Flow Sparring Privacy Policy
Policy Statement
We are committed to managing personal information in accordance with applicable privacy laws.
Purpose
This Policy sets out how we collect, use, disclose, store, handle and dispose of (collectively, process) personal information about our members, franchisees and employees and any other people we interact with. It also explains particular rights you have in relation to the processing of your personal information. It should be read together with any terms and conditions governing your use of the Website or Apps, our membership terms and conditions (if you are a member), and any location specific legal notice.
Scope
This policy applies to all Flow Sparring employees, members, contractors, and visitors. It covers all activities, operations, and training facilities in the jurisdictions in which it operates, as well as any trust for which it or its related entities may act as trustee (collectively, Flow Sparring, we, our and us), the websites that we operate from time to time (including www.flowsparring.com) (Website/s) and any mobile applications that we operate from time to time (Apps).
In this Policy, you refers to any individual about whom we collect personal information. Personal information means information or an opinion about you, whether true or not, from which you can be identified, and includes your health information.
If you have any questions or comments about this notice, or you wish to exercise the rights you have under applicable privacy laws (which are explained further below), please contact us using the methods set out in section 14.
1. What information does Flow Sparring collect about you?
We only collect personal information where it is necessary to do so for our functions or activities. The kinds of personal information we collect will depend on the capacity in which you are dealing with us, for example, whether you are a member, a business contact or applying for a job. You can always decline to give us any personal information we request, but this may mean we cannot provide you with some or all of the services you have requested.
The types of personal information we collect about you may include:
- Identity information including first name, last name, username or similar identifier, marital status, title, date of birth, age, gender, your job function, your employer or department, qualifications and work history.
- Contact information including billing address, postal address, email address and telephone numbers (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the company for which you work) and any other details needed to complete your application form or Flow Sparring Agreement.
- Financial information including bank account and/or credit card details and other payment method information.
- Transaction information including details about payments to and from you, other details of services you have received from us, and records of our communications.
- Profile information including your username and password, your interests, preferences, feedback and survey responses. It also includes information you give us or that we obtain when you use our Websites or Apps, obtain or subscribe to our services, supply us with goods or services, enquire about a service, place a service request, enter a competition, or contact us to report a problem, or do any of these things on behalf of another person.
- Member information including details of your attendance rates, information about how you use our services, Website, and Apps, as well as personal information which can include Identity, Contact, Financial, Transaction and Profile information of you and/or your family members, emergency contact details, beneficiaries, employees or employers, or other third persons about whom we need to collect personal information by law, or under the terms of a contract we have with you.
- Sensitive information may include sensitive personal information where it is relevant to the services that we provide, such as health information (ie, height, weight, age, diet information (including nutritional plans), heart rate data, body scans, personal effort, strength, body photographs, health and fitness goals and achievements). The types of sensitive information we collect may also include details of your medical history, details of any medication(s) you take, whether you smoke or are pregnant, and other relevant health-related information.
- Marketing and communications information including your preferences in receiving marketing from us and your communication preferences. This may include information about events to which you are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events.
- Technical information including:
- the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- information about your visit to our Website and Apps, such as the full URL, clickstream to, through and from our Website (including date and time), services viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from a page, any phone number used to call our central switchboard number, and direct dials or social media handles used to connect with our employees.
- location information which we may collect through our Website or Apps and which provides your real-time location in order to provide location services (where requested or agreed to by you) to deliver content or other services that are dependent on knowing where you are. This information may also be collected in combination with an identifier associated with your device to enable us to recognise your mobile browser or device when you return to the Website or App.
- Image / audio visual recordings including closed circuit television (CCTV) footage that is installed within appropriate areas in each of our fitness studios, telephone conversations with you recorded for training or quality assurance purposes and, with your express consent, your photo or video for promotional purposes (where permitted under applicable privacy laws).
2. How does Flow Sparring collect your personal information?
We generally collect personal information directly from you. We may collect and update your personal information over the phone, by email, via our Website or Apps, or in person. We may sometimes collect personal information about you from other sources, including:
- publicly available information, such as public registers
- social media, Websites or Apps which you use
- your employer or former employer
- other third parties (such as our third-party suppliers and contractors who assist us to operate our business (including CRM software or any third-party payment gateway), with your consent.
3. How we use and process the personal information we collect about you
We collect personal information reasonably necessary to carry out our business, to assess and manage our members' needs, and to provide fitness programs. We may also collect information to fulfil administrative functions associated with these services. Depending on your interactions with us, we may use and process your personal information for the purposes set in the table below, as well as:
- any related secondary purpose which we believe you would reasonably expect when we collected your personal information or as a result of our ongoing relationship with you;
- any purpose for which you have consented; or
- any purpose for which we are required or authorised by applicable law.
