We are committed to managing personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) and any other applicable privacy laws.
This Policy sets out how we collect, use, disclose, store and dispose of personal information about our members, franchisees and employees and any other people we interact with. It should be read together with any terms and conditions governing your use of our website, our membership terms and conditions (if you are a member) and any location specific legal notice.
In this Policy, you refers to any individual about whom we collect personal information. Personal information means information or an opinion about you, whether true or not, from which you can be identified.
1. What information does BFT collect about you?
We only collect personal information where it is necessary for our functions or activities. The kinds of personal information we collect will depend on the capacity in which you are dealing with BFT. You can always decline to give BFT any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested.
Members and prospective members:
When you enquire about membership, we will typically collect your name, e-mail, postal address, and any other contact details for the purposes of responding to that enquiry.
If you become a member of BFT we may also collect:
• your age, emergency contact details, bank account and/or credit card details, and any other details needed to complete your application form or membership agreement;
• some sensitive information, being health information in our pre-exercise questionnaire;
• details of your attendance rates;
• closed circuit television (CCTV) footage that is installed within appropriate areas in each of our fitness studios;
• with your consent, your photo or video for promotional purposes;
• any additional personal information you provide to us, or authorise us to collect, as part of your interaction with BFT.
The purpose of collecting sensitive information about you (being health information) is so we can properly assess your health and suitability for participation in fitness activities. We only use your sensitive information for this purpose and no other purpose. The types of sensitive information we collect may include details of any adverse medical history, details of any medication you take, whether you smoke or are pregnant and other relevant health related information. We will obtain your express consent in circumstances where it is necessary for us to collect sensitive information.
We collect personal information as part of our recruitment activities, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.
We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.
BFT may collect personal information from other individuals who are not members or employees. This includes BFT franchisees or potential franchisees, individual service providers and contractors to BFT and other individuals who interact with BFT on a commercial basis. Generally, it would include your name, contact details, identification details, any required background checks or relevant business experience, and any other information relevant for our interactions and transactions with you.
Visitors to our websites
The way in which we handle the personal information of visitors to our websites is discussed below.
2. How does BFT collect your personal information?
We generally collect personal information directly from you. We may collect and update your personal information over the phone, by email, via our website, or in person. We may sometimes collect personal information about you from other sources, for example our third-party suppliers and contractors who assist us to operate our business (such as MindBody or any third party payment gateway).
3. Why does BFT collect and use your personal information?
BFT collects personal information reasonably necessary to carry out our business, to assess and manage our members’ needs, and provide fitness programs. We may also collect information to fulfil administrative functions associated with these services.
The purposes for which BFT usually collects and uses personal information depends on the nature of your interaction with us, but may include:
• to process and administer your dealings as a member, including processing payments and any direct debit requirements;
• assessing your health and suitability for participation and membership;
• monitoring the safety and security of our studios;
• managing, planning, advertising and administering programs and events;
• researching, developing and expanding our facilities and services, including market research and analytics;
• informing you of our activities, events, facilities and services;
• recruitment processes (including for volunteers, internships and work experience);
• to allow us to consider your suitability as a potential franchisee and (if suitable) progress a franchise agreement and associated dealings with you;
• any related secondary purpose which we believe you would reasonably expect when we collected your personal information or as a result of our ongoing relationship with you;
• any purpose for which you have consented;
• any purpose for which we are required or authorised by applicable law; and
• to respond to and manage inquiries, complaints, feedback and claims, defend our legal interests and investigate and protect against fraud, theft and other illegal activities.
We may use your image or audio-visual recordings which identify you for promotional purposes where you would reasonably expect this to occur (for example, where you have won a prize).
4. How does BFT interact with you via the internet?
You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.
5. Can you deal with BFT anonymously?
BFT will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for BFT to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities we manage or deliver.
6. How does BFT hold and secure information?
BFT stores information in paper-based files or other electronic record keeping methods in secure databases (including trusted third-party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
BFT maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
CCTV recordings can be accessed only by authorised staff. Recordings of a specific incident may be released to the relevant law enforcement body only under the terms of this policy or subject to the execution of a search warrant or other legal process.
We take steps to securely destroy or de-identify information that we no longer require.
7. Does BFT use or disclose your personal information for digital or direct marketing?
BFT may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or the unsubscribe facility in all emails we send to you.
If you opt-out of receiving marketing material from us, BFT may still contact you in relation to its ongoing relationship with you.
We may occasionally engage other companies to provide marketing or advertising services on our behalf. Those companies will be permitted to obtain only the personal information they need to deliver the service. If we provide those companies with any of your personal information, it is to provide you with a better or more relevant and personalised experience and to improve the quality of those services.
8. How does BFT disclose personal information?
We will not sell, distribute or disclose your information or personal details onto any third parties, other than in accordance with this Policy, and to those who are contracted to us to keep your information or personal details confidential.
We may disclose personal information:
• to our suppliers, franchisees, consultants, contractors or agents we engage in order to provide our services, including for payment processing and debt recovery, data processing, data analysis, customersatisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research;
• via our social media pages for promoting BFT and our services;
• if we merge with or are acquired by another entity, to that entity as a part of the merger or acquisition;
• to relevant federal, state and territory authorities for the purpose of investigating an incident, including a workplace health and safety matter or security incident;
• when conveying information to a responsible person (e.g. parent, guardian, spouse) if you are injured, incapable or cannot communicate, unless you have requested otherwise;
• for other administrative, management and operational purposes, such as risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives).
We may use and disclose your personal information for other purposes explained at the time of collection, that you have consented to or otherwise as set out in this Policy.
9. Does BFT disclose your personal information overseas?
Unless we have your consent, or an exception under the APPs applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your personal information.
The reason for disclosure to an overseas recipient depends on the nature of the services those recipients provide to us (for example storing data via a cloud service, or where our customer relationship management system is hosted on servers located overseas).
10. How can you access or seek correction of your personal information?
You are entitled to access your personal information held by BFT on request. You can do this by contacting us using the contact details set out below.
You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
If you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
11. Data breaches
Where we are subject to the APPs, we may be required to notify you about ‘eligible data breaches’. An eligible data breach occurs when:
a. there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);
b. the access, disclosure or loss is likely to result in serious harm to you; and
c. we are unable to prevent the likely risk of serious harm with remedial action.
If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach further. This is to ensure you are notified if your personal information is involved in a data breach that is likely to result in serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
12. What should you do if you have a complaint about the handling of your personal information?
You may contact BFT at any time if you have any questions or concerns about this Policy or about the way in which your personal information has been handled. You may make a complaint to us using the contact details set out below.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that BFT may have breached the APPs or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the OAIC website.
BFT may amend this Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes.
14. How can you contact us?
The contact details for BFT are:
BFT Privacy Officer
216A/208 Hall Street
Spotswood VIC 3015