This Privacy Policy governs the privacy of users who choose to Gymkeeper service (collectively, “the Services”), which are provided by Cave Oy. It details the types of personal data we collect, how we process, store, and protect that data, and the rights and responsibilities of both you and Cave Oy. 1. The Website and Our Commitment to Privacy We take a proactive approach to user privacy and have implemented measures to safeguard your data throughout your interaction with our Services. Our website and Gymkeeper comply with all applicable EU, national, and international privacy laws and regulations. 2. Data Collection and Use 2.1. Registration and Essential Data To provide our services, we require certain personal data from you. The data we collect includes, but may not be limited to: This information can be altered by the company using Gymkeeper, always check the company's pricavy policy for further details. -- Needed for accessing/using the system First Name and Last Name Email Address: Used for logging in, identifying the customer, sending notifications, and transactional communications (e.g., invoice creation). -- The information below is not necessary to use the server Address information (if needed by invoicing/membership) Date of birth (in order to track if the client is underaged/adult for different pricing and rules) Gender (if user decides to disclose it, gyms use it for their own purposes) Preferred language (Used to customize user communication language) Dependant names (If opted in. Used to contact the guardians if problems arise) Invoicing and company information (if opted in, in case of invoices, salesorders, purchaseorders or quotes are being sent) Password: Stored in an encrypted form for secure access. Optional Personal Information: Additional details you choose to provide (e.g., worker number). Nationality: Used for localization purposes, such as setting the appropriate timezone and language preferences. We also automatically gather information about your device: This information may include: IP address Browser type Type of operating system Device type Unique device identifier Language preference Access times and dates Geographic location Referring website addresses Search queries Other technical information such as protocol status and substatus, bytes sent and received, and server information This information is used by us for our business purposes, including without limitation for the operation and improvement of the Site, for technical troubleshooting, to maintain quality of the Site and to provide general statistics regarding use of the Site. You may opt out giving out your personal data, but it can hinder the usage of the services. 2.2. Service and Product Development, Security, and Marketing We also process personal data to: Ensure the security of our services, products, and website, Improve the quality of our services and website, and Develop our services and products. In addition, we employ video surveillance at our premises to protect our property and safeguard individuals present in our facilities. For marketing purposes, we may segment our customers based on factors such as usage or behavior on our website. In such cases, the processing of personal data is based on our legitimate interest to ensure the proper security of our services and website and to obtain sufficient and appropriate data for service development. We may contact you to inform you about new service features or to market and sell additional services. Your personal data may also be processed for market research and customer surveys. The processing is based either on your consent or on our legitimate interest to provide you with relevant information and marketing communications. You have the right to object to the processing of your personal data for direct marketing at any time. 3. Your Rights and Data Verification You have the right to request access to the personal data we have stored about you. Such requests are free of charge once per year. To obtain a copy of your stored data, please send your request in writing to the address mentioned at the end of this document. 4. Use of Cookies Our website uses cookies to enhance your browsing experience. On your first visit, you will be provided with a cookie control system that allows you to either accept or reject cookies in accordance with current legislation, which requires explicit consent before storing or accessing cookies on your device. What Are Cookies? Cookies are small files stored on your device that track and store information about your interactions with our website. This data allows us to tailor your experience. Managing Cookies: If you prefer not to allow cookies, please adjust your browser’s security settings to block cookies from our website and its third-party service providers. Please note that blocking cookies may affect certain functionalities of the Services. Tracking Software: We use tracking tools, such as Google Analytics, to analyze visitor behavior. Google Analytics uses cookies to monitor engagement and usage of the website without collecting personal information. For more details, please refer to Google’s Privacy Policy. Third-Party Cookies: External vendors may place cookies on your device when you interact with referral programs, sponsored links, or advertisements. These cookies, used for conversion and referral tracking, typically expire after 30 days, though some may persist longer. No personal data is collected through these cookies. 5. Contact and Communication When you contact us via the website or other channels, you provide personal details at your own discretion. We store this information securely and use it solely for the purpose of responding to your inquiries or providing further information about our products and services. At some dire occasions, we might have to contact you to inform important changes/events of the system. Eg. Something changes in the service, which will hinder the user using the system, we could inform about the change. With your explicit permission, your contact details may also be used to subscribe you to email newsletters or other marketing communications. You can opt out of such communications at any time. 6. Data Security Cave Oy takes the security of your personal data seriously. We employ appropriate technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction, and we retain your information only as long as necessary for the purposes outlined in this Privacy Policy. 7. Data Retention Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. In principle, customer data is retained for ten years after the last registered usage of the service (serial card, ticket buy transaction). Personal data may be retained beyond this period as required or permitted by applicable law. Personal data will be deleted when its retention is no longer necessary for compliance with legal requirements or to protect the rights and obligations of either party. When the data expires, it will be rendered so that the individuals cannot be recognized. 8. Changes to This Privacy Policy We reserve the right to update this Privacy Policy periodically to reflect changes in our practices or applicable laws. The most current version of the Privacy Policy will always be available on our website. We encourage you to review this policy periodically. 9. Contact Information If you have any questions or concerns regarding this Privacy Policy or our data practices, please contact us at: Cave Oy Mekaanikonkatu 15a, 00880 Helsinki, Finland jarmo@gymkeeper.fi, +358 44 0781120

Privacy policy of Gymkeeper