Skip to main content
Gym facility background

Privacy Policy

How Performance Base collects and uses personal data, and your rights under GDPR

Privacy Policy

Last updated: 29 December 2025

1. Who we are (data controller)

Performance Base ("Performance Base", "we", "our" or "us") is the data controller for the processing described in this Privacy Policy.

  • Email: info@performancebase.se
  • Phone: +46 703 057 393
  • Address: Vintergaloppsgatan 3, 183 76 Täby

2. What personal data we collect

We only collect personal data that is needed to run this website, respond to you, and (if you choose) provide our services.

  • Contact details you provide (for example, name, email address, phone number)
  • Message content and any information you include when contacting us
  • Purchases/booking details when you choose a program and continue to checkout on our external provider (see section 6)
  • Technical data that may be collected automatically by our hosting provider in server logs (for example, IP address, device/browser information, timestamps, requested pages)
  • Cookie consent choices (stored as a consent cookie and in your browser storage)

We do not intentionally collect special category data (such as health data) through this website. If you choose to share information about injuries or health conditions in a message, we will treat it as sensitive and use it only for the purpose of responding to you and/or providing the services you request.

3. Why we process personal data (purposes) and legal bases

We process personal data only when we have a valid legal basis under GDPR. Depending on the situation, we rely on:

  • To respond to contact requests (for example via our contact form or email): our legitimate interest in communicating with you and handling enquiries, or steps prior to entering a contract (GDPR Art. 6(1)(f) / 6(1)(b)).
  • To provide services you request (for example personal training): performance of a contract (GDPR Art. 6(1)(b)).
  • To manage payments and purchases made via our external checkout provider : performance of a contract (GDPR Art. 6(1)(b)) and/or compliance with legal obligations (for example accounting) (GDPR Art. 6(1)(c)).
  • To keep the website secure and functioning (for example preventing abuse and troubleshooting): our legitimate interest (GDPR Art. 6(1)(f)).
  • To store your cookie preferences and respect your choices: consent (for non-essential cookies) and our legitimate interest/necessity to provide the functionality you request (GDPR Art. 6(1)(a) / 6(1)(f)).

4. Cookies and similar technologies

We use a small number of cookies and similar technologies for essential site functionality and to remember your cookie consent choices. For details, see our Cookie Policy.

5. How we share personal data (recipients)

We share personal data only when necessary for the purposes above:

  • Service providers (processors) : we may use suppliers for website hosting and for processing contact messages (depending on how the contact form endpoint is configured). They process data on our instructions.
  • External checkout/booking provider : if you choose a program and continue to checkout, you will be redirected to our external provider (currently available on getmana.app). That provider processes your personal data (including payment-related data) under its own privacy information.
  • Legal requirements : we may share data if required by law or to protect our rights.

6. International transfers (outside EU/EEA)

We aim to use service providers that process personal data within the EU/EEA. If any of our providers process personal data outside the EU/EEA, we will ensure appropriate safeguards are in place (for example, EU Standard Contractual Clauses and supplementary measures where required).

7. How long we keep personal data (retention)

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy:

  • Contact messages : kept as long as needed to handle your enquiry and any follow-up.
  • Service and purchase records : kept for as long as required to provide the service and meet legal obligations (for example, bookkeeping requirements).
  • Cookie consent records : stored in your browser (you can delete them at any time).

8. How we protect personal data

We use appropriate technical and organisational measures to protect personal data, such as access controls and limiting access to those who need it. No website can guarantee absolute security; if you suspect misuse, please contact us.

9. Your rights under GDPR

Subject to the conditions in GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your personal data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where we rely on consent)

To exercise your rights, contact us using the details in section 1. We may need to verify your identity.

10. Complaints to the Swedish supervisory authority (IMY)

If you believe our processing of your personal data infringes GDPR, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, "IMY"). More information is available at https://www.imy.se/.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will publish the updated version on this page and change the "Last updated" date above.

12. Contact us

If you have questions about this Privacy Policy or want to submit a privacy-related request, contact us:

  • Email: info@performancebase.se
  • Phone: +46 703 057 393
  • Address: Vintergaloppsgatan 3, 183 76 Täby