1.2. We comply with our obligations under the European General Data Protection Regulation 2016 (GDPR) and the UK Data Protection Act 2018 and any other applicable data privacy laws concerning personal information of individuals.
(a) to business information (unless it is also about any identifiable person); or
3. Collection of Information3.1. Personal information is any information about you, from which you can be identified or linked to. The personal information we collect from you will depend on our relationship with you, the circumstances of collection and the types of services we provide. We may collect your name, address, email address, telephone number and employment information. We may collect additional personal information from you from time to time.
- How we collect your personal information.
- The legal basis for usage of your personal information.
- The use of “cookies” or other web tracking systems.
- What happens when you access third-party services and content.
- How we use the personal information we collect.
- How and when we may disclose personal information that we collect.
- What happens if your personal information is transferred overseas.
- How we protect your personal information and keep it secure.
- Your legal choices and rights.
- How to request further information and our contact details.
3.2. We may collect Personal Information that you directly and voluntarily provide to us when we communicate by email or by telephone; when you sign up for or request that we send you newsletters, alerts, or other materials; when you sign up for a training or event; when you respond to our communications or requests for information; and when you access and use our Platform and Marketing Materials.
For example, we may collect your personal information when you:
(a) participate in any training sessions;
(b) subscribe to receive communications from us or notifications about offers;
(c) enter into any competitions;
(d) provide feedback on any of the products or services;
(e) interact with our Marketing Materials or Platform;
(g) complete a form to request pricing or more product information; or
(h) otherwise interact with us or disclose your personal information to us.
3.3. On some occasions, we may collect your personal information from third parties such as from a client or third-party supplier where you are a customer of that third party supplier. We may collect information from other sources, such as social media platforms that share information about how you interact with our social media content or the social media content of third party providers that you are a customer of, and any information gathered through these channels will be governed by the privacy settings, policies, and/or procedures of the applicable social media platform, which we strongly encourage you to review.
3.4. We will handle any unsolicited information in accordance with law, including destroying or de-identifying such information where we are required to do so.
3.5. You do not have to give us all the information we request. You may engage with us anonymously or using a pseudonym if it is feasible to do so. For example, if you wish to give feedback without requiring a response from us, you will not need to provide a full name or email address. However, if you do not provide us with some or all of the personal information required, we may not be able to provide you with our services or information you request, to the requested standard or at all, and you may also miss out on receiving valuable information about us and our and our client’s products and services.4. Legal basis for usage of personal informationWhere we are the controller of personal information that we gather (meaning that we determine what happens with your information and how) and intend to use your personal information, we rely on the following legal grounds:
4.1. Performance of a contract: We may need to collect and use your personal information to enter into a contract with you or to perform a contract that you have with us or with a third party who is using our services. For example where:
4.1.1.you have directly contracted with us for our services in accordance with our terms of business; or
4.1.2.we respond to your requests and provide you with services in accordance with our terms and conditions or other applicable terms of business.
4.2. Legitimate interests: Where we consider use of your information as being (a) non-detrimental to you, (b) within your reasonable expectations, and (c) necessary for our own, or a third party’s legitimate purpose, we may use your personal information, which may include:
For our own direct marketing or continued communication; direct marketing for a client or third-party supplier with whom you have an existing relationship or have agreed to be contacted for marketing purposes; the prevention of fraud; our own internal administrative purposes; personalization of the service(s) we provide to you; ensuring network and information security, including preventing unauthorized access to electronic communications networks and stopping damage to computer and electronic communication systems; and/or reporting possible criminal acts or threats to public security to a competent authority.
4.3. Compliance with a legal obligation: We may be required to process your information due to legal requirements, including employment laws, tax laws and other regulatory provisions applicable to FitForm as a provider of digital marketing services.
4.4. Consent: You may be asked to provide your consent in connection with certain services that we offer, for example in respect of processing of your personal information for marketing purposes where you are not a client of FitForm nor a customer of a third party supplier for whom we provide digital marketing service. Where we are reliant upon your consent, you may withdraw this at any time by contacting us, however please note that we will no longer be able to provide you with the products or services that rely on having your consent.
5.2. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently to improve the user experience, as well as to provide certain information to the owners of the site.
5.3. We may for example collect general information from your device when you interact with our Platform and Marketing Materials. This might include your geo-location, IP address, device identifier, the browser and operating system you are using, and details of the website that IP address has come from, the pages accessed on our website and the next website visited.
