Privacy Policy – Trime Studio

Trime AB, company registration number 559190-2399, with registered address Karlbergsvägen 44, 113 62 Stockholm, Sweden (“Trime”, “we”, “us”), cares about and is committed to protecting and respecting your privacy.
Trime is the data controller for the processing of your personal data described in this Privacy Policy under Regulation (EU) 2016/679 (“GDPR”).

This Privacy Policy explains how we collect, use, share, store and otherwise process personal data relating to customers, prospective customers, website visitors, app users, newsletter subscribers, participants in classes, personal training clients, bootcamp participants, and individuals who contact us.

This Privacy Policy applies to your use of our website, any app or booking platform we make available, our studio services, classes, memberships, punch cards, bootcamps, personal training, events, and related communications.

This Privacy Policy does not apply to personal data processed independently by third parties acting as their own data controllers, such as:

• third-party booking providers such as Bruce or ClassPass;

• payment service providers processing your full card details;

• social media platforms;

• external websites linked from our website or app.

Where such third parties process your personal data independently, their own privacy policies apply.

1. Contact Details

If you have questions about this Privacy Policy or about how we process your personal data, you can contact us at:

Trime AB
Karlbergsvägen 44, 
113 62 Stockholm
Sweden
Email: info@trime.app

2. Important Definitions

For the purpose of this Privacy Policy:

• “Customer” means any individual who purchases, books, uses, or participates in Trime services.

• “Services” means memberships, classes, punch cards, bootcamps, personal training, events, website features, app functionality, customer support, and related offerings.

• “Sensitive personal data” includes data concerning health, which has extra protection under GDPR.

3. Personal Data We Collect

We may collect the following categories of personal data depending on how you interact with us:

3.1 Information you provide to us

• name

• date of birth or age bracket

• gender, if you choose to provide it

• email address

• telephone number

• postal address, if relevant

• emergency contact details, if you choose to provide them

• account login details

• booking details

• membership or package information

• purchase history

• communication with us

• preferences and interests relevant to your training experience

• profile photo, if you choose to upload one

3.2 Information generated when you use our services

• class bookings and cancellations

• attendance and check-in history

• use of memberships, punch cards, PT sessions, or bootcamps

• customer support history

• device information

• log information

• IP address

• browser type

• app and website usage data

3.3 Health and training-related information

We may collect limited information about your health, injuries, training background, physical limitations, goals, preferences, or other information relevant to adapting training safely and effectively, but only where necessary and only with an appropriate legal basis. Where this information constitutes sensitive personal data, we will process it only where GDPR permits, typically based on your explicit consent.

3.4 Location data

If our app or website offers location-based features, we may process approximate or precise location data from your device if you enable that feature. If you do not consent to location access, you can usually still use our services by manually entering your location.

3.5 Payment-related information

When you make a purchase, card or payment details are generally processed directly by our payment provider. We do not store or access full payment card details. We may receive limited payment-related information such as payment status, payment method type, transaction ID, and the last four digits of a payment card where relevant. This is broadly consistent with how major fitness operators structure payment processing disclosures.

3.6 Information from third parties

We may receive personal data from:

• booking and membership platforms;

• payment providers;

• third-party booking partners such as Bruce or ClassPass;

• analytics, advertising, or communications providers;

• social media platforms where you interact with us.

4. How We Use Your Personal Data and Our Legal Bases

Under GDPR, each processing activity must have a lawful basis. We process your personal data for the following purposes:

4.1 To create and manage your account, bookings, memberships, punch cards, and purchases

Examples:

• creating customer accounts;

• processing bookings and cancellations;

• managing memberships, PT, bootcamps, and punch cards;

• sending confirmations, reminders, and operational notices.

Legal basis: performance of a contract, or steps taken before entering into a contract.

4.2 To provide and administer training services

Examples:

• adapting sessions to your stated goals or preferences;

• managing attendance;

• administering waiting lists;

• handling studio access and customer service.

