Privacy Policy

Last updated: April 14, 2026

1. Introduction

Athens Boxing Club ("we," "us," or "our"), located at Galaxia 7, Athens 11745, Greece, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our mobile application, or otherwise interact with our services. We act as the data controller for the personal data described below.

2. Information We Collect

We may collect the following types of personal information:

• Account Information: Name, email address, phone number, and password when you create an account on our website or mobile app.
• Booking Information: Class bookings, personal training appointments, attendance records, and booking history.
• Purchase Information: Membership purchases, merchandise orders, order history, and any shipping or delivery details you provide for shop orders.
• Payment Information: Payment card details and billing information are collected and processed directly by our payment processor. We do not store full card numbers on our servers; we only retain a reference to the transaction and a limited set of non-sensitive details (such as the last four digits and card brand) necessary for our records.
• Usage Data: Standard server logs generated when you visit our website or use our mobile app, including IP address, device and browser type, operating system, pages visited, and timestamps.
• Aggregated Analytics and Performance Data: We use a privacy-friendly, cookieless analytics service to understand aggregate site usage (such as page views, referrers, country, and device type) and a performance monitoring service to measure real-user performance metrics (such as page load time and responsiveness). These services do not use tracking cookies or persistent identifiers. They process your IP address and browser information only transiently to generate a short-lived, non-reversible anonymous identifier; they do not track you across other websites and do not build a personal profile.
• Communication Data: Messages and correspondence you send to us by email, phone, or through the website and app.

3. How We Use Your Information

We use your personal information to:

• Provide and manage our services, including class bookings, personal training appointments, and shop orders
• Process payments and maintain your account
• Send transactional communications such as booking confirmations, cancellation notices, order receipts, password resets, and other service-related messages
• Monitor the performance, stability, and aggregate usage of our website and mobile app, and improve our services
• Comply with legal obligations, including accounting and tax requirements under Greek law
• Ensure the safety and security of our facilities

We do not send marketing or promotional emails. All email communication from us is strictly transactional and related to a service you have requested or an account you have created.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract: Processing necessary for the performance of our service agreement with you, such as managing your bookings, memberships, and orders.
• Consent: Where you have given explicit consent for specific processing activities.
• Legitimate Interest: Processing necessary for our legitimate business interests, such as securing our infrastructure, preventing fraud, and improving our services.
• Legal Obligation: Processing required to comply with applicable laws, including Greek tax and accounting legislation.

5. Data Sharing and Sub-Processors

We do not sell your personal information. We share it only with trusted service providers who help us operate our website, mobile app, and services. These providers act as our processors and are contractually bound to handle your data securely and only on our instructions. The categories of processors we rely on are:

• Cloud hosting and application delivery providers — used to host our website, serve pages, and store server logs.
• Database and authentication providers — used to store account, booking, and order data and to manage secure sign-in.
• Payment processors — used to process membership, appointment, and shop payments. We never receive or store your full card details.
• Transactional email providers — used to deliver confirmations, receipts, and account-related messages.
• Privacy-friendly analytics and performance monitoring providers — used to collect cookieless, aggregated site usage and real-user performance metrics.

We may also disclose personal data when required by law, court order, or to protect our legal rights. A current list of the specific sub-processors we use is available on request by contacting us at the address below.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), including in the United States. Where personal data is transferred outside the EEA, we rely on appropriate safeguards as required by GDPR, primarily the European Commission's Standard Contractual Clauses (SCCs), together with additional technical and organizational measures where necessary. You can request more information about these safeguards by contacting us.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit (HTTPS), encrypted storage of passwords, role-based access controls, and row-level security on our database. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal information only for as long as necessary for the purposes described in this Policy:

• Account and profile data: retained while your account is active. You may request deletion at any time, after which we will remove or anonymize your data, subject to the legal retention requirements below.
• Booking and attendance history: retained for the duration of your membership and for a reasonable period afterwards to resolve disputes and answer member inquiries.
• Payment and invoice records: retained for five (5) years as required by Greek tax and accounting legislation.
• Server and security logs: retained for a short period (typically up to 90 days) for security, debugging, and abuse prevention.

9. Your Rights

Under GDPR and applicable Greek law, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr

To exercise any of these rights, please contact us using the details in section 14. You can also delete your account directly from the account settings page on our website.

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our website in the following categories:

• Essential cookies: Set by our authentication provider to keep you signed in securely and to maintain your session as you move between pages. These cookies are strictly necessary to provide the service you have requested, and the lawful basis for their use is the performance of our contract with you. They cannot be switched off.
• Optional cookies from an advertising measurement partner: Used to understand the performance of our marketing campaigns and to measure how visitors arrive at and interact with our website. The lawful basis for these cookies is your consent. No such cookies are set on your device before you grant consent.

You can grant, withdraw, or change your consent at any time through the cookie banner or by using the "Cookie preferences" link in the footer of any page. Withdrawing consent will prevent any further marketing cookies from being set and will stop the associated measurement from that point forward.

A list of current sub-processors is available on request by emailing athensboxingclub@gmail.com.

On our mobile application, authentication tokens are stored on your device using the operating system's secure storage and are used solely to keep you signed in between sessions.

11. Third-Party Links

Our website and app may contain links to third-party websites, such as our social media profiles. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Children's Privacy

Our online services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children online without parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date above. Your continued use of our services after such changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: athensboxingclub@gmail.com
• Phone: +30 210 923 6494
• Address: Galaxia 7, Athens 11745, Greece