GENERAL 1.1 The use of the services provided to the visitor/user/customer by the stores of “BODYFIT”, requires your unconditional agreement with this Privacy Policy on the Protection of Personal Data. Therefore, the visitor/user/customer/subscriber must carefully read the contents of this policy. 1.2 BODYFIT respects your privacy and fully complies with the Greek and European Regulation GDPR for the collection, processing and protection of your personal data. This Privacy Statement informs you of our privacy practices and the choices available to you about how we collect information about you and how we use it. 1.3 This privacy policy may change from time to time in accordance with legislation or industry developments. Your continued use of the BODYFIT website even after any changes to the Privacy Policy constitutes your unconditional acceptance of these terms. SUBJECT OF THIS PRIVACY STATEMENT 2.1 This privacy statement applies to all websites, domains, services, applications and products owned by BODYFIT. 2.2 BODYFIT collects, extracts and uses personal information in order to better serve you and personalize your experience and interaction with BODYFIT. This collection is done with proper notice and securing your consent and with the necessary data protection authority procedures where required. 2.3 BODYFIT may collect personal information from you to complete various transactions, such as:

• creation of a user profile and user verification
• purchase of membership to BODYFIT gyms and services
• creation of a Member/Subscriber card in the BODYFIT gym
• creation of an individual Member/Subscriber card to enter the BODYFIT gym
• requests for information (e.g. prices of products, services etc.)
• subscriptions to marketing or support services
• promotional activities of BODYFIT partners
• requests for recruitment or cooperation
• products and marketing messages (newsletters etc.)

In addition, the types of personal information you provide to us may include: Identifying and contact information, such as your full name, first name/first name, gender, age (date of birth), home or work address, telephone number (mobile/landline – home/work) and e-mail address; furthermore, we may register your biometric data (height, weight, body measurements, fat, muscle mass, etc.), facial photos, health data and medical history resulting from medical certificates (chronic diseases, allergies, etc.), eating habits and personal diet plan, individual or group exercise program, other unique information such as, but not limited to, user IDs and passwords, product and service preferences, communication preferences, tracking participation in group programs/activities, expressions of interest in the provision of services by BODYFIT Partners, banking and billing information (such as your VAT number) and data regarding your interest in employment/work in some cases (especially in cases where you submit a resume to us in order to become a BODYFIT Partner) and data regarding your interest in employment/work in some cases (especially in cases where you submit a resume to us in order to become a BODYFIT Partner). 2.4 If you post, comment, express interest or complaints or share your personal information, including photos/videos, in any public forum on a BODYFIT site, social media (such as facebook, instagram, youtube, foursquare, twitter etc.), blog or other such forum, you should be aware that any information you submit may be read, viewed, collected or used by other users of such forums or social media and may be used to contact you, send unsolicited messages or for purposes that are not controlled by either you or BODYFIT. BODYFIT is not responsible for the personal information you choose to submit to such forums or social media. 2.5 In addition to the information you knowingly provide, BODYFIT may also collect information when you visit a BODYFIT website, a web-based application, or a website operated by another company on behalf of BODYFIT through automatic data collection tools, including web beacons, cookies, and embedded web links. These tools collect certain traffic information that your browser sends to a website, such as your browser type and language, access times, and the address of the website from which you came. They may also collect information about your Internet Protocol (IP) address, your geographic location (via GPS), your unique device identifier, your browsing behavior (i.e., the pages you visit and browse, the links you follow, and other actions you take in relation to BODYFIT websites or supported websites), and product and service information. BODYFIT may also use some of its automatic data collection tools for certain e-mails and newsletters that it sends, and therefore may collect information using these tools when you open the e-mail or click on a link contained therein. To learn more, read the section on how BODYFIT uses automatic data collection tools (Cookie Policy). 2.6 BODYFIT also collects information from sources that are publicly or commercially available and are considered reliable. This information may include your name, address, email address, preferences, interests and demographic/profile data. The information that BODYFIT collects from its public or commercial sources may be used together with the information it collects when you visit its websites. PROTECTION OF PERSONAL DATA AND TRANSFER TO THIRD PARTIES We collect and process your personal data only with your express consent and to the extent that this is absolutely necessary. In addition, BODYFIT may provide, with your prior express consent, access to your contact information (mobile phone or e-mail) to external Partners within the framework of contracts for the purpose of creating personalized product and work offers depending on the purpose of these Partners). Such disclosure will only concern the above contact information (name, mobile phone and e-mail) and not all of your personal data and exclusively for the purposes of promoting and displaying services and products with special personalized offers addressed to BODYFIT subscribers. Without prejudice to the above, we will NEVER sell, rent, distribute, or otherwise disclose your personal data unless required to do so by law. If you are under 18 years of age, you MUST have your parents’ consent before using the services of this website. RELEVANT LEGISLATION In parallel with BODYFIT’s internal IT systems, this website has been designed to comply with the following legislation/regulations regarding the protection of users’ personal data:

1. EU Data Protection Directive 1995 (DPD).
2. General Data Protection Regulation 2016/679/EU on the EU’s general data protection (GDPR).
3. Relevant National Legislation.

PERSONAL INFORMATION COLLECTED BY THIS SITE AND WHY IT IS COLLECTED BODYFIT collects personal information from its users/partners/customers only when they voluntarily provide it. Personal information is information that can be used to identify or communicate with an individual, as well as other information concerning that individual, and in any case, it is all information that is explicitly mentioned in the BODYFIT Privacy Policy. The administrator may use this information for informational purposes or to propose new offers, unless the latter does not wish to do so. The website administrator will NOT sell or otherwise transfer or disclose personal information of its customers to third parties not related to BODYFIT, without the customer’s consent, with the exception of the application of relevant legal requirements and to the competent authorities only. A. We collect basic information from you when you sign up for our newsletter, which includes your name and email address. We also record your email address and any other information provided to your email provider (Gmail, Outlook, Yahoo! Mail, etc.) when you contact us. Along with this, we also keep notes or details that explain what you requested and how we responded when you contacted us. We also use cookies and similar technologies on our website to collect information about interactions and usage. Please refer to the Cookies Privacy Policy section for more information about the specific type of information we may collect and your choices regarding this data. B. This website collects and uses personal information for the following reasons. Website traffic tracking Like most websites, this one uses Google Analytics (GA) to track user activity. We use this data to determine the number of people using our website, to better understand how they find and use our pages, and to see their journey through the website. Although GA records data such as your geographical location, your device, your web browser, and your operating system, none of this information identifies you personally to us. GA also records your computer’s IP address, which could be used to identify you, but Google does not provide us with access to it. We consider Google to be a third party data processor that is compliant with European law. Contact forms and email links If you choose to contact us using a contact form or a link in our email, none of the data you provide will be stored by this website or transferred to or processed by any third party data processor, as defined below in the section “Our third party data processors”. Instead, this data will be sent to us in an email message via the SMTP (Simple Mail Transfer Protocol) protocol. Our SMTP servers are protected by the TLS security protocol (sometimes known as SSL), which means that the email content is encrypted before it is sent over the internet. The email content is decrypted by our local computers and devices. SHARING DATA WITH THIRD PARTIES We may share your personal data with trusted third-party service providers as necessary for them to perform services on our behalf. Examples of data sharing include cookies, your IP address, your email address and your name. Your email address and name are only used with trusted services that we use to create newsletters. We only share the minimum information necessary, and third parties are not allowed to use your information for any other purpose, as stated in our Privacy Policy. Each third party we use also complies with the GDPR regulations. Third-party services, tools and widgets we use Below you can find the list of all third-party tools, services and widgets we use, as well as links to information about how these services manage your data. Google Analytics – We use Google Analytics to track basic statistics on our website. For more information about how Google handles your personal data, please go here. MailChimp – We use MailChimp to create our newsletters and marketing emails, as well as to organize all our subscribers (registered users of our newsletters) into lists. For more information about how MailChimp handles your personal data, please go here. Social media links – The BODYFIT website may contain links to social media (including but not limited to facebook, instagram, tik tok, youtube, twitter, etc.) that are not owned or controlled by BODYFIT. BODYFIT does not control these