Legal basis: performance of a contract; in some cases legitimate interests in operating and improving our services.

4.3 To process health-related information you choose to share

Examples:

• injury information shared before PT;

• physical limitations relevant to safe exercise;

• training notes recorded to adapt your programme.

Legal basis: your explicit consent for sensitive personal data, and where relevant, performance of the training services you requested.

4.4 To communicate with you

Examples:

• replies to inquiries;

• customer support;

• updates about bookings;

• reminders;

• service messages.

Legal basis: performance of a contract, or legitimate interests in administering customer relationships.

4.5 To send marketing

Examples:

• newsletters;

• promotions;

• class launches;

• events;

• studio offers.

Legal basis: consent where required, or legitimate interests where marketing to existing customers is allowed under applicable law. You always have the right to object to direct marketing, and if you object, your personal data may no longer be processed for that purpose.

4.6 To improve our services, website, app, and customer experience

Examples:

• analytics;

• product development;

• customer surveys;

• understanding attendance patterns;

• improving schedules and offerings.

Legal basis: legitimate interests in improving and developing our services, and consent where legally required for cookies or similar tracking technologies.

4.7 To meet legal obligations

Examples:

• bookkeeping and accounting;

• handling tax and payment records;

• complying with consumer law and legal requests.

Legal basis: legal obligation.

4.8 To protect safety, prevent misuse, and enforce our terms

Examples:

• investigating no-show abuse, fraud, harassment, unsafe conduct, or serious breaches of studio rules;

• documenting incidents where necessary;

• enforcing suspensions or restrictions.

Legal basis: legitimate interests in protecting our staff, customers, premises, and business.

4.9 To manage social media interactions

If you interact with us on social media, we may process your username, messages, comments, reactions, and related engagement data.

Legal basis: legitimate interests in communicating with customers and understanding how our social media is used.

5. Marketing Communications

We may send you marketing by email, SMS, push notification, or similar electronic means where permitted by law.

You can unsubscribe or object to direct marketing at any time by:

• clicking the unsubscribe link in a marketing email;

• changing your app preferences, if available;

• contacting us at info@trime.app.

If you object to direct marketing, we will stop using your personal data for that purpose without undue delay.

6. How We Share Your Personal Data

We may share your personal data only where necessary and appropriate, including with:

6.1 Service providers and processors

Such as providers of:

• booking and membership systems;

• CRM systems;

• email and SMS communication tools;

• payment processing;

• cloud hosting;

• analytics;

• customer support;

• IT and security services.

These providers act on our behalf under data processing agreements where required by GDPR.

6.2 Trainers and staff

Relevant customer data may be available to our trainers, coaches, instructors, and customer support staff where necessary to deliver services safely and effectively.

 If health-related information is shared with a trainer or coach, this will only be done where necessary for the requested service and with an appropriate legal basis, typically your explicit consent where the information is sensitive personal data.

6.3 Third-party booking partners

If you book through Bruce, ClassPass, or similar platforms, we may share booking, attendance, and limited profile details with those partners as necessary to manage the booking relationship. Those platforms may also process your personal data as independent controllers.

6.4 Authorities and legal recipients

We may disclose personal data to courts, police, regulators, tax authorities, or other recipients where required by law or where necessary to establish, exercise, or defend legal claims.

6.5 Corporate transactions

If Trime is sold, merged, restructured, or transfers assets, personal data may be transferred to the relevant buyer or successor business, subject to applicable law.

7. International Transfers

Some of our service providers may process personal data outside the EU/EEA.

 Where personal data is transferred outside the EU/EEA, we will ensure that the transfer is lawful by relying on:

• an adequacy decision by the European Commission; or

• appropriate safeguards such as the European Commission’s Standard Contractual Clauses; or

• another lawful transfer mechanism under GDPR.

8. Cookies and Similar Technologies

We may use cookies, pixels, SDKs, local storage, and similar technologies on our website or app for:

• essential site functionality;

• remembering preferences;

• measuring traffic and usage;

• improving user experience;

• marketing and retargeting, where applicable.

