Krav Maga Defence Institute Pty Ltd (KMDI)
Privacy Policy
INTRODUCTION
At KMDI we are committed to protecting your privacy. We collect and process personal data about you to provide the services you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests. Our Privacy Notice explains how we collect, use, share and protect your personal information. When we update this policy we will post any changes on our website. In addition when visiting our website we will provide you with “just in time” notices at the moment of data collection. If you have any queries about this Notice please contact us at 8 Rutland Street Surry Hills NSW. Alternatively send an email to info@kmdi.com.au or by using the contact form at our Contact page.
IDENTITY OF DATA CONTROLLER
The Data Controller in respect of this Privacy Notice is Krav Maga Defence Institute Pty. Ltd.
WHEN DO WE COLLECT INFORMATION?
We collect your personal information when you:
• Complete an Online Membership Agreement
• Register interest for upcoming KMDI opening locations
• Book or attend an exercise class or lesson
• Ask us for more information about a product or service, or contact us with a question or complaint
• Take part in a competition, prize draw or survey
• Visit or browse our website. See our Cookie Policy Below.
• Contact our Member Services support team through telephone, email or online chat
• Send an email to an @kmdi.com.au email account
• You have an accident in our gyms or there was an incident where you were a witness or personally affected
• When you book classes, courses and inductions
• CCTV – when you are using our gyms. See our CCTV policy below.
• When you use the KMDI app
• When our teams take photos of your attendance at the gym, part of an event or in a class (Your permission will be asked beforehand) When using our gyms CCTV is being recorded 24 hours a day and actively monitored between 8pm and 8am by our internal CCTV team. CCTV is permanently erased after 31 days. We may also collect, match or acquire information about you from other organisations such as Google and Facebook.
WHAT INFORMATION DO WE COLLECT?
1 The information we collect is required for the purpose of creating your Member Account and for you to enrol in our gyms. Such information allows you to be identified as a member of KMDI and includes:
• Name, date of birth, gender, e-mail address, postal address, telephone number, health declaration.
• Credit or debit card information, information about your bank account number and sort code or other banking information. Note that we do not store your bank or credit card details on our web servers
• Your usage records and duration of visits
• Your preferences for particular products or services or interests when you tell us what they are – or when we assume what they are, depending on how you use our products and services
• Your contact with us, such as a note or recording of a call you make to our contact centre, an email or other records of any contact you have with us
• Your membership information – such as dates of payment owed and received, the services you use and any other information related to your account
HOW DO WE USE THIS INFORMATION?
We will use your personal information to provide you with the services, products or information that you have requested, for administration purposes, to improve your website experience, and marketing. We may need to share your information with our service providers, associated organisations and agents for these purposes. We may use your information to:
• Process your membership application through Mindbody, our chosen membership software
• Bill you for using our services as part of your membership
• Keep you informed about our services including operational matters relating to your Membership
• Provide relevant services to you
• Confirm your attendance to classes or lessons 2
• To allow you to monitor your gym usage in your members area
• To share gym event photos on our internal social media platform (Your permission will be asked first before a picture is taken)
• Contact you with offers or promotions based on our analysis of how you use our services and what we think will be of interest to you (unless you choose not to receive our marketing messages)
• Respond to any questions or concerns you might have about our services
• Understand how you use our services, to help us develop relevant and updated services
• Carry out research and statistical analysis to monitor how customers use our services
• Prevent and detect fraud or other crimes
Where we process your personal data based on your consent you have the right to withdraw consent at any time, for example your consent to receive direct marketing. If you no longer want to receive marketing messages from us, please visit your profile section within the Member’s Area of the website where you can opt out. You can choose to opt out of all marketing or select your marketing preferences. Alternatively, if you are no longer a member, and wish to remove your consent to receive marketing content please contact by email to info@kmdi.com.au. We’ll store your information for as long as you are a Member of KMDI, or following cancellation and to meet legal requirements including financial audit, anti-fraud and money laundering regulations we will store your information for no more than 6 years from the last activity on the account. An ‘activity’ can be classified as access into a gym, a payment made on the membership account or a comment added to the membership following contact with KMDI. We may contact you about KMDI services during this 6 years if you haven’t opted out of receiving marketing communications from us.
DO WE USE COOKIES?