links, which do not operate under this Privacy Policy. We recommend that you review the privacy statements of these social media, so that you are informed about the procedures they apply regarding the collection, use, and disclosure of your personal and non-personal information. Our website runs on the open source WordPress platform and, as such, we use some essential plugins to make our website work better. Any plugins (known as ‘extensions’) that are not listed on our Privacy Policy page are those that do not use or collect your personal data in any way and, if they do by default, we have made sure that we have disabled the sending or sharing of this data to these services or tools or extensions (plugins). NEWSLETTERS, MARKETING E-MAILS AND COMMUNICATION Users can choose to subscribe to our newsletter, providing their name and email address (e-mail) to gain access to BODYFIT’s communication/promotional/advertising material as well as to follow its activity, be informed about actions and events and be in contact with it. The email addresses (e-mails) that we receive from our users when they subscribe to the newsletter, will be used exclusively and only for the purposes of the website without putting users at risk of spam. The subscriber can unsubscribe from our newsletter at any time by informing us via e-mail or by clicking on the “Unsubscribe from our list” link under each newsletter we send them. SECURING YOUR DIGITAL IDENTITY Creating a digital identity takes dedication. Here are ways we help you protect yours. Secure communication channels: We encrypt personal data provided to us via web forms using up-to-date standards to prevent interception of transmitted information. DATA BREACHES For any personal information stored in our database, all necessary measures will be taken to secure it. We will report any illegal breach of the database of this website or the database of any third party data processor to any and all directly interested parties as well as to the authorities within 72 hours of the breach, if it is obvious that personal data stored in an identifiable form has been stolen. To stop receiving newsletters, promotional e-mails, as well as to stop any communication with us, simply click on the “Unsubscribe from our list” link at the end of each of our newsletters and all your personal data will be automatically deleted at that time. You are also given the opportunity to edit your personal data, as well as to choose the e-mails you want to be sent to you from our website, if there is more than one newsletter or e-mail campaigns. Note: In the event that the link at the end of our newsletters does not work properly or shows problems, please inform us about the deletion or processing of your data, and we will make the necessary changes or the complete deletion of your data within 48 hours. Your IP address as well as cookies are collected by third party services, including Google Analytics and Google Adsense. Both services comply with the GDRP regulations and all data on our website is automatically deleted every 38 months. BODYFIT is committed to resolving complaints related to privacy and the collection or use of personal information. BODYFIT is further committed to reporting any unresolved privacy complaints from EU citizens or residents regarding transfers of their personal data within the framework of the authorities to an independent dispute resolution mechanism. If at any time you would like to verify whether you are a subscriber to our newsletter, and wish to receive a copy of the file with your data that we store (e-mail, date of registration, internal number in our system, formatting of the text you receive, html-plain text), please send us an e-mail with the subject “My personal data”, and we will respond to you as a matter of absolute priority. If for any reason, at any time, you would like us to delete any information, and of course your newsletter subscription email (right to be forgotten), please send an e-mail with the subject “Right to be forgotten”. We will delete any information about you, and we will confirm the action by e-mail that you will receive the next business day. If you have any questions, concerns or complaints regarding our Privacy Policy or the practices of our services, you can contact the Data Processing Officer of BODYFIT at 2311821905 or at the e-mail address info@thebodyfit.gr We will respond to all requests, questions or concerns within thirty (30) days. In addition, you can contact us via the contact form that you will find on the website.