Effective From 6 September, 2014
Most of the Personal Information that we collect is collected in conjunction with our online member management software services for fitness businesses at www.clubworx.com (Services).
For the purpose of conducting our business and providing the Services, we may collect the following categories of Personal Information about individuals:
(a) (Identity Information) name, signature, location, website address, date of birth, nationality, license & registration details, bank account details, family details, employment details, educational qualifications and third-party usernames;
(b) (Contact Information) email address, social media profiles, telephone & fax number, third-party usernames, residential, business and postal addresses;
(c) (Behaviour Information) information about gym inquiries, bookings and attendance, habits, movements, trends, decisions, webpage views, online activity, associations, memberships, finances, purchases;
(d) (Internet Data) Internet Protocol or “IP address”, referring web site addresses, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics; and
(e) (Business Information) business or project, if it is run in the individual’s personal capacity, including information on professional affiliations or services offered.
The APPs categorize certain types of Personal Information as “sensitive information” (Sensitive Information). These include information collected to provide health services. Sensitive Information also includes information or an opinion (that is also personal information) about an individual’s:
(f) health, health services or wishes regarding health care;
(g) racial or ethnic origin;
(h) political opinions;
(i) membership of a political association;
(j) religious beliefs or affiliations;
(k) philosophical beliefs;
(l) membership of a professional or trade association;
(m) membership of a trade union;
(n) sexual orientation or practices; or
(o) criminal record.
Our management of fitness businesses databases may result in our collection of sensitive information. This is particularly likely for sensitive information regarding individuals’ health.
3. How we collect Personal Information
We collect Personal Information in three main ways:
(a) from fitness businesses, gyms and other third parties (our Customers) whose membership we help to manage;
(b) from individuals associated with our Customers such as owners and employees of our Customers’ businesses; and
(c) via automated electronic means.
We collect Personal Information about individuals from or through Customers when:
(a) (Database) Customers give the management of their membership databases to us, or use our software to host their databases; and
(b) (Forms) Customers use our services to sign up members through online forms.
We may collect Personal Information about individuals through other third parties when we conduct research on potential clients, or assist our clients to track leads for potential members.
We collect Personal Information from individuals associated with Customers when an individual:
(c) (Registrations / Subscriptions) registers or subscribes for a service, list, account, membership, connection or other process whereby that individual enters his or her details to apply for, receive or access something, including a transaction;
(d) (Contact) contacts us via any medium, including a ‘contact us’ form, telephone, fax or email; or
(e) (Services) accesses and uses the Services.
We may collect Personal Information via the following automated processes:
(a) (Logs) when you visit our website, our server may log details about your visit such as your IP address, the time and duration of visit, the link from which you visited, and information about your browser and operating system;
(b) (Cookies) our website may place a cookie on your hard drive when you visit; and
(c) (Attendance) our web application tracks the gym bookings and attendances of our Customers’ members.
We hold and store Personal Information using:
(a) (Storage Services) third party data storage services, which are businesses that professionally manage information technology infrastructure;
(b) (Software Services) third party application providers, where we use an application for the purposes of our business and store data in association with that application on infrastructure provided by those third party application providers; and
(c) (Business Devices) devices operated by employees of our business.
We may combine or link Personal Information about individuals that we collect on one occasion, with Personal Information that we collect on other occasions.
We and our employees, contractors and other authorised representatives will take reasonable precautions to protect Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
We secure Personal Information that we collect by:
(d) (Credentials) using authentication credentials for each portion of the data storage infrastructure that we control in accordance with best practice;
(e) (Passwords) using specialized software to generate passwords that are less vulnerable to “brute force” attacks;
(f) (Encryption) using specialized encryption algorithms and software to store passwords and forcing one-way encryption to prevent reverse-engineering of these the passwords that we generate;
(g) (Session Expiry) forcing time-out of authentication sessions and requiring re-authentication to minimise risk associated with idle connections;
(h) (Firewalls) using both server and network firewalls to control access points in and out of the data storage infrastructure;
(i) (Network Traffic Encryption) using Secure Sockets Layer (SSL) technology to secure transmissions both to and from the data storage infrastructure; and
(j) (Reputable Vendors) ensuring that the third party providers holding data and information on our behalf are reputable vendors taking reasonable steps to secure the information.
By using any part of the Services, individuals acknowledge that the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Individuals provide information, including Personal Information, to us via the Services at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
Our Service to our Customers involves collecting, holding and using the Personal Information of individuals on their membership lists. We store, process and manage it for our Customers, and provide the facility for them to use it for their businesses. We do not use the Personal Information, or Sensitive Information, on those lists for any other purpose.
We also collect, hold and use Personal Information about individuals associated with our Customers, such as owners and employees of our Customers’ businesses, for the purpose of providing the Services to our Customers. This includes holding and using the Personal Information so that we can:
(a) (Identify)identify individuals for the purpose of providing the Services;
(b) (Communicate) communicate with individuals for the purpose of providing the Services, including communications about our goods and services; marketing and promotions; and competitions, surveys and questionnaires;
(c) (Transact) transact with individuals for the purpose of providing the Services; and
(d) (Business Development) assess the progress and success of our Services and develop business opportunities.
Customers and their members’ usernames and contact details will be visible to the recipients of messages that they send using the internal messaging system on our website.
We may disclose Personal Information to companies that we work with to provide us with various administrative services. These include:
(a) (Hosting) cloud and web hosting service providers;
(b) (Mailing) providers of mailing list software;
(c) (Saas) providers of software as a service;
(d) (Support) providers of IT support services, web and software development;
(e) (Data analytics) data analysis service providers; and
(f) (Online payment) providers of online payment systems.
We will only share Personal Information with these third parties to the extent reasonably necessary to perform their functions, in order to make our Services more effective and affordable.
For information on disclosures to overseas recipients, see below.
If you wish to access the Personal Information that we are holding about you, or correct Personal Information that we are holding about you, you can contact us using the following details:
|Position Title:||Client Support Manager|
|Telephone:||(801) 326 4961|
|Postal Address:||201 Mission, Suite 1200, San Francisco, California, 94105|
(b) When you notify us of a complaint about our handling of your Personal Information, we will deal with the complaint by responding to it in writing within 14 days.
(c) We will endeavour to work with you to resolve the complaint entirely within 30 days, although that period may be longer if it is reasonable.
(d) If you are unsatisfied with our response, you may make refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
(a) Our management of Customer databases and our use of third party service providers may result in the transfer of Personal Information to overseas recipients, for example in the United States.
(b) You may not have the same rights in relation to the handling of your Personal Information by overseas recipients as you would under Australian privacy law.
(c) By providing us with Personal Information, you consent to the transfer of your Personal Information to recipients outside Australia.
(d) If you consent to such transfer, we will not be accountable for overseas recipients’ handling of your Personal Information. In any event, we take reasonable steps to ensure that the Personal Information that has been transferred will not be held, used or disclosed by the recipient of the information inconsistently with the APPs.