(Effective October, 2020)
ONEFITSTOP’S COMMITMENT TO PRIVACY
OneFitStop (Australia) Pty Ltd (ACN 609 603 401) and its subsidiaries and affiliates (collectively referred to as OneFitStop) are committed to managing personal information in accordance with relevant local privacy and data protection laws which apply to us such as the Australian Privacy Principles under the Privacy Act 1988 (Cth), the General Data Protection Regulation (EU) 2016/679 (GPDR) and other applicable privacy laws.
OneFitStop is a global organisation operating around the world with offices in Australia, the United States of America and other regions. We provide business management solutions to businesses in the fitness industry, from personal trainers through to fitness studios, gyms and health club facilities (Clients) through an online platform (Platform), accessible via the Client login page on our Website or other mobile applications we make available from time-to-time.
Clients and End Users (defined below) can embed the Platform into their own websites, social media pages and mobile applications to allow for a seamless user experience for their current and potential members and customers (Members).
OneFitStop also has a consumer facing mobile application (OneFitStop Member App) which allows Members to make bookings, arrange payments and interact directly with their fitness service providers. OneFitStop also services branded consumer facing mobile applications (Branded Member App) which allows members to make bookings, payments and interact directly with their fitness service providers via applications (iOS and Android) listed under an End Users brand name.
OTHER TERMS WHICH MAY APPLY
Other terms may also apply to you and the information we hold about you. For example:
- our Terms and Conditions Agreement which generally applies:
- if you are a Client and have purchased services from our Website; or
- you are a fitness service provider and you have otherwise been given access to our services as an ‘end user’ because a related company has entered into arrangements with us as a Client which permits you to access our services (End User).
- if you are employed with us, you may have specific privacy terms in your employment contract with us.
WHAT INFORMATION DOES ONEFITSTOP COLLECT ABOUT YOU?
Members of Clients and End Users and users of the Platform, OneFitStop Member App and Branded Member App
If your fitness service provider is a Client or End User of ours, they may direct you to our Website when you want to sign up with them as a Member, make a booking with them, or purchase products or services from them. You may also choose to interact with your fitness service provider through our OneFitStop Member App, Platform or Branded Member App.
We will only collect personal information which is reasonably necessary for your fitness service provider to provide you with products or services. The information we collect will vary depending on the circumstances of collection and the purpose for which we are dealing with you, but will typically include:
- personal details, such as your name, title, email address, postal address, and phone number;
- gender, date of birth, communication preferences and any additional field or properties that a Client of End User of ours makes available for entry;
- geolocation information, IP addresses, the type of browser and operating system you are using, the third party website from which your visit originated, the domain name of your internet service provider, the search terms you use on our Website, the specific web pages you visit, and the duration of your visits.
In some circumstances, we may collect health information about you to allow you and your fitness provider to track your fitness. The types of health information we generally collect includes information relating to:
- your weight and body measurements;
- your medical history;
- your smoker status;
- whether you are pregnant;
- whether you are on any medication; and
- your general fitness, such as heart rate, running times, and weights lifted.
Generally, we collect personal information about you from our Clients and End Users where you have provided that information to them for the purpose of obtaining their services or products. Please refer to the privacy policies of your respective fitness service providers for information about how they handle your personal information.
In some circumstances, we may collect personal information directly from you, such as when you make an enquiry about personal information, we hold about you.
We do not collect or hold any credit card details. We partner with trusted payment gateway providers including Ezypay, Fat Zebra and Stripe to process credit card details. For more information about how our payment gateway partners collect, hold, use disclose and otherwise process your card details we recommend you carefully review their privacy policies and applicable terms and conditions.
Clients and End Users and prospective Clients
When you enquire about our services or when you become a Client or End User of OneFitStop, a record is made which includes your personal information.
The type of personal information that we collect will vary depending on the circumstances of collection and the kind of Service that you request from us, but will typically include business related personal information such as:
- contact details, such as your name, title, email address, postal address, and phone number;
- professional details, such as your business name, business number, business address and contact details, the services or products you provide, as well as details of your employer, employees, affiliates, business partners, and/or Members; and
- any additional personal information you provide to us, or authorise us to collect, as part of your interaction with OneFitStop.
