PRIVACY POLICY AND DATA PROTECTION - GENIUS PERSONAL TRAINING
Last Updated: 2 July 2025
Effective Date: 30 July 2025.
Privacy Contact Information
Data Controller:
I. BASIC INFORMATION ABOUT OUR PRIVACY POLICY
II. PROCESSING PRINCIPLES
III. WHAT INFORMATION WE COLLECT AND HOW IT IS COLLECTED
IV. PURPOSES OF PROCESSING
V. DURATION OF PROCESSING
VI. LEGAL BASIS FOR PROCESSING
VII. RECIPIENTS OF YOUR DATA
VIII. DATA SUBJECT RIGHTS
IX. COOKIES POLICY
X. SECURITY MEASURES
XI. DATA BREACH NOTIFICATION
XII. INTERNATIONAL TRANSFERS
XIII. CONSENT WITHDRAWAL
XIV. COMPLAINTS AND DISPUTE RESOLUTION
At GENIUS PERSONAL TRAINING, we value your privacy and are committed to protecting the personal information you entrust to us. We guarantee that your personal data will be processed securely, in compliance with applicable Australian legislation (Privacy Act 1988, Australian Privacy Principles, and Health Records and Information Privacy Act 2002 NSW) and best practices in data protection.
I. BASIC INFORMATION ABOUT OUR PRIVACY POLICY
BASIC DATA PROTECTION INFORMATION
DATA CONTROLLER
To provide our personal and group training services, Genius PT may share data with service providers who are contractually obligated to provide equal or greater security levels:
You have the right to access, rectify data, as well as other rights explained in this document. You may exercise these rights by contacting: [email protected]
II. PROCESSING PRINCIPLES
The following principles guide personal data processing carried out by GENIUS PT according to the Australian Privacy Principles:
a. Proportionality: We process only data strictly necessary for providing our training services, retaining them for the required time.
b. Lawfulness: We process your personal data only when reasonably necessary for our business functions or when Australian legislation expressly permits it.
c. Purpose: We collect personal data for specific, explicit and legitimate purposes related to our gym and training services.
d. Security: We adopt appropriate technical and organisational measures to ensure the integrity, availability and confidentiality of your personal data.
e. Quality: We adopt reasonable measures to ensure information is complete, accurate, up-to-date and relevant.
f. Confidentiality: We establish controls to ensure all persons with access to personal data maintain confidentiality.
III. WHAT INFORMATION WE COLLECT AND HOW IT IS COLLECTED
We collect your personal information through our membership forms, booking platform and during use of our facilities. Collection notification is provided at the time of collection or beforehand.
Regarding Health Information (sensitive data): We do not collect health data. By subscribing to the Membership terms, you accept informed consent to exercise strength activities with their inherent risks. Only if there is a medical indication considered relevant to training must it be reported to us. If health information is required, we will request your express written consent through separate forms that specifically explain how we will use this sensitive information.
TYPES OF INFORMATION WE MAY COLLECT:
a. Identification data: Full name, date of birth, address, phone number, email address, emergency contact information.
b. Banking data: Your account details to process charges for training sessions.
c. Financial data: Credit/debit card information, bank details for direct debit, payment history, billing information.
d. Web browsing data: IP address, browser type, website visit information, cookies and similar technologies.
e. Activity records: Information about your training sessions, group class attendance, exercise progress, booking schedules, facility usage.
f. Audiovisual records:
SECURITY RECORDINGS
Security video recordings of facilities that may capture your image while using the gym.
NSW MANDATORY NOTICE: Under the Workplace Surveillance Act 2005 (NSW), we provide written notice 14 days in advance before commencing any new surveillance. Clear signage is displayed at all entrances notifying about video surveillance.
Purpose: These recordings are made exclusively for security purposes and protection of all members and staff.
Retention: Security recordings are retained for a maximum of 30 days, unless required for investigation of specific incidents.
COMMERCIAL AND PROMOTIONAL RECORDINGS
Photographs and videos taken for promotion on social media (Instagram, Facebook, TikTok), website, advertising material and marketing content. This consent is independent of your membership and may be withdrawn at any time without affecting your services, by sending notification to: [email protected]
For persons under 18 years: Consent is required from both the minor and parent/legal guardian.
g. Communications: Records of emails, messages, complaints or enquiries made.
