Hoe boek ik een personal trainer via Gymies?

Meld je gratis aan, zoek een trainer op locatie en specialisatie, kies een datum en betaal veilig via iDEAL na bevestiging.

Wat kost een personal trainer via Gymies?

Tarieven variëren van €35 tot €75 per uur. Klanten registreren zich gratis, geen abonnementen of verborgen kosten.

Zijn trainers op Gymies gecertificeerd?

Trainers kunnen hun certificaten en diploma's uploaden naar hun profiel, zodat je direct kunt zien welke kwalificaties ze hebben. Bekijk altijd het profiel en de reviews voordat je boekt.

Elke trainer stelt zijn eigen annuleringsvoorwaarden in. Je vindt deze op het profiel van de trainer voordat je boekt. Zo weet je altijd vooraf waar je aan toe bent.

Hoe meld ik mij aan als personal trainer op Gymies?

Ga naar gymies.nl/voor-trainers, registreer je, upload je certificaten en stel je profiel in. Na verificatie ben je zichtbaar voor klanten. Eerste maand gratis.

Privacy Policy

Last updated: May 2026

1. Who are we?

Gymies is a platform that connects personal trainers and clients. Gymies acts as the data controller within the meaning of the General Data Protection Regulation (AVG/GDPR) for the personal data processed through the Platform. Trade name: Gymies Legal form: Sole proprietorship (Eenmanszaak) Registered address: Amsterdam, The Netherlands Chamber of Commerce number (KvK): [available upon request] Email address: info@gymies.nl Website: https://www.gymies.nl Contact form: gymies.nl/contact Gymies has not appointed a Data Protection Officer (DPO/FG), as this is not legally required given the nature and scale of the data processing. For all privacy-related questions, you can contact us using the details above.

2. Scope of this policy

This Privacy Policy applies to all personal data that Gymies collects and processes through: a) the website gymies.nl and all subdomains; b) the mobile application "Gymies" (available via the Apple App Store and Google Play Store); c) email communication with Gymies; d) the contact form on the website; e) Gymies social media channels (where applicable). This policy applies to all Users of the Platform, both Clients and Trainers, as well as visitors who access the Platform without creating an Account.

3. What personal data do we collect?

Gymies collects and processes the following categories of personal data: a) Account data: first and last name, email address, phone number, password (encrypted), profile photo (optional), date of birth (optional), gender (optional). b) Trainer profile data: in addition to the above, specialisations, certifications, description ("about me"), pricing, availability, location(s), portfolio images, Chamber of Commerce number (KvK) and bank details (IBAN) for payouts. c) Booking data: date and time of Sessions, location of Sessions, type of training, booking status (booked, confirmed, cancelled, completed). d) Payment data: transaction details, payment method (type, not the full card number), invoice amounts, service commission. Gymies does not store complete credit card numbers or bank details; these are processed by payment processor Mollie. e) Communication data: messages exchanged between Clients and Trainers via the in-app messaging function, and correspondence with Gymies (email, contact form). f) Location data: city or region (provided during registration or searches), and if permission has been granted via the mobile device: GPS location for showing nearby Trainers. GPS location is not permanently stored. g) Usage data: information about how the Platform is used, including pages visited, search filters, click behaviour, session duration and interactions with the Platform. h) Technical data: IP address, browser type and version, operating system, device type, unique device identifiers, language setting, time zone and referring URL. i) Waitlist data: email address and city (for users who sign up for the waiting list). j) Review and rating data: star ratings, review texts and responses to reviews.

4. What do we use your data for?

Gymies processes your personal data for the following purposes: a) Account management and authentication: creating, managing and securing your Account, including identity verification. b) Platform functionality: facilitating the search for Trainers, displaying relevant search results based on location and preferences, and matching Clients with Trainers. c) Bookings: processing, confirming and managing booking requests and Sessions. d) Payment processing: processing payments, creating invoices and paying out Trainers via Mollie. e) Communication: facilitating message exchanges between Clients and Trainers, sending booking confirmations, reminders and platform-related notifications. f) Customer service: responding to questions, complaints and requests. g) Platform improvement: analysing usage patterns to improve the user experience, features and performance of the Platform. h) Security and fraud prevention: detecting, preventing and investigating fraud, abuse, security incidents and violations of the Terms and Conditions. i) Marketing and communication: sending newsletters, offers and updates about the Platform (only with your consent, which you may withdraw at any time). j) Legal obligations: complying with statutory retention obligations, tax obligations and responding to legal requests. k) Reviews: processing and displaying reviews and ratings to help other Users make informed choices.

