ClockLast updated: 04 Nov 2022


We are Gymshark and treating individuals and their personal information with respect reflects our core values and the values of our brand(s). So, we want you to know as much as possible about what we do with your personal information. Also, you and your personal information are protected by various laws and guidance and Gymshark is committed to upholding these and respecting your privacy and keeping your information safe. So, whilst this privacy notice is quite long, we want you to be fully informed.

In this privacy notice any reference to "us", "we", "our" or "ourselves" is a reference to Gymshark, and the particular part of the Gymshark group that you have a relationship with and any reference to "you", "your" and "yourself" is a reference to you as an individual who has a relationship with us or is in contact with us.

This privacy notice applies to everyone who interacts with us as a customer who has purchased any of our products or services (whether in store or online), a user of any apps we provide, anyone who has signed up to receive marketing materials from us, anyone who enters any of our promotions/competitions and anyone who applies to attend any of our events or who interacts on social media with us, except to the extent that the reason you interact with us is already covered by another of our privacy notice(s). For example, our Rest of the World privacy notice will apply to your general use of our website(s). A copy can be found at

Please note that we have a separate privacy notice that relates to personal information captured by our CCTV and Access Control systems. A copy can be found at We also have a separate privacy notice that applies generally to individuals who apply to work for us, a copy of which will be provided to you during the recruitment/ interview process. Finally we have a separate Rest of the World privacy notice that applies to any other individual that may interact with us, a copy of which can be found at You should also read these privacy notices to the extent that they may apply to your activities/ interaction with us in addition to this privacy notice.

This privacy notice provides details in accordance with applicable data protection laws about how we collect and use personal information about you during and after your relationship with us.

As this privacy notice covers a range of individuals and different types of relationships and interactions with us, not all aspects of this privacy notice will apply to you. The aspects of this privacy notice that will apply to you will depend upon the nature of your relationship and interactions with us. If you are unsure, then you can always ask us by contacting


For the purposes of data protection laws and this privacy notice, the controller of your personal information is whichever part of the Gymshark group is processing your personal information. This will usually be the part of the Gymshark group that you interact with or have a relationship with. Being a controller of your personal information means that we are responsible for deciding how we hold and use your personal information. Our main trading entity is Gymshark Limited (Reg No 08130873) which is incorporated in England and Wales. If you are based in the UK, then this company will be the controller of your personal information. If you are based outside of the UK then the controller of your personal information may be another part of our group, but in most cases for the interactions covered by this privacy notice it will be Gymshark Limited that is the controller of your personal information. Sometimes we may pass personal information to different parts of our group, so this privacy notice covers our whole group, and more than one part of our group may be a controller of your personal information. However, regardless of where you are based in the world, any queries you have regarding your personal information will be dealt with by Gymshark Limited, who can be contacted at


It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period of your interactions with us.


Failing to provide some of the personal information we require may have an adverse impact on our ability to interact with you, for example we may not be able to provide you with products or services you would like to receive. However generally you are not obliged to provide us with any of your personal information.


We have appointed a data protection officer (DPO) to oversee our compliance with the data protection laws. If you have any questions about this privacy notice or how we handle your personal information, please contact our DPO on


We keep all of our privacy notices under regular review, and we may update this privacy notice at any time. The current version of this notice is available on our website at or by requesting a copy from If there are any material changes to this privacy notice in the future we will let you know, usually by updating the version on our website.


We are committed to being transparent about how we collect and use your personal information and in meeting our data protection obligations. Data protection laws say that the personal information we hold about you must be:

To make sure this happens we are required under applicable data protection laws to notify you of the information contained in this privacy notice. It is important that you read this document before you begin interacting with us so that you understand how and why we will process your personal information.


In connection with your relationship or interactions with us, we may collect and process a wide range of personal information about you. This includes:

We may also in some cases collect and process more sensitive special category personal information including:

If you are providing us with details of any other individuals, for example a friend of yours that you ask us to deliver our products to where you have ordered them as a present, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with them. They also have the same rights as set out in this privacy notice in relation to their personal information that we collect.