IV. PURPOSES OF PROCESSING
For what purposes will we process your personal data?
Genius PT will process your personal data for the following purposes:
a. Membership management: Manage your registration, renewal and membership cancellation.
b. Service provision: Provide personal and group training services, manage bookings and rescheduling.
c. Payment processing: Process payments by direct debit or other methods, manage billing and accounting.
d. Communications: Send booking confirmations, reminders, service updates, respond to enquiries and manage complaints.
e. Facility security: Use video recordings to ensure safety of members and staff, prevent incidents, investigate security issues and protect property.
f. Marketing and promotion: Use promotional photographs and videos (with your separate express consent) for publication on social media (Instagram, Facebook, TikTok), official website, advertising material, customer testimonials and digital marketing content. Members may request exclusion from this processing at any time.
g. Health and safety: Assess fitness condition to participate in activities, implement safety protocols, manage medical emergencies.
h. Service improvement: Analyse usage patterns to improve our services and customer experience.
i. Legal compliance: Comply with applicable legal and regulatory obligations.
j. Direct marketing: With your consent, send information about new services, promotions and updates (you may unsubscribe at any time).
V. DURATION OF PROCESSING
How long do we retain your data?
Personal data will be retained for:
VI. LEGAL BASIS
What is the legal basis for processing your data?
➔ Data subject consent: For direct marketing, commercial/promotional recordings for social media, and processing of non-essential health data.
➔ Membership contract performance: For training service provision and membership management.
➔ Reasonably necessary processing: For facility security (video recordings), fraud prevention and service improvement.
➔ Legal obligation compliance: To comply with tax, health and safety requirements.
VII. RECIPIENTS OF YOUR DATA
To provide our services efficiently and securely, Genius PT may share data with:
➔ Payment service providers: To process payments and direct debits.
➔ Booking systems: Platforms for appointment and class management.
➔ Cloud storage services: For secure data backup (with servers in Australia).
➔ Security system providers: For recording equipment maintenance and security record storage.
➔ Medical professionals: When necessary for emergencies or health assessments.
➔ Competent authorities: When required by law or for incident investigation.
All third parties are contractually obligated to protect your data with the same security level we apply.
VIII. DATA SUBJECT RIGHTS
What rights do you have under Australian legislation?
➔ Right of access (APP 12): Request information about what personal data we hold about you.
➔ Right of correction (APP 13): Request correction of inaccurate or incomplete data.
➔ Right to destruction: Request deletion of your data when no longer necessary for permitted purposes.
➔ Right to object to processing: Especially important for promotional recordings - you may object to processing of your images. For promotional recordings, you may withdraw your consent at any time by sending a request to: [email protected]
➔ Right to portability: Receive your data in structured format for transfer to another provider.
➔ Right to withdraw consent: When processing is based on consent.
➔ Right to lodge complaints: With the Office of the Australian Information Commissioner (OAIC) and NSW Information and Privacy Commission.
SPECIAL PROCEDURE FOR OBJECTING TO SOCIAL MEDIA RECORDINGS
If you wish to object to processing of your images in our social media recordings:
Send your request to: [email protected]
The request must include:
IX. COOKIES POLICY
Our website uses cookies to improve user experience:
➔ Necessary cookies: Essential for website functionality and booking system.
➔ Preference cookies: Remember your settings and preferences.
➔ Analytics cookies: Help us understand how our website is used.
➔ Marketing cookies: To show relevant content (only with your consent).
You can manage cookies from your browser settings.
X. SECURITY MEASURES
We implement appropriate technical and organisational measures according to APP 11:
Technical Measures:
a. Access control: Only authorised personnel access personal data.
b. Encryption: Data protection during transmission and storage.
c. Physical security systems: Protected facilities with controlled access.
d. Security recording management: Secure storage with restricted access and automatic deletion according to established schedule.
Organisational Measures:
e. Staff training: Regular training in data protection and privacy.
f. Monitoring and audits: Regular reviews of our security systems.
g. Documented policies: Written procedures for secure handling of personal information.
h. Incident management: Established protocols for data breach response.
XI. DATA BREACH NOTIFICATION
Notifiable Data Breaches (NDB) Scheme
Eligible breaches: Those likely to cause serious harm to affected individuals.
Notification procedures:
XII. INTERNATIONAL TRANSFERS
We will not conduct international transfers.