The legal basis for processing personal data by us will be one of the following:
- you have given us consent;
- the processing is necessary for the performance of a contract you are party to, or in order to take steps at your request prior to you entering into a contract;
- the processing is necessary for us to comply with our legal obligations; or
- the processing is necessary for the pursuit of our legitimate business interests.
| Purpose | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
To process and administer your dealings as a member, including (without limitation):
|
|
|
To process and administer your dealings as a franchisee, including (without limitation):
|
|
|
To properly tailor our services to your health needs, including (without limitation):
We only use your sensitive information for these purposes and no other purpose. We will obtain your express consent in circumstances where it is necessary for us to collect your sensitive information. |
|
|
To manage our relationship with you, including (without limitation):
|
|
|
To enable you to participate in an event or complete a survey, including (without limitation):
|
|
|
To improve our services, training and quality assurance, as well as documenting what has been discussed and decided between you and us, including (without limitation):
|
|
|
Carry out risk analysis, fraud prevention and risk management, including (without limitation) through:
|
|
|
To administer and protect our business, Website and Apps, including (without limitation):
|
|
|
To participate in recruitment activities, including (without limitation):
|
|
|
To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you, including (without limitation):
|
|
|
| To use our data analytics to improve our Apps, Website, products/services, marketing, customer relationships and experiences. |
|
|
(Where permitted under applicable law) to provide you with the information and communications such as:
|
|
|
4. How does Flow Sparring interact with you via the internet?
Our Website(s) use cookies. A cookie is a small file stored on your computer's browser, which assists in managing customised settings of the Website(s) and delivering content that help us track your Website(s) usage and remember your preferences. We collect certain information such as the time and date of your visit, your device type, browser type, IP address, and pages you have accessed on our Website(s) and on third-party Websites. You are not identifiable from such information.
You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our Website.
Our Websites may contain links to third-party Websites. We are not responsible for the content or privacy practices of Websites that are linked to our Website. Any information you provide directly to a third party will be managed in accordance with that party's privacy policy.
4A. Social media messaging and automated responses
If you contact us by direct message on Facebook Messenger or Instagram, we receive your message content, your name and public profile information, and message metadata (such as timestamps) through Meta Platforms' APIs (the Messenger Platform and Instagram Platform APIs).
We use this information to respond to your enquiry. Initial responses may be generated automatically using artificial-intelligence software. To provide this service, message content is processed on our behalf by third-party service providers: Meta Platforms, Inc. (messaging infrastructure), Make.com (automation platform, processed in the European Union) and Anthropic PBC (AI response generation, processed in the United States). These providers process your information only to deliver the messaging service and are not permitted to use it for their own purposes.
Message content is retained only as long as needed to handle your enquiry and in accordance with section 11 of this Policy. We do not use your message content for advertising and we do not sell it to third parties. You can request access to or deletion of your messaging data at any time using the contact details in section 14. You may also stop interacting with the automated service at any time and ask to speak with our staff directly.
5. Can you deal with Flow Sparring anonymously?
You may visit our Website without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), any personal information you provide to us will be managed in accordance with this Policy.
We will provide individuals with the opportunity to remain anonymous or use a pseudonym in their dealings with us where it is lawful and practicable to do so (for example, when making a general enquiry). In general, it is not practicable for us to deal with individuals anonymously or pseudonymously on an ongoing basis. If you do not provide your information to us, we may not be able to:
- provide you with the services you want, or permit participation in the events, programs or activities we manage or deliver;
- respond to your requests;
- manage or administer your service;
- personalise your experience with us;
- verify your identity or protect against fraud; or
- let you know about other products or services that might better meet your needs.
6. How does Flow Sparring hold and secure information?
We store information in paper-based files or use electronic record-keeping methods (including using trusted third-party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss from unauthorised access, modification or disclosure.
We maintain physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
Our Website does not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our Websites are encouraged to exercise care in sending personal information via the internet.
CCTV recordings can be accessed only by authorised staff. Recordings of a specific incident may be released to the relevant law enforcement body only under the terms of this Policy or subject to the execution of a search warrant or other legal process.
7. Does Flow Sparring use or disclose your personal information for digital or direct marketing?
In some jurisdictions, you may receive direct marketing communications. If you do not want to receive direct marketing communications, or you have provided your consent to receive direct marketing but wish to withdraw it, you can opt out at any time by contacting us using the contact details below in section 14 or the unsubscribe facility in the emails we send to you.
If you opt out of receiving marketing material from us, we may still contact you about our ongoing relationship with you.
We may occasionally engage other organisations to provide marketing or advertising services on our behalf. Those organisations will be permitted to obtain only the personal information they need to deliver the relevant services. If we provide those organisations with any of your personal information, it is to provide you with a better or more relevant and personalised experience and to improve the quality of those services.
