Last updated: December 2021
We handle a variety of personal data/ personal information, such as names, email addresses, health related information and other information in carrying out our daily business. As a fitness coaching service, we sometimes obtain information from you that we understand you may not want us sharing with anyone. As such, we understand the importance of privacy and we are committed to data security and adherence to the European Union’s General Data Protection Regulation (GDPR) and the Australian Privacy Principles (the APPs) contained in the Australian Privacy Act 1988 (Cth).
2. What kind of data do we collect?
In our usual day to day business, we collect personal data such as:
- Date of birth
- Contact details such as telephone number, email address
- Payment information
- Height, weight and other biometric information
- Information about medical conditions and/or allergies; and
- Photographs of our users.
Some personal data is defined as “sensitive personal data”. In some very rare cases we may need to collect sensitive personal data from you. We only collect sensitive personal data whenever absolutely necessary for our service delivery.
3. How do we collect your data?
You directly provide us with almost all of the data we collect. We collect data and process data from you in many ways, including when you:
- Enquire about any of our services
- Provide us with information via on any of Our Platforms
- Sign up for our services
- Interact with our social media accounts; and
- Use or view our website via your browser’s cookies.
Although not in our usual practice, we may also receive your data indirectly through one of our partner organisations.
4. How will we use your data?
The nature of the relationship we have with our customers requires us to monitor and evaluate your personal data on an ongoing basis. We primarily collect your personal data so that we can provide our fitness and nutrition services to you. We only ever use health information for the direct purpose of providing our services to you. Other ways we use personal data may include:
- To provide relevant fitness and nutrition information to you
- To notify you about changes to our services
- To allow you to participate in interactive features of our services, if and when you choose to do so
- To provide customer support
- To gather valuable information so that we can improve our services
- To monitor the usage of our services
- To disclose data to law enforcement agencies, if required or authorised by law; and
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
Wherever possible, we will advise you why we are collecting your personal information and for what purpose we are collecting it.
In some circumstances, we will share your personal data with our partner organisations so that they may be able to complete the service you requested from us. For example, we may share the information with a health professional in your local area if we believe this is in your best interests. We will always obtain your consent before doing this.
In some circumstances we may publish your photograph. For example, we may publish a before and after photograph on our Instagram page. We will always obtain your explicit consent before publishing such photographs.
Additionally, Vitalaxy collects personal customer information which may be shared with Facebook, as well as other third party marketing organisations, in an effort to serve more relevant ads and improve our customer experience.
In addition to the above, we undertake day-to-day measures that are necessary for our services to you, such as bookkeeping, accounting, billing, fulfilling tax obligations and maintaining our website security.
5. How do we store your data?
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
In order to keep your personal data secure, we have chosen a secure web hosting service, Shopify. Shopify is SSL certificate encrypted.
We use a number of programs and websites to store personal data including, Google Sheets, Google Forms and Google Drive. These records are stored via cloud computing by Google in Google’s data centres, most of which are located in the United States. Some of our users also use TrueCoach, an online personal training app. For more information on how TrueCoach uses personal information, visit: www.truecoach.co/privacy.
We also store personal information on our local secure networks, all of which are password protected. In some rare cases we keep paper files. These are kept in a locked filing cabinet.
We will keep your personal data for a period of no more than 7 years, depending on the type of data. Most data is deleted 1 year after your service has been completed. Once this time period has expired, we will delete your data by securely destroying any paper copies, electronic copies and backups.
You may be asked by us if you want to receive marketing materials. You will always be given the choice whether or not to receive marketing information from us.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at firstname.lastname@example.org.
We will not sell, distribute or lease your personal information to third parties unless we have your permission. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
7. Maintaining data quality and accuracy
It is important to us to maintain the quality of the personal information we hold. We take reasonable steps to make sure that your personal information is accurate, complete and up-to-date.
If you find that your personal information held by us is not up to date or is inaccurate, please advise us and we will amend it, where appropriate.
8. External links
You should exercise caution and look at the privacy statement applicable to the website in question.
9. What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. You are entitled to the following:
- The right to access – You have the right to request copies of your personal data from us. We may charge you a small fee for this service.
- The right to rectification – You have the right to request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
- The right to erasure – You have the right to request us to erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request us to restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object us processing your personal data, under certain conditions.
- The right to data portability – You have the right to request us to transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us, using the details below.
11. How to contact us
Complaints will be dealt within 30 days. If you are not satisfied with our response you can lodge an appeal to the appropriate authorities.
12. How to contact the appropriate authorities
Should you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you have legal rights.
As an Australian based organisation, you may contact the Office of the Australian Information Commissioner’s Office on +61 2 9284 9749 or visit www.oaic.gov.au.
If you live in the EEA, you have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the EEA.