Privacy Policy

What data we collect, why, and the rights you have over it — in plain language.

Last updated: June 11, 2026

At a glance

We collect only the data you give us — nothing behind your back

We never sell or rent your personal data

Card details are handled by Stripe and never touch our servers

Full GDPR rights — one email away

1.Who we are

Barbell Studio (“we”) operates the gym at Strada Pătlaginei 18, Bucharest, and this website. We are the data controller for the personal data described in this policy and we process it in accordance with the EU General Data Protection Regulation (GDPR).

For any question about this policy or about your data, write to us at info@barbellstudio.ro.

2.What data we collect

We collect only data that you provide to us directly:

Account and profile data — name, email address and password (stored only in encrypted form), plus optionally phone number, birthday and social media handles.
Membership application data — the details you submit when applying to join the gym.
Payment and order data — your orders, invoiced amounts and payment status. Card payments are processed by Stripe; your card number never reaches our servers.
Messages — what you send us through the contact form: name, email, optional phone number and your message.
Technical data — a session cookie while you are signed in and your language preference.

We do not collect health data, we do not track you across other websites and we do not use advertising cookies.

3.Why we process your data and on what legal basis

We process your data only for the purposes below, each resting on a legal basis under the GDPR:

Running your membership (performance of a contract) — creating your account, managing your plan and processing your orders.
Billing and accounting (legal obligation) — keeping the payment records required by Romanian fiscal law.
Answering you (legitimate interest) — reviewing membership applications and replying to contact form messages.
Service emails (performance of a contract) — application status, payment confirmations, membership expiry reminders and password resets. We do not send marketing emails.
Protecting the site against abuse (legitimate interest) — captcha verification and rate limiting on the contact form.

5.How long we keep your data

Account and profile data — for as long as your account exists; it is removed when your account is deleted.
Payment and order records — 10 years, as required by Romanian accounting legislation.
Membership applications — until the application is resolved and for a reasonable period afterwards.
Contact form messages — until your inquiry is resolved.

6.Your rights under the GDPR

You have the right to:

Access the personal data we hold about you and receive a copy of it.
Have inaccurate data corrected.
Have your data deleted (“the right to be forgotten”), where there is no legal obligation for us to keep it.
Restrict or object to the processing of your data.
Receive your data in a portable format.
Withdraw your consent at any time, where processing is based on consent.

To exercise any of these rights, email us at info@barbellstudio.ro — we reply within 30 days. You also have the right to lodge a complaint with the Romanian supervisory authority, ANSPDCP (www.dataprotection.ro).

7.Cookies

We use no advertising or cross-site tracking cookies. Your browser stores only what is strictly necessary for the site to work:

A session cookie — keeps you signed in to your account; it disappears when it expires or when you sign out.
Security cookies — set by our sign-in system to protect forms against cross-site request forgery (CSRF).
Your language preference — remembers whether you chose English or Romanian (stored locally in your browser).
Cloudflare Turnstile — may set a cookie on the contact page, strictly for telling humans and bots apart.
Stripe fraud-prevention cookies — set on the checkout page when you pay by card.

The full details — every cookie, its duration and how to control them — are on our Cookie Policy page.

8.How we protect your data

Passwords are stored only in encrypted (hashed) form, connections to the site are encrypted (HTTPS), access to member data is restricted to authorized staff, and card data is handled exclusively by Stripe. No method of transmission over the internet is 100% secure, but we follow good industry practice to protect your data.

9.Children

Our services are intended for people aged 16 and over. We do not knowingly collect data from children under 16; if you believe a child has provided us personal data, contact us and we will delete it.

10.Changes and contact

We may update this policy as the service evolves. Significant changes are announced by email or on this page, and the date at the top always reflects the latest version.

Questions? Write to info@barbellstudio.ro or visit us at Strada Pătlaginei 18, Bucharest.

Questions about this document? We're happy to explain anything.

Privacy Policy

What data we collect, why, and the rights you have over it — in plain language.

Last updated: June 11, 2026

At a glance

We collect only the data you give us — nothing behind your back

We never sell or rent your personal data

Card details are handled by Stripe and never touch our servers

Full GDPR rights — one email away

1.Who we are

For any question about this policy or about your data, write to us at info@barbellstudio.ro.

2.What data we collect

We collect only data that you provide to us directly:

Account and profile data — name, email address and password (stored only in encrypted form), plus optionally phone number, birthday and social media handles.
Membership application data — the details you submit when applying to join the gym.
Payment and order data — your orders, invoiced amounts and payment status. Card payments are processed by Stripe; your card number never reaches our servers.
Messages — what you send us through the contact form: name, email, optional phone number and your message.
Technical data — a session cookie while you are signed in and your language preference.

We do not collect health data, we do not track you across other websites and we do not use advertising cookies.

3.Why we process your data and on what legal basis

We process your data only for the purposes below, each resting on a legal basis under the GDPR:

Running your membership (performance of a contract) — creating your account, managing your plan and processing your orders.
Billing and accounting (legal obligation) — keeping the payment records required by Romanian fiscal law.
Answering you (legitimate interest) — reviewing membership applications and replying to contact form messages.
Service emails (performance of a contract) — application status, payment confirmations, membership expiry reminders and password resets. We do not send marketing emails.
Protecting the site against abuse (legitimate interest) — captcha verification and rate limiting on the contact form.

5.How long we keep your data

Account and profile data — for as long as your account exists; it is removed when your account is deleted.
Payment and order records — 10 years, as required by Romanian accounting legislation.
Membership applications — until the application is resolved and for a reasonable period afterwards.
Contact form messages — until your inquiry is resolved.

6.Your rights under the GDPR

You have the right to:

Access the personal data we hold about you and receive a copy of it.
Have inaccurate data corrected.
Have your data deleted (“the right to be forgotten”), where there is no legal obligation for us to keep it.
Restrict or object to the processing of your data.
Receive your data in a portable format.
Withdraw your consent at any time, where processing is based on consent.

7.Cookies

We use no advertising or cross-site tracking cookies. Your browser stores only what is strictly necessary for the site to work:

A session cookie — keeps you signed in to your account; it disappears when it expires or when you sign out.
Security cookies — set by our sign-in system to protect forms against cross-site request forgery (CSRF).
Your language preference — remembers whether you chose English or Romanian (stored locally in your browser).
Cloudflare Turnstile — may set a cookie on the contact page, strictly for telling humans and bots apart.
Stripe fraud-prevention cookies — set on the checkout page when you pay by card.

The full details — every cookie, its duration and how to control them — are on our Cookie Policy page.

8.How we protect your data

9.Children

Our services are intended for people aged 16 and over. We do not knowingly collect data from children under 16; if you believe a child has provided us personal data, contact us and we will delete it.

10.Changes and contact

We may update this policy as the service evolves. Significant changes are announced by email or on this page, and the date at the top always reflects the latest version.

Questions? Write to info@barbellstudio.ro or visit us at Strada Pătlaginei 18, Bucharest.

Questions about this document? We're happy to explain anything.

Privacy Policy

1.Who we are

2.What data we collect

3.Why we process your data and on what legal basis

4.Who we share data with

5.How long we keep your data

6.Your rights under the GDPR

7.Cookies

8.How we protect your data

9.Children

10.Changes and contact

Privacy Policy

1.Who we are

2.What data we collect

3.Why we process your data and on what legal basis

4.Who we share data with

5.How long we keep your data

6.Your rights under the GDPR

7.Cookies

8.How we protect your data

9.Children

10.Changes and contact