Last updated on 28 June 2021
We are committed to managing personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) and any other applicable privacy laws.
In addition to the Privacy Act, if you are located in the European Union (EU) (including the European Economic Area (EEA)), the section 'European residents' below provides further information about our processing of your personal information we collect and your additional data subject rights in relation to the processing of your personal information (or personal data) under the General Data Protection Regulation (2016/679) (GDPR).
In providing our services to you we may collect and process personal information as outlined below. Global Fitness Pty Ltd will be a data controller for the purposes of the GDPR and this policy includes information that must be provided to you when we collect your personal information.
This Policy sets out how we collect, use, disclose, store and dispose of personal information about our customers, employees and any other people we interact with. It should be read together with any terms and conditions governing your use of our products or services, website or app and any location specific legal notice.
In this Policy,
- personal information means any information about an identified individual or an individual who is reasonably identifiable or as otherwise defined by applicable data protection law.
- services means any services we offer, including but not limited to fitness coaching services or programs, workout guides, or health and nutrition advice.
- you refers to any individual about whom we collect personal information.
- Fitness/lifestyle activity data means fitness activity or health information of an individual, including weight, height, measurements, step count, exercise activities, accelerometer readings, barometer readings, location sensor readings that include GPS coordinates, timestamps, elevation, speed and bearing.
1. What information do we collect about you?
We only collect personal information where it is necessary for our functions or activities. The kinds of personal information we collect will depend on the capacity in which you are dealing with us. You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested.
Customers and potential customers (via our website and/or app)
When you enquire about our products or services or sign up for our updates through our website, we will typically collect your name, e-mail address and any other contact details required for us to respond to that enquiry.
When you sign up to our app, we will typically collect your name, e-mail address and any other contact details required from time to time.
If you become a customer of ours via our website, and/or purchase programs via our app, we may also collect:
- your age and any other details needed so you can participate in our services;
- some sensitive information, being health information related to your physical health and future goals;
- statistics on your participation rates and milestones;
- with your consent, your photo or video for promotional purposes;
- fitness/lifestyle activity data provided by you or generated via your use of the app, including the activity data generated by any devices or services that you choose to connect to the app (e.g. smart watches, Google Fit, or other third-party fitness tracker); and
- any additional personal information you provide to us, or authorise us to collect.
The purpose of collecting sensitive information about you (being health information), including fitness/lifestyle activity data provided by you through other devices or services, is so we can measure your health and achievements in our fitness activities. We only use your sensitive information for this purpose and no other purpose.
The types of sensitive information we collect may include your weight, height, measurements, step count, exercise activities, accelerometer readings, barometer readings, location sensor readings that include GPS coordinates, timestamps, elevation, speed and bearing, whether you smoke or are pregnant and other relevant health related information. We will obtain your express consent in circumstances where it is necessary for us to collect sensitive information.
We may collect personal information as part of our recruitment activities, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.
We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.
We may collect personal information from other individuals who are not customers or employees. This includes our individual service providers and contractors and other individuals who interact with us on a commercial basis. Generally, it would include your name, contact details, identification details, any required background checks or relevant business experience, and any other information relevant for our interactions and transactions with you.
Visitors to our websites
The way in which we handle the personal information of visitors to our websites is discussed below.
2. How do we collect your personal information?
We generally collect personal information directly from you. We may collect and update your personal information by email, via our website, or in person. We may sometimes collect personal information about you from other sources, for example our third-party suppliers and contractors who assist us to operate our business (such as payment gateways like PayPal or Shopify).
Fitness/lifestyle activity data
When using our app, you may also choose to connect a third party service/device (e.g. an Apple Watch or fitness tracker, or Google Fit via API or other integration) and enable that service/device to collect additional data, such as fitness/lifestyle activity data. If you choose to do so, we will import your fitness /lifestyle activity data to our app, so we can measure your health and achievements in our fitness activities and services.
3. Why do we collect and use your personal information?
We collect personal information reasonably necessary to carry out our business, to assess and manage our customers' needs, and provide fitness programs. We may also collect information to fulfil administrative functions associated with these services.
The purposes for which we usually collect and uses personal information depends on the nature of your interaction with us, but may include:
- providing guidance, support and feedback related to your use of our products or services;
- to process and administer your dealings as a customer, including processing payments and any direct debit requirements or facilitating delivery;
- planning, marketing and administering programs and events;
- researching and developing our products and services, including market research;
- sending you updates on our services, or opportunities or events you may be interested in;
- recruitment processes (including for volunteers, internships and work experience);
- any purpose you have consented to;
- any related secondary purpose we believe you would reasonably expect when we collected your personal information or because of our relationship with you;
- any purpose for which we are required or authorised by applicable law; and
- to respond to and manage inquiries, complaints, feedback and claims, defend our legal interests and investigate and protect against fraud, theft and other illegal activities.