Our supply of products or services (whether in store or online), our apps, our website, events, promotions, social media, content, blogs, materials and other services we provide are not intended for use by anyone under the age of 18 years and we do not knowingly collect personal information relating to anyone under the age of 18 years old.

We may in some cases collect limited personal information related to children where they are connected to someone who is 18 or older whom we have a relationship with, for example a child may attend an event or our premises when accompanied by a responsible adult who has won a competition or who is entitled to attend one of our events.


Gymshark collects your personal information in a variety of ways and from a variety of sources as set out below:

Most of your personal information is collected directly from you, for example through contact with you, through information you input into your account on our website, through information you input into our app, from orders placed by you, from correspondence with you, through your applications, entries to competitions/promotions, entries to events, attendance at events or promotions, subscriptions, memberships, from correspondence with you or through other interactions with us, when you visit our premises or other personal information you provide to us.

We store personal information relating to you in our information technology systems (including our email system and our in-store monitoring and CCTV systems).


We will only use your personal information when the law allows us to. This means we must have one or more legal bases to use your personal information. Most of these will be self-explanatory. The most common legal bases which will apply to our use of your personal information are set out below:

In some cases, more than one legal bases may apply to our use of your personal information.


There are many ways we will need to use your personal information in the context of your relationship with us. We have set out the main uses below and indicated the main applicable legal bases of processing, but there may be other specific uses which are linked to or covered by the uses below.

We always aim to use your personal information in an ethical and non-intrusive way. Your security as a Gymshark customer or potential Gymshark customer is very important to us. We will not use your personal information to target, segment, or profile individuals based on their health (including pregnancy), negative financial status or condition, political affiliation or beliefs, racial or ethnic origin, religious or philosophical affiliation or beliefs, sex life or sexual orientation, data relating to an alleged or actual commission of a crime, for any unlawful or discriminatory purpose or in any other manner that would be inconsistent with your reasonable expectation of privacy.


You have the right to opt out of receiving marketing communications from us at any time by:

The measures listed above do not apply to service messages such as order updates/ tracking and other non-marketing communications from us. They also don’t apply to advertising that may appear on our website, other websites or our apps. Please see below section entitled 'Automated Decision Making' for more information on how we use cookies to advertise to you.


We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you by updating this privacy notice on our website, so please check back regularly for any updates.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. We will rarely need to rely on your consent to process any of your personal information.


Automated decision-making takes place when an electronic system uses personal information to make a decision about that person without any human intervention which produces legal effects concerning them or similarly significantly affects them. We do not currently use this type of automated decision making in our business in relation to you.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision making unless we have a lawful basis for doing so and we have notified you.

However we do use automated processing so that we can show you personalised advertisements whilst browsing our website or those of other companies and to build a customer profile for you.  Any advertisements you see may relate to your browsing activity on our website from your computer or other devices. 

These advertisements are provided by us via external market leading specialist providers using techniques such as pixels, web beacons, ad tags, mobile identifiers and ‘cookies’ placed on your computer or other devices (some of which are subject to your prior consent). For further information on the use of cookies, or for details of how you can remove or disable cookies at any time - see our Cookie Policy

We may analyse your browsing and purchasing activity online and your responses to marketing communications.  The results of this analysis, together with other demographic data, allow us to decide what advertisements are suitable for you and to ensure that we draw to your attention products, services, events and offers that are tailored and relevant to you.  To do so, we use software and other technology for automated processing. This allows us to provide a more personalised services and experience.

We may review personal information held about you by external social media platform providers, such as the personal information available on social media platforms such as Twitter, Instagram, YouTube, Twitter and Facebook.

We aim to update you about products and services which are of interest and relevance to you as an individual.  To help us do this, we process personal information by profiling and segmenting, identifying what our customers like and ensuring advertisements we show you are more relevant based on demographics, interests, purchase behaviour, online web browsing activity and engagement with previous communications.


Your personal information may be shared internally with our staff (including with our customer support, order fulfilment, loyalty and retention, customer relationship management, media, insights, events, campaign, technical and legal teams) where access to your personal information is necessary for the performance of their roles. We only provide access to your personal information to those of our staff who need to have access to your personal information.


