Privacy Policy

Overview

This privacy policy (“Privacy Policy”) sets out how Journey and its related bodies corporate (“we”, ”our”, ”us”) collects, stores, uses, protects, shares and discloses your personal information. It applies to our website accessible at https://club-journey.com.au and its related services, websites, applications and tools, as well as any other services that we provide (“Services”) (together the “Website”). By visiting or using the Website you agree to the collection, storage, usage and disclosure of your personal information by us in the manner described in this Privacy Policy.

From time to time we will review our Privacy Policy. We will notify you about any changes to our Privacy Policy at any time by posting an updated version of the Privacy Policy on the Website. We do not make any representations about third party web sites that may be linked to the Website.

The processing of personal data shall always be in line with the Australian Privacy Principles contained in the Privacy Act 1998 (“Privacy Act”), the General Data Protection Regulation (“GDPR”), and in accordance with country-specific data protection regulations applicable to Journey.

Journey has implemented a number of technical and organizational measures to ensure the most complete protection of personal data processed through the Website.

What personal information we collect and hold

We may collect the following types of personal information in order to provide you with our Services:

  1. Account Data You do not need to create an account to use some of our Services, however, if you do choose to create an account, you must provide us with some personal information.
    By creating an account on the Website you may enter your details on the input form. We may collect the data that you input for your account creation (“Account Data”).
    The Account Data includes information such as your name, username or pseudonym and your password that you provide to us when you sign up for an account.
    Your username will be public, and you may choose whether to make your name public. Our Services provide you with the option to use a username or a pseudonym.
    The Account Data may be processed for the purposes of operating the website, enabling you access to protected parts of the website, providing our services and ensuring the security of our website.
    The legal basis for this processing is based on:
    (a) your consent through your voluntary submission of the form and agreeing to these terms, typically by your ticking of the confirmation checkbox.
    (b) the personal data being necessary for the performance of a contract to which you are a party;
    (c) for carrying out pre-contractual measures; and/or;
    (d) any other legitimate interests as detailed below;
    The registration of the account and voluntary provision of personal data is intended to enable us to offer you services that may only be available to registered users.

  2. Profile Data Creating a profile on the Website will allow us to personalise the information we provide to you. We collect this data when you create a profile or other means on the Website (“Profile Data”).
    The Profile Data includes information such as your phone number, mobile telephone number, payment details, email address, address and other contact information as required to use our Services on the Website.
    Your Profile Data is used to help us create a better experience for you on the Website as well as authenticate your account and keep it and our Services secure. We may also use your Profile Data to enable certain account features. We may make certain information available to the public, however, you will have the ability to edit these on the Website.
    The legal basis for this processing is based on:
    (a) your consent through your voluntary submission of the form and agreeing to these terms, typically by your ticking of the confirmation checkbox;
    (b) the personal data being necessary for the performance of a contract to which you are a party;
    (c) for carrying out pre-contractual measures; and/or
    (d) any other legitimate interests as detailed below.
    We may also use your Profile Data to market to you and provide you with notifications.
    You can choose to opt in or out of any marketing services we provide you.

  3. Payment Data You may provide us with your payment information, such as your credit or debit card details in order to purchase an offering on our Website (“Payment Data”). We may collect this information when you interact with any payment details or forms on the Website.
    The legal basis for this processing is based on:
    (a) your consent through your voluntary submission of the form and agreeing to these terms, typically by your ticking of the confirmation checkbox;
    (b) the personal data being necessary for the performance of a contract to which you are a party including the payment of goods or services; and/or
    (c) any other legitimate interests as detailed below.

  4. Additional Data We may process information contained in any enquiry you submit to us either on the Website or by other means such as an email, phone call or by contracting with us (“Additional Data”).
    We may collect any information as provided by you in the form or email.
    The Additional Data may be processed for the purpose of providing our services to you or to communicate with you and we will store and process your communications and information as needed.
    The legal basis for this processing is based on:
    (a) either through your consent through your voluntary submission of the form and agreeing to these terms, typically by your ticking of the confirmation checkbox or by your voluntary submission of data to us in other means;
    (b) the personal data being necessary for the performance of a contract to which you are a party;
    (c) for carrying out pre-contractual measures; and/or
    (d) any other legitimate interests as detailed below.

    By submitting the form or making contact with us such personal data is transmitted on a voluntary basis and you consent to its collection.