8. How does Flow Sparring disclose personal information?
We will not sell, distribute or disclose your information or personal details to any third parties, other than in accordance with this Policy, or to those who are contracted to us to keep your information or personal details confidential.
We may disclose personal information:
- to our suppliers, franchisees, consultants, contractors or agents we engage in order to provide our services, including payment processing and debt recovery, data processing, data analysis, customer satisfaction surveys, information technology services and support, Website and App maintenance/development, printing, archiving, mail-outs, and market research;
- via our social media pages and the App for promoting Flow Sparring and our services;
- via the App to provide assessment information or to announce winners of our challenges;
- if we merge with or are acquired by another entity, to that entity as a part of the merger or acquisition;
- to relevant government, federal, state and territory authorities for the purpose of investigating an incident, including a workplace health and safety matter or security incident;
- when conveying information to a responsible person (e.g. parent, guardian, spouse) if you are injured, incapable or cannot communicate, unless you have requested otherwise;
- for other administrative, management and operational purposes, such as risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives).
We may use and disclose your personal information for other purposes explained at the time of collection, that you have consented to, or otherwise as set out in this Policy.
9. Does Flow Sparring disclose your personal information overseas?
Unless we have your consent, or an exception or other lawful basis under applicable privacy laws applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach applicable privacy laws in relation to your personal information and will comply with any other requirements under applicable privacy laws relating to the offshore disclosure of personal information.
The reason for disclosure to an overseas recipient depends on the nature of the services those recipients provide to us. For example, we may store your information in the cloud or other types of networked or electronic storage, or where our customer relationship management system is hosted on servers located overseas. As electronic or networked storage can be accessed from various countries via an internet connection, it's not always practicable to know in which country your information may be accessed or held.
If we or our service providers transfer any of your personal information we collect from you outside of Australia, it will only be done with relevant protections in place. We will take steps to ensure that your personal information will be afforded the level of protection required of us in accordance with applicable data protection laws and current legally recognised data transfer mechanisms, such as:
- where the country has been deemed adequate by a relevant supervisory authority; or
- by adopting appropriate approved standard contractual clauses.
10. Your rights
How to access your information
Subject to applicable laws, you are entitled to access your personal information held by us on request. You can do this by contacting us using the contact details set out below. We will need to verify your identity before we can give you access. We will acknowledge receipt, and we will endeavour to deal with and respond to your request within a reasonable time.
You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
We may decline your request to access your personal information in certain circumstances in accordance with applicable privacy laws. If we refuse your request, we will provide you with a reason for our decision (including, where applicable, an alternative means of access to the information, such as supervised inspection), and how you can complain if you are not satisfied with our decision.
How to correct your personal information
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in the information we hold about you and letting us know if your details change. You also have access to update and maintain your details through relevant Apps made available to you as a member. If you consider any personal information, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information. If we refuse your request to correct your personal information in accordance with this procedure, we will include a statement with your personal information about the requested correction.
11. What happens when we no longer need your information?
We will only keep your information for as long as we require it for our purposes. We may also be required to keep some of your information for certain periods of time under applicable law. When we no longer require your information, we will take steps to securely destroy or de-identify it. We will only keep your information for as long as we have a relationship with you and for 7 years or otherwise as required for our business operations or by applicable laws.
We may need to retain certain personal information after we cease providing you with products or services to enforce our terms, for fraud prevention, to identify, issue or resolve legal claims and for proper record keeping. We may also retain a record of any stated objection by you to receiving marketing for the purpose of ensuring we can continue to respect your wishes and not contact you further.
12. What should you do if you have a complaint about the handling of your personal information?
You may contact us at any time if you have any questions or concerns about this Policy or about how your personal information has been handled or processed. You may make a complaint to us using the contact details set out below.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you still feel your issue or request has not been resolved to your satisfaction, then you have the right to make a complaint to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights). We can, on request, tell you the relevant authority for the processing of your personal information.
In Australia, the relevant authority is the Office of the Australian Information Commissioner, who can be contacted by telephone on 1300 363 992 or online at: www.oaic.gov.au/privacy.
13. How are changes made to this Policy?
We may amend this Policy from time to time, with or without notice to you, subject to local law. We recommend that you visit your Flow Sparring App regularly to keep up to date with any changes.
14. How can you contact us?
Please contact us if you have any questions or comments about this notice or if you wish to exercise the rights you have under applicable privacy laws using the following details:
Name: Jessica Woodward
Position: Director
Email: admin@flowsparring.com
Address: Level 1, Suite 108, Norton Plaza, 55 Norton Street, Leichhardt, NSW 2040