When using your personal information we may share it with third parties, but we will only do so when it is appropriate, and we have a lawful basis for doing so. Third parties that we may share your personal information with include:

We also use Google Analytics which sets cookies to collect information about how visitors use our website.  See our Cookie Policy at  We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.  To opt out of being tracked by Google Analytics across all websites visit

We also work with Rakuten Advertising who may collect information when you interact with our site. The collection and use of this information is subject to Rakuten’s privacy policy which can be found at

We do not disclose personal information to anyone else except as set out above unless we are legally entitled to do so. We may provide third parties with aggregate statistical information and analytics about users of our products and services but we will make sure no one can be identified from this information before we disclose it.


It is sometimes necessary to share your personal information outside of the UK and the European Economic Area (the EEA) or it will be collected outside of the UK and the EEA.  This will typically occur when service providers to our business are located outside the EEA or if you are based outside the EEA.  These transfers are subject to special rules under applicable data protection laws.

The same applies to any transfer of personal information to another part of our group of companies based outside of the UK and the EEA. We also apply the same standards to any transfer of personal information between members of our group, regardless of where the group company is based.

If we transfer your personal information outside of the UK and/or the EEA, we will ensure that the transfer will be compliant with applicable data protection laws and all personal information will be secure.  Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are to be taken as regards the personal Information in the overseas location; alternatively, we use standard data protection/contractual clauses. This means that when a transfer such as this takes place, you can expect a similar degree of protection in respect of your personal information.

Our directors and other key staff working for us may in limited circumstances access personal information from outside of the UK and/or the EEA if they are outside of the UK or EEA. If they do so they will be using our security measures and the same legal protections will apply that would apply to accessing personal information from our premises.

In limited circumstances, the people to whom we may disclose personal information may be located outside of the UK and/or the EEA and we will not have an existing relationship with them, for example a foreign police force outside of the UK and/or the EEA. In these cases we will impose any legally required protections to the personal information as required by law before it is disclosed.

If you would like any more details about how we protect your personal information in relation to international transfers then please contact our DPO at


We are committed to keeping your personal information safe and secure and so we have numerous security measures in place to protect against the loss, misuse, and alteration of information under our control.  We will always aim to use best in class security systems implemented across our networks and hardware to ensure access and information are protected. Our security measures include:

We take information security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.


We will hold your personal information for the duration of your relationship with us and then usually for a further period. Where you are a customer, this will usually be for a period of up to 6 years after you last purchased or ordered any products or services from us or last used our apps. If you have only signed up to receive online marketing communications from us, and you have never ordered or purchased anything from us, then we will only retain your personal information for 2 years after you last used any account you have with us or from when you last consented to receive direct marketing from us. In certain, limited cases, it may be necessary to keep your personal information for longer, for example if the information is relevant to a dispute or legal case or claim.

We will not retain your personal information for longer than necessary for the purposes for which it was collected and is being used..

For more information, please contact our DPO at to request a copy of our Data Retention Policy.


As an individual whose personal information we collect and process, you have a number of rights. You may:

You should note that some of these rights, for example the right to require us to transfer your personal information to another service provider or the right to object to automated decision making, may not always apply as they have specific requirements and exemptions which apply to them, and they may not apply to personal information recorded and stored by us. Also, for example we do not use automated decision making in relation to your personal information which has legal or other significant effects for you, but we do use automated processing to show you relevant advertisements. However, some of your rights have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.

If you would like to exercise any of these rights, please contact our DPO at

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person or dealt with by a person who has no right to do so.

Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a complex area of law. More information about your legal rights can be found on the ICO’s website at


We hope you don’t have any reason to complain, and we will always try to resolve any issues you have.

If you are based in the UK, you have the right to make a complaint at any time to the ICO (the UK data protection regulator) about how we deal with your personal information or your rights in relation to your personal information.

You can make a compliant in writing to the ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom or you can go to

If you are based outside of the UK, you may have the right to complain to your local data protection regulator – we recommend checking your rights on the website of your local data protection regulator.


If you have any queries regarding our use of your personal information or this privacy notice then please contact our DPO at or write to DPO, Gymshark, GSHQ, Blythe Valley Park, 3 Central boulevard, Solihull, B90 8AB, United Kingdom. You can use these details regardless of which of our group companies you have a relationship with.