Privacy Policy

Last updated on 06 May 2022

This Privacy Policy (Policy) applies to Body Fit Training Company Pty Ltd ACN 622 444 008 and its subsidiaries, related entities, franchisees and training facilities in the jurisdictions in which it operates, any trust for which it acts as trustee, the website bodyfittraining.com and any other website and Apps it operates (referred to in this Policy as BFT, we, our and us).

We are committed to managing personal information in accordance with applicable privacy laws.

This Policy sets out how we collect, use, disclose, store and dispose of personal information about our members, franchisees and employees and any other people we interact with.  It should be read together with any terms and conditions governing your use of our website or Apps, our membership terms and conditions (if you are a member) and any location specific legal notice.

In this Policy, ‘you’ refers to any individual about whom we collect personal information.  ‘Personal information’ means information or an opinion about you, whether true or not, from which you can be identified and includes your health information.

If you are located in Singapore, by providing your personal information to us, you consent to our collection, use and disclosure of your personal information for the purposes set out in this Privacy Policy, in addition to any other lawful basis which we may do so.

1. What information does BFT collect about you?

We only collect personal information where it is necessary for our functions or activities.  The kinds of personal information we collect will depend on the capacity in which you are dealing with BFT.  You can always decline to give BFT any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested.

Members and prospective members:

When you enquire about membership, we will typically collect your name, e-mail, postal address, and any other contact details for the purposes of responding to that enquiry.

If you become a member of BFT we may also collect:

• your age, emergency contact details, bank account and/or credit card details, and any other details needed to complete your application form or membership agreement;

• some sensitive information, being health information in our pre-exercise questionnaire;

• details of your attendance rates;

• closed circuit television (CCTV) footage that is installed within appropriate areas in each of our fitness studios;

• with your consent, your photo or video for promotional purposes (where permitted under applicable privacy laws);

• any additional personal information you provide to us, or authorise us to collect, as part of your interaction with BFT.

If you subscribe to the BFT App we will also collect health information so that you can make the most of the functionality the BFT App provides. This health information may include: height, weight, age, diet information (including nutritional plans), heart-rate data, body scans, personal effort, strength and achievement information, body photographs, health and fitness goals and achievements. That information may be collected by, or uploaded to, the BFT App from time to time.

The purpose of collecting sensitive information about you (being health information) is so we can properly assess your health and suitability for participation in fitness activities. It also enables us to measure your progress as a BFT member and facilitates your participation in our Challenges. We only use your sensitive information for this purpose and no other purpose.  The types of sensitive information we collect may include details of any adverse medical history, details of any medication/s you take, whether you smoke or are pregnant and other relevant health related information. We will obtain your express consent in circumstances where it is necessary for us to collect sensitive information.

Prospective employees/applicants:

We collect personal information as part of our recruitment activities, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.

We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.

Other individuals:

BFT may collect personal information from other individuals who are not members or employees. This includes BFT franchisees or potential franchisees, individual service providers and contractors to BFT and other individuals who interact with BFT on a commercial basis. Generally, it would include your name, contact details, identification details, any required background checks or relevant business experience, and any other information relevant for our interactions and transactions with you.

Visitors to our websites:

The way in which we handle the personal information of visitors to our websites is discussed below.

2. How does BFT collect your personal information?

We generally collect personal information directly from you. We may collect and update your personal information over the phone, by email, via our website, or in person. We may sometimes collect personal information about you from other sources, for example our third-party suppliers and contractors who assist us to operate our business (such as One Fit Stop or any third party payment gateway) and BFT franchisees.

Some personal and health information will also be collected by, or uploaded to, the BFT App.

3. Why does BFT collect and use your personal information?

BFT collects personal information reasonably necessary to carry out our business, to assess and manage our members’ needs, and provide fitness programs.  We may also collect information to fulfil administrative functions associated with these services.

The purposes for which BFT usually collects and/or uses personal information depends on the nature of your interaction with us, but may include:

• to process and administer your dealings as a member, including processing payments and any direct debit requirements;

• assessing your health and suitability for participation and membership;

• monitoring your progress as a BFT member;

• facilitating your participation and judging in our Challenges;

• monitoring the safety and security of our studios;

• managing, planning, advertising and administering programs and events;

• researching, developing and expanding our facilities and services, including market research and analytics;

• informing you of our activities, events, facilities and services;

• recruitment processes (including for volunteers, internships and work experience);

• to consider your suitability as a potential franchisee and (if suitable) progress a franchise agreement and associated dealings with you;

• any related secondary purpose which we believe you would reasonably expect when we collected your personal information or as a result of our ongoing relationship with you;

• any purpose for which you have consented;

• any purpose for which we are required or authorised by applicable law; and

• to respond to and manage inquiries, complaints, feedback and claims, defend our legal interests and investigate and protect against fraud, theft and other illegal activities.

We may collect and/or use your image or audio-visual recordings which identify you for promotional purposes where you would reasonably expect this to occur and consent to such use (for example, where you have won a prize) (where permitted under applicable privacy laws).

4. How does BFT interact with you via the internet?

You may visit our websites without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), any personal information you provide to us will be managed in accordance with this Privacy Policy.

BFT’s website/s use cookies. A “cookie” is a small file stored on your computer’s browser, which assists in managing customised settings of the website and delivering content. We collect certain information such as your device type, browser type, IP address, pages you have accessed on our websites and on third-party websites. You are not identifiable from such information.

You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.

BFT’s websites may contain links to third-party websites. BFT is not responsible for the content or privacy practices of websites that are linked to our website.  Any information you provide directly to a third party will be managed in accordance with that party’s privacy policy.

5. Can you deal with BFT anonymously?

BFT will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for BFT to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities we manage or deliver.

6. How does BFT hold and secure information?

BFT stores information in paper-based files or other electronic record keeping methods in secure databases (including trusted third-party storage providers based in Australia and overseas).  Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.

BFT maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems.

Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.

CCTV recordings can be accessed only by authorised staff.  Recordings of a specific incident may be released to the relevant law enforcement body only under the terms of this policy or subject to the execution of a search warrant or other legal process.

We take steps to securely destroy or de-identify information that we no longer require.

7. Does BFT use or disclose your personal information for digital or direct marketing?

BFT may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you (where permitted under applicable privacy laws). In some jurisdictions, you may receive direct marketing communications. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or the unsubscribe facility in all emails we send to you.

If you opt-out of receiving marketing material from us, BFT may still contact you in relation to its ongoing relationship with you.

We may occasionally engage other companies to provide marketing or advertising services on our behalf.  Those companies will be permitted to obtain only the personal information they need to deliver the service. If we provide those companies with any of your personal information, it is to provide you with a better or more relevant and personalised experience and to improve the quality of those services.

8. How does BFT disclose personal information?

We will not sell, distribute or disclose your information or personal details to any third parties, other than in accordance with this Policy, and to those who are contracted to us to keep your information or personal details confidential.

We may disclose personal information:

• to our suppliers, franchisees, consultants, contractors or agents we engage in order to provide our services, including for payment processing and debt recovery, data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research;

• via our social media pages and the BFT App for promoting BFT and our services;

• via the BFT App to provide assessment information or to announce winners of our Challenges;

• if we merge with or are acquired by another entity, to that entity as a part of the merger or acquisition;

• to relevant government, federal, state and territory authorities for the purpose of investigating an incident, including a workplace health and safety matter or security incident;

• when conveying information to a responsible person (e.g. parent, guardian, spouse) if you are injured, incapable or cannot communicate, unless you have requested otherwise;

• for other administrative, management and operational purposes, such as risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives).

We may use and disclose your personal information for other purposes explained at the time of collection, that you have consented to or otherwise as set out in this Policy.

9. Does BFT disclose your personal information overseas?

Personal information will be shared with Xponential Fitness Brands International, LLC (XPO). XPO is a limited liability company formed and existing under the laws of Delaware, USA, whose address is 17877 Von Karman Avenue, Irvine, California 92614. XPO are the master franchisor of the BFT system and licence us the rights to use of the BFT system in the countries in which we operate. Any use of personal information by XPO will be handled in accordance with their privacy policy available at https://www.xponential.com/privacy-policy.

Otherwise, unless we have your consent, or an exception or other lawful basis under applicable privacy laws applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach applicable privacy laws in relation to your personal information and will comply with any other requirements under applicable privacy laws relating to the offshore disclosure of personal information.

The reason for disclosure to an overseas recipient depends on the nature of the services those recipients provide to us (for example storing data via a cloud service, or where our customer relationship management system is hosted on servers located overseas).

10. How can you access or seek correction of your personal information?

You are entitled to access your personal information held by BFT on request.  You can do this by contacting us using the contact details set out below.

You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.

If you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

We may decline your request to access or correct your personal information in certain circumstances in accordance with applicable privacy laws.  If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

11. Data breaches

Where we are subject to the Australia Privacy Principles (APPs), we may be required to notify you about ‘eligible data breaches’.

In Australia, an eligible data breach occurs when:

• there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);

• the access, disclosure or loss is likely to result in serious harm to you; and

• we are unable to prevent the likely risk of serious harm with remedial action.

In Singapore, New Zealand and other jurisdictions, we will apply a definition of an eligible data breach consistent with a data breach which we are obliged to notify you of under the applicable local privacy law.

If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach further.  This is to ensure you are notified if your personal information is involved in a data breach that is likely to result in serious harm.  Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.

12. What should you do if you have a complaint about the handling of your personal information?

You may contact BFT at any time if you have any questions or concerns about this Policy or about the way in which your personal information has been handled.  You may make a complaint to us using the contact details set out below.

In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

In Australia, if you are not satisfied with our response to your complaint, or you consider that BFT may have breached the APPs or the Australian Privacy Act 1988 (Cth), a complaint may be made to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the OAIC website.

You may withdraw your consent as provided under applicable privacy laws. However, if you withdraw your consent to any or all collection, use and/or disclosure of your personal information, depending on the nature of your request, we may not be in a position to continue to provide our products or services to you, administer any contractual relationship already in place, or perform or conclude an existing or prospective agreement. This may result in the termination of any agreements you have with us, and you being in breach of your contractual obligations or undertakings. Our legal rights and remedies are expressly reserved.

13. How changes are made to this privacy policy?

BFT may amend this Policy from time to time, with or without notice to you, subject to local law. We recommend that you visit our website regularly to keep up to date with any changes.

14. How can you contact us?

The contact details for BFT are:

Position: Head of Legal

Name: Brandon Evans

Email: [email protected]

Address: 51 Wangaratta Street, Richmond VIC 3121