5. Legal basis for processing

Gymies processes personal data on the basis of the following legal grounds under the GDPR (Article 6(1)): a) Performance of a contract (Art. 6(1)(b) GDPR): processing is necessary for the performance of the user agreement, including creating an Account, processing bookings and payments, facilitating communication between Client and Trainer, and displaying Trainer profiles. b) Consent (Art. 6(1)(a) GDPR): for sending marketing emails and newsletters, the use of non-functional cookies (where applicable), the processing of GPS location data via the mobile device, and the uploading of profile photos. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to the withdrawal. c) Legitimate interest (Art. 6(1)(f) GDPR): for security and fraud prevention, improving the Platform based on usage analysis, handling disputes and complaints, and protecting the rights and property of Gymies. For processing based on legitimate interest, Gymies has conducted a balancing test weighing the interests of Gymies against the privacy of the data subject. d) Legal obligation (Art. 6(1)(c) GDPR): for complying with fiscal retention obligations (7 years for financial records), responding to requests from supervisory authorities and complying with other legal obligations.

6. Sharing of personal data

Gymies only shares your personal data in the following circumstances: a) Client-Trainer relationship: when a Client books a Session, relevant data is shared with the respective Trainer (name, contact details, booking details). Conversely, Trainer data (name, specialisation, location, price, reviews) is displayed to Clients. b) Payment processor — Mollie B.V.: necessary transaction data is shared with Mollie for the processing of payments. Mollie processes this data as an independent data controller in accordance with their own privacy policy (available at mollie.com/privacy). c) Hosting providers: the Platform is hosted on servers within the European Economic Area (EEA). Hosting parties process data solely on behalf of Gymies on the basis of a data processing agreement. d) Email service providers: Gymies uses specialised service providers for sending transactional emails (booking confirmations, password resets) and marketing emails. These parties process data solely on behalf of Gymies. e) Analytics: Gymies may use analytics services to improve the Platform. Data is anonymised or pseudonymised where possible. f) Legal obligations: Gymies may share personal data where this is legally required, for example on the basis of a court order, a demand from the police or judiciary, or a request from a supervisory authority. g) Business transfer: in the event of a merger, acquisition or transfer of (part of) the business, personal data may be transferred to the acquiring party. Users will be notified in advance. Gymies never sells personal data to third parties. Gymies does not share personal data with third parties for their own commercial or marketing purposes.

7. Transfers outside the EEA

Gymies strives to process personal data exclusively within the European Economic Area (EEA). If a transfer to a country outside the EEA is necessary (for example, through the use of service providers with servers outside the EEA), Gymies ensures that an adequate level of protection is provided by means of: a) an adequacy decision by the European Commission (Art. 45 GDPR); b) Standard Contractual Clauses (SCCs) approved by the European Commission (Art. 46(2)(c) GDPR); c) other appropriate safeguards in accordance with Chapter V of the GDPR. An overview of any transfers outside the EEA and the safeguards applied is available upon request via info@gymies.nl.

8. Retention periods

Gymies does not retain personal data for longer than is necessary for the purposes for which it was collected, unless a longer retention period is required by law. The following retention periods apply: a) Account data: for as long as the Account is active. After deletion of the Account, personal data is removed from active systems within 30 days. b) Booking data: 2 years after the date of the Session, unless a longer period is necessary for dispute resolution. c) Financial and payment data: 7 years after the financial year in which the transaction took place, in accordance with the fiscal retention obligation (Art. 52 AWR — Dutch General Tax Act). d) Communication data (messages): for as long as both associated Accounts are active, with a maximum of 2 years after the last message. After deletion of an Account, messages are anonymised within 30 days. e) Location data (GPS): not permanently stored; used solely for real-time search results. f) Technical and usage data: a maximum of 26 months, after which they are anonymised or deleted. g) Waitlist data: until the User unsubscribes or creates an Account, with a maximum of 12 months. h) Reviews: for as long as the Trainer profile is active. Upon deletion of the Client account, reviews are anonymised (the author's name is removed). i) Backups: data in backup systems is overwritten within 90 days after removal from active systems. After the retention period has expired, personal data is deleted or irreversibly anonymised.