  5. Subscription Data We may process information contained in any enquiry you submit to us either on the Website or by other means such as an email, phone call or by contracting with us (“Additional Data”).
    We may collect any information as provided by you in the form or email.
    The Additional Data may be processed for the purpose of providing our services to you or to communicate with you and we will store and process your communications and information as needed.
    The legal basis for this processing is based on:
    (a) either through your consent through your voluntary submission of the form and agreeing to these terms, typically by your ticking of the confirmation checkbox or by your voluntary submission of data to us in other means;
    (b) the personal data being necessary for the performance of a contract to which you are a party;
    (c) for carrying out pre-contractual measures; and/or
    (d) any other legitimate interests as detailed below.

    By submitting the form or making contact with us such personal data is transmitted on a voluntary basis and you consent to its collection.

  6. Public Data On the Website you may have the ability to comment or participate on blogs, discussion forums or other parts of the Website that allow you to post your comments. We may collect this data on the Website when you choose to comment or participate on the Website (“Public Data”).
    You should be aware that any information you provide in the manner contemplated above may be made broadly available for others.
    This Public Data includes information such as your profile information, your time zone, and any information you input. You are responsible for what you make public.
    The legal basis for this processing is based on:
    (a) your consent through your voluntary submission of the form and agreeing to these terms, typically by your ticking of the confirmation; and/or
    (b) any other legitimate interests as detailed below.
    We collect and disclose this information for the purpose of providing the Services to you and enabling you to comment or participate in the forums contemplate above. By submitting any personal data in the above manner you do so voluntarily, with the understanding that it will be made public.

  7. Log Data We may receive information when you view content on or otherwise interact with our Services (“Log Data”). We may receive this Log Data automatically.
    This Log Data includes information such as personal information from your interaction with the Website and its content, our Services and our advertising, including without limitation device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Website, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address, server address, date and time of your visit to our Website, information of documents you download, pages visited, search terms, cookie information, and standard web log data.
    The Log Data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you.
    The legal basis for this processing is based on:
    (a) the personal data being necessary for the performance of a contract to which you are a party;

    (b) for carrying out pre-contractual measures; and/or

    (c) the legitimate interests of carrying out our business in favour of the well-being of all our employees and the shareholders, providing personalised Services to you and any other legitimate interests as detailed below.

    In some circumstances, personal information is provided to us by third parties such as our related entities, service providers or other organisations conducting activities on your behalf. With your expressed consent, your personal information may be used and disclosed to us this way. The purposes as outlined above may include the processing of such personal data to the extent necessary for us to comply with a law, regulation or legal request or to protect the safety of any person or to prevent fraud.
    We understand the importance of protecting children’s privacy. The Website including related sites such as our Facebook, Twitter, Snapchat, LinkedIn or other social media pages are not intentionally designed for or directed at children.

How personal information is used

Our principal purpose in collecting, using and storing your personal information is to provide the Services in a personalised, safe and efficient manner. We collect, use, store, share and disclose your personal information to:

(a) conduct our business, generate content and provide customer support and payment services (including updates and improvements);

(b) administer contracts including to negotiate, execute and or manage a contract with you;

(c) for our administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes, and our related bodies corporate, contractors and employees or service providers;

(d) to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties, including but not limited to providing your information to a contractor and other goods and services provided in the Website;

(e) to provide your updated personal information to our related bodies corporate, contractors, employees or service providers;

(f) provide, administer, market and manage the Website, including but not limited to, providing you with customary search results for use in our Website;

(g) research, develop and improve the Website;

(h) communicate with you;

(i) provide you with access to protected areas of the site and to authenticate your account;

(j) conduct surveys to determine use and satisfaction with the Website;

(k) detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Terms and Conditions accessible on the Website (“Terms and Conditions”), this Privacy Policy or any other policy;

(l) enforce our Terms and Conditions, this Privacy Policy or any other policy;

(m) verify information for accuracy or completeness (including by way of verification with third parties);

(n) comply with our legal obligations, a request by a governmental agency or regulatory authority or legally binding court order;

(o) combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out this Privacy Policy;

(p) aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;

(q) resolve disputes and to identify, test and resolve problems;

(r) notify you about the Website and updates to the Website from time to time;

(s) supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences; or

(t) protect a person’s rights, property or safety.

If you access the Website from a shared device or a device of a third party (such as in an internet café), your personal information may also be available to other persons who access that device.