We may use your image or audio-visual recordings which identify you for promotional purposes where you would reasonably expect this to occur, or where you have given us your express or implied consent (for example, where you have won a prize, or where you have tagged us in photo or video on a social media platform).
4. Connecting with Google Fit / Other Third-Party Services and Devices via our app
If you choose to connect your account to a third-party service/device (such as Google Fit) when using our app, we will share your fitness /lifestyle activity data with these parties only for the purposes set out above (i.e. to provide our services and measure your health and achievements in our fitness activities). You will be asked for your consent when you connect to these services/devices, and you may revoke that consent at any time by disconnecting from them.
Our use of information received from Google APIs (including Google Fit APIs) will adhere to Google API Services User Data Policy, Google Fit Developer and User Data Policy, and Limited Use requirements.
5. How do we interact with you via the internet?
6. How do we interact with you via our app?
7. Can you deal with us anonymously?
We will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). If we do not collect personal information about you, you may be unable to use our full range of services or participate in programs or activities we deliver.
8. How do we hold and secure information?
We store information using digital or cloud based platforms in secure databases (including trusted third-party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original documents securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
We maintain physical security over all data stores, such as through locks and security systems at our premises. We also maintain network security, for example firewalls and other security systems such as user identifiers and passwords to control access to our computer systems.
Our websites and app do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
We take steps to securely destroy or de-identify information that we no longer require.
9. Do we use or disclose your personal information for digital or direct marketing?
We may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or the unsubscribe facility in all emails we send to you.
If you opt-out of receiving marketing material from us, we may still contact you for the purposes of facilitating other dealings with you (such as the order of products or services).
We may occasionally engage other companies to provide marketing or advertising services on our behalf. Those companies will be permitted to obtain only the personal information they need to deliver the service. If we provide those companies with any of your personal information, it is to provide you with a better or more relevant and personalised experience and to improve the quality of those services.
10. How do we disclose personal information?
We will not sell, distribute or disclose your information or personal details onto any third parties, other than in accordance with this Policy, and to those who are contracted to us to keep your information or personal details confidential.
We may disclose personal information:
- to our suppliers, consultants, contractors or agents we engage in order to provide our services, including for payment processing and debt recovery, shipping, data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance, development or hosting, archiving, marketing and market research;
- via our social media pages for promoting us and our services;
- if we merge with or are acquired by another entity, to that entity as a part of the merger or acquisition;
- to relevant government authorities for the purpose of investigating an incident, for example a workplace health and safety matter or security incident;
- when conveying information to a responsible person (e.g. parent, guardian, spouse) if you are injured, incapable or cannot communicate, unless you have requested otherwise;
- for other administrative and operational purposes, such as risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives).
We may use and disclose your personal information for other purposes explained at the time of collection, that you have consented to or otherwise as set out in this Policy.
11. Do we disclose your personal information overseas?
Unless we have your consent, or an exception under the APPs applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your personal information.
The reason for disclosure to an overseas recipient depends on the nature of the services those recipients provide to us (for example storing data via a cloud service, or where our customer relationship management system is hosted on servers located overseas).
12. How can you access or seek correction of your personal information?
You are entitled to access your personal information we hold about you upon request. You can do this by contacting us using the contact details set out below.
You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
If you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
13. Data breaches
Under the APPs, we may be required to notify you about ‘eligible data breaches’. An eligible data breach occurs when:
- there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);
- the access, disclosure or loss is likely to result in serious harm to you; and
- we are unable to prevent the likely risk of serious harm with remedial action.
If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach further. This is to ensure you are notified if your personal information is involved in a data breach that is likely to result in serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
14. European residents
If you are an individual customer based in Europe and we offer or provide our products or services to you, our processing of your personal information will be subject to the GDPR and the following additional information applies.
Global Fitness Pty Ltd is the data controller for the purposes of processing your personal information. We have a Privacy Officer who will also be appointed as a Data Protection Officer if we have a legal obligation to do so.
Our Legal grounds for processing: We rely on the following legal grounds to process your personal information:
- contract performance - we need to collect and process your personal information to enter into a contract with you when you purchase our products or to perform our obligations under a contract with you when you request and we provide you with our products and services;
- if it is necessary to pursue our legitimate interests and does not override your rights and interests - this is the usual basis on which we carry our business for the purposes set out above and includes when we carry out research, conduct direct marketing or otherwise communicate with you; and
- with your consent- we need your consent to collect and use your sensitive information such as your health information or to send you direct marketing.
- to comply with laws or regulations that apply to us including exercising our rights.