5.5. We may use and combine information collected using cookies and tools with information we already have about you to maintain, secure and improve our website, enhance your experience when using our website, display and deliver relevant information and advertising (including direct marketing and targeted ads on third party websites and social media sites) and understand the effectiveness of our marketing and advertising.
5.6. If you want to prevent cookies being used, you can change your browser settings to disable cookies or to notify you when you receive a new cookie. However, you may not be able to access all or parts of our website, or you may experience reduced functionality when accessing certain services (for example, automatic login may not function properly). For more information, visit www.youronlinechoices.com.au. Third party service providers may have their own privacy policies in relation to their cookies and tools.
5.7. We use Google Display Advertising, and other third-party providers, for re-marketing purposes. In addition to using cookies and related technologies as described above, we also may permit certain third-party companies to help us tailor and serve advertising that we think may be of interest to users and to collect and use other data about user activities on our Platform and Marketing Materials. These companies may deliver ads that might also place cookies, and related technologies as described above, and otherwise track user behaviour. This means we will continue to show ads to you across the internet, specifically, but not limited to, on the Google Content Network (GCN). As always, we respect your privacy and are not collecting any identifiable information through the use of Google’s or any other 3rd party remarketing system. You can opt- out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Preferences Manager.6. Links to third party sites, services and content6.1. In addition to the services that we operate and provide access to directly, which we control, we also use and provide links to websites which are controlled by third parties, which may include:
Twitter, LinkedIn and YouTube, where we have certain accounts and profiles
Facebook, where we have a social page
Websites, social media platforms, online portals or other online forums operated by or on behalf our clients or third-party suppliers.
6.2. If you use or follow a link to any of these third-party providers, please be aware that these third party operated sites or other online destinations have their own privacy policies and that we cannot accept any responsibility for their use of information about you.
6.4. We engage third parties that support the operation of our services, such as analytics providers. These third parties may use technologies to track your online activities over time and across different websites and online platforms. Please see section 4 (Use of “cookies” or other web tracking systems) above for more information.7. Use of Personal Information7.1. We collect, use, hold and disclose your personal information for purposes reasonably necessary for or related to one or more of our functions or activities. Such purposes include:
(a) to provide and administer our products and services, including to send digital marketing material on behalf of ourselves or third-party suppliers, including marketing emails, posts on social media platforms or display advertising;
(b) to provide customer support and respond to questions, queries, requests for information and applications;
(c) to operate our competitions and promotions including determining entry eligibility, awarding prizes and publishing or otherwise making available a list of prize winners;
(d)to conduct marketing and advertising activities, including displaying content on our Platform and Marketing Materials and serving display advertising on third party websites;
(e) to provide information about our products and services, including through distributing newsletters and other communication on information about us and our related services and your use of our services;
(f) to develop and improve our products and services, including our Platform and Marketing Materials and to provide a more personalized service;
(g) to analyse the effectiveness and optimize the performance of any specific marketing campaign we undertake, including on behalf of our clients;
(h) to create aggregated, de-identified profiling data, by combining your personal information with information from other users of our Platform or Marketing Materials including statistical and analytical data;
(j) to manage and carry out our business and operational functions, including business decisions and technical operations.
7.2. In addition to the matters set out at the paragraph above, we may collect, hold and use your personal information:
(a) when you give us express consent to do so;
(b) for purposes related to the reason for which you gave us the personal information that are in the legitimate business interests of us or of our clients, but only if you would reasonably expect us to use it for those purposes; and
(c) as otherwise permitted or required by or under any law, including to comply with any court order, law or legal process, including to respond to any government or regulatory request.
7.3. If at any time we intend to change the purpose for which we hold your personal information, for example to offer you with a complimentary service that we may provide in the future, we will give you prior information of that new purpose so you are aware of this.
7.4. We will take all reasonable steps to destroy or permanently de- identify personal information if we no longer need it for any purpose for which we have collected, used or disclosed your personal information in accordance with our Data Disposal and Retention Policy and applicable laws.8. Direct Marketing8.1. We will not send any direct marketing to you unless you have opted-in to receive direct marketing communications from us, our clients or our third party suppliers or we are or we are able to rely on another lawful basis for contacting you in accordance with section 4, including for our legitimate interests or those of our third-party suppliers. If we do send you direct marketing information:
(a) such direct marketing will generally be sent on behalf of us or our third party suppliers; and
(b) we will also give you the opportunity to opt-out of receiving any further direct marketing information from us.
8.2. Every time that we send emails or other materials for marketing or promotional purposes, our communications will contain instructions on how you may opt out of receiving direct marketing.