KMDI uses cookies (small text files stored in your browser) and other techniques such as web beacons (small, clear picture files used to follow your online activities). These collect information that tells us how you use our websites, web-related products and services. The use of cookies does not give us access to the rest of your computer. This, in turn, helps us make our website relevant to your interests and needs. We may use a persistent cookie (a cookie that stays linked to your browser) to record your details so we can recognise you if you visit our website again. 3 You can choose to refuse cookies, or set your browser to let you know each time a website tries to set a cookie. You can find out more information about cookies including information on how to turn them off. Please note however that if you disable our cookies you may not be able to access certain services or facilities on our sites and your use of our sites may be restricted. This could include joining or logging in to your members area. See our cookies policy.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have a dedicated team whose function is to secure our clients’ information and also take appropriate measures to ensure that the information we collect and maintain is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. We ensure the organisations that provide us with services related to your membership have appropriate security measures and only process your information in the way we have authorised them to. These organisations will not be entitled to use your personal information for their own purposes. Communications over the internet (such as emails) aren’t secure unless they’ve been encrypted. Your communications may go through a number of countries before being delivered – as this is the nature of the internet. We can’t accept responsibility for any unauthorised access or loss of personal information that’s beyond our control.
WILL WE DISCLOSE THE INFORMATION WE COLLECT TO OUTSIDE PARTIES?
We may share information about you with:
• Service providers, agents and associated organisations to allow us to service your membership and communicate with you; for example, financial institutions to process payments, and freelance personal trainers when you sign up to classes
• Law enforcement agencies, regulatory organisations, courts or other public authorities where we have a legal obligation to do so We’ll release information if it’s reasonable for the purpose of protecting us against fraud, defending our rights or property, or to protect the interests of our customers. If we’re reorganised or sold to another organisation, we may transfer any personal information we hold about you to that organisation. We will inform you if we do.
USE OF PERSONAL DATA FOR AUTOMATIC DECISION MAKING
We do not intend to use your personal data for automatic decision making.
THIRD PARTY TRACKING
We use tools such as Google Analytics for collecting personal data about our website visitor’s online activities over time and across different web sites for marketing purposes. This is so we can ensure our website gives you the best possible experience. For more information and how to opt out from this please visit our cookies policy.
YOUR PRIVACY RIGHTS
You have the following rights in relation to your data privacy: the right of access; the right of rectification; the right of erasure (the “right to be forgotten”); the right to restriction of processing; the right to be notified; the right to data portability; the right of objection; and the right to not be subject to automated profiling. Access. You have the right to ask for a copy of the information we hold about you and to have any inaccuracies in your information corrected. Please contact us through email to info@kmdi.com.au, the contact us section of the website or writing to the address below. There is not normally a fee for this service. Rectification. If you believe we’re holding inaccurate information about you, or your personal details change, please update your profile on the KMDI website in the member’s area. Debit, Credit and Bank account changes can be made in your members area on the KMDI website. Erasure. You have the right to the erasure of the data we hold on you, when it is no longer needed for the purposes of your Membership, or when you withdraw your consent for our processing (and we have no other lawful basis to hold your data). Restriction. You have the right to ask us to place restrictions on processing your data in certain circumstances. Notification. You have the right to be notified of any rectification, erasure or restrictions in relation to your personal data. Portability. You have a right to receive the data we hold on you electronically in a format that allows it to be easily transferred to another data controller. Object. You have the right to object to data processing of your personal data for direct marketing or profiling purposes. Profiling. You have the right not to be subject to any decision based on automatic processing of your personal data. The address to be used to obtain a copy of your personal information is: 8 Rutland Street Surry Hills NSW. You can also contact us by emailing info@kmdi.com.au
CHANGES TO THIS PRIVACY NOTICE
We will update this privacy notice to reflect the way in which we process and protect your data. If we do so, we will post notice of the change on our website and you will have the opportunity to adjust your communications preferences via your Member Profile within the Members Area of the website. 5 CCTV Policy – The use of closed circuit television (CCTV) 1. The images obtained from the system which include recognisable individuals are personal data and are covered by the applicable Data Protection legislation. This Policy should therefore be read in conjunction with the KMDI Data Protection Policy available either on the KMDI website or by emailing info@kmdi.com.au. 2. CCTV systems are operated throughout KMDI sites, monitoring dedicated areas. 3. Use of a surveillance camera system must always be for a specified purpose which is in pursuit of a legitimate aim and necessary to meet an identified pressing need. This includes giving confidence to staff and visitors that they are in a safe and secure environment, protecting the integrity of the site by deterring criminals and to provide evidence to assist with the detection and prosecution of criminal offences. 4. When deciding to use CCTV in a certain area KMDI must take into account its effect on individuals and their privacy and perform regular reviews to ensure its use remains justified. 5. KMDI will be transparent in the use of a surveillance camera system, provide a CCTV notice, which could be an image, and publicise a contact point on the website for access to information and complaints in line with our Data Protection Policy. 6. KMDI is the Data Controller for the Personal Data captured by our CCTV systems. Some shared sites require that we use both, our systems in local areas and landlord’s systems in extended areas. 