Territories
This Privacy Notice covers our activities throughout the world. We may host the sites or information within the apps on servers located within these countries or in any other country we, our service providers, or our service providers’ vendors maintain facilities, including the United States. This means that your personal information may be stored on servers located within any country where there are SUMHIIT Fitness locations. The locations of our servers may change from time-to-time. Further, our franchisees may maintain individual websites in the country or territory they service.
Privacy requirements and treatment of personal information varies from country to country. To meet these requirements, we have included certain “Country-Specific Privacy Notices” as part of this Privacy Notice. You may locate the Country-Specific Privacy Notices on the respective websites for each country by clicking on the links below:
Compliance with Privacy Obligations
- CWG SH 1 Pty Limited (ACN 616 507 236) its related bodies corporate and franchisees of SUMHIIT Fitness (collectively referred to as SUMHIIT Fitness or our or we) is in the business of providing services in connection with gymnasium, fitness classes and physical services (Services).
- This Privacy Policy sets out the policy of SUMHIIT Fitness with respect to the way in which we collect, use, disclose, store, secure and dispose of Personal Information (as that term is defined in the Privacy Act 1988 (Cth) (Act)) about our customers, franchisees and employees including through our website at www.sumhiit.com and other online or digital platforms (including via any applications developed or operated by SUMHIIT Fitness) (Online Platforms).
- SUMHIIT Fitness is bound by the Australian Privacy Principles set out in Schedule 1 of the Act. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au.
- SUMHIIT Fitness is dedicated to ensuring that personal and sensitive information is gathered with respect to the individual and aims to exercise the highest standard of care in preserving privacy of information in all areas of operation.
- The information about individuals’ health collected by SUMHIIT Fitness is handled in compliance with applicable State and Territory health records legislation.
Collection of Personal and Sensitive Information
- For the purposes of this Privacy Policy, “Personal Information” is defined under the Act and characterised as being information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from that information or opinion. “Sensitive information” is information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation or criminal record.
- The types of Personal Information generally collected by us include your name, address, date of birth, mobile and telephone numbers, e-mail address, credit card or bank account details, occupation and employer, driver’s licence number and emergency contact details. Personal Information is also collected when individuals provide business cards or other documentation to us containing such Personal Information, including completion of a Membership Agreement and a Health Questionnaire. Personal Information also includes information we collect in the course of providing the Services to individuals and via external communications.
- We may also collect behavioural and/or statistical information about individuals or businesses in connection with the Services.
- The types of Sensitive Information generally collected by us includes (but is not limited to) information relating to health information, health issues or any disabilities that are necessary to properly advise you about fitness training. The types of health-related information include medical history, whether individuals are using medication, smoke or are pregnant and other health related information. We will obtain specific consent in circumstances where it is necessary to collect Sensitive Information.
- Other Sensitive Information that may be required to be collected by SUMHIIT Fitness may include health, immunisation, vaccination or other health information which ensures we are able to comply with our legal obligations or risk assessments. This includes, but is not limited to, obtaining vaccination and immunisation records or information in respect of and in response to any pandemic or epidemic (including Covid-19) where government regulations or public health orders apply to the provision of Services.
- Without limiting the way in which we may collect your Personal Information, this will generally occur in association with your use or utilisation of the Services, if you make an enquiry about SUMHIIT Fitness (either online, via telephone or at an SUMHIIT Fitness club) or via generally dealing with us directly.
Use of Personal and Sensitive Information
- Any Personal or Sensitive Information that we collect about individuals will be used and disclosed by us to provide the Services required or otherwise to enable us to carry out our functions.
- We also collect your Personal Information so that we can carry out the following actions:13.1. to communicate with you, including about our Services and offers which might interest you;13.2. to provide you with information;13.3. to process payments by you or to you in connection with our Services;13.4. to create accounts, tax invoices or receipts (electronic or otherwise);13.5. to provide your Personal Information to third parties in order to them to supply some aspect of the Services;13.6. to consider and respond to communications or complaints made by you.
- SUMHIIT Fitness will disclose Personal Information to third party business partners when they provide services to SUMHIIT Fitness that are consistent with the terms of this Privacy Policy. When we outsource or contract out specific support services, our contractors may access individuals’ Personal Information. It is important to note that all our contractors are subject to strict confidentiality obligations. We take great pride in operating only with reputable business partners.
- Personal or Sensitive Information that is in our possession is not a subject to rent, sale or any other disclosure to any other company or organisation, except where otherwise lawfully permitted under this Privacy Policy or without prior consent of individuals where that consent is required by law. Individuals consent to our use and disclosure of their Personal Information where it is incidental to a sale of our business (or any part thereof) to a third party or where the Personal Information is or becomes de-identified as otherwise permitted under clause 34 below. They also consent to Personal and Sensitive Information being disclosed to SUMHIIT Fitness support office and placed on an intranet that is accessible by support office.
- SUMHIIT Fitness will disclose Personal Information if it is under a legal requirement to do so (for example, under a court order, or if required under legislation), or if an authorised request is made from a law enforcement agency.