Transfer of information outside Europe: If we or our service providers or one of our related entities transfers your personal information outside Europe or onwards to a third country from Australia, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. We will do this by one of the following:
- sending it to a country approved by the European Commission as having adequate privacy protections;
- the recipient has signed a contract based on standard “model contractual clauses” approved by the European Commission, requiring them to protect your personal information) (see http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm; or
- if the recipient is located in the US, it may be a certified member of the EU-US Privacy Shield scheme (https://www.privacyshield.gov/welcome) or another valid scheme; or
- meeting the requirements of an applicable derogation such as obtaining your consent;
How long do we retain your personal information?
We retain your personal information for as long as necessary to provide our services and products that you have requested, to comply with our legal obligations, resolve disputes, and enforcing our rights and policies. Unless we have an ongoing relationship with you (e.g. you are a frequent customer) or otherwise required, we will retain your personal information for no longer than 2 years.
Your additional rights and choices: You can -
- ask us to erase your personal information without undue delay in certain circumstances such as if you withdraw your consent and we otherwise have no legal reason to retain it.
- object to, and ask us to restrict, our processing of your personal information in certain circumstances, such as while we verify your assertion the information is inaccurate or if we are processing your information for our legitimate interests or for direct marketing purposes (we may be legally entitled to refuse that request).
- in some circumstances such as where we are processing your information with your consent, receive some personal information you have given us in a structured, commonly used and machine-readable format and/or ask us to transmit it to someone else if technically possible feasible.
- withdraw your consent (but we may be able to continue processing without your consent if there is another legitimate reason to do so).
- lodge a complaint with the relevant European data protection authority if you think that any of your rights have been infringed by us – we can, on request, tell you the relevant authority for the processing of your personal information.
15. What should you do if you have a complaint about the handling of your personal information?
You may contact us at any time if you have any questions or concerns about this Policy or about the way in which your personal information has been handled. You may make a complaint to us using the contact details set out below.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that we may have breached the APPs or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the OAIC website.
Global Fitness Pty Ltd (trading as Move With Us), which processes the personal data of individuals in the European Union, in either the role of 'data controller' or 'data processor', has appointed DataRep as its Data Protection Representative for the purposes of GDPR (The General Data Protection Regulation, EU 2016/679).
If Global Fitness Pty Ltd (trading as Move With Us) has processed or is processing your personal data, you may be entitled to exercise your rights under GDPR in respect of that personal data. For more details on the rights you have in respect of your personal data, please refer to the European Commission (https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en) or the national Data Protection Authority in your country.
Global Fitness Pty Ltd (trading as Move With Us) takes the protection of personal data seriously, and has appointed DataRep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries and the UK, so that Global Fitness Pty Ltd (trading as Move With Us)'s customers can always raise the questions they want with them.
We may amend this Policy from time to time, with or without notice to you. We recommend that you visit our website or app regularly to keep up to date with any changes.
17. How can you contact us?
Our contact details are:
Privacy Officer/Data Protection Officer
5/18 Township Drive, Burleigh Heads QLD 4220
EU Website Customers Only:
If you want to raise a question to Global Fitness Pty Ltd (trading as Move With Us), or otherwise exercise your rights in respect of your personal data, you may do so by:
- sending an email to DataRep at firstname.lastname@example.org <Global Fitness Pty Ltd (trading as Move With Us) in the subject line.
- contacting us on our online webform at datarep.com/data-request
- mailing your inquiry to DataRep at the most convenient of the addresses in the below table.
PLEASE NOTE: when mailing enquiries, it is ESSENTIAL that you mark your letters for 'DataRep' and not 'Global Fitness Pty Ltd (trading as Move With Us)', or your inquiry may not reach us. Please refer clearly to Global Fitness Pty Ltd (trading as Move With Us) in your correspondence. On receiving your correspondence, Global Fitness Pty Ltd (trading as Move With Us is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.
If you have any concerns over how DataRep will handle the personal data we will require to undertake our services, please refer to our privacy notice at www.datarep.com/privacy-policy.
|Austria||DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Belgium||DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium|
|Bulgaria||DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria|
|Croatia||DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia|
|Cyprus||DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus|
|Czech Republic||DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic|
|Denmark||DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark|
|Estonia||DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia|
|Finland||DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland|
|France||DataRep, 72 rue de Lessard, Rouen, 76100, France|
|Germany||DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany|
|Greece||DataRep, 24 Lagoumitzi str, Athens, 17671, Greece|
|Hungary||DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary|
|Iceland||DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland|
|Ireland||DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland|
|Italy||DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy|
|Latvia||DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia|
|Liechtenstein||DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Lithuania||DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania|
|Luxembourg||DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg|
|Malta||DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta|
|Netherlands||DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands|
|Norway||DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway|
|Poland||DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland|
|Portugal||DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal|
|Romania||DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania|
|Slovakia||DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia|
|Slovenia||DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia|
|Spain||DataRep, Calle de Manzanares 4, Madrid, 28005, Spain|
|Sweden||DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden|
|United Kingdom||DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom|