Privacy policy


Fitness and Lifestyle Group Pty Ltd ACN 613 738 408 trading as kubofit (“kubofit”) is the owner of the applications known as kubofit and/or Fitness First (“ the App(s)”). Kubofit, its subsidiaries and affiliates including but not limited to Fitness First Australia Pty Ltd, Goodlife Operations Pty Ltd, Jetts Company Clubs Pty Ltd, Go Health Clubs Holdings Pty Ltd, Barry’s Bootcamp Australia Pty Ltd, Fitness and Lifestyle Group Bidco NZ Limited (Jetts NZ), Dockvest Pty Ltd (Zap Fitness) and Hypoxi Australia Pty Ltd (collectively referred to as “FLG Entities”) are committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth), the General Data Protection Regulation (EU) 2016/679 (GDPR) and in accordance with other applicable privacy laws.

This document sets out our policies for managing your personal information in respect to your use of the App(s) and is referred to as our Privacy Policy.

In this Privacy Policy:
Apple Healthkit” refers to the Apple product referred to at .
"we", "us" and “our” refers to kubofit and "you" or “User” refers to any individual about whom we collect personal information.

This Privacy Policy applies to all personal information collected by us, or submitted to us, whether offline or online, including personal information collected or submitted through our websites, through the App(s), through our official social media channel pages which we control as well as through email messages that we send to you.


We are the provider of digital web and mobile applications including the kubofit and Fitness First App.


Users and prospective Users
When you enquire about or use any of the App(s), a record is made which includes your personal information.

The type of personal information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:

  • your name;
  • e-mail;
  • postal address and other contact details;
  • your age;
  • your health and fitness information (including but not limited to your body mass index, your heart rate, your fitness levels) if entered into the App(s) by yourself or through the use of trackers such as Apple Watch, Apple HealthKit, Google Fit or other connected fitness trackers. This information will only be collected by us if you enable the services in the App(s) through a permission request;
  • you enable the services in the App(s) through a permission request;
  • your relevant medical history if provided by you;
  • your fitness and nutrition statistics if provided by you;
  • your login details and passwords which you use to access your account with us as well as your online interactions with us;
  • details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
  • any additional information relating to you that you may provide to us directly through our websites or by other means such as over the phone, via email or in person;
  • any additional personal information you provide to us, or authorise us to collect, as part of your interaction with us; and
  • anything else submitted by you through the App(s).

Apple HealthKit Integration
Notwithstanding any other terms in our Privacy Policy, the following terms shall apply to any information gained through use of the Apple HealthKit as part of the App(s):

  • Data that we access from Apple HealthKit will only be used in certain circumstances, for instance to help you track your health or wellbeing activity through the App(s);
  • Data that we access from Apple HealthKit will not be used by Kubofit or FLG Entities, or shared with third parties, for the purpose of serving advertising; and
  • We will not disclose information gained through Apple HealthKit to a third party without express permission from the User, and only for the purposes of providing a health or fitness service to the User.

If all or any part of the requested information is not provided by you or if you do not give the consent referred to above, the services provided to you by the App(s) may be affected.

Other individuals
We may collect personal information about other individuals who are not Users. This includes customers and Users who participate in events we are involved with; individual service providers and contractors that we may use; and other individuals who we interact with on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with us. Generally, it would include name, contact details, and information regarding our interactions and transactions with you.

You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.

Your sensitive information
We may collect and process your sensitive information or special category data, such as your health information, generally with your express consent and only as reasonably necessary in order for us to provide our services to you. We may also collect such information about you in an emergency or otherwise with your consent or in accordance with applicable laws.

For example, we will collect health information from you with your consent in order to understand your physical health, fitness and any injuries you have or have previously experienced. This will assist us to adequately provide our services and manage any injuries and/or medical emergencies that may arise during the provision of such services.

Visitors to our websites
The way in which we handle the personal information of visitors to our websites is discussed below.


You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested or we may not be able to do business with you effectively. If you have any concerns about personal information we have requested, please let us know.


We collect personal information that is reasonably necessary to carry out our business, to assess and manage our Users' needs, and provide our services to you. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing User relationships.

The purposes for which we usually collect and use personal information depends on the nature of your interaction with us, but may include:

  • to provide information about products, services and/or special offers to Users;
  • to obtain opinions or comments about products and/or services from Users;
  • to record statistical data for marketing analysis from Users;
  • responding to requests for information and other general inquiries;
  • managing, planning, advertising and administering programs, events, competitions and performances;
  • researching, developing and expanding our facilities and services;
  • informing you of our activities, events, facilities and services;
  • recruitment processes; and
  • responding to enquires and complaints.

