WHO ARE WE?
We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (‘Privacy Act’) and other applicable privacy and health records laws and regulations.
We offer a complete range of fitness and training services at our gyms, via our websites (including 98gym.com and 98training.com) (‘Websites’) and via our 98 Gym and 98 Training mobile applications (‘Apps’).
What is personal information?
‘Personal information’ is information or an opinion about an identified person, or a person who is reasonably identifiable. In general terms, this includes information or an opinion that personally identifies you directly (eg. your name) or indirectly (eg. your IP address).
‘Personal Information’ also includes ‘sensitive information’ which, in the context of this Policy, includes information or an opinion about your health.
What personal and SENSITIVE information do we collect?
The personal information we collect about you depends on the nature of your dealings with us or what you choose to share with us.
The personal information we may collect about you includes:
date of birth;
credit card or bank account details;
business name and address (in the case of corporate memberships);
occupation and employer;
emergency contact details; and
images of you (which may include videos and / or photographs).
Personal information is also collected when you provide documentation to us, including completion of a membership application form, membership agreement and/or health questionnaire.
We may also create information that becomes part of the personal information we hold about you, such as your membership number and the products you purchase from us from time to time.
Under certain circumstances, we may need to collect sensitive information about you. This might include:
your medical history, including current or previous injuries, whether you are using medication, smoke or are pregnant;
information and records from medical professionals relating to your health; and
information that is necessary to properly advise you about fitness training.
If we collect your sensitive information, we will do so only with your consent, if it is necessary to prevent a serious and imminent threat to life or health, or as otherwise required or authorised by law.
How do we collect your personal information?
We may collect your personal information directly from you when you:
interact with us over the phone, in-person or online (including through the Websites and Apps);
participate in surveys or questionnaires;
attend a 98 Gym;
purchase a free trial or join as a member of a 98 Gym;
subscribe to our mailing list;
download / subscribe to the Apps;
apply to become a franchisee; and
apply for a position with us as an employee or contractor;
We may also collect your personal information from third parties or through publicly available sources, for example from MindBody, Ezidebit, Stripe, Mailchimp, Zendesk, SloCoach, Franchise Cloud Solution and the Apple and Google Play stores.
We collect your personal information from these third parties so that we can provide the service that you request from us, facilitate payments and class bookings, communicate with you and assess your suitability as a franchisee or employee / contractor.
How do we use your personal information?
We use personal and sensitive information for many purposes in connection with our functions and activities, including the following purposes:
provide you with information or services that you request from us;
deliver to you a more personalised experience and service offering that takes into account any relevant health or medical issues;
improve the quality of the services we offer;
internal administrative purposes; and
marketing and research purposes.
Disclosure of personal information to third parties
We may disclose your personal information to third parties in accordance with this Policy in circumstances where you would reasonably expect us to disclose your information.
For example, we may disclose your personal information to:
our third-party business partners and service providers (for example, our IT providers, payment platforms, administrative platforms);
our marketing providers;
our professional services advisors;
personal trainers who provide services at a 98 Gym;
third parties where it is incidental to a sale of our business; and
the 98 Gym head office, and other franchisees within the 98 Gym network.
We may also disclose personal information if there is a legal requirement to do so (eg. under a court order, or if required under legislation), or if an authorised request is made from a law enforcement agency.
Information provided by franchisees and prospective franchisees
Personal information may be provided to us by franchisees and prospective franchisees. That personal information is used to evaluate the suitability of the applicants becoming 98 franchisees, and to create an ongoing franchisee record.
Prospective franchisees that provide personal information but do not enter into a franchising agreement will be given the opportunity to have the information returned or destroyed.
We may make enquiries and check accuracy of information of prospective franchisees and that may include the disclosure of certain personal information in accordance with section 6 above.
information provided by employees
Any employment application provided to us will be used solely for the purpose of analysing suitability for a position available.
Personal information will only form part of an employee record if application is successful. Personal information of unsuccessful applicants will remain on file to be revisited should suitable opportunities arise in the future, but if requested applications may be returned or destroyed.
Personal information about employees will only be disclosed by us if required by law to authorised government agencies (eg. Australian Taxation Office) or as otherwise agreed by the employee.
Transfer of personal information overseas
Some of the third-party service providers we disclose personal information to may be based in or have servers located outside of Australia, including in the United States, Russia and Sri Lanka.
Where we disclose your personal information to third parties overseas, we will take reasonable steps to ensure data security and appropriate privacy practices are maintained.
How do we protect your personal information?
We will take reasonable steps to ensure that the personal information that we hold about you is kept confidential and secure, including by:
having a robust physical security of our premises and databases / records;
taking measures to restrict access to only personnel who need that personal information to effectively provide services to you; and
having technological measures in place (for example, anti-virus software, fire walls).
Our Websites uses Google Analytics to help us better understand visitor traffic, so we can improve our services. Although this data is mostly anonymous, it is possible that under certain circumstances, we may connect it to you.
We may send you direct marketing communications and information about our services, opportunities, or events that we consider may be of interest to you if you have requested or consented to receive such communications. These communications may be sent in various forms, including SMS and email, in accordance with applicable marketing laws, such as the Australian Spam Act 2003 (Cth).
