Privacy


EFM PRIVACY POLICY

1  INTRODUCTION

EFM Corporate Pty Ltd A.C.N. 052 977 223 (referred to below as we, us, and our) is a privacy conscious organisation. We respect and protect your privacy and thank you for visiting our website and reviewing this Privacy Policy (this Policy).  We collect, hold, use and disclose Personal Information in accordance with this Policy, the Privacy Act 1988 (Cth) (the Privacy Act) and its Australian Privacy Principles (the Principles). In this Policy, Personal Information and Sensitive Information have the meanings given to those terms in the Privacy Act.

This Policy is publicly available on our website or by contacting us and requesting a copy. It may be supplemented or amended from time to time.  By accessing and using our website, our products and services and/ or the websites and products and services of our franchisees (collectively, the Services) you consent to the version of this Policy that is in effect at the time. This Policy may also be subject from time to time to privacy statements that are specific to certain aspects of the Services.

This Policy covers Personal Information collected, held, used and disclosed by us in relation to: the Services, our franchisees and prospective franchisees (Franchisees); members and prospective members of our health clubs (Members); employers of Members where the membership is sponsored by the employer (Employer Sponsors); and contracted employees and third-party suppliers, service providers and specialist advisers engaged to advise and assist us and/ or the Franchisees with providing the Services (Suppliers).

2  KINDS OF PERSONAL INFORMATION THAT WE COLLECT AND HOLD

2.1  Personal Information – General

Depending on your interactions with us and the Services provided, the kinds of Personal Information we collect, hold, use and disclose may include: your name and date of birth; your membership number with us and attendance records at our health clubs; your gender; your contact details (including work, postal and residential address(es), telephone and facsimile number(s), and email address(es)); your driver’s licence; your employment details; your financial information (including bank account or credit card details, and if you are a Franchisee, A.B.N., income, assets and liabilities, account balances and financial statements, tax statements); if you are a Franchisee, or work for (or are applying to work) for us or a Franchisee, your education, employment history, membership of professional associations, referees and next of kin; your image (if you are photographed at one of our health clubs or one of our or our Franchisees other events or activities); your emergency contact details; records of your communications and other interactions with us and Franchisees; and any other content that you provide when accessing and using the Services (including postings on any blogs, forums, wikis and other online and social media applications and services).

2.2  Personal Information – Sensitive Information

The Personal Information we collect, hold, use and disclose may also include Sensitive Information such as: your health information (where the information is necessary to provide a health service to you or otherwise with your consent or as authorised by law, court or tribunal); and if you are a Franchisee, or work for (or are applying to work for) us or a Franchisee, your membership of a professional or trade association and/ or your criminal record.

If we require your Sensitive Information, we may collect, hold, use and disclose it: (a) only with your consent, only as permissible by law and only if the information is reasonably necessary for one or more of our functions or activities; or (b) as otherwise required or authorised by the law, court or tribunal. By applying to be a Franchisee or a Member, accessing and using the Services, or otherwise providing us with your Sensitive Information, you consent to our collection, holding, use and disclosure of your Sensitive Information for the particular purpose(s) in which it was collected, for the purpose of performing our functions and activities, for providing the Services, and for discharging our statutory and other legal obligations.

If we wish to use or disclose your Sensitive Information for any secondary purpose, we will only do so with your consent and only if the secondary purpose is directly relevant to the primary purpose for which the information was collected. We will not disclose your Sensitive Information for the purpose of Direct Marketing without your consent.

2.3  Non-Personal Information

We may also collect, hold, use and disclose information about you that is not Personal Information. This includes data relating to your activity on our website via tracking technologies such as analytic, cookie and session tools (which data can include the identity of your internet browser, the type of operating system you use, your IP address, the domain name of your ISP, the pages accessed on our website and the next website visited), and non-personal details of any survey responses or forms you provide. We may use this non-personal information for internal purposes including administering the Services, diagnosing problems, generating statistics and trends, marketing, and improving the quality of the Services.