Compliance with APP 8
If we share your personal data with overseas recipients, we will inform you of the purpose, obtain prior consent and take reasonable steps to ensure adequate protection.
XIII. CONSENT WITHDRAWAL
Consent may be revoked at any time by contacting us according to the detailed procedure. Revocation will not be retroactive.
Revocation of data necessary to provide the service will require service unsubscription.
For security recordings: Consent revocation for recordings may require special measures or access restrictions to certain areas.
For promotional recordings: Revocation is effective immediately and does not affect other services.
Revocation process:
XIV. COMPLAINTS AND DISPUTE RESOLUTION
If you believe your privacy rights have been violated, you may:
1. Contact us directly:
Last updated: 2 July 2025
For enquiries about this policy: [email protected]
Last Updated: 2 July 2025
Effective Date: 30 July 2025.
Privacy Contact Information
Data Controller:
- Legal name: Group Sydney Fitness Entertainment Pty Ltd
- Trading name: Genius Personal Training
- ABN: 90 651 366 157
- ACN: 651 366 157
- Address: 225a Victoria Street Darlinghurst NSW 2010, Australia
- Legal representative: Pablo Fernández
- Privacy enquiries email: [email protected]
- Phone: +61420346871
I. BASIC INFORMATION ABOUT OUR PRIVACY POLICY
II. PROCESSING PRINCIPLES
III. WHAT INFORMATION WE COLLECT AND HOW IT IS COLLECTED
IV. PURPOSES OF PROCESSING
V. DURATION OF PROCESSING
VI. LEGAL BASIS FOR PROCESSING
VII. RECIPIENTS OF YOUR DATA
VIII. DATA SUBJECT RIGHTS
IX. COOKIES POLICY
X. SECURITY MEASURES
XI. DATA BREACH NOTIFICATION
XII. INTERNATIONAL TRANSFERS
XIII. CONSENT WITHDRAWAL
XIV. COMPLAINTS AND DISPUTE RESOLUTION
At GENIUS PERSONAL TRAINING, we value your privacy and are committed to protecting the personal information you entrust to us. We guarantee that your personal data will be processed securely, in compliance with applicable Australian legislation (Privacy Act 1988, Australian Privacy Principles, and Health Records and Information Privacy Act 2002 NSW) and best practices in data protection.
I. BASIC INFORMATION ABOUT OUR PRIVACY POLICY
BASIC DATA PROTECTION INFORMATION
DATA CONTROLLER
- Legal name: [Legal business name]
- Trading name: Genius Personal Training
- ABN: [ABN Number]
- Address: [Full address], Sydney, NSW, Australia
- Legal representative: [Representative name]
- Contact email: [email protected]
- Membership and training services management
- Commercial relationship maintenance and contracted service provision
- Payment processing and billing
- Service-related communications
- Facility security through video recordings
- Platform usability analysis to improve user experience
- Other purposes described in this Privacy Policy
- Data subject consent (especially for health information)
- Membership contract performance
- Legal obligation compliance
- Processing reasonably necessary for our business functions
To provide our personal and group training services, Genius PT may share data with service providers who are contractually obligated to provide equal or greater security levels:
- Payment service providers
- Booking and scheduling platforms
- Cloud storage services (with servers in Australia)
- Security system providers
You have the right to access, rectify data, as well as other rights explained in this document. You may exercise these rights by contacting: [email protected]
II. PROCESSING PRINCIPLES
The following principles guide personal data processing carried out by GENIUS PT according to the Australian Privacy Principles:
a. Proportionality: We process only data strictly necessary for providing our training services, retaining them for the required time.
b. Lawfulness: We process your personal data only when reasonably necessary for our business functions or when Australian legislation expressly permits it.
c. Purpose: We collect personal data for specific, explicit and legitimate purposes related to our gym and training services.
d. Security: We adopt appropriate technical and organisational measures to ensure the integrity, availability and confidentiality of your personal data.
e. Quality: We adopt reasonable measures to ensure information is complete, accurate, up-to-date and relevant.
f. Confidentiality: We establish controls to ensure all persons with access to personal data maintain confidentiality.
III. WHAT INFORMATION WE COLLECT AND HOW IT IS COLLECTED
We collect your personal information through our membership forms, booking platform and during use of our facilities. Collection notification is provided at the time of collection or beforehand.
Regarding Health Information (sensitive data): We do not collect health data. By subscribing to the Membership terms, you accept informed consent to exercise strength activities with their inherent risks. Only if there is a medical indication considered relevant to training must it be reported to us. If health information is required, we will request your express written consent through separate forms that specifically explain how we will use this sensitive information.
TYPES OF INFORMATION WE MAY COLLECT:
a. Identification data: Full name, date of birth, address, phone number, email address, emergency contact information.
b. Banking data: Your account details to process charges for training sessions.
c. Financial data: Credit/debit card information, bank details for direct debit, payment history, billing information.
d. Web browsing data: IP address, browser type, website visit information, cookies and similar technologies.
e. Activity records: Information about your training sessions, group class attendance, exercise progress, booking schedules, facility usage.
f. Audiovisual records:
SECURITY RECORDINGS
Security video recordings of facilities that may capture your image while using the gym.
NSW MANDATORY NOTICE: Under the Workplace Surveillance Act 2005 (NSW), we provide written notice 14 days in advance before commencing any new surveillance. Clear signage is displayed at all entrances notifying about video surveillance.
Purpose: These recordings are made exclusively for security purposes and protection of all members and staff.
Retention: Security recordings are retained for a maximum of 30 days, unless required for investigation of specific incidents.
COMMERCIAL AND PROMOTIONAL RECORDINGS
Photographs and videos taken for promotion on social media (Instagram, Facebook, TikTok), website, advertising material and marketing content. This consent is independent of your membership and may be withdrawn at any time without affecting your services, by sending notification to: [email protected]
For persons under 18 years: Consent is required from both the minor and parent/legal guardian.
g. Communications: Records of emails, messages, complaints or enquiries made.
IV. PURPOSES OF PROCESSING
For what purposes will we process your personal data?
Genius PT will process your personal data for the following purposes:
a. Membership management: Manage your registration, renewal and membership cancellation.
b. Service provision: Provide personal and group training services, manage bookings and rescheduling.
c. Payment processing: Process payments by direct debit or other methods, manage billing and accounting.
d. Communications: Send booking confirmations, reminders, service updates, respond to enquiries and manage complaints.
e. Facility security: Use video recordings to ensure safety of members and staff, prevent incidents, investigate security issues and protect property.
f. Marketing and promotion: Use promotional photographs and videos (with your separate express consent) for publication on social media (Instagram, Facebook, TikTok), official website, advertising material, customer testimonials and digital marketing content. Members may request exclusion from this processing at any time.
g. Health and safety: Assess fitness condition to participate in activities, implement safety protocols, manage medical emergencies.
h. Service improvement: Analyse usage patterns to improve our services and customer experience.
i. Legal compliance: Comply with applicable legal and regulatory obligations.
j. Direct marketing: With your consent, send information about new services, promotions and updates (you may unsubscribe at any time).
V. DURATION OF PROCESSING
How long do we retain your data?
Personal data will be retained for:
- During active membership: While you maintain your membership with us.
- Financial records: 7 years after membership termination (Australian legal requirement).
- Security records: Video recordings are retained for a maximum of 30 days, unless required for investigation of specific incidents.
- Medical data:
- Adults: Retained for 7 years after membership termination
- Minors: Retained until the individual turns 25 years (under Health Records and Information Privacy Act 2002 NSW)
- Communications and complaints: 3 years after resolution for service improvement purposes.
- Web browsing data and cookies: Deleted when no longer necessary for permitted purposes, according to APP 11.
VI. LEGAL BASIS
What is the legal basis for processing your data?
➔ Data subject consent: For direct marketing, commercial/promotional recordings for social media, and processing of non-essential health data.
➔ Membership contract performance: For training service provision and membership management.
➔ Reasonably necessary processing: For facility security (video recordings), fraud prevention and service improvement.
➔ Legal obligation compliance: To comply with tax, health and safety requirements.
VII. RECIPIENTS OF YOUR DATA
To provide our services efficiently and securely, Genius PT may share data with:
➔ Payment service providers: To process payments and direct debits.
➔ Booking systems: Platforms for appointment and class management.
➔ Cloud storage services: For secure data backup (with servers in Australia).
➔ Security system providers: For recording equipment maintenance and security record storage.