In addition, some of your personal information may be used for other business purposes. Examples of the types of uses are set out below:

  • for our reasonable commercial purposes (including quality control and administration and assisting us to develop new and improved products and services);
  • to comply with any requirement of any applicable statute, regulation, rule and/or good practice, whether originating from Australia or elsewhere;
  • to fulfil our obligations under any reporting agreement entered into with any tax authority or revenue service(s) from time to time;
  • to check your instructions to us, to analyse, assess and improve our services to Users, as well as for training and quality purposes, we may monitor, record and analyse any communications between you and us, including phone calls;
  • to prevent or detect abuse of our services or any of our rights (and attempts to do so), and to enforce or apply our Privacy Policy and/or any other agreement and to protect our (or others') property or rights;
  • to share information with relevant third parties in the context of a sale or potential sale of a relevant part of our business, subject always to confidentiality obligations;
  • if instructed to do so by you or where you give us your consent to the use and/or processing involved;
  • to bring to your attention (in person or by post, email or telephone) information about additional services offered by us and/or our global affiliates, which may be of interest to you, unless you indicate at any time that you do not wish us to do so; and
  • to improve the relevance of marketing messages we may send you (which you can opt out of as explained below).

We generally collect personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person. We may also collect personal information about you from other sources, for example:

  • The FLG Entities; and
  • Third party suppliers and contractors who assist us to operate our business.

We may also collects and uses personal information for market research purposes and to innovate our delivery of products and services.

We have a legitimate interest in using your information in the ways listed above. In some cases it will be lawful for us to collect and use your personal information, for example where it is necessary as part of our, or a third party’s, statutory or public functions or because the law permits or requires us to.


You may visit our websites without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry / logging into our online portal), any personal information you provide will be managed in accordance with this Privacy Policy.

The website may contain links to third-party websites. We are not responsible for the content or privacy practices of websites that are linked to our website.


What is a cookie?
Our websites and the App(s) may use cookies. A 'cookie' is a small file stored on your computer's browser, which assists in managing customised settings of the website and delivering content. We collect certain information such as your device type, browser type, IP address, pages you have accessed on our websites and on third-party websites.

While the cookie may identify your computer or device, it should not identify you unless you are registered with our website (for example, because you are a User and subscribe to our website) or logged in using your social media profile. In that case, the cookie will be linked to your profile so that we can identify you and provide more relevant content.

Why we use cookies
We use cookies to personalise your browsing experience (for example, by remembering your preferences and recognising you as a repeat visitor to the websites or App(s), and to track statistics about the usage of the websites or App(s). This allows us to better understand our Users and improve the layout and functionality of the our App(s) and websites.

The types of cookies we use
Specifically, we use the following cookies:

  • Strictly necessary cookies: are required for the operation of the App(s) and websites, such as cookies that enable you to log into secure areas of our website (for example the enquiry page).
  • Analytical/performance cookies: allow us to count the number of users and see how users move around our website when they are using it. This helps us to improve the way our websites and the App(s) work, for example, by ensuring that users are finding what they are looking for easily.
  • Targeting cookies: these cookies record your visit to the websites or App(s), the pages you have visited and the links you have followed. We will use this information, subject to your choices and preferences, to make our website and any advertising displayed on it more relevant to your interests.
  • Third party/sharing cookies: are cookies that are set by a domain other than the one being visited by you. If you visit our websites and a separate company sets a cookie through that website this is a third party cookie. To try to bring you offers and advertisements that are of interest to you, we have relationships with third party companies including Google, Adobe Analytics, Facebook, LinkedIn (Third Party Providers) that allow them to place cookies on our websites.

These Third Party Providers may:

  • use third party cookies, web beacons, and other storage technologies to collect or receive information from our Websites and elsewhere on the internet;
  • compare de-identified information from us with information collected elsewhere on the internet; and
  • use that information to provide measurement services and target ads to you.

How long cookies will be stored on your device
Session cookies are temporary. They allow website operators to link the actions of a user during a browser session, the time period between a user opening a browser window and closing it. Once closed, the cookies are deleted. Persistent cookies remain on a user’s device for the period of time specified in the cookie.

How you can manage your cookies
If you do not wish to receive any cookies (other than those which are strictly necessary) you may set your browser (such as Firefox, Google Chrome, Internet Explorer or Safari) to either prompt or refuse cookies. Please note that rejecting cookies may mean that not all the functions on our websites you visit will be available to you.

Some of the websites that let you control what information is collected about you are:


If you do not wish to receive any cookies (other than those that are strictly necessary) you can use the settings in your browser to control how your browser deals with cookies (e.g. to either prompt or refuse cookies). However, in doing so, you may be unable to access certain pages or content on our website.


We will provide you with the opportunity of remaining anonymous or using a pseudonym in your dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally it is not practicable for us to deal with you anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities we manage or deliver.


We store information in paper-based files or other electronic record keeping methods in secure databases (including trusted third party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.

We maintain physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security; for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems.

Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.


We will only keep the personal information we collect about you for as long as is necessary for the purposes set out in this Privacy Policy or as required to comply with any legal obligations to which we are subject. The retention periods we apply take account of:

  • legal and regulatory requirements and guidance;
  • limitation periods that apply in respect of taking legal action;
  • our ability to defend ourselves against legal claims and complaints;
  • good practice; and
  • the operational requirements of our business.

We take steps to destroy or de-identify information that we no longer require or as required by an applicable law.


We may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you or as otherwise permitted under applicable privacy laws.

This means under certain privacy laws we do not always need your consent to send you marketing communications such as our newsletter. However, where consent is required under applicable privacy laws, we will ask for this consent separately and clearly. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or using the opt-out functionality contained in the electronic message.

If you opt-out of receiving marketing material from us, we may still contact you in relation to its ongoing relationship with you.


For Users
The purposes for which we may use and disclose your personal information will depend on the services we are providing you.

Disclosure to contractors and other service providers
We may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research.

Personal information may also be shared between related and affiliated companies of KuboFit, located in Australia and overseas including the UK.

Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.

Use and disclosure for administration and management
We will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:

  • administering billing and payments and debt recovery;
  • planning, managing, monitoring and evaluating our services;
  • quality improvement activities;
  • statistical analysis and reporting;
  • training staff, contractors and other workers;
  • risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives);
  • responding to enquiries and complaints regarding our services;
  • obtaining advice from consultants and other professional advisers; and
  • responding to subpoenas and other legal orders and obligations.

Other uses and disclosures
We may use and disclose your personal information for other purposes explained at the time of collection (such as in a specific privacy collection statement or notice) or otherwise as set out in this Privacy Policy.


We are a global organisation and works with Users, service providers, sponsors and commercial interests across the globe. It is likely that your personal information will be disclosed to overseas recipients. It is likely that your personal information will be disclosed to overseas recipients including service providers who may handle, process or store your personal information on our behalf.

The recipients of such information may be located in America and the United Kingdom. Various FLG Entities have operations and interests in these countries.

We generally collect personal information about you in Australia or the jurisdiction in which kubofit or the relevant subsidiary or affiliate you are dealing with is located.

It is likely that your personal information will be transferred outside of the jurisdiction it was collected. We only ever disclose your personal information outside the jurisdiction it was collected where we are permitted to do so under applicable privacy laws. Generally this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable privacy laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area. The EU standard contractual clauses are available here.

There are circumstances where we may disclose your personal information to an overseas recipient. For example, you have provided your consent or we are otherwise permitted to do so under the Australian Privacy Principles or other relevant laws.


We have described the purposes for which we may use your personal information. If the GDPR applies to you, we are permitted to process your personal information in this way, in compliance with the GDPR, by relying on one or more of the following lawful grounds:

  • you have explicitly agreed to us processing your information for a specific reason;
  • the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
  • the processing is necessary for compliance with a legal obligation we have; or
  • the processing is necessary for the purposes of a legitimate interest pursued by us, which might be:
    • to prevent fraud;
    • to protect our business interests;
    • to ensure that complaints are investigated;
    • to evaluate, develop or improve our products; or
    • to keep our clients informed about relevant products and services, unless you have indicated at any time that you do not wish us to do so.

If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable):

Access: you have the right to request a copy of any personal information we hold about you. Any request for access to or a copy of your personal information must in writing and we will endeavour to respond within a reasonable period and in any event within one month (in compliance with the GDPR).

Rectification: you have the right to the rectification of your personal data, if you consider that it is inaccurate.

Deletion: you have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.

Restriction: you have the right to erasure of your personal information, if you consider that we do not have the right to hold it.

Portability: you have the right to ask us to transfer a copy of your personal information to you or to another service provider or third party where technically feasible.

Objection: you have the right to object to your personal information being processed for a particular purpose or to request that we stop using your information.

Complaint: If you are unhappy with our treatment of your personal information, and you have contacted us as set out below, you have the right to lodge a complaint with the local data protection authority.

If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.

To make a request to exercise any of these rights (where applicable) in relation to your personal information, please contact us using the contact details below.


You are entitled to access your personal information held by us on request. To request access to your personal information please contact our Privacy Officer using the contact details set out below.

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.

However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.


You may contact us at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.

You may make a complaint about privacy to the Privacy Officer at the contact details set out below.

The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.

If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.

In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to your complaint, or you consider that KuboFit may have breached the Australian Privacy Principles or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on the website

If you are outside of Australia you may wish to take your complaint up with the local data protection authority in your jurisdiction. If you are based in the UK, this is the UK Information Commissioner’s Office at


We may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes. We also try to let you know about major changes to our Privacy Policy (for example by putting a notice up on our website).


The Privacy Officer can be contacted by emailing [email protected]

This Privacy Policy was last updated in 24 June 2021.