Disclosure of personal information

We may disclose your personal information to third parties for the purposes contained in this Privacy Policy, including without limitation to:

  1. Service providers We engage other companies, organisations and contractors and outsourced service providers who assist us to provide, or who perform the Services we provide to you. The service providers include:
    (a) information technology service providers such as web host providers and analytical providers;

    (b) mailing houses;

    (c) market research organisations to enable them to measure the effectiveness of our advertising; and

    (d) specialist consultants.

  2. Affiliates and our staff We may disclose your personal information with our affiliates and staff members for the purpose of conducting our business.
    In the event that are involved in a merger, acquisition, or sale of assets we may disclose your personal information to such entities that we propose to merge with or be acquired by.

  3. Third parties with your consent We may disclose your personal data to third parties to whom you expressly ask to us to send the personal data to or to third parties you consent to us sending your personal information to.
    We may also, with your consent or at your direction, disclose your personal information to your authorised representatives.

  4. Law and public interest We may disclose your personal data if we believe that it is reasonably necessary to comply with a law, regulation, legal process or governmental request. We may also disclose your person data to protect the safety of any person or to protect the safety or integrity of our platform including for security reasons.
    We may share your personal data with such third parties subject to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and on the condition that the third parties use your personal data only on our behalf and pursuant to our instructions.
    We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the APPs or equivalent privacy laws.
    We will not share, sell, rent or disclose your personal information in ways different from what is disclosed in this Privacy Policy.

If we can’t collect your personal information

If you do not provide us with the personal information described above, some or all of the following may happen:

(a) we may not be able to provide the requested products or services to you, either to the same standard or at all;

(b) we may not be able to run the competitions and promotions in a way that benefits you;

(c) we may not be able to provide you with information about products and services that you may want; or

(d) we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.

Privacy related permissions requested

The Website requests permission for the use of our applications, including (but not limited to) the GymLeads app at https://app.gymleads.net, the Marketing and Automation App at https://marketing.gymleads.net, the Kiosk app at https://kiosk.gymleads.net and any other applications we make available to you from time to time (each an “Application”). The permission granted for use of an Application will only be used for the purposes outlined in this Privacy Policy or otherwise directly notified to you via the Application.

The Website may request to send you push notifications. You have control over whether or not you wish to receive relevant advertisements and marketing notifications from us. To opt out of receiving push notifications please review the manual for your device.

Use of Cookies

We (or a third party providing services to us) may use cookies on the Website. A Cookie is a small file that may be placed on your computer when you visit the Website. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. If Cookies are disabled, we may not be able to provide you with the full range of our Services. We note that web browsers are generally set up to automatically accept cookies.
Cookies may collect and store your personal information. This Privacy Policy applies to personal information collected via Cookies. You consent and acknowledge that we collect your personal information through Cookies. We use both session-based and persistent cookies, dependent upon how you use or interact with this website. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or until they expire.

Cookies may be used to provide you with the Services, including to identify you as a user of the Website, remember your preferences, customise and measure the effectiveness of the Website and our promotions, advertising and marketing, analyse your usage of the Website, and for security purposes. Some of our Services may not function properly if you disable cookies. You also may encounter Cookies used by third parties and placed on certain pages of the Website that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.

The Website may also include links to third party websites (including links created by users or members) and applications and advertising delivered to the Website by third parties (“Linked Sites”). Organisations who operate Linked Sites may collect personal information including through the use of Cookies. We are not responsible nor liable for Linked Sites and recommend that you read the privacy policies of such Linked Sites before disclosing your personal information. For the avoidance of doubt Linked Sites are not subject to this Privacy Policy.

The Website is hosted by an online service provider which may change from time to time. Our service providers’ use of Cookies is not covered by our Privacy Policy.

Storage and security

We will process personal data securely and apply and maintain appropriate technical and organisational measures to protect personal data.

We store, protect and process your personal information by taking reasonable steps. The reasonable steps we take include protecting the information from misuse or loss and from unauthorised access, modification or disclosure.

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Retention of data

We keep personal information from active accounts as long as it is reasonably needed for our operations and to fulfill the purposes set out herein. We will also keep personal information from accounts that have been deactivated where we are legally required to and also where it is necessary to stop fraud, collect outstanding fees, troubleshoot problems, or otherwise enforce our other policies accessible on the Website.

Managing your personal information

Subject to the Privacy Act and the GDPR, you may request to access the personal information we hold about you by contacting us. All requests for access will be processed within a reasonable time.