We collect personal information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.
We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions (for example, positions which involve working with children).
OneFitStop may collect personal information about other individuals who are not our Clients, End Users or a Member. This includes members of the public who participate in events we are involved with; individual service providers and contractors of OneFitStop; and other individuals who interact with OneFitStop on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with OneFitStop. Generally, it may include your name, contact details, and information regarding our interactions and transactions with you.
Visitors to our websites
The way in which we handle the personal information of visitors to our websites is discussed below.
What happens if you don’t provide your personal information?
You can always decline to give OneFitStop any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.
HOW AND WHY DOES ONEFITSTOP COLLECT AND USE YOUR PERSONAL INFORMATION?
OneFitStop collects personal information reasonably necessary to carry out our business, to assess and manage our Clients and End Users’ needs, and provide services to Clients and access to End Users including providing software which helps Clients and End Users to manage their businesses and consulting services to help their businesses grow.
We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing Client and End User relationships.
The purposes for which OneFitStop usually collects and uses personal information depends on the nature of your interaction with us, but may include:
- providing products and services to Clients and End Users including access to our software as a service;
- managing our relationship with Clients and End Users including:
- administrative and billing processes;
- informing Clients and End Users about changes to our products are services or other relevant information they may be inserted in;
- processing information on behalf of Clients and End Users (depending on the relevant products or services acquired from us) such as:
- scheduling classes, appointments and workshops on behalf of Clients and End Users;
- facilitating online bookings by Members;
- facilitating automatic billing and payments by Members;
- allowing Clients and End Users to manage their membership offerings and Members to sign up to, change or cancel their memberships;
- assisting Clients and End Users with marketing their goods and services;
- enabling Member check-in to Client facilities;
- tracking fitness and health of Members;
- providing payroll services;
- responding to requests for information, complaints and other general inquiries;
- managing, planning, advertising and administering programs, events, and competitions;
- informing you of our activities, events, facilities and services;
- researching, developing and expanding our facilities and services; and
- recruitment processes.
OneFitStop also collects and uses personal information for market research purposes and to innovate our delivery of products and services.
We may collect personal information directly from you or indirectly – depending on our relationship with you. For example, OneFitStop generally collects business related personal information directly from you if you are a Client or End User.
However, if you are a Member and in some cases an End User, we collect personal information about you indirectly. For example, OneFitStop generally collects personal information from our Clients or End Users who provide us with the personal information of their Members to allow us to provide our services to them.
Please check the privacy policies of your fitness providers to learn about how they handle, use, disclose or otherwise process the personal information they hold about you.
HOW DOES ONEFITSTOP INTERACT WITH YOU VIA THE INTERNET?
OneFitStop’s websites make use of Google Analytics to look at how our Website are used. This is done by placing small text files, known as ‘session cookies’ on your device to collect information about how visitors use our websites. We use this information to compile reports and to help us improve our Website. The session cookies collect information in an anonymous form, including the number of visitors to our Website, where visitors have come to our Website from and the pages they have visited.
You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.
OneFitStop’s Website may contain links to third-party websites. OneFitStop is not responsible for the content or privacy practices of websites that are linked to our Website.
CAN YOU DEAL WITH ONEFITSTOP ANONYMOUSLY?
OneFitStop will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for OneFitStop to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities we manage or deliver.
HOW DOES ONEFITSTOP HOLD INFORMATION?
OneFitStop stores information in paper-based files or other electronic record keeping methods in secure databases (including trusted third-party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
OneFitStop maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security; for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
HOW LONG WILL YOUR PERSONAL INFORMATION BE KEPT BY ONEFITSTOP
- legal and regulatory requirements and guidance;
- limitation periods that apply in respect of taking legal action;
- our ability to defend ourselves against legal claims and complaints;
- good practice; and
- the operational requirements of our business.
We take steps to destroy or de-identify information that we no longer require or as required by an applicable law.
DOES ONEFITSTOP USE OR DISCLOSE YOUR PERSONAL INFORMATION FOR DIRECT MARKETING?
