Privacy Policy

We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It covers personal and sensitive health information gathered through our website, mobile app, in-person interactions (such as pre-exercise questionnaires), and on-site CCTV surveillance. Our goal is to be transparent and use plain language so that all gym members and prospective clients understand their privacy rights.

1. Information We Collect

1. We only collect personal information that is reasonably necessary for our business operations and services. The types of information we collect include:

1. Personal Identification and Contact Details

Name, address, date of birth, phone number, email, and emergency contact information. We use these details to identify you, create your membership, and get in touch regarding classes, schedule changes, or billing. Date of birth may be used to verify eligibility (e.g. age restrictions) and tailor programs appropriately for your age group.

1. Health and Fitness Information (Sensitive Information)

Information about your health, medical conditions, injury history, exercise experience, and nutrition or fitness goals. This may be collected through pre-exercise questionnaires or consultations. We gather this sensitive information with your consent and handle it in accordance with the Privacy Act. It is used to design safe and effective personal training programs, group workouts, and nutrition coaching tailored to your needs.

1. Gym Usage and Progress Data

Details of your gym attendance, class bookings, training progress, and any fitness assessments or measurements. For example, we might record the classes you attend, your workout plans or results, and notes from personal trainers or coaches about your progress. This helps us track your development and adjust our services to better meet your fitness goals.

1. Payment and Billing Information

Financial details such as your credit/debit card number or bank account information, which are needed to process membership fees and other payments. For instance, if we use a third-party billing provider (e.g. a direct debit service like Ezidebit) to handle recurring payments, your payment details will be used securely for that purpose.

1. Online Activity Information

When you use our website or mobile app, we may collect technical information like your IP address, browser type, device ID, and usage data (e.g. pages visited or features used). We use this data to improve our website/app functionality and user experience. We also use cookies or similar technologies on our website to remember your preferences and gather analytics on site traffic (you can disable cookies in your browser settings, but some features of our site may not work without them).

1. CCTV Footage

Our gym premises are monitored by CCTV video cameras for safety and security purposes. These cameras may record video images of individuals in the gym (along with the date and time of recording). We use CCTV footage to help prevent and investigate incidents such as accidents, theft, or unauthorized access, thereby ensuring the safety of our members, staff, and facilities.

1. Why We Collect This Information

In general, we collect the above information to provide you with our services and run the gym effectively. This includes establishing and managing your membership, tailoring fitness and nutrition programs to you, ensuring your safety while exercising, processing payments, and communicating with you. If you choose not to provide certain information (for example, health details or contact information), we may not be able to offer you certain services or ensure those services are safe and effective for you.

1. How We Collect Your Information

1. We collect personal information through several channels, always by fair and lawful means and where possible directly from you. These include:

1. When You Provide it to Us Directly

You may give us personal information when you fill out forms or enter details on our website or mobile app (such as when signing up for a membership, booking a class, or completing a fitness assessment questionnaire online). You also provide information in person, for example by completing membership application forms or pre-exercise screening questionnaires at the gym, or by telling your personal trainer about an injury or goal. Additionally, if you communicate with us via phone, email, or social media (for example, sending an enquiry or feedback), we will collect any information you share in those communications.

1. Through Our Mobile App and Fitness Software

If our gym offers a mobile app or uses third-party fitness software for class bookings, workout tracking, or nutrition logging, the information you enter into these platforms will be collected. For instance, booking a class through our app will record your name and booking details, and using a workout tracking feature might save your exercise data (such as sets, reps, or personal records). This data helps us manage schedules and monitor your progress.

1. In-Person Observations and Training Sessions

Our staff (including front desk staff, personal trainers, and nutrition coaches) may record relevant details during your interactions. For example, during a personal training session or nutrition consultation, the trainer might note your progress, adjust your program, or log any concerns (such as reporting a new injury or dietary change you mentioned). We treat these notes as part of your personal information, used to support your training and health.

1. CCTV Surveillance

We collect video footage through CCTV cameras located in the gym’s workout areas, entrances, and other key locations. These cameras operate continuously to maintain a safe environment. If an incident occurs, the footage may be reviewed. CCTV signs are posted to inform you of this surveillance. The system may capture your image when you are in range of our cameras. (Note: CCTV is generally not used in private areas like bathrooms or locker room changing areas.)

1. From Third Parties or Integrated Services

In some cases, we may receive information about you from third parties. For example, if you use a partnered service or a corporate wellness program to sign up for our gym, they might forward us your details. If our systems integrate with external platforms (for instance, if our membership management software or app sources data from providers like MindBody or others), we will collect your information from those systems. We treat any information obtained from third parties with the same care as information you give us directly.

1. We will only collect sensitive health information with your consent. For example, by filling out our health questionnaire or providing injury history, you consent to us using that information to assist in your training safely. Where practicable, you have the option to deal with us anonymously or under a pseudonym (for example, just making a general enquiry without giving your name), but in many cases, we need certain details to provide our services (e.g. we can’t set up a membership or tailor a fitness plan without knowing who you are and your relevant health details).

1. How We Use and Disclose Your Information

1. We use your personal information only for purposes related to running our gym and providing you services, or as required by law. We do not sell your personal information to anyone. The main ways we use and disclose information are described below:

1. Providing and Managing Services

To set up your membership and verify your identity, schedule your classes or training sessions, and generally deliver the services you have signed up for (personal training, group fitness classes, nutrition coaching, etc.). For example, we use your contact and membership details to check you into classes and to keep track of your entitlements or membership status.

1. Tailoring Training and Nutrition Plans

Your health and fitness information is used by our trainers and coaches to design safe and effective workout programs and nutrition plans. For instance, knowledge of an old injury allows us to modify exercises for your safety, and understanding your nutrition goals enables our coach to create a suitable meal plan. We only use your health information for purposes you would expect – i.e. to support your health and fitness journey – and not for any unrelated purposes without your consent.

1. Communication

We use your contact information (email, phone number) to send you important notices related to your membership. This includes sending booking confirmations and reminders, changes to class schedules, gym updates, invoices and billing reminders, and responses to any enquiries or support requests you make. We may also send you marketing communications about new classes, special offers, or events if you have consented to receive such messages. These communications might be via email or SMS, in line with marketing laws and your preferences. You can opt out of marketing messages at any time by clicking “unsubscribe” in our emails or letting us know directly, and we will honour your request.

1. Payments and Billing

We use your payment information to process membership dues, class packages, or other purchases you make with us. For recurring billing, your details are handled through our secure payment system. For example, if we utilize a payment processing service (such as Ezidebit) to debit your account or card for monthly fees, we will use your provided billing info to facilitate those transactions. We strictly use this information for billing and financial record-keeping.

1. Improving Our Services and Operations

We may analyse information about how members use our services to improve our offerings. For instance, we might review class attendance records to decide if we need to add more sessions of a popular class, or examine aggregate app usage data to improve the app’s features. We also use analytics tools (like Google Analytics on our website) to understand overall website traffic and usage patterns. This helps us make our website and services more user-friendly and relevant. These analytics are mostly de-identified (we look at trends, not individuals), but they may incidentally include some personal data such as an IP address.

1. Safety and Legal Compliance

CCTV footage and other relevant personal information may be used to maintain a safe environment and protect our legal rights. For example, we might review CCTV video to investigate a security incident or an injury that occurs on-site. We also keep records required by law (such as incident reports or financial records) and use your information to comply with legal obligations (for instance, verifying vaccination status if ever required by public health orders, or keeping attendance records for contact tracing during a pandemic).

1. Disclosure of Personal Information to Third Parties

1. We do not disclose your personal information to third parties except as needed to run our business or as required by law. When we do share data, we only share the minimum necessary information, and we take steps to ensure those third parties handle your data securely and in accordance with privacy laws. The types of third parties we may disclose information to include:

1. Service Providers (Contracted Third Parties)

We use reputable third-party companies to help us deliver our services. For example:

1. Billing and Payment Processors

We partner with third-party payment providers (such as Ezidebit) to handle direct debit and credit card transactions securely. If you set up automatic payments, necessary personal and financial information (like your name and account details) will be provided to that payment processor to process the billing. These providers are required to protect your data and use it only for billing purposes.

1. IT and Cloud Service Providers

We may store data on cloud-based systems or use software supported by external IT companies. This includes our membership management software, class booking system, or workout tracking app (for example, if we use a platform to manage class schedules or track progress). Your relevant personal information may be stored in those systems so that you and our staff can use those tools. These providers might host data on servers in Australia or overseas – if overseas, we take steps to ensure your information remains protected to Australian standards. (See Data Storage and Security below for more on overseas data.)

1. Email, SMS, and Marketing Platforms

We might use services like MailChimp (email newsletter service) or other marketing tools to send out group emails or texts. In doing so, we would disclose your contact details to those platforms to facilitate the communication. They operate under strict privacy agreements and will not use your email or phone number except to send our messages.

1. Analytics and Advertising Partners

For our website and advertising, we might share some information with analytics services (like Google Analytics) or social media advertising platforms (like Facebook Ads) to help us measure engagement or show promotions to the right audiences. This typically involves cookies or tracking pixels on our site which collect usage data; it does not involve sharing things like your health or payment details. You are usually not identified personally in this process – these partners mostly receive aggregated or pseudonymized data (e.g. a unique cookie ID). We do not provide your name or contact info to third-party advertisers without your explicit consent.