9. Your rights

Under the GDPR, you have the following rights with respect to your personal data: a) Right of access (Art. 15 GDPR): you have the right to know what personal data Gymies processes about you and to receive a copy thereof. b) Right to rectification (Art. 16 GDPR): you have the right to have inaccurate or incomplete personal data corrected or supplemented. c) Right to erasure / right to be forgotten (Art. 17 GDPR): you have the right to request that Gymies deletes your personal data, unless Gymies has a legal obligation to retain the data. d) Right to restriction of processing (Art. 18 GDPR): you have the right to restrict the processing of your personal data in certain circumstances, for example when you contest the accuracy of the data. e) Right to data portability (Art. 20 GDPR): you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transfer this data to another data controller. f) Right to object (Art. 21 GDPR): you have the right to object to the processing of your personal data on the basis of legitimate interest, including profiling. Gymies will cease the processing unless there are compelling legitimate grounds that override your interests. g) Right to withdraw consent (Art. 7(3) GDPR): where processing is based on consent, you may withdraw it at any time. Withdrawal does not have retroactive effect. h) Right not to be subject to automated decision-making (Art. 22 GDPR): you have the right not to be subject to decisions based solely on automated processing, including profiling, where such decisions produce legal effects concerning you or similarly significantly affect you. How to submit a request: Send a request via gymies.nl/contact or by email to info@gymies.nl. Clearly state which right you wish to exercise. Gymies may ask for identification to verify your identity. Response time: Gymies will respond to your request within 30 days at the latest. In complex cases, this period may be extended once by 60 days, of which you will be informed. Costs: exercising your rights is in principle free of charge. In the case of manifestly unfounded or excessive requests, Gymies may charge a reasonable fee or refuse the request.

10. Automated decision-making and profiling

Gymies uses automated systems for the following purposes: a) Search results: displaying Trainers based on location, filters and Client preferences. This does not constitute decision-making with legal effects but is an aid for showing relevant results. b) Fraud detection: automatically flagging suspicious activities (such as unusual login attempts or payment patterns). This may lead to a temporary suspension of an Account, after which a manual review always takes place. Gymies does not make decisions with legal effects that are based solely on automated processing without human intervention.

11. Cookies and similar technologies

Gymies uses cookies and similar technologies on the website and in the app. A cookie is a small text file that is stored on your device when you visit a website. a) Strictly necessary cookies: these cookies are essential for the functioning of the Platform. They are used for authentication (login), session management, security features and remembering cookie preferences. These cookies are placed without consent because they are necessary (Art. 11.7a(3) Dutch Telecommunications Act / Telecommunicatiewet). b) Functional cookies: these cookies remember your preferences (such as language settings and search filters) to improve the user experience. Gymies places these on the basis of legitimate interest. c) Analytical cookies: Gymies may use analytical cookies to gain insight into the use of the Platform (such as visitor numbers, popular pages and technical performance). This data is anonymised where possible. If analytical cookies can be traced to individual users, they are only placed with your consent. d) Marketing and tracking cookies: Gymies currently does NOT use third-party marketing or tracking cookies for advertising purposes. Should this change in the future, your explicit consent will be requested. Managing cookie preferences: You can change your cookie preferences at any time via the cookie settings on the website. In addition, you can delete or block cookies via your browser settings. Please note: blocking certain cookies may limit the functionality of the Platform. Cookie retention period: Session cookies are deleted after closing the browser. Persistent cookies have a maximum retention period of 12 months, after which they automatically expire.

12. Security

Gymies takes appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, destruction or unlawful processing (Art. 32 GDPR). The following security measures have been implemented: a) Encryption: all data transfers between your device and the Platform are secured with SSL/TLS encryption (HTTPS). Passwords are stored using strong, one-way hash functions. b) Access control: access to personal data is limited to authorised persons who need such access to perform their duties. Access is secured with unique login credentials and, where possible, two-factor authentication. c) Server security: the Platform is hosted on secure servers within the EEA, protected by firewalls, intrusion detection/prevention systems and regular security updates. d) Development practices: Gymies applies security-by-design and privacy-by-design principles in the development of the Platform. e) Backups: regular encrypted backups are made to prevent data loss. f) Incident response: Gymies has procedures in place for detecting, reporting and handling data breaches in accordance with the GDPR (see Section 13 of this Privacy Policy). g) Periodic review: security measures are regularly evaluated and adjusted where necessary in response to new risks and technological developments.