If you are a Client or End User, OneFitStop may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or using the “unsubscribe” function in the relevant electronic message.
If you opt-out of receiving marketing material from us, OneFitStop may still contact you in relation to its ongoing relationship with you (for example to manage your account with us or to provide the products and services you have requested from us).
HOW DOES ONEFITSTOP USE AND DISCLOSE PERSONAL INFORMATION?
For Clients and End Users
The purposes for which we may use and disclose your personal information will depend on the services we are providing you. For example, if you have engaged us to deliver a service, we may disclose information about you to service providers where this is relevant to our services.
For Members and users of the OneFitStop Consumer App
If you are Member of one of our Clients or an End User we will use and disclose your personal information in order to where this is reasonably necessary for, and relevant to, the delivery of our services to our Clients and End Users.
Disclosure to contractors and other service providers
OneFitStop may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research.
Personal information may also be shared between related and affiliated companies of OneFitStop, located in Australia and overseas (discussed below).
Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.
Use and disclosure for administration and management
OneFitStop will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:
- administering billing and payments and debt recovery
- planning, managing, monitoring and evaluating our services
- quality improvement activities
- statistical analysis and reporting
- training staff, contractors and other workers
- risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives)
- responding to enquiries and complaints regarding our services
- obtaining advice from consultants and other professional advisers
- responding to subpoenas and other legal orders and obligations
Other uses and disclosures
DOES ONEFITSTOP DISCLOSE YOUR PERSONAL INFORMATION OVERSEAS?
OneFitStop works with customers, suppliers, resellers, service providers, sponsors and commercial interests across the globe. It is likely that your personal information will be disclosed to overseas recipients including to service providers who may handle, process or store your personal information on our behalf.
The recipients of such information may be located in Australia, United States of America, India.
We generally collect personal information about you in Australia or the jurisdiction in which the OneFitStop affiliate you are dealing with is located.
It is likely that your personal information will be transferred outside of the jurisdiction it was collected.
We only ever disclose your personal information outside the jurisdiction it was collected where we are permitted to do so under applicable privacy laws. Generally this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable privacy laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area. The EU standard contractual clauses are available here.
There are other circumstances where we may disclose your personal information to an overseas recipient. For example, you have provided your consent or we are otherwise permitted to do so under the Australian Privacy Principles or other relevant laws.
RESIDENTS IN THE EUROPEAN ECONOMIC AREA
If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable):
- Access: you have the right to request a copy of any personal information we hold about you. Any request for access to or a copy of your personal information must in writing and we will endeavour to respond within a reasonable period and in any event within one month (in compliance with the GDPR).
- Rectification: you have the right to the rectification of your personal data, if you consider that it is inaccurate.
- Deletion: you have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction: you have the right to erasure of your personal information, if you consider that we do not have the right to hold it.
- Portability: you have the right to ask us to transfer a copy of your personal information to you or to another service provider or third party where technically feasible.
- Objection: you have the right to object to your personal information being processed for a particular purpose or to request that we stop using your information.
- Complaint: If you are unhappy with our treatment of your personal information, and you have contacted us as set out below, you have the right to lodge a complaint with the local data protection authority.
If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.
To make a request to exercise any of these rights (where applicable) in relation to your personal information, please contact us using the contact details below.
HOW CAN YOU ACCESS OR SEEK CORRECTION OF YOUR PERSONAL INFORMATION?
You are entitled to access your personal information held by OneFitStop on request. To request access to your personal information please contact our Privacy Officer using the contact details set out below.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
WHAT SHOULD YOU DO IF YOU HAVE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL INFORMATION?
You may make a complaint about privacy to the Privacy Officer at the contact details set out below.
The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that OneFitStop may have breached the Australian Privacy Principles or the Privacy Act 1988 (Cth), a complaint may be made to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.
If you are outside of Australia you may wish to take your complaint up with the local data protection authority in your jurisdiction.
HOW CAN YOU CONTACT ONEFITSTOP?
The contact details for OneFitStop are:
OneFitStop Privacy Officer
Suite 503, 276 Pitt St, Sydney, NSW, 2000, Australia