1. Professional Advisors and Insurers

On occasion, we may share necessary information with professionals who advise us, such as our accountants, lawyers, or insurance providers. For example, if an incident occurs (like an injury at the gym) that leads to an insurance claim or legal action, we might need to provide details about the incident and the individuals involved to our insurer or legal counsel. These parties are bound to confidentiality and will only use the information for the purpose of providing their services to us. 

1. Personal Trainers and Coaches

Our gym offers personal training and coaching services, and in some cases trainers may operate as independent contractors. If you work with a personal trainer, nutrition coach, or class instructor who is not an employee but a contractor at [Gym Name], we may share your relevant information with them so they can effectively train or coach you. This could include your contact info (to schedule sessions), health and fitness info (so they know your conditions and goals), and progress reports. These trainers are required to keep your information confidential and use it only for your training/coaching. (If all trainers are employees of the gym, then they are not “third parties” but we still ensure only authorized staff access your data.)

1. Law Enforcement and Legal Requirements

We may disclose personal information when required by law or when necessary to cooperate with authorities. For example, if we receive a legally binding request or court order (subpoena) for information, or if a law enforcement agency (police) requests CCTV footage or membership records as part of an investigation, we are obligated to comply in most cases. Also, if needed to prevent a serious threat to health or safety, we might share information with authorities or emergency services. Any such disclosure will be done strictly in line with the law.

1. CCTV Footage Disclosure

CCTV recordings are generally viewed only by authorized staff for security purposes. We do not release footage to external parties except when necessary. For instance, if there is a security incident, we may provide relevant footage to police or other proper authorities to assist in an investigation. All access to CCTV footage is logged and restricted to prevent misuse.

1. Business Transfers

In the unlikely event that our business is sold or merged with another company, the personal information we hold may be transferred as part of that transaction (as customer data is often a business asset). If that happens, we will ensure the new owner understands they must continue to protect your personal information in line with this Privacy Policy and Australian law. We will notify you of any such change if required by law.

1. Whenever we share your information with third-party providers or partners, we only do so for the purposes outlined in this Policy (or as otherwise consented to by you). We take reasonable steps to ensure these third parties are bound by confidentiality and privacy obligations similar to ours. They are not permitted to use your personal information for their own purposes (for example, our marketing agency can use your email only to send our gym’s newsletter, not to market their own services to you).

1. Data Storage and Protection

1. We understand the importance of securing your personal information. We store your data in a combination of electronic and physical forms, and have implemented measures to protect it from unauthorized access, alteration, disclosure, or destruction:

1. Secure Facilities and Records

Personal information on paper (e.g. completed health questionnaires or signed membership forms) is stored in secure cabinets or offices that are locked when not in use. We also maintain robust physical security for our premises and on-site servers/records (including CCTV monitoring as mentioned).

1. Restricted Access

We limit access to personal information to staff who need it to perform their duties. For example, your trainer and relevant gym management can view your fitness profile, but other staff cannot. All employees, contractors, and service providers with access to personal data are subject to confidentiality obligations. We train our staff on privacy and ensure that only authorized personnel can access systems that contain members’ personal data.

1. Technical Security Measures

Our electronic databases and IT systems employ industry-standard security protections. This includes the use of firewalls, anti-virus and anti-malware software, encryption of data (especially sensitive data like payment details), and secure password management. For instance, if you enter credit card details on our website, that transmission is encrypted (SSL/TLS) and stored with our payment processor rather than on our own servers. We regularly update and patch our systems to address security vulnerabilities.

1. Cloud and Third-Party Storage

Some personal information may be stored on cloud servers or external platforms (for example, our membership management software or email service might be cloud-based). These servers could be located outside Australia (common locations include the United States or other countries). Regardless of where data is stored, we take reasonable steps to ensure any overseas recipient of personal information protects it in line with Australian privacy standards. We choose reputable providers and, where required, implement agreements (such as Australian Privacy Principle 8.1 commitments or similar safeguards) to ensure your data remains secure and confidential.

1. Data Retention Practices

We will not keep your personal information longer than necessary. In general, we retain your data for as long as you are a member or use our services, and for a reasonable period thereafter in case you return or for our administrative and legal purposes. For example, we may keep certain records after you cancel your membership to comply with legal record-keeping requirements (such as financial transactions for tax purposes, or incident reports for insurance). Once personal information is no longer needed for the purpose it was collected (and we are not required by law to retain it), we will take steps to destroy it or de-identify it securely. This might include shredding physical documents and permanently deleting or anonymizing electronic records.

1. CCTV Footage Storage

CCTV recordings are stored securely and are typically retained for a limited period (e.g. a number of weeks) unless required longer for an investigation. The footage is automatically overwritten or deleted after the retention period expires. Any archived footage related to incidents is kept in a secure manner with restricted access.