- Otherwise, we will only disclose Personal Information with the consent of the relevant individuals. If consent is obtained.
Information provided by Franchisees
- Information of a personal and sensitive nature is provided to SUMHIIT Fitness by its potential franchisees. The information is used to evaluate the suitability of the applicants becoming SUMHIIT Fitness franchisees. SUMHIIT Fitness may make enquiries and check accuracy of information at the consent of the potential franchisees, this will be the only time SUMHIIT Fitness may disclose such information to third-parties unless required in accordance with the Act.
- It is at the discretion of an applicant to provide information requested, however this may obstruct the process of assessing their suitability. The Personal Information of successful applicant will form part of an ongoing franchisee record. Should the application be unsuccessful, the applicant will be given the opportunity to have the collected information returned or permanently destroyed.
Information provided by employees
- Any employment application provided to SUMHIIT Fitness will be used solely for the purpose of analysing or considering the suitability for an available position. Personal Information will only form part of an employee record if the application is successful. The Personal Information about employees will only be disclosed by SUMHIIT Fitness if required by law to authorised government agencies i.e. Australian Taxation Office or as otherwise directed or consented to by employee.
- Any unsuccessful applications will remain on file to be revisited should suitable opportunities arise in the future. If required or requested by the applicant, applications (including the Personal Information contained therein) may be returned or permanently destroyed.
Online Platform Privacy
- The Privacy Policy outlines our approach to online privacy issues regarding Personal Information collected through our Online Platforms. Our Online Platforms include, but are not limited to:22.1. our website;22.2. our digital or online applications as developed from time to time;22.3. our social media accounts or profiles, such as (without limitation) Facebook, Instagram, YouTube and Twitter (but at all times being subject to the terms and conditions of use and privacy policies of the websites hosting those accounts or profiles); and/or22.4. any other online or digital platforms or software from which SUMHIIT Fitness may provide the Services or you may communicate with SUMHIIT Fitness.
- SUMHIIT Fitness will handle Personal Information collected online with the utmost care, and will not knowingly use it in ways not explicitly consented to by you.
- SUMHIIT Fitness will handle Personal Information collected online consistently with the way that it handles Personal Information collected offline. Other matters specific to our handling of Personal Information online are set out below.
Cookies
- No Personal Information is collected by SUMHIIT Fitness when individuals visit our Online Platforms, unless they chose to provide it to us (for example, by sending us emails through our Online Platforms). However, we may collect certain data that does not identify individuals (sometimes called “web log information”) when they visit certain pages (such as the type of browser and operating system they have). We may also use “cookies” which are small files that are stored on computer and that manage the security and navigation process of the site. Users can choose to block these cookies but some portions of the site may not function correctly if they do. This type of data is collected for statistical purposes only, and while cookies will identify a computer, they are unlikely to identify users personally.
Email/SMS Marketing
- We will not distribute our marketing material via SMS unless customers have consented to this. This is a requirement of the Spam Act 2003. Further, you can unsubscribe from our e-newsletter or other bulletins by using the “unsubscribe” facility contained in each electronic publication we send. Occasionally, SUMHIIT Fitness may send promotional email messages to prospective customers to market a service or activity. This will only be done on the reasonable belief that customers would be interested in the subject matter. In every case customers will be provided with clear and simple instructions on how to be removed from our mailing list.
Site Security Policy
- Our Online Platforms use up-to-date technology to maximise the security of user’s Personal Information. SUMHIIT Fitness places an importance on the security of all information associated with our customers. Our security and this Privacy Policy are continually reviewed and updated and the user information is accessed by authorised personnel. We aim to prevent accidental manipulation, destruction, use, disclosure loss or unauthorised access of Personal Information and/or data.
Apple Health & Google Health
- Our Online Platforms contain capabilities of collecting your Personal Information and Sensitive Information via the use of those Online Platforms. Specifically, this may occur via the integration between the SUMHIIT Fitness Online Platforms (including our API) and third-party affiliated applications such as Apple Health or Google Health.
- The collection of Personal Information via any third-party integrated or affiliated applications and/or software will be subject to the privacy policies and practises of those third-parties. The Apple and Google privacy statement and information may be obtained via:29.1. Apple: https://www.apple.com/legal/privacy/en-ww/29.2. Google: https://safety.google/privacy/data/
Hyperlinks to other Websites
- Our Online Platforms may contain links to other websites which we do not control; they are not covered by our Privacy Policy. If users access other websites using the links provided, operators may collect information from users and use it in accordance with their own privacy policy, which may differ from ours. We have no control over the types of information third-party site owners choose to collect and how they use it.
Social Networking Acceptable Use Policy
- SUMHIIT Fitness encourages all comments on any of our social networking pages (Facebook, Instagram, YouTube, Twitter etc.), as we would like to hear from our followers, customers, fans, clients, friends and staff. Customer views, news, ideas, insights and criticisms about SUMHIIT Fitness are very important to us, yet the social networking sites must not be used to abuse others, expose others to offensive or inappropriate content, or for any illegal or unlawful purpose.
