GymLeads and the GDPR

What the GDPR means for you, and how GymLeads can help

Aron avatar
Written by Aron
Updated over a week ago

From the 25 May 2018, all businesses that collect data about citizens from the European Union must comply with a new regulation called the "General Data Protection Regulation" (GDPR).

It's a huge change to the way businesses are allowed to work with data, and you'll probably need to make some changes to the way you approach your sales and marketing.

At GymLeads, we've been working hard to ensure that all of our systems are GDPR compliant. On top of this, we are building some new features to make things easier for clubs that need to comply with the new regulations.

Disclaimer: This page is not intended as legal advice or as a detailed description of the GDPR. We highly recommended should consulting with your lawyers prior to the GDPR going live to ensure you're doing everything you can to be compliant

Prior to the 25 May 2018, all GymLeads customers with locations in the EU must agree to an updated terms of service and privacy policy that we'll be making available closer to the date.

On this page, we've outlined each of the key clauses of the GDPR, and how GymLeads is, or can help you, comply with each:

Lawful Basis of Processing

Under the GDPR, you must have a legal reason to use someone's data. This could be because they requested information about your club, opted into receiving marketing or they are a customer that needs to receive updates.

How GymLeads will support this

We are adding in a new, trackable field for leads that records the 'lawful basis'. These will be set (and changed) automatically based on the source of the lead, and can be manually updated at any time. For custom lead sources, you'll be able to set a default lawful basis.

Any leads coming into your account must have a lawful basis for processing. This means that any CSV imports that are processed must have this column before the import can be started.

Status: Currently Available.


Under the GDPR, leads must provide their consent to receive communication about marketing, or any other communication that is not related to their original enquiry.

Opting in means:

  • They must be told what they are opting into (the type of communication).

  • It must be done explicitly. You cannot pre-check checkboxes.

  • The notice must cover all the different ways you are going to communicate. That means SMS, email and phone calls.

How GymLeads will support this
We are adding a new feature called 'opt-in' that can be enabled for a location (it will be turned on for locations in EU by default).

All leads in an opt-in location must provide consent to receiving any marketing communications from GymLeads.

Transactional communication can only be sent to leads that relates to their initial enquiry, and there are restrictions that we are placing on transactional communications.

More details about opt in, as well as the specifics between transactional and marketing communications, will be available early May.

Status: Currently Available.

Withdrawal of Consent

Leads need to be able to easily see what consent they have given, withdraw it and register an objection. This needs to be very easy to do.

How GymLeads supports this
GymLeads already supports one click opt out for emails, as well as one reply opt out for SMS. They can also view the sender details and register a spam complaint.
We will be making a minor addition to the preferences page that shows the type of consent currently provided, as well as the date it was provided.

Status: Currently available


Leads need know if cookies are being used to track them. Any websites that leads visit must show a notice telling them that you use cookies, and they must consent to their use.

How GymLeads supports this
Gymleads does not currently support tracking leads via cookies, so this feature is not something we can assist you with. If you have a website or landing page that uses cookies, be sure to update it to show this notice.

Status: Not applicable 


Leads have the right to request their personal data be permanently deleted (not archived). This must happen in a timely manner and it must include all tracking details, notes, communication and more.

How GymLeads supports this
GymLeads permanently deletes all lead data by default. You can already perform a GDPR compliant delete.

Status: Currently Available

Access / Portability

Leads have the right to request a copy of their personal data (name, address, email, etc) as well as any notes and tracking history.

How GymLeads will support this
We currently have an export via CSV option that is available when a lead is closed. This option will be available to use at any time, and it will export all of their associated data.

Status: Currently Available.


Leads have the right to request you update any of their personal details if it is inaccurate or complete.

How GymLeads will support this
Gymleads already supports updating a lead's details.

Status: Currently available

Security Measures

The GDPR requires that sensitive customer data be protected by up to date and effective security practices.

How GymLeads supports this
GymLeads already has a wide variety of data protection measures in place, however we're also taking this opportunity to audit all of our systems for potential issues.

Status: Continuously in progress

Facebook Lead Ads

All leads that have enquired through a Facebook Lead Ad will automatically be opted-in to marketing communications, however, under the GDPR it is a legal requirement and your responsibility as a business that all your Facebook Lead Ads have an opt-in/consent checkbox like the below.

Did this answer your question?