1. Despite our best efforts, no method of data storage or transmission is 100% secure. However, we continually review our security practices to mitigate risks and follow industry best practices for data protection. If we ever experience a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

1. Accessing and Correcting Your Information

1. Your Rights

You have the right to access the personal information we hold about you, and to request corrections or updates if you believe it is inaccurate, out-of-date, or incomplete. We aim to ensure the information we have is accurate and up-to-date, and we welcome your help in keeping it that way.

1. How to Request Access or Correction

If you would like to see what personal information we hold about you, or if you think any of your details need to be corrected, you can contact us (see Contact Us in section 7 below). Please outline what information you are seeking or which details need correction. For your privacy and security, we may ask you to verify your identity before providing access or making changes – for example, we might require you to make the request in writing or provide ID, especially if it’s sensitive information.

1. Our Response

1. We will respond to your request within a reasonable time frame (generally within 30 days). If your request is urgent, please let us know and we will do our best to accommodate. In most cases, we will be able to provide you with access to your information or update it as requested. If for some reason we are unable to fulfill your request, we will explain why in writing. For example, we might refuse access if giving you the information would unreasonably impact someone else’s privacy, or if it relates to anticipated legal proceedings, or if we are otherwise permitted by law to decline. But we will always provide you with the reason and, if applicable, how you can complain about that decision.

1. We typically do not charge any fees for an access or correction request. However, if a request is unusually large or complex, we may charge a reasonable fee to cover the cost of retrieval and supply. We will let you know in advance if a fee might apply, so you can decide if you wish to proceed.

1. Privacy Complaints and Concerns

1. We take privacy seriously and aim to address any concerns promptly and fairly. If you have a question about our privacy practices, or if you believe your personal information has been mishandled, please let us know – we appreciate the opportunity to resolve the issue.

1. How to Make a Complaint

You can lodge a privacy complaint by contacting us (see Contact Us below). Please provide details about your concern, such as what happened, the date, who was involved, and what information is affected. The more information you give, the better we can understand and fix the problem. We may ask for further details or clarification if needed (and as noted, we may need to verify your identity to discuss specific personal data, to ensure we’re dealing with the right person).

1. Our Process for Complaints:

1. Acknowledgement

Once we receive your privacy complaint, we will acknowledge it and begin an investigation. We’ll assign it to the appropriate person (such as our Privacy Officer or manager) to handle.

1. Investigation and Resolution

We will investigate the facts, which may involve reviewing relevant records and speaking with staff. We aim to address all complaints in a timely manner. You can generally expect a response or update from us within [30 days] of your complaint. (Simple issues may be resolved much sooner.) 

1. Outcome

If a mistake was made or something went wrong, we will take steps to fix it. This could include correcting any misinformation, changing our processes to prevent it happening again, and notifying affected parties if appropriate. We will write to you (or call/email) to explain the outcome of your complaint. If you are not satisfied with our response, we will also let you know what other steps are available.

1. We hope to resolve all privacy complaints directly. However, if you feel that we have not dealt with your concern adequately, you have the right to escalate the matter. In Australia, the supervising authority for privacy matters is the Office of the Australian Information Commissioner (OAIC). If you’re not satisfied with our handling of your complaint, you can contact the OAIC to lodge a formal privacy complaint. The OAIC’s website is www.oaic.gov.au, and it contains information on how to submit a complaint online or via mail. (The OAIC typically asks that you attempt to resolve issues with the organization first, before they will investigate.)

1. We will cooperate fully with the OAIC or any other regulatory body that examines a privacy issue involving our gym.

1. Contact Us (Privacy Enquiries & Contact Details)

1. If you have any questions, requests, or concerns relating to this Privacy Policy or your personal information, please contact us. We are here to help and will respond as promptly as possible.

Contact Details for Privacy Matters:

Email: hello@kapundastrengthstudio.com.au

Postal Address: Kapunda Strength Studio - 21B Main St, Kapunda SA 5373

When you contact us, please let us know it’s regarding a privacy issue so we can direct your query appropriately. If you are making a request or complaint, providing as much detail as possible will help us respond more efficiently.

Your acknowledgement

By providing your personal information to us or by using our services (including accessing our website or gym facilities), you acknowledge that you have read and understood this Privacy Policy. We may update this policy from time to time to reflect changes in our practices or the law. If we make significant changes, we will notify members via email or by posting a notice in the gym or on our website. The latest version will always be available on our website. We encourage you to check it periodically and contact us if you have any questions.

We appreciate your trust in Us. Your privacy is important to us, and we are committed to safeguarding your personal information while helping you achieve your fitness and health goals.