Fitness and Lifestyle Group Pty Ltd ACN 613 738 408 trading as kubofit (“kubofit”) is the owner of the applications known as kubofit and/or Fitness First (“ the App(s)”). Kubofit, its subsidiaries and affiliates including but not limited to Fitness First Australia Pty Ltd, Goodlife Operations Pty Ltd, Jetts Company Clubs Pty Ltd, Go Health Clubs Holdings Pty Ltd, Barry’s Bootcamp Australia Pty Ltd, Fitness and Lifestyle Group Bidco NZ Limited (Jetts NZ), Dockvest Pty Ltd (Zap Fitness) and Hypoxi Australia Pty Ltd (collectively referred to as “FLG Entities”) are committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth), the General Data Protection Regulation (EU) 2016/679 (GDPR) and in accordance with other applicable privacy laws.
“Apple Healthkit” refers to the Apple product referred to at https://developer.apple.com/healthkit/ .
"we", "us" and “our” refers to kubofit and "you" or “User” refers to any individual about whom we collect personal information.
We are the provider of digital web and mobile applications including the kubofit and Fitness First App.
Users and prospective Users
When you enquire about or use any of the App(s), a record is made which includes your personal information.
The type of personal information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:
Apple HealthKit Integration
If all or any part of the requested information is not provided by you or if you do not give the consent referred to above, the services provided to you by the App(s) may be affected.
We may collect personal information about other individuals who are not Users. This includes customers and Users who participate in events we are involved with; individual service providers and contractors that we may use; and other individuals who we interact with on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with us. Generally, it would include name, contact details, and information regarding our interactions and transactions with you.
You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.
Your sensitive information
We may collect and process your sensitive information or special category data, such as your health information, generally with your express consent and only as reasonably necessary in order for us to provide our services to you. We may also collect such information about you in an emergency or otherwise with your consent or in accordance with applicable laws.
For example, we will collect health information from you with your consent in order to understand your physical health, fitness and any injuries you have or have previously experienced. This will assist us to adequately provide our services and manage any injuries and/or medical emergencies that may arise during the provision of such services.
Visitors to our websites
The way in which we handle the personal information of visitors to our websites is discussed below.
You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested or we may not be able to do business with you effectively. If you have any concerns about personal information we have requested, please let us know.
We collect personal information that is reasonably necessary to carry out our business, to assess and manage our Users' needs, and provide our services to you. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing User relationships.
The purposes for which we usually collect and use personal information depends on the nature of your interaction with us, but may include:
In addition, some of your personal information may be used for other business purposes. Examples of the types of uses are set out below:
We generally collect personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person. We may also collect personal information about you from other sources, for example:
We may also collects and uses personal information for market research purposes and to innovate our delivery of products and services.
We have a legitimate interest in using your information in the ways listed above. In some cases it will be lawful for us to collect and use your personal information, for example where it is necessary as part of our, or a third party’s, statutory or public functions or because the law permits or requires us to.
The website may contain links to third-party websites. We are not responsible for the content or privacy practices of websites that are linked to our website.
What is a cookie?
While the cookie may identify your computer or device, it should not identify you unless you are registered with our website (for example, because you are a User and subscribe to our website) or logged in using your social media profile. In that case, the cookie will be linked to your profile so that we can identify you and provide more relevant content.
The types of cookies we use
Specifically, we use the following cookies:
These Third Party Providers may:
How long cookies will be stored on your device
Session cookies are temporary. They allow website operators to link the actions of a user during a browser session, the time period between a user opening a browser window and closing it. Once closed, the cookies are deleted. Persistent cookies remain on a user’s device for the period of time specified in the cookie.
How you can manage your cookies
Some of the websites that let you control what information is collected about you are:
We will provide you with the opportunity of remaining anonymous or using a pseudonym in your dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally it is not practicable for us to deal with you anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities we manage or deliver.
We store information in paper-based files or other electronic record keeping methods in secure databases (including trusted third party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
We maintain physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security; for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
We take steps to destroy or de-identify information that we no longer require or as required by an applicable law.
We may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you or as otherwise permitted under applicable privacy laws.
This means under certain privacy laws we do not always need your consent to send you marketing communications such as our newsletter. However, where consent is required under applicable privacy laws, we will ask for this consent separately and clearly. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or using the opt-out functionality contained in the electronic message.
If you opt-out of receiving marketing material from us, we may still contact you in relation to its ongoing relationship with you.
The purposes for which we may use and disclose your personal information will depend on the services we are providing you.
Disclosure to contractors and other service providers
We may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research.
Personal information may also be shared between related and affiliated companies of KuboFit, located in Australia and overseas including the UK.
Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.
Use and disclosure for administration and management
We will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:
Other uses and disclosures
We are a global organisation and works with Users, service providers, sponsors and commercial interests across the globe. It is likely that your personal information will be disclosed to overseas recipients. It is likely that your personal information will be disclosed to overseas recipients including service providers who may handle, process or store your personal information on our behalf.
The recipients of such information may be located in America and the United Kingdom. Various FLG Entities have operations and interests in these countries.
We generally collect personal information about you in Australia or the jurisdiction in which kubofit or the relevant subsidiary or affiliate you are dealing with is located.
It is likely that your personal information will be transferred outside of the jurisdiction it was collected. We only ever disclose your personal information outside the jurisdiction it was collected where we are permitted to do so under applicable privacy laws. Generally this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable privacy laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area. The EU standard contractual clauses are available here.
There are circumstances where we may disclose your personal information to an overseas recipient. For example, you have provided your consent or we are otherwise permitted to do so under the Australian Privacy Principles or other relevant laws.
We have described the purposes for which we may use your personal information. If the GDPR applies to you, we are permitted to process your personal information in this way, in compliance with the GDPR, by relying on one or more of the following lawful grounds:
If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable):
Access: you have the right to request a copy of any personal information we hold about you. Any request for access to or a copy of your personal information must in writing and we will endeavour to respond within a reasonable period and in any event within one month (in compliance with the GDPR).
Rectification: you have the right to the rectification of your personal data, if you consider that it is inaccurate.
Deletion: you have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.
Restriction: you have the right to erasure of your personal information, if you consider that we do not have the right to hold it.
Portability: you have the right to ask us to transfer a copy of your personal information to you or to another service provider or third party where technically feasible.
Objection: you have the right to object to your personal information being processed for a particular purpose or to request that we stop using your information.
Complaint: If you are unhappy with our treatment of your personal information, and you have contacted us as set out below, you have the right to lodge a complaint with the local data protection authority.
If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances even if you withdraw your consent we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations.
To make a request to exercise any of these rights (where applicable) in relation to your personal information, please contact us using the contact details below.
You are entitled to access your personal information held by us on request. To request access to your personal information please contact our Privacy Officer using the contact details set out below.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
You may make a complaint about privacy to the Privacy Officer at the contact details set out below.
The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that KuboFit may have breached the Australian Privacy Principles or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au.
If you are outside of Australia you may wish to take your complaint up with the local data protection authority in your jurisdiction. If you are based in the UK, this is the UK Information Commissioner’s Office at https://ico.org.uk/global/contact-us/helpline/.
The Privacy Officer can be contacted by emailing [email protected]