The General Data Protection Law (LGPD) should be a topic of knowledge for any establishment that deals with data daily. In the case of gyms, they handle enrollment requests, services, and various clients, who are data subjects, within Brazil. The LGPD was created to protect rights and guarantee the privacy and security of individuals. Your business must comply with the law. 

Every gym needs to be extremely careful, knowing that some information, compared to other businesses, may be requested with the promise of "better service and support." Your gym should be transparent about the data collected, whether it's the most commonly collected data or sensitive information like health data, which is also requested. 

What data is commonly collected by gyms?

Full name, date of birth, CPF (Brazilian tax identification number), phone number, email, are some examples of data requested, most of which are intended to finalize registration. The purpose of collecting this data, usually for specific information, is to formalize the contract. In other words, only those who have established a relationship with the gym and completed their registration, having already made the payment, will be able to participate in the exercises. 

In addition, there is also the possibility of registering your fingerprint to enter the gym, a process called biometrics, which is sensitive data used to control access for authorized individuals. 

LGPD in gyms: and The medical data?

When joining a gym, it's not uncommon to be asked for some health-related information, even to track progress. In such a situation, information like weight and height are requested or measured on the spot if the client doesn't know this information. 

The purpose of the data collection must be clear and transparent. Furthermore, the data subject must also know how their information, such as their weight, can be monitored. Moreover, this data must be deleted as soon as the student is no longer part of the gym. 

Highly sensitive data, which requires permission from a responsible party for processing, should also be a greater concern. An example is data such as... minors, which require parental authorization to be treated.

How can I have transparent communication? 

To explain something like this, be sure to use simple language that is understandable to all students at the academy. It's all about awareness and security! It is the data subject's right to know that their data is safe, and it is the company's obligation to protect it. 

At this point, it is believed that professional assistance is needed to establish and work on the best way to develop communication regarding the Terms of Service and Contracts, as well as the process of disseminating and ensuring transparency to all audiences. 

LGPD: What about biometrics in gyms?

Biometric data is sensitive data. It should only be collected with the consent of the data subject or their legal guardian. As mentioned above, it's a way to control access to the gym and ensure that only people who use the service continue to enter. 

However, there are other ways to enter the gym without using biometrics, in situations where the data owner refuses registration. 

Discover Privacy Tools

Your academy can rely on the best tool for LGPD compliance, maintaining clear communication with students and ensuring their rights are respected. Learn more about it. our platform!