➔ Medical professionals: When necessary for emergencies or health assessments.
➔ Competent authorities: When required by law or for incident investigation.
All third parties are contractually obligated to protect your data with the same security level we apply.
VIII. DATA SUBJECT RIGHTS
What rights do you have under Australian legislation?
➔ Right of access (APP 12): Request information about what personal data we hold about you.
➔ Right of correction (APP 13): Request correction of inaccurate or incomplete data.
➔ Right to destruction: Request deletion of your data when no longer necessary for permitted purposes.
➔ Right to object to processing: Especially important for promotional recordings - you may object to processing of your images. For promotional recordings, you may withdraw your consent at any time by sending a request to: [email protected]
➔ Right to portability: Receive your data in structured format for transfer to another provider.
➔ Right to withdraw consent: When processing is based on consent.
➔ Right to lodge complaints: With the Office of the Australian Information Commissioner (OAIC) and NSW Information and Privacy Commission.
SPECIAL PROCEDURE FOR OBJECTING TO SOCIAL MEDIA RECORDINGS
If you wish to object to processing of your images in our social media recordings:
- You must send your request in writing to [email protected]
- We will assess your request considering our legitimate security interests
- If technically possible, we will implement measures to minimise capture of your image
- Important: Total objection may require restrictions on access to certain gym areas where video security is essential
Send your request to: [email protected]
The request must include:
- Clear identification (copy of ID)
- Specific description of the right you wish to exercise
- Email address for response
IX. COOKIES POLICY
Our website uses cookies to improve user experience:
➔ Necessary cookies: Essential for website functionality and booking system.
➔ Preference cookies: Remember your settings and preferences.
➔ Analytics cookies: Help us understand how our website is used.
➔ Marketing cookies: To show relevant content (only with your consent).
You can manage cookies from your browser settings.
X. SECURITY MEASURES
We implement appropriate technical and organisational measures according to APP 11:
Technical Measures:
a. Access control: Only authorised personnel access personal data.
b. Encryption: Data protection during transmission and storage.
c. Physical security systems: Protected facilities with controlled access.
d. Security recording management: Secure storage with restricted access and automatic deletion according to established schedule.
Organisational Measures:
e. Staff training: Regular training in data protection and privacy.
f. Monitoring and audits: Regular reviews of our security systems.
g. Documented policies: Written procedures for secure handling of personal information.
h. Incident management: Established protocols for data breach response.
XI. DATA BREACH NOTIFICATION
Notifiable Data Breaches (NDB) Scheme
Eligible breaches: Those likely to cause serious harm to affected individuals.
Notification procedures:
- Initial assessment: Determine if breach is eligible within 30 days
- OAIC notification: Report eligible breaches within 30 days of awareness
- Individual notification: Contact affected persons when required
- Documentation: Maintain records of all breaches and responses
- Description of the breach
- Types of information involved
- Steps taken or proposed in response
- Recommendations for affected individuals
XII. INTERNATIONAL TRANSFERS
We will not conduct international transfers.
Compliance with APP 8
If we share your personal data with overseas recipients, we will inform you of the purpose, obtain prior consent and take reasonable steps to ensure adequate protection.
XIII. CONSENT WITHDRAWAL
Consent may be revoked at any time by contacting us according to the detailed procedure. Revocation will not be retroactive.
Revocation of data necessary to provide the service will require service unsubscription.
For security recordings: Consent revocation for recordings may require special measures or access restrictions to certain areas.
For promotional recordings: Revocation is effective immediately and does not affect other services.
Revocation process:
- Written request to [email protected]
- Receipt confirmation within 5 business days
- Implementation within 30 days
- Confirmation of implemented changes
XIV. COMPLAINTS AND DISPUTE RESOLUTION
If you believe your privacy rights have been violated, you may:
1. Contact us directly:
- Email: [email protected]
- We will respond within 30 days
- We will investigate and provide written response
- Office of the Australian Information Commissioner
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: [email protected]
- NSW Information and Privacy Commission
- Website: www.ipc.nsw.gov.au
- For matters related to health records under NSW law
- Receipt: Acknowledgment within 5 business days
- Investigation: Complete process within 30 days
- Response: Written decision with explanation
- Appeal: Right to escalate to external authorities
Last updated: 2 July 2025
For enquiries about this policy: [email protected]
