In some cases, exemptions under these laws may apply, in which case we may rely on those exemptions. For example, the Privacy Act in Australia includes an exemption for the handling of employee records in some circumstances.
Collection of personal information
1. We collect personal information about you when that is reasonably necessary for one or more of our functions or activities. We collect information knowingly and voluntarily submitted by you to us.
3. The type of personal information that we may collect and hold includes:
- your name, address, contact details such as address, telephone numbers and email addresses.
- your gender and date of birth;
- your job title, employment status, employment address, employer and identification documents (such as an employee ID or work email);
- information contained in identification documents;
- your photograph (for inclusion on your membership card);
- bank account details, which is processed by our third party payment provider;
- personal information about your spouse, dependants or others on an account that you are linked to;
- details you provide to us if you contact our support team or send us an inquiry;
- details about your use of our services, including the fitness partners and facilities you use, time and date of use, and your use of our applications and website (including as set out below);
- administrative and operational information, including details in your application form, billing and payment details;
- where you apply for a job with us, your qualifications, experience, curriculum vitae, education, reference check information and employment history;
- when you work for us your superannuation or Kiwi Saver information; and
- your sensitive information (including health information), with your consent as set out under the ‘Sensitive Information heading below.
4. Where it is reasonable and practical to do so, we will only collect personal information about you from you. You have no obligation to provide any information requested by us, however if you choose to withhold personal information from us it may prevent us from being able to provide you with services.
5. Depending on which services you are attempting to access, you may be able interact with us anonymously or using a pseudonym. However, this will mean that we may not be able to provide you with certain services.
IP Addresses, Cookies and Applets
6. If information is gathered by our website/portal or online systems, we may gather your IP address to assist with the diagnosis of problems or support issues with our services. This information is gathered in aggregate only and cannot be traced to an individual user.
9. We collect sensitive information about you, such as your health information, when you sign up to receive our services. This health information will only be collected knowingly and voluntarily from you, except where it is provided by the primary account holder, when they submit information on your behalf of and you are linked to their account. We will only collect this information when you have provided your consent, or the primary account holder has confirmed your consent has been given.
10. The health information we collect about you may include details of medical conditions and medical history (as required by our fitness partners to attend their facilities), and will be used only in order to provide services to you.
Provision of personal information about another person
11. Sometimes you will have the option to provide personal information about another person, including where you are the primary account holder and submit information on behalf of someone else linked to your account. If you provide us with someone else’s personal information, you should only do so if you have that person’s authority or consent to provide us with their personal information.
Use and disclosure of personal information
14. Personal information and sensitive information collected from you may be used or disclosed for the following purposes:
- to provide you with our products and services;
- to provide tailored product and service information and improve service delivery;
- to process payments, discounts and refunds where required;
- to manage your accounts with us;
- to cross check with and confirm your personal information that we may already hold and correct any errors as appropriate;
- to communicate with you regarding our products and services and to inform you of other relevant products and services we provide, where permitted in accordance with direct marketing laws;
- to develop and expand our operations base and plan for future commitments;
- to comply with law, including a court order, or the requests of law enforcement or government agencies;
- where required in order to respond to a threat to the safety of an individual or the public; and
- administrative and security purposes, including your identity and the security and access of our websites and applications, for fraud and crime prevention and detection purposes, to recover any payments due to us and in connection with the acquisition, merger or sale of any part of our business.
15. We may use and disclose your personal information for the primary purpose for which we collected that information (listed above), for related (or directly related, for sensitive information) secondary purposes within your reasonable expectations, where permitted under the Privacy Laws and where otherwise required or authorised by law.
16. We may also use your personal information for the purpose of marketing our services. You may receive marketing communications in various forms, including notifications from your employer (via your workplace intranet, email or hard copy). You may receive direct marketing from us via email, mail, SMS and telephone, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth) in Australia, and the Unsolicited Electronic Messages Act 2007 in New Zealand. If you do not want to receive marketing material from us, you can contact us as detailed below:
- For electronic communications, you can click on the unsubscribe function in the communication
- For hard copy communications, you can email us at [email protected]
17. Please note that even if you request not to receive further direct marketing communications, we may continue to provide certain non-marketing information to you, such as changes to our terms and conditions, as permitted under applicable laws.
18. We will not use your sensitive information for direct marketing.
Third party disclosures
19. We will not disclose your personal information or sensitive information unless the disclosure is for a purpose set out above (under ‘Use or disclosure of personal information’), or you have consented to that disclosure. Your consent may be expressed or implied.
20. Your personal information may be disclosed to the following third parties:
- your employer, fitness partners, financial institutions, our merchant and payment organisations
- public authorities (such as a government agency), where it is required by law or court order
- third party companies and/or individuals that we engage to facilitate our service, to provide services on our behalf or to perform services to assist us to provide services to you (these third parties have access to your personal information to only perform these tasks on our behalf and are obligated not to disclose or use it for another purpose); and
- our related companies, to provide services on our behalf or to perform services to assist us to provide services to you.
Offshore access and disclosure of personal information
21. We, including our service providers, may hold electronic records of your personal information using cloud technology, on our systems, by other electronic means, or in paper form. These means of holding personal information may include offshore disclosure of personal information. Personal information may be shared outside of your country, including as part of the use by our service providers.
25. We strive to ensure the security, integrity and privacy of personal information collected and held by us, and we review and update our security measures considering current technologies. We hold personal information electronically and in hard copy form (for our own employees), both at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of personal information. Depending on the circumstances, these may include firewalls, encryption, passwords and locked areas.
26. We will endeavour to take all reasonable steps to protect the personal information we collect from you from misuse, interference, loss and unauthorised access, modification, or disclosure, however given the nature of internet-based services, we cannot guarantee that these measures are totally secure.
27. In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.
28. We may retain your personal information for such period as is reasonably necessary having regard to the purposes for which we are permitted to handle that personal information and any legal or regulatory requirements. We may retain de-personalised statistical information for longer periods where no individuals are reasonably identifiable from that data. Where the personal information is no longer required for the purpose for which it was collected (or a permitted secondary purpose) we will take reasonable steps to destroy the information, or de-identify the information.
Third party websites
Access and correction
30. We will take reasonable steps to ensure that the personal information which we collect remains accurate, up to date and complete. If, at any time, you discover that information held about you is incorrect, you may contact us to have the information corrected. Further you may also request access to any of your personal information we hold.
32. If you consider that the information which we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please let us know. We will take reasonable steps to correct that information as soon as practicable after receiving your notification of any error or inaccuracy, consistent with our obligations under the Privacy Laws and other applicable laws.
33. There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others, or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal. There is no charge for requesting access to your personal information, but in some circumstances we may require you to meet our reasonable costs in actually providing you with access.
35. We may need to engage or consult with other parties in order to investigate and deal with your complaint, and we will keep records of your complaint and any resolution.
36. If you remain unsatisfied with the way in which we have handled a privacy issue, we suggest you approach an independent advisor or contact the following for guidance on alternative courses of action which may be available:
- For Australia: the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted at www.oaic.gov.au or by calling 1300 363 992
- For New Zealand, the Privacy Commissioner. The Privacy Commissioner can be contacted at https://www.privacy.org.nz/ or by calling 0800 803 909
If you have any queries regarding this policy please contact us via email: [email protected]