Where required by law, non-essential cookies and similar technologies will only be used after you give consent through our cookie banner or preference center.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, unless a longer period is required by law.

Indicative retention periods:

9.1 Customer account and membership data

We retain account data and service history for the duration of the customer relationship and normally for up to 24 months after the relationship ends, unless a longer retention period is needed for unresolved matters, legal claims, or legal obligations.

9.2 Booking and attendance history

Normally retained for up to 24 months after the relevant booking or end of the customer relationship, unless needed longer for disputes, fraud prevention, or legal claims.

9.3 PT notes and training preferences

Normally retained for up to 12 months after the last PT session, unless you ask us to erase them earlier and no legal exception applies.

9.4 Health-related information

Retained only for as long as necessary for the relevant training purpose and, where based on consent, deleted when no longer needed or when consent is withdrawn, unless another lawful basis requires retention.

9.5 Customer support communications

Normally retained for up to 24 months after the issue is resolved.

9.6 Marketing preferences

Retained until you unsubscribe or object, and thereafter we may keep limited suppression information so that we do not contact you again for marketing.

9.7 Accounting and payment records

Retained as long as required by bookkeeping and tax legislation, typically 7 years under Swedish bookkeeping practice.

10. Security Measures

We use appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, and other unlawful processing. This may include:

• access controls;

• password protection;

• encryption where appropriate;

• role-based permissions;

• secure vendors;

• staff confidentiality obligations.

No system is completely secure, but we work to maintain a level of security appropriate to the risks.

11. Children and Young People

Our services are primarily intended for individuals aged 18 and over, but younger participants may use some services in accordance with our terms and any required guardian consent.

 Where we process personal data relating to minors, we will take into account that children deserve specific protection under data protection law.

12. Your Rights

Under GDPR, you may have the right to:

• access your personal data;

• receive information about how we process it;

• correct inaccurate data;

• have data erased in certain cases;

• restrict processing in certain cases;

• object to processing based on legitimate interests;

• object at any time to direct marketing;

• receive certain data in a portable format where applicable;

• withdraw consent at any time where processing is based on consent;

• lodge a complaint with IMY.

12.1 Right of access

You may request confirmation as to whether we process your personal data and request a copy of the data and related information.

12.2 Right to rectification

You may ask us to correct inaccurate or incomplete data.

12.3 Right to erasure

You may ask us to delete your personal data where GDPR gives you that right, for example where data is no longer needed, consent is withdrawn, or the data was processed unlawfully. There are legal exceptions.

12.4 Right to restriction

You may ask us to restrict processing in certain circumstances.

12.5 Right to object

You may object to processing based on legitimate interests. You always have the right to object to direct marketing.

12.6 Right to data portability

Where applicable, you may request certain data in a structured, commonly used, machine-readable format.

12.7 Right to withdraw consent

Where processing is based on your consent, including explicit consent for health data, you can withdraw that consent at any time. Withdrawal does not affect processing carried out before the withdrawal.

12.8 Right to complain

You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY): imy.se.

To exercise your rights, contact us at info@trime.app.

13. Social Media, User Content and Reviews

If you post reviews, comments, tags, or similar content about us on public platforms, that information may be visible to others. If you send us messages through social media, we may process those messages to respond and provide support.

Please do not send sensitive health information through insecure channels such as social media direct messages or ordinary email unless necessary.

14. Photography and Video for Marketing

We may from time to time take photographs or video recordings in the studio for marketing and community purposes.

 Where identifiable individuals are featured in a way that requires consent under applicable law or guidance, we will obtain appropriate consent or offer a clear opt-out process depending on the context and setup.

15. Third-Party Websites and Services

Our website, app, emails, or social media may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and you should review their privacy policies separately.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will take reasonable steps to inform you, for example by email, through the website, in the app, or by another appropriate notice.

The latest version will always be available on our website.

Last updated: 20 March 2026