2.4  Government related identifiers

Unless permitted by the Principles or any other law, court or tribunal, we will not use or disclose any government related identifier of you or adopt it as our own identifier.

3  HOW WE COLLECT AND HOLD PERSONAL INFORMATION

3.1  Direct collection of Personal Information from you

We collect your Personal Information directly from you wherever it is reasonable and practical to do so. This includes: when you contact or otherwise communicate with us and our Franchisees and vice versa (including possibly recording the information you provide via phone calls, interviews and other forms of communication); when you attend our premises or health clubs; through applications or other forms that you fill-in and provide to us and our Franchisees (including surveys); when you attend an event we or our Franchisees have organised or sponsored; when you post on any blogs, forums, wikis and other online and social media applications and services; when you access and use the Services (including collection through the use of third party analytic, cookie and session tools); and any other means by which you directly communicate or provide the information to us and our Franchisees.

3.2  Collection of Personal Information from external sources

Sometimes, we may also collect your Personal Information from external sources where it is unreasonable or impracticable to collect it from you direct. These external sources may include: Franchisees, Employer Sponsors, public records or sources of information (e.g. telephone directories, government registers, market research organisations, credit reporting bodies); people authorised by you to provide us with your Personal Information (e.g. if you are a Franchisee, your lawyer, accountant, tax adviser, financial planner, insurance broker). If you are a third party that provides us with the Personal Information of a person, in doing so, you acknowledge and confirm that you are authorised by that person to do so, you have informed that person that you will be doing so, and that person has been directed to this Policy.

3.3  How we hold Personal Information

We will generally hold your Personal Information as physical records (at our premises or off-site) and/ or as electronic records (on our servers or on third party servers) and, in any case, in accordance with the storage and security of Personal Information procedures detailed below.

4  PURPOSE FOR WHICH WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION

4.1  Primary purposes

In order to provide the Services effectively, we need to collect, hold, use and disclose certain Personal Information. This includes for the following primary purposes: offering and providing the Services to you; responding to your requests or enquiries; establishing, managing, maintaining, upgrading and expanding the Services; arranging for other related products or services to be provided or offered to you by third parties; promoting, advertising and marketing the Services; undertaking risk assessment and management; processing and considering your application to be a Member or Franchisee; recording and promoting your achievements in respect of the Services; assisting Fitness Australia in regards the origins and causes of complaints for the purpose of identifying systemic and recurring problems in the Fitness Industry; any other purposes that you may reasonably expect; any other purposes that have been disclosed to and authorised by you from time to time (including, but not limited to, those you consent to below); and any purpose authorised or required by law, court or tribunal (including those required by the Anti- Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and the Corporations Act 2001 (Cth)). Satisfying these primary purposes may also include collection from, and disclosures to, Franchisees, Employer Sponsors and Suppliers.

4.2  Secondary purposes

If we have collected Personal Information (other than a government related identifier) for a primary purpose(s), we will not use or disclose the Personal Information for another purpose (other than for Direct Marketing) unless you have consented to the use or disclosure of the Personal Information or you would reasonably expect us to use or disclose the Personal Information for the other purpose and the other purpose is: (a) if the information is Sensitive Information—directly related to the primary purpose; or (b) if the information is not Sensitive Information—related to the primary purpose; or (c) otherwise authorised by law, court or tribunal.

4.3  Other uses

Your Personal Information may also be used and disclosed in order to protect our rights or and property, the rights and property of users of the Services, and where appropriate, to comply with legal processes (which may include disclosures to law enforcement, regulatory or government agencies).

4.4  Direct Marketing

We may use your Personal Information to communicate directly with you to inform you about a new product, service or event offered or distributed by us and our Franchisees (Direct Marketing). You can opt-out of receiving Direct Marketing information from us at any time. If you receive Direct Marketing information from us and do not wish to continue receiving it, please contact us, asking to be removed from all future Direct Marketing programs. Once we have received your opt-out request, we will remove you from our Direct Marketing programs as soon as reasonably practicable.

5  WHO WE DISCLOSE PERSONAL INFORMATION TO AND CROSS BORDER DISCLOSURE

5.1  Who we disclose Personal Information to

We may disclose your personal information with other parties. These parties will vary according to the Services involved, but may include: Franchisees; Suppliers; Employer Sponsors; Fitness Australia; insurers; courts, tribunals and other dispute resolution bodies, credit reporting or reference agencies, or insurance investigators; anyone authorised by you or to whom you have provided your consent (either expressly or impliedly); and anyone to whom we are required or authorised by law, court or tribunal to disclose your Personal Information (e.g. law enforcement agencies and national and international government and regulatory authorities including the Australian Taxation Office, the Australian Prudential Regulation Authority, the Australian Securities and Investments Commission, the Australian Transaction Reports and Analysis Centre).

We and our Franchisees may also use and disclose your image (including still and motion photographs) in hard copy print and in postings on various blogs, forums, wikis and other online and social media applications and services (e.g. Facebook, Instagram) to promote, advertise and market the Services and/ or to record and promote your achievements in relation to the Services (e.g. reaching personal goals).

5.2  Whether we disclose Personal Information to overseas recipients

We are not likely to disclose your Personal Information to overseas recipients. If in future we wish to disclose your Personal Information to overseas recipients, we will do so with your consent or otherwise in compliance with the Privacy Act and the Principles.

Web traffic information may however be disclosed to Google Analytics or other analytics providers when you visit our website. These analytics providers may store this information across a large multiple of countries (to which it is impracticable to name each one). When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may also collect and hold your personal information overseas across a large multiple of countries. These social networking services have their own privacy policies and we strongly recommend that you review them.

6  ANONYMITY, PSEUDONYMITY AND CONSEQUENCES IF PERSONAL INFORMATION IS NOT PROVIDED

Where possible, if you wish to remain anonymous or to use a pseudonym when interacting with us, we may be able to provide you with limited information or services, such as general details about the Services. However, in many cases it will be impracticable or impossible for us to provide the Services effectively if you wish to remain anonymous or use a pseudonym. It is your choice whether to provide your Personal Information; however, if you choose not to identify yourself or wish to use a pseudonym, we may be unable to provide you with the specific Services you want (e.g. membership at one of our health clubs).

7  STORAGE AND SECURITY OF PERSONAL INFORMATION

We have in place reasonable commercial standards of technology and operational security to protect all Personal Information provided to us from misuse, interference, loss, unauthorised access, modification or disclosure. We take steps to protect the security of your Personal Information by regularly assessing the risks of misuse, interference, loss, unauthorised access, modification or disclosure and taking measures to address those risks.

We may be legally required to maintain some of your Personal Information for a significant period of time. However, once we no longer need your Personal Information, subject to any legal requirement; we will take such steps as are reasonable in the circumstances to destroy the information or ensure that the information is de-identified.

8  PRIVACY AND THE INTERNET

8.1  Internet transmission of information

Where appropriate we use secure transmission facilities; however, no transmission of information over the internet can be guaranteed to be completely secure and we do not warrant the security of any information transmitted by or to us over the internet. Users of the Services do so at their own risk.

8.2  Cookies and website analytics

Our website may use a range of tools provided by third parties, including Google, Bing and web hosting company(ies) to collect or view website and internet traffic information. These sites have their own privacy policies.

We may also use cookies and session tools to improve and customise your experience when accessing the Services. ‘Cookies’ are small text files that are stored by the browser (e.g. Internet Explorer, Firefox, Chrome or Safari) on your computer or mobile device. They allow websites to store such things as user preferences and to help us determine the type of browser and settings you are using, where you have been on the website, when you return to the website, the next page you accessed and where you came from. The purpose of this information is to provide you with a more relevant and effective experience, including presenting web pages according to your needs or preferences.