7. The CCTV systems which are under KMDI control are managed by the General Manager. The recordings are confidential and available only to those directly connected with operating the system. Copies of recorded information are strictly controlled and only made in relation to incidents under specific restrictions and require the approval described in point 10. 8. The General Manager will produce and communicate clear rules and procedures with regards to operating, processing and releasing CCTV images. The procedures are detailed in the CCTV SOP document. 9. No more images and information should be stored than that which is strictly required for the stated purpose of a surveillance camera system, and such images and information should be deleted once their purposes have been discharged. 10. Access to retained images and information should be referred to info@kmdi.com.au and there must be clearly defined rules on who can gain access and for what purpose such access is granted; the disclosure of images and information should only take place when it is necessary for such a purpose or for law enforcement purposes. And always require previous written approval of all of the General Manager. 11. CCTV operators should be trained to an adequate standard and such standard must be maintained at all times. 12. Surveillance camera system images and information should be subject to appropriate security measures to safeguard against unauthorised access and use. 13. There should be effective and periodic review mechanisms to ensure legal requirements, policies and standards are complied with in practice and to ensure that the system is working properly and produces the required images. This CCTV Policy version 1 is valid immediately from 6th May 2019. 6 KMDI Cookie Policy What is a cookie? A cookie, also known as a browser cookie, is a text file containing small amounts of information which a server may download to your computer, mobile or tablet when you visit a website or use an app. There are different types of cookies which are used to do different things, such as letting you navigate between different pages on a website efficiently, remembering preferences you have given and helping us to identify ways to improve your overall site experience. Others are used to provide you with advertising which is more tailored to your interests or to measure the number of site visits and the most popular pages users visit. ‘First party’ and ‘third party’ cookies Each type of cookie can be set and controlled by the operator of the website which the user is browsing such as KMDI Gym (known as a ‘first party cookie’) or a third party such as Facebook, for example to display advertisements and social sharing features, (known as a ‘third party cookie’). Due to their core role of enhancing and enabling usability or site processes, disabling certain cookies may prevent you from using certain aspects of the KMDI Gym website, such as joining a club. Broadly speaking, there are two different types of browser cookie: (1) Session cookies are stored in the computer's memory during a user's browsing session and are automatically deleted from the user's computer when the browser is closed or the session is deemed to have ended. These cookies usually store a session ID that is not personally identifiable to users, allowing the user to move from page to page without having to log-in repeatedly. They are widely used by commercial web sites; for example to keep track of items that a consumer has added to a shopping basket. Session cookies do not collect any information from the user's computer and they expire at the end of the user's browser session. They can also become inaccessible after the session has been inactive for a specified length of time, usually 20 or 30 minutes. (2) Persistent cookies are stored on the user's computer and are not deleted when the browser is closed. Persistent cookies can be used to retain user preferences for a particular website, allowing those preferences to be used in future browsing sessions. Persistent cookies usually assign a unique ID to the user’s browser and they are usually configured to identify a user for a prolonged period of time, from days to months or even years. How does KMDI use cookies? KMDI only uses browser cookies to measure non-personal information, for example to learn about the behaviour of visitors to our website and how they respond to our marketing communications. The more we learn, the better we are able to provide relevant and interesting content and services. The first person cookies set by KMDI Gym do not contain any personally identifiable information. Strictly necessary cookies 'Strictly necessary' cookies let you move around the website and use essential features. These cookies don't gather any information about you that could be used for marketing or remembering where you've been on the internet. Accepting these cookies is a condition of using the website, however, as they are required for the 7 proper operation of the website. If you prevent them, we cannot guarantee how it will perform. Analytics cookies / Performance cookies We use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. By using our website, you agree that we can place these types of cookies on your device. We use the information to improve our website and enhance the experience of its visitors. All information these cookies collect is aggregated and therefore anonymous. Application or site specific cookies / Functionality cookies These cookies remember choices you make to improve your experience. By using the website, you agree that we can place these types of cookies on your device. These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. Advertising / Targeting cookies From time to time, cookies are used to collect information about your browsing habits in order to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. The cookies are usually placed either directly by third party advertising networks. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation. However, this policy does not cover the use of third party cookies. This will be covered by that third party’s privacy policies and practice and we would recommend that you take a look at these which in most cases will be found on that company’s website. What cookies are used on this website? A list of all the types of cookies used on this website is set out in the tables below.
How can you control the use of cookies? Your use of the website constitutes your consent to this website setting cookies on your device. If you do not want the website to set cookies on your device then you should either not use the site, [or you should delete KMDI Gym cookies having visited the site], [or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” in Internet Explorer, "Private Browsing" in Firefox and Safari)]. Alternatively, the ‘Help’ menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. However, because cookies allow you to take advantage of some of the website's essential features, we recommend you leave them turned on. A guide to behavioural advertising and online privacy has been produced by the internet advertising industry which can be found at www.youronlinechoices.eu.