Skip to content

3 Lessons Learned From Gymshark's Approach To Customer Data Privacy

Cat Hunter 5/31/21 11:26 AM

Table of Contents

If you're a fitness enthusiast, a Shopify merchant (or both!), then you've almost certainly heard the name Gymshark before. They're one of the most recognizable Shopify Plus success stories – a classic tale of a brand that rapidly picked up the pace, re-platforming out necessity to allow continued growth. In 2019 alone, Gymshark made sales of £175.2 million with a profit of £18.6 million.

Gymshark is known for their form-fitting fitness apparel, savvy social media presence and exemplary customer service. And this attention to detail extends to privacy.

Gymshark has one of the most extensive privacy notices we've seen from a brand when it comes to privacy. They don't stop at one comprehensive privacy policy – instead, they leverage three different privacy policies, each targeted to a unique audience. 


Breaking Down Gymshark's Privacy Approach

Gymshark provides a privacy notice for no less than three separate audiences. Let's take a look at each of them:

  1. Customer, App, Marketing, Promotions, Events and Social Media Privacy Notice
  2. CCTV and Access Control Privacy Notice
    1. Click here if you have visited any of our premises or events.
  3. Rest of the World Privacy Notice 

The first applies to anyone who has bought items from their Website, events or pop-up stores, used their apps, received marketing emails, entered promotional competitions, attended their events or interacted with the brand over social media.

The second pertains to visits to the brand's premises or events. And the third – that's a catchall for just about everyone else.

gymshark privacy notic 2 (1)

You might be thinking, wow, this is excessive—why? We're not surprised as Gymshark is headquartered in the UK; they fall under the privacy legislation GDPR (General Data Protection Regulation.) The fines associated with a privacy risk can range into the thousands, putting a significant strain on brands of any size.

Unlike Gymshark, which now has over 600 employees globally — chances are you don't have a Head of Legal on staff to help craft a bulletproof privacy policy for your business. However, just because your brand has not yet become an international success doesn't mean you shouldn't make privacy a priority today for your small business. Invest in building a trusted and secure brand now, ensuring the safety of your business as you grow.  

So, when it comes to best practices surrounding your customers' data privacy, what can you learn from Gymshark?


Know Your Audience & Make It Personal

A good privacy policy should be customer-centric. The whole purpose of this documentation is communication – you're informing and empowering your audience to control the privacy experience they have with you. The way that your policy is crafted should reflect that intention.

Gymshark interacts with its audience in a number of different ways. As a digitally native DTC eCommerce brand, most of this interaction occurs online. Still, increasingly Gymshark have leveraged "IRL" activations such as pop-up shops. They've recognized the importance of keeping their privacy policies up to date when it comes to the varying way they connect with the public.

Rectangle 86

As well as having a large staff, Gymshark is also known to make great use of influencer marketing, and this strategy often leads to headquarter visits and hosted events. As they can reasonably expect an above-average level of non-employees being present on their premises; as a result, it's great to see that they've reflected this is a clear CCTV and Access Control Privacy Notice, specifically targeted at employees and their visitors.

  • Key Takeaway: As with any form of written communication, keeping your audience at the heart of things is key. The information you provide should be clear, relatable and relevant to the full range of ways your brand interacts with its audience.


Make it Easy to Reference

Part of Gymshark's success lies in the huge amount of effort they put into connecting with their audience, on and offline. Working with a wide range of customers, clients, and influencers across digital and offline environments means equally diverse requirements for privacy.

One sprawling privacy policy which tried to be all things to all people, covering every specificity and nuance, would be very unappealing and hard to engage with. Considering all of your customers' varying privacy requirements is one thing - but as a brand, you also need to be taking care to present this information clearly and appealingly.

Rectangle 87 (1)

Gymshark's carefully segmented policy speaks directly to each audience, clearly telling them which section will be relevant to their situation. Clear calls to action and hyperlinks make navigation very intuitive, for example:

Click here if you have visited any of our premises or events.

Click here if you:

  • have bought something from our Website or at one of our events or pop-up stores
  • use any of our Apps
  • have signed up to receive marketing emails from us
  • have entered any of our promotions/competitions
  • attended any of our events
  • interact with us on social media 

By addressing readers directly, Gymshark keeps things clear and encouraging. Although it's incredibly detailed, their privacy policy page doesn't feel overwhelming, and as a result, it's likely to get much better engagement.

  • Key Takeaway: Consider the presentation of your policy page. If you're going into detail or creating separate sections to deal with different audience segments, then go the extra mile to create a layout that keeps things separated and less offputting.


Make it Easy to Print or Download 

Gymshark provides each of its privacy notices as well-designed and branded PDFs. As a result of presenting each policy in this format, it's very easy for individuals to save and print the documentation.

Why is this helpful? As previously mentioned, customer experience is at the heart of any good privacy policy. Gymshark is making it much easier for anyone who wishes to keep a hard copy of the policy by providing documentation in this form.gym shark privacy notice  1

This might be required for several reasons, especially as many find larger, longer documents challenging to read and annotate in a digital format. By facilitating the ability to download and print their policies, Gymshark removes barriers to full exploration and discovery of their privacy policies.

  • Key Takeaway: Not everyone will want to engage with your privacy policy digitally, and many might benefit from the ability to interact with a hard copy. By presenting documentation in a way that makes it easy to download and print, you offer greater control to your audience.


Ready To Achieve A Privacy Policy Personal Best?

While too many still see privacy policies as a box-ticking exercise in necessary compliance, Gymshark shows that it's possible to raise the bar. By treating privacy policy as part of their wider customer experience, paying careful attention to the different audiences that the policy needs to serve, and presenting everything in a clear and accessible manner, Gymshark demonstrates its commitment to privacy. Increasing consumer concern – and cements its reputation as a brand that genuinely cares about its customers.


CTA Graphic - Yellow-1

Ready to see some gains in your own privacy policy? Build trust with Enzuzo.

Cat Hunter