Cookies are frequently used on many websites on the internet and you can choose if and how a cookie will be accepted by changing your preferences and options in your browser. You may not be able to access some parts of our website if you choose to disable the cookie acceptance in your browser, particularly the secure parts of the website.

Website analytics measurement software may also be used to assist in tracking traffic patterns to and from websites, anonymously surveying users. The system is used to collect such information as the number of unique visitors, how long these visitors spend on a website, and common entry and exit points into and from a website.

This information is collected and aggregated by third party software and provided to us to assist in our analysis of our website.

8.3  Social networking services

We may use social networking services such as Twitter, Facebook, Instagram, LinkedIn and YouTube to communicate with you and the public at large about the Services. When you communicate with us using these services we may collect your Personal Information. The social networking service will also handle your Personal Information for its own purposes. These social networking services have their own privacy policies and we recommend that you review them.

8.4  Linked websites

Our website may contain links to external third party websites or mobile applications that we believe may be of relevance or use to you. This Policy does not apply to any of these linked websites or mobile applications and they are not subject to our privacy standards and procedures. A linked website or mobile application may contain its own privacy statement and we recommend that you review it.

9  Your consent

By applying to be a Franchisee or a Member, or otherwise accessing and using the Services, or otherwise providing us with your Personal Information, you consent to us collecting, holding, using and disclosing your Personal Information (including Sensitive Information and disclosure to third parties: in the manner set out in this Policy; for the primary purposes referred to in this Policy; for the secondary purposes referred to in this Policy; for any other purposes specified in this Policy; to provide you with news and information about the Services or events; for any purposes necessary or incidental to the provision of the Services; to provide you with the functionality on the Services (including customising and improving your experience with us); for internal purposes (including administering the Services, diagnosing problems, generating statistics and trends and improving the quality of the Services); to send you marketing and promotional material (including Direct Marketing); to seek your feedback on the Services or for market research purposes; as part of a corporate transaction such as a sale, divestiture, merger or acquisition; and for any other purpose required or authorised by law, court or tribunal.

10  ACCESS TO AND CORRECTION OF PERSONAL INFORMATION AND COMPLAINTS

10.1  Privacy Officer details

If you have any questions, concerns, requests or complaints regarding this Policy or your Personal Information, please direct your correspondence or communication to our Privacy Officer at:

The Privacy Officer

PO Box 3066 Unley South Australia 5061

Telephone: 1300 336 348

Email: privacy@efm.net.au

10.2  Access to, and correction of, Personal Information

You may request access to your Personal Information by contacting our Privacy Officer. You are also welcome to contact our Privacy Officer to seek more information about anything contained in this Policy, to request a copy of this Policy, to update or correct your Personal Information, to opt-out of receiving Direct Marketing information, or to make a privacy related complaint. Subject to us being permitted or required by law, court or tribunal to withhold your Personal Information, we would be happy to advise you of your Personal Information that we hold. We will respond to all requests within a reasonable period.

We will take reasonable steps to ensure that your Personal Information is accurate, complete, up to date and relevant whenever it is collected, used or disclosed. We rely on the accuracy of the information you, and anyone authorised by you, provides to us. If you think that we may hold information about you that is inaccurate, out of date, incomplete, or otherwise irrelevant or misleading in any way, please contact our Privacy Officer to correct it.

10.3  Complaint procedure

If you wish to make a complaint in relation to your Personal Information, please do so in writing addressed to our Privacy Officer. We take all complaints seriously, and will respond to your complaint within a reasonable period. We will determine what (if any) action we should take to resolve the complaint and will inform you of the same. If you believe that we have not adequately handled your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may pursue it further with the Office of the Australian Information Commissioner.

Last Updated: 20 August 2019