You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.
You may opt-out of receiving marketing communications from us at any time by following the instructions to “unsubscribe” set out in the relevant communication or contacting us using the details set out in section 20 below.
In addition, we may also use your personal information or disclose your personal information to third parties for the purposes of advertising, including online behavioural advertising, website personalisation, and to provide targeted or retargeted advertising content to you (including through third party websites).
Retention of personal information
We will not keep your personal information for longer than we need to.
In most cases, this means that we will only retain your personal information for the duration of your relationship with us unless we are required to retain your personal information to comply with applicable laws, for example record-keeping obligations.
How to access and correct your personal information
We will endeavour to keep your personal information accurate, complete and up to date.
If you wish to access and/or correct the personal information we hold about you, you should make a request by contacting us via one of the methods set out in section 20 below and we will usually respond within 2 days.
We may / may not provide the information requested, depending upon legal circumstances. If we decide not to correct or provide you with access to your personal information, we will give you our reasons for our decision.
Links to third party sites
The Websites and Apps may contain links to websites operated by third parties.
If you access a third party website through our Websites or Apps, personal information may be collected by that third party website.
We make no representations or warranties in relation to the privacy practices of any third party provider or website and we are not responsible for the privacy policies or the content of any third party provider or website.
Third party providers / websites are responsible for informing you about their own privacy practices and we encourage you to read their privacy policies.
We encourage everyone to engage with our social media pages (eg. Instagram, TikTok, Facebook, Twitter, YouTube) as we like to hear from our members, customers, friends and staff.
However, it is your responsibility to protect your privacy and personal information when using our social media pages. You should not include any of your personal information, or the personal information of others, in posts, stories or comments.
Information posted to our social media pages is recorded and used for the purpose of administering pages and addressing any comments made.
We are not responsible for the privacy practices or content of social media pages.
To ensure the safety of our members, we may undertake surveillance within 98 Gyms using CCTV. The CCTV system may record videos and images, as well as the time and date the videos / images were taken.
We will only operate CCTV cameras on the gym floor and office areas, and surveillance footage can be accessed only by authorised staff.
Users from the European Union and Switzerland
This section of the Policy applies only if you use our Websites, Apps or services from a country that is part of the European Union, Switzerland or the United Kingdom (‘EU’).
Controller of Personal Information
To the extent we are subject to the laws of the EU when processing information that relates to an identified or identifiable individual (‘personal data’), we are a data controller with respect to your personal data.
Legal Basis for Data Processing
We process your personal data for the purposes set out in this Policy. Our legal basis for processing personal data includes processing that is:
necessary for the performance of the contract between us and you (eg. to register you as a member of the Gym, or resolve billing or customer service inquiries related to your membership or products you have purchased);
necessary to comply with legal requirements (eg. to comply with applicable accounting rules or to make mandatory disclosures to law enforcement);
necessary for our legitimate interests (eg. to manage our relationship with you and to improve the Apps, Websites and services we provide).
Where legally required and we have no other valid legal basis to process your personal data, we will obtain your consent (eg. to provide you with marketing information or share information with third parties as described above), which you may withdraw at any time by contacting us as set out in section 20 below.
In some instances, you may be required to provide us with personal data for processing as described above, in order for us to be able to provide you all of our services, and for you to use all the features of the Apps and Websites.
International Transfers of Personal Data
Personal data we collect will be transferred to Australia, the United States, Russia and Sri Lanka. Our employees and some of the third parties to whom we disclose personal data (as set out above) may be located in Australia, the United States, Russia, Sri Lanka, and other countries outside of the EU which may not provide the same level of data protection as your home country.
However, we will take appropriate steps to ensure that recipients of your personal data are bound to duties of confidentiality and we implement measures to ensure that any transferred personal data remains protected and secure.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the relevant data, the potential risk of harm from unauthorised use or disclosure of the data, the purposes for which we process your data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You may be entitled, in accordance with applicable law, to object to or request the restriction of processing of your personal data. You may also be entitled to request access to, rectification, erasure and portability of your own personal data. Requests should be submitted by contacting us as set out in section 20 section below.
If you are aware of changes or inaccuracies in your data, you should inform us of such changes so we can update or correct our records.
You may lodge a complaint with a data protection authority if you consider that our processing of your personal data violates applicable law.
We may amend, modify or otherwise update this Policy at any time and we will use our reasonable efforts to notify you of those changes.
We may give such notice by posting the updated Policy on our Websites, using reasonable efforts to draw them to your attention.
Inquiries and complaints
For complaints about how we handle, processes or manage your personal information, please contact us by email or post using the details below. Please note we may require proof of your identity and full details of your request before we can process your complaint.
Please allow up to 5 days for us to respond to your complaint.
It will not always be possible to resolve a complaint to everyone’s satisfaction. If you are not satisfied with our response to a complaint, you have the right to contact the Office of Australian Information Commissioner (at www.oaic.gov.au/) to lodge a complaint.
How to contact us
If you have any questions or concerns in relation to our handling of your personal information or this Policy, you can contact us for assistance as follows:
Post: 98 Riley Street, Darlinghurst NSW 2010 Australia