Our stance on data protection and user information: Updated as of 21/11/2021
Personal data is any data in respect of which your identity is either apparent, or can reasonably be ascertained, from the data and/or other data that we or our partners have or are likely to have access.
This policy explains the key measures we have taken to implement the requirements of the Personal Data Protection Act 2012 (“PDPA”). It aims to answer the questions you might have about how we collect, use and disclose your personal data. If you have any further questions about Fitness Heist’s privacy practices, please contact our personal data officer at [email protected]
2. Data Collected
We collect and hold data that you have provided to us about yourself, and information about your use of our services such as membership information and information about your use of our clubs.
The information that we collect includes:
- data provided in applying for Fitness Heist club memberships – for example, your contact details and credit card details;
- data provided as part of your use of our club – for example, the frequency with which and the times at which you use our club;
- data provided as part of your use of Fitness Heist’s website and web services – for example, your email address; and
- data relating to your health – for example, the existence and nature of a medical condition disclosed to us in completing our pre-exercise questionnaire.
We will use and disclose your personal data to provide you with membership or guest visits to our club, as permitted under the PDPA such as:
- maintaining our relationship with you, including responding to your questions;
- helping us to identify and inform you about other products or services that are likely to be of interest to you;
- internal accounting and administration, including sharing information with our related bodies corporate for reporting purposes;
- using your credit card details for billing purposes;
- photos for identification purposes and club access;
- protecting you and the club from error and fraud;
- responding to police or regulatory authority enquiries or investigations;
- preventing a serious credit infringement;
- improving the website; and
- developing a better understanding of our customers’ needs.
If you do not provide us with your personal data, we may not be able to provide you with these services.
Other than disclosure to service providers or as required by law (for example, disclosure to various Government departments or to Courts), our policy is that we do not generally give your personal data to other organisations unless you have given us your consent to do so.
We may share your personal data with certain third parties, such as: providers of the electronic systems we use to collect and store your personal data; banks and financial institutions you use to make payments to us; and other service providers we use to help us run aspects of our business efficiently.
We will keep you up to date with our special offers, products and services, where you have consented to receive materials containing such information. Please note that you can choose not to receive marketing information from us by contacting us or by speaking to a Receptionist at the Club.
4. Accessing the Data
If at any time you want to know what personal data we hold about you, or about how such personal data has been or will be used, you are welcome to request a copy of your customer record by contacting us. We aim to respond to most requests within 14 days, or if the request is more detailed, within 30 days. We may recover from you its reasonable cost of supplying you with this information.
We endeavour to take all reasonable steps to keep your personal data secure. Only authorised users can access your personal data, and access is only for approved purposes. We train our staff and require our data officers to respect the privacy and confidentiality of your information. Unfortunately, we can’t give you an absolute guarantee that your information is always secure. For example, no data sent over the internet is 100% secure. While we ensure reasonable security arrangements to prevent unauthorised access, collection or use of your data, we can’t be held responsible for events arising from unauthorised access to your personal data.