- It is the user’s responsibility to protect their personal privacy when using our social networking pages. We advise users not to include any Personal Information of either themselves or of others in their published posts or comments (such as email addresses, private addresses or phone numbers).
- In addition, it is recommended to refrain from posting materials to any of our social media pages or profiles that infringe the intellectual property rights of others and not to include internet addresses or links to websites, or any email addresses in such published posts.
- Any information posted to the SUMHIIT Fitness Social Networking pages (Facebook, Instagram, YouTube, Twitter and others) is recorded and used for the purpose of administering pages and addressing any comments made, while no attempt will be made to identify users except where authorised by law.
- We are not responsible for the privacy practices or content of social networking pages (Facebook, Instagram, YouTube, Twitter and others). The responsibility of SUMHIIT Fitness is limited to our own published posts made on the official SUMHIIT Fitness social media accounts.
De-Identified Information
- We may use your Personal Information in de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. We may also provide, including by way of sale, de-identified information in aggregated form, to third parties. This information may include (but is not limited to):36.1. age demographics;36.2. purchasing trends;36.3. trends and statistics in relation to the Services;36.4. statistics about purchasing patterns of the Services;36.5. statistics surrounding the Services.
- When your Personal Information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.
Security
- We use all reasonable endeavours to secure any Personal or Sensitive Information that we hold and aim to keep this information accurate and up-to-date. Technical and organisational security measures are in place to ensure the security of information and to protect it against deliberate or accidental manipulation, destruction, use, disclosure loss or unauthorised access.
- Personal and Sensitive Information is stored behind industry standard firewalls and where applicable, protected by user names and passwords. Where appropriate, Personal and Sensitive Information is kept within a locked storage room.
Changes to Privacy Policy
- SUMHIIT Fitness reserves the right to change this Privacy Policy without prior notice. Any changes to Privacy Policy will be posted on the SUMHIIT Fitness website or via our other online platforms or we may decide to inform you via other means, such as by way of direct email communication. In order to remain updated and informed on protection of Personal and Sensitive Information, we encourage users to review this Privacy Policy regularly. If, at any time, you have questions, comments or concerns about our privacy commitment or our privacy obligations please contact us.
Access and correction of your Personal Information
- The access to Personal Information that we and/or our contractors hold can be obtained on request. It is at the discretion of SUMHIIT Fitness to provide this information to individuals, depending upon legal circumstances or our obligations. Users are entitled to tell us if they do not wish us to hold their information, we will remove all such information from our database. Individuals also have the right to ask us to correct information about them which is inaccurate, incomplete or out of date.
- If you wish to seek access to, correction of or deletion of Personal Information that SUMHIIT Fitness holds about you, please contact us on the contact details specified in clause 44. We may ask you to put your request in writing. It is important to us that the Personal Information we hold about you is accurate, complete and up to date.
Overseas Recipients
- Any Personal or Sensitive Information that we collect may be disclosed to overseas recipients including, but not limited to, Basecamp Fitness LLC, in the United States the master franchisor/licensor of the SUMHIIT Fitness brand.
Contact details
- You can either provide a written request or complaint at one of our clubs, or you can contact our Privacy Officer as follows;44.1. By letter: Privacy Officer, SUMHIIT Fitness, Level 2 71 Longueville Rd, Lane Cove, NSW, 2066, Australia;44.2. By email to [email protected]
- This Privacy Policy applies to SUMHIIT Fitness, its employees, franchisees and contractors.
If we decide not to correct or provide you with access to your Personal Information, we will give you our reasons for our decision.
Complaints
- If you have a complaint about the way we have dealt with your Personal Information, please contact us at via the details available in the previous section of this Privacy Policy.
- We will make all reasonable attempts to respond to your complaints or requests.
CCTV Cameras and Surveillance
- We may utilise video recording in SUMHIIT Fitness gyms for the purpose of ensuring security and the safety of all SUMHIIT Fitness members and occupants via CCTV cameras, recording the time and date at which images are taken.
- Video recordings can be accessed only by authorised staff.
- Video recordings of a specific incident may be released to the NSW Police Service only under the terms of this policy or subject to the execution of a search warrant or other legal process and only with the approval of SUMHIIT Fitness Company Secretary.
GDPR
- If you are:51.1. a resident of the European Union accessing our online platforms or attending a SUMHIIT Fitness club in Australia; or51.2. accessing our online platforms or receiving our Services from within the European Union,then in addition to our obligations under the Act, SUMHIIT Fitness is required to comply with the General Data Protection Regulation (EU) 2016/679 (GDPR) with respect to your Personal Information.
- Any reference to Personal Information in this Privacy Policy is also a reference to Personal Data (as defined under the GDPR).
- SUMHIIT Fitness takes the security and privacy of your Personal Information seriously and has prepared this Privacy Policy and taken measures to collect, process and hold all Personal Information in compliance with both the Act and GDPR regardless of the user. Therefore, no additional terms for GDPR users are required.