  1. Accessing or Rectifying your Personal Data We provide you with tools and account settings to access, correct, delete, or modify the personal data you provided to us. You can download and access certain information you provide to us including by contacting us at journey@gymleads.net In the event that you are unable to access your account to access or rectify your personal data, you may submit a request to us to correct, delete or modify your personal data and download the data for you.

  2. Deletion We keep data for as long as it is needed for our operations. If you deactivate and delete your account your data will no longer be visible on your account. Please keep in mind that third parties may still retain copies of information you have made public through our website. If you wish to have us delete your data please contact us.

  3. Object, Restrict, or Withdraw Consent If you have an account on the website you will be able to view and manage your privacy settings. Alternatively, if you do not have an account, you may manually submit a request to us if you object to any personal data being stored, or if you wish to restrict or withdraw any consent given for the collection of your personal data.
    You may withdraw your consent to the processing of all your personal data at any time. If you wish to exercise this right you may do so by contacting us.
    You may withdraw your consent or manage your opt-ins by either viewing your account on the Website or clicking the unsubscribe link at the bottom of any marketing materials we send you.

  4. Portability We can provide you with the means to download the information you have shared through our services. Please contact us at journey@gymleads.net to arrange access.

In certain instances we may not be required or able to provide you with access to your personal information. If this occurs we will give you reasons for our decision not to provide you with such access to your personal information in accordance with the Privacy Act or GDPR.

There is no application fee for making a request to access your personal information. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third party provider.

International transfer of personal data

Where we transfer personal data outside of the European Union or EFTA States, we ensure an adequate level of protection for the rights of data subjects based on the adequacy of the receiving country’s data protection laws.

Overseas disclosure

We may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:

(a) our related bodies corporate;

(b) our data hosting and other IT service providers, located in various countries; and

(c) other third parties located in various foreign countries.

We may disclose your personal information to entities within Australia who may store or process your data overseas. In the event that a disclosure is made in an overseas country (which we consider unlikely), the information will not be protected by the Australian Privacy Principles. In any event, by providing your details, you consent to your information being disclosed in this manner.

Notifiable data breaches

We take data breaches very seriously.

If you reside in Australia: In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act 1988 (Cth) or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out in this clause.

We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach or sooner if possible. We will follow the guide published by the Office of the Australian Information Commissioner (if any) in making this assessment.

If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved or any remedial action we take is successful in making serious harm no longer likely, then no notification or statement will be made.
Where, following an assessment and undertaking remedial action (if any), we still have reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

If you reside in the European Union of EFTA States: We will endeavour to meet the 72 hour deadline as imposed by the GDPR, to report any data breach to the supervisory authority where a data breach occurs that will likely be a risk to you.

Further, where there is likely to be a high risk to your rights we will endeavour to contact you without undue delay.

We will review every incident and take action to prevent future breaches.

Automated individual decision-making, including profiling

If you reside in the European Union or EFTA States, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between us, or is not authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is not based on your explicit consent. If you wish to exercise your rights please contact us.

Direct marketing materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

Consent

We note that all contact or other data forms where consent is required to be given by you, include no pre-checked checkboxes so that you are able to freely affirmatively opt-in. We will also provide you with notice on the Website specifically detailing what it is that you are consenting to in clear and plain language as well ensuring that each matter that requires consent is clearly distinguishable.

For all areas of the Website where consent is given it is just as easily able to be withdrawn through the appropriate account settings on the Website.

If you believe that consent has not been given freely or in breach of the terms of this Privacy Policy please contact us.

Links

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

Contact

If you receive communications purporting to be connected with us or our Services that you believe have been sent to you other than in accordance with this Privacy Policy, or in breach of any law, please contact us using our contact details on the Website or below.

If you have a question regarding this Privacy Policy or you would like to make a complaint, please contact us by email by using our contact details on the Website or below.

If you reside in Australia: You can confidentially contact our Privacy Officer at:

Privacy Officer
Post: Suite 6, Level 2 58-60 Victor Crescent Narre Warren VIC AUSTRALIA 3805
Email: journey@gymleads.net

If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission at:

Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Office Address: Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address: GPO Box 5218, Sydney NSW 2001
Website: www.oaic.gov.au

If you reside in the European Union or EFTA States: The data controller that is responsible for your personal data is:

Aron Bury
Post: Suite 6, Level 2 58-60 Victor Crescent Narre Warren VIC AUSTRALIA 3805
Email: support@gymleads.net

If you wish to raise a concern about our use of your information you have the right to do so with your local supervisory authority. You can find your local authority on the ec.europa.eu website. As at the introduction of this policy, the list of authorities can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm