 1 Glenealy Central
Hong Kong Island
Hong Kong
Company No.: 77304304
Representative: Yu Zhong

Contact for data protection matters

E-mail: kontakt@gymfit.se
Phone: +852 5193 4496
Customer Service: Mon–Fri, 07:30–16:30 (CET/CEST)

Collection of personal data

We process personal data that you actively provide to us, including:

• name
• billing and shipping address
• email address
• phone number
• payment information (see the section "Payment Information")
• order and transaction history
• content from support requests

Automatically collected data when using our website:

• IP address
• device and browser information
• cookies and tracking data
• pages visited, interactions, and timestamps

Purposes of data processing

We process personal data for the following purposes:

• processing of orders, payments, and deliveries
• management of customer accounts
• communication and customer service
• handling of returns, exchanges, and complaints
• fraud and abuse prevention
• improvement of our offering and our website
• marketing, if you have given consent
• compliance with statutory archiving, evidentiary, and compliance requirements

Legal bases under the GDPR

• Article 6(1)(b) GDPR – performance of a contract
• Article 6(1)(c) GDPR – legal obligation
• Article 6(1)(f) GDPR – legitimate interest (e.g. fraud prevention, optimisation)
• Article 6(1)(a) GDPR – consent (e.g. newsletter, cookies)

You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Disclosure of personal data to third parties

We disclose personal data only when necessary for:

Order and payment processing

• Shopify Payments
• Klarna AB
• Swish (Getswish AB)
• Credit card providers (Visa, Mastercard, Amex, etc.)

Shipping and logistics

• PostNord, DHL, YunExpress, SUNYOU, 4PX (depending on the order and destination)

Shop hosting and data processing

• Shopify International Ltd., Victoria Avenue, Blackrock, Co. Dublin, Ireland

Marketing (only with consent)

• Email services for newsletters (e.g. Mailchimp/Klaviyo)

We never sell personal data to third parties.

Payment information and data security

Payment data is processed exclusively by our certified payment providers. These are PCI-DSS compliant and use modern security and encryption standards. We do not store any complete credit card or payment details in our own systems.

More information: Shopify's Privacy Policy

Hosting and processing via Shopify

Our website is operated by Shopify International Ltd. (Ireland). When you visit our website or place an order, personal data may be stored and processed by Shopify. Shopify is affiliated with the EU-US Data Privacy Framework and processes data on the basis of standard contractual clauses pursuant to Article 46 of the GDPR.

International data transfer

As our company is based in Hong Kong and Shopify uses global servers, personal data may be transferred to third countries. We ensure that appropriate safeguards are in place pursuant to Article 46 of the GDPR (EU standard contractual clauses). Hong Kong has its own data protection system (Personal Data (Privacy) Ordinance, PDPO), which offers a comparable level of protection.

Retention period

• Contract and order data: 7 years (requirements under the Swedish Accounting Act)
• Customer account: until deleted by the user
• Support communication: up to 24 months
• Marketing data: until consent is withdrawn
• Server logs: up to 30 days

Cookies and tracking technologies

We use cookies to:

• provide basic shop functions (technically necessary – no consent required)
• save shopping carts
• improve analytics and performance (only with consent)
• display marketing (only with consent)

On the first visit, a cookie banner is displayed where you can make your choices. You can change your settings at any time via [Cookie settings] or your browser.

Your data protection rights

You have the right at any time to:

• Access (Article 15 GDPR)
• Rectification (Article 16 GDPR)
• Erasure (Article 17 GDPR)
• Restriction of processing (Article 18 GDPR)
• Data portability (Article 20 GDPR)
• Objection (Article 21 GDPR)
• Withdrawal of consent

To exercise your rights, contact us at kontakt@gymfit.se. We will respond within 30 days.

Right to lodge a complaint

You have the right to lodge a complaint with your national data protection authority:

• Sweden: Integritetsskyddsmyndigheten (IMY), www.imy.se
• Norway: Datatilsynet, www.datatilsynet.no
• Denmark: Datatilsynet, www.datatilsynet.dk
• Finland: Tietosuojavaltuutetun toimisto, tietosuoja.fi
• Germany: Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), www.bfdi.bund.de

Minors

Our offering is not directed at persons under 16 years of age. We do not knowingly process personal data from minors. If we have accidentally received such data, it will be deleted immediately.

Changes to this Privacy Policy

We may update this policy to comply with legal requirements or if our services change. The current version is always available on this page. In the event of material changes, registered customers will be informed by email.