13. Data breaches

Gymies has established procedures for dealing with data breaches (personal data breaches) in accordance with Articles 33 and 34 of the GDPR. a) Notification to the Autoriteit Persoonsgegevens (Dutch Data Protection Authority): if a data breach poses a risk to the rights and freedoms of data subjects, Gymies will report this without undue delay and, where possible, within 72 hours of discovery to the Autoriteit Persoonsgegevens. b) Notification to data subjects: if a data breach poses a high risk to the rights and freedoms of data subjects, Gymies will notify the affected Users without undue delay. The notification will contain at least a description of the incident, the potential consequences, the measures taken and contact details for further information. c) Record-keeping: Gymies maintains a register of all data breaches, regardless of whether notification to the supervisory authority or data subjects is required. If you suspect a data breach has occurred, we kindly ask you to report it as soon as possible via info@gymies.nl.

14. Privacy of minors

The Platform is not aimed at children under the age of 16. Gymies does not knowingly collect personal data from children under the age of 16. If you are a parent or legal guardian and you suspect that your child under the age of 16 has provided personal data to Gymies without your consent, please contact us at info@gymies.nl. Gymies will delete the relevant data as soon as possible. Users between the ages of 16 and 18 may use the Platform with the consent of a parent or legal guardian.

15. Third-party links

The Platform may contain links to websites, applications or services of third parties. Gymies is not responsible for the privacy policies or data processing practices of these third parties. Gymies advises Users to read the privacy policy of the relevant third party before providing any personal data. Following a link to a third-party website or service is at your own risk.

16. Social media

Gymies may be present on social media platforms (such as Instagram, Facebook, LinkedIn and TikTok). When you interact with Gymies via social media (by sending messages, posting comments or following pages), your data is also processed by the respective social media platform in accordance with their own privacy policy. Gymies is not responsible for the data processing carried out by social media platforms. For questions about the processing of your data by these platforms, we refer you to their respective privacy policies.

17. Push notifications

The Gymies mobile app may send push notifications, for example for booking confirmations, session reminders, messages from Trainers or Clients and platform updates. You can enable or disable push notifications via the app settings or via the system settings of your mobile device. Disabling push notifications does not affect the functioning of your Account, but certain notifications (such as booking confirmations) will then only be sent via email.

18. Processors and sub-processors

Gymies uses third parties that process personal data on behalf of Gymies (processors). A data processing agreement has been concluded with each processor in accordance with Article 28 GDPR. The main processors are: a) Mollie B.V. — payment processing (Mollie partly acts as an independent data controller for payment data). b) Hosting provider — server infrastructure and storage (within the EEA). c) Email service provider — sending transactional and marketing emails. d) Analytics service provider — anonymised usage statistics. A current overview of processors is available upon request via info@gymies.nl. Gymies carefully selects processors and assesses their security measures and privacy practices.

19. Data Protection Impact Assessment (DPIA)

Gymies assesses whether a Data Protection Impact Assessment (DPIA / gegevensbeschermingseffectbeoordeling) is required when new processing activities are introduced that may pose a high risk to the rights and freedoms of data subjects (Art. 35 GDPR). Gymies conducts a DPIA where there is: a) systematic and extensive evaluation of personal aspects (profiling); b) large-scale processing of special categories of personal data; c) systematic monitoring of publicly accessible areas. The outcomes of completed DPIAs are documented and, where necessary, submitted to the Autoriteit Persoonsgegevens (Dutch Data Protection Authority).

20. Amendments to this Privacy Policy

Gymies reserves the right to amend this Privacy Policy. In the event of amendments, the "Last updated" date at the top of this policy will be adjusted. In the case of material changes, Users will be informed at least 30 days before the effective date via email and/or a notification on the Platform. Gymies advises Users to review this Privacy Policy regularly. Previous versions are available upon request via info@gymies.nl. Continued use of the Platform after the amended version takes effect implies acknowledgement of the amended policy.

21. Supervisory authority

If you believe that Gymies processes your personal data unlawfully, you have the right to file a complaint with the Autoriteit Persoonsgegevens (AP), the Dutch supervisory authority for data protection. Autoriteit Persoonsgegevens PO Box 93374 2509 AJ The Hague Phone: 088 - 1805 250 Website: https://autoriteitpersoonsgegevens.nl We would appreciate it if you contact Gymies first in the event of a complaint, so that we can work together to find a solution.

22. Contact

For questions, comments or requests regarding this Privacy Policy or the processing of your personal data, you can contact Gymies: Email: info@gymies.nl Contact form: gymies.nl/contact Website: https://www.gymies.nl Gymies aims to respond to general enquiries within 5 working days. For requests under your rights pursuant to the GDPR (Section 9 of this policy), a statutory response period of a maximum of 30 days applies.