8.3. You can also opt out of receiving direct marketing from us by contacting our Privacy Officer, details below.9. Disclosure of Personal Information9.1. We may, in providing our services and operating our business, allow access to your personal information to the different entities within Hannah Eden Fitness' group for our internal administrative purposes such as billing, promoting our events and services, and providing you or your organisation with services, provided in all instances that such processing is consistent with section 4 (Legal basis for usage of personal information) and applicable law.
9.2. In order to carry out our services, we may disclose your personal information:
(a) to our clients and our third-party suppliers to analyse the effectiveness and optimize the performance of a marketing campaign, provide information to you, draw a prize, or validate a sale;
(b) where we deem reasonably necessary to provide you with the services that you have required at any particular time in order to help us deliver, administer, host and support our functions and activities,including to help maintain our Platform, Marketing Materials and corresponding databases, conducting data analysis, serving advertising, providing IT services, data processing, storage and back up and telemarketing services;
(c) toabuyerorothersuccessorintheeventofamerger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Platform and Marketing Materials is among the assets transferred;
(e) in circumstances permitted or required by or under any law.
9.3. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfill the service they provide you on our behalf. When such third parties no longer need your personal information to fulfil this service, they will dispose of such details in line with our procedures unless they are themselves under a legal obligation to retain information (provided that this will be in accordance with applicable data privacy laws). If we wish to pass your sensitive personal information onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.
9.4. We also provide anonymous statistical information about users of our Platform, Marketing Materials and related usage information to our clients, where no personal information is included in such disclosure.10. International Transfers10.1. Where you are submitting personal information from within the European Economic Area (“EEA”), such information may be transferred to countries outside the EEA.
(a) is stored in a secure environment;
(b) is safeguarded from misuse, interference, loss and unauthorized access, modification or disclosure; and
(c) is accessed only by authorized personnel for permitted purposes.
11.2. We have implemented procedures to safeguard the security and confidentiality of your personal information such as electronic and physical restrictions to files containing personal information and ensuring encryption of personal information sent and received. Whilst we continually strive to ensure that our systems and controls are updated to reflect technological changes, the transmission of information via the internet is not completely secure and as such we cannot guarantee the security of your data transmitted to us online, which is at your own risk.
11.3. If you communicate with us using a non-secure web platform, you assume the risks that such communications between us are intercepted, not received, delayed, corrupted or are received by persons other than the intended recipient.
11.4. You can help to keep your information secure by ensuring that any user name or password in relation to our services is kept strictly personal to you and not be made available to any other person. You should stop using your username and password and notify us immediately if you suspect that someone else may be using your user details or password.
11.5. Once your personal information is no longer required by us, including under any contractual or legal requirement, we will take all reasonable steps to ensure that it is either destroyed or de-identified in a secure manner and in accordance with our Data Disposal and Retention Policy and our legal and regulatory obligations.12. Your Rights12.1. It is important to us that the information we hold about you is up- to-date, accurate and complete, and we will try to confirm your details through our communications with you and promptly add updated or new personal information to existing records when we are advised.
12.3. Please contact our Privacy Officer, via the contact details below, if you:
(a) wish to access the personal information which we hold about you;
(c) wish to request the removal of personal information about you from our records;
(d) wish to request the portability of your personal information that you have provided to us in a structured, commonly used and machine- readable format; or
(e) wish to object to, or request the restriction of, our use of your personal information.
12.4. After verifying your identity, we will generally provide you with access to your personal information if practicable and will take reasonable steps to amend any personal information about you which is inaccurate or outdated. In some circumstances and in accordance with the data privacy laws, we may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will provide you with reasons for this decision unless we have a legally permitted reason not do to so.13. Complaints(a) wish to modify, correct or update the personal information which we hold about you;
13.1. We take your complaints seriously and we will attempt to resolve any issues quickly and fairly. If you think that an act or practice has interfered with your privacy in relation to your personal information, you can contact us using the details below. If you make a privacy complaint, we will respond to let you know how your complaint will be handled. We may ask you for further details, consult with other parties and keep records regarding your complaint.
13.2. Within 7 days of receiving a complaint the Privacy Officer will seek to contact you to confirm that we have commenced an investigation, and we will endeavour to complete our investigation within 30 days of the complaint being made. We will let you know the outcome of our investigation once it is complete, including any actions that we will take to address your complaint.
The Privacy Officer for Hannah Eden Fitness is Erica Sin.