top of page
Privacy Policy

Last Updated: 31 October 2025
Version: 3

Mind to Muscle Fitness Pty Ltd (ABN: 53 660 077 994) ("we", "our", "us", "Mind to Muscle Fitness") is committed to protecting the privacy and security of personal information. This privacy policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) as amended by the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022, the Australian Privacy Principles (APPs), and other applicable Australian laws.

---

1. About This Policy

This policy applies to all personal information we collect through:

  • Our gym facilities and services

  • Our website and mobile applications

  • Third-party platforms and service providers

  • Phone, email, and other communications

Privacy by Design: We integrate privacy considerations into all aspects of our operations, systems, and service design, ensuring data minimization and protection from the outset.

---

2. Information We Collect

2.1 Personal Information

In-Person Services:

  • Identity information (name, date of birth, address, phone number, email)

  • Membership and payment details

  • Emergency contact information

  • Photographic identification for membership verification

  • Accessibility requirements and reasonable adjustment needs

Online Services:

  • Account registration information

  • Website usage data (IP address, browser type, device information, access times)

  • Communication preferences and history

Emergency Contact Information: Your emergency contact details are collected to enable us to contact your nominated person in the event of a medical emergency or safety incident. By providing these details, you consent to us sharing this information with emergency services, medical professionals, and your emergency contact when necessary.

2.2 Sensitive Information

Under the Privacy Act, we may collect sensitive information including:

  • Health information: Medical history, injuries, physical limitations, fitness goals, health assessments, medical clearances, public health screening information

  • Biometric data: Body measurements (weight, height, body circumferences), body composition analysis (body fat percentage, muscle mass), fitness test results, progress photos (collected with explicit consent)

  • Accessibility information: Disability status, mobility requirements, and adjustments needed to access our services

Important: We will only collect sensitive information with your explicit consent and when necessary for providing our services. You may withdraw consent at any time.

How We Use Biometric Data:

  • Collected during initial assessments and periodic progress checks

  • Stored securely in your member file and fitness tracking systems

  • Accessible only by your assigned trainers and authorized staff

  • Used solely for fitness programming and progress monitoring

  • Retained for 7 years after your last service provision

  • Progress photos are stored separately with additional access controls

2.3 Children's Information

For members under 18 years:

Ages 16-17:

  • We require verifiable written parental/guardian consent before collecting any personal information

  • Members may participate independently once consent is verified

  • Parents/guardians can access, modify, or delete their child's information at any time

Under 16:

  • Verifiable parental/guardian consent required

  • Member must be accompanied by parent/guardian or approved coach during all sessions

  • Additional safeguards apply to sensitive information collection

Age Verification: We may request proof of age documentation and will refuse access until age and consent requirements are verified.

Additional Protections: All staff working with minors undergo enhanced privacy training. Access to minors' information is strictly limited to essential personnel.

2.4 Media Capture (Photography/Video)

When We Capture Media: From time to time, photos or videos may be taken within our facility for:

  • Marketing and promotional materials

  • Social media content

  • Training and instructional content

  • Community engagement and member celebrations

How We Obtain Consent:

  • We will notify you in advance when photography/videography is scheduled

  • For identifiable images, we seek explicit consent before use

  • You will not be identifiable in marketing materials without your consent

  • General facility photos may include non-identifiable individuals in the background

Your Rights:

  • You may withdraw consent at any time by emailing enquiries@mindtomusclefitness.com.au

  • Upon withdrawal, we will cease using your image in new materials

  • Existing published materials may remain in circulation where removal is impractical, but we'll make reasonable efforts to remove content from our controlled channels

  • Withdrawal does not affect your membership status

2.5 CCTV Surveillance

Purpose: We operate CCTV surveillance systems at our facilities for:

  • Security and theft prevention

  • Safety monitoring and incident investigation

  • Insurance claims and dispute resolution

  • Facility access control

What We Record:

  • Video footage only (no audio recording)

  • Coverage of entry/exit points, reception areas, and main training areas

  • Changing rooms, toilets, and private consultation rooms are NOT monitored

Storage and Access:

  • Footage retained for 30 days, then automatically deleted

  • Extended retention only when required for incident investigation or legal proceedings

  • Access strictly limited to management and authorized security personnel

  • Never shared publicly or used for marketing

Your Rights:

  • CCTV monitoring signage is clearly displayed at all monitored entrances

  • You may request access to footage containing your image (subject to verification)

  • Requests must be made within the 30-day retention period

2.6 Tracking Technologies

We use cookies and similar technologies for:

  • Website functionality and performance

  • Analytics and usage tracking

  • Personalized content delivery

Cookie Management: You can control cookie preferences through our cookie settings panel and your browser settings.

---

3. How We Use Your Information

We process your personal information under the following legal bases:

3.1 Contractual Necessity

  • Processing memberships and account management

  • Providing fitness services and facilities access

  • Managing bookings and appointments

  • Processing payments and financial transactions

  • Facilitating membership pauses, cancellations, and transfers (when permitted)

  • Resolving billing disputes and payment failures

3.2 Legal Obligations

  • Complying with taxation requirements (records retained for 7 years)

  • Meeting workplace health and safety obligations

  • Responding to law enforcement requests

  • Fulfilling regulatory reporting requirements

  • Public health compliance: Collecting and reporting information required by public health directives or government orders

  • Insurance and liability claim processing

  • Court orders and legal processes

3.3 Legitimate Interests

  • Improving our services and facilities

  • Website analytics and optimization

  • Internal business operations and administration

  • Fraud prevention and security measures

  • CCTV monitoring for security and safety

  • Complaint and dispute resolution processes

3.4 Consent-Based Activities

  • Marketing communications and promotional offers

  • Health and fitness assessments and biometric data collection

  • Photography/videography for marketing purposes (see Section 2.4)

  • Progress photos and before/after documentation

  • Third-party data sharing for non-essential services

  • Collecting accessibility and inclusion information

Consent Withdrawal: You can withdraw consent at any time through the same mechanism used to provide it, or by contacting us directly.

---

4. How We Share Your Information

4.1 Service Providers

We may share information with trusted third parties who assist in delivering our services:

  • Exercise.com (USA): Gym management and booking platform

  • Wix (Israel/USA): Website hosting and management

  • Xero (New Zealand/USA): Accounting and financial management

  • Payment processors and banking institutions

  • IT support and security providers

  • Cleaning and maintenance contractors

When Purchasing Third-Party Products Through Us: If you purchase products or equipment from external suppliers through our facility or recommendations:

  • We may share necessary transaction information (name, contact, payment details) with the supplier

  • The supplier's own privacy policy will apply to their handling of your information

  • We remain responsible for the initial transaction under Australian Consumer Law

  • You have the same privacy rights regarding information we collect during this process

All service providers are contractually required to protect your information and use it only for specified purposes.

4.2 Artificial Intelligence Services

We may use AI services to improve our operations and customer service, including:

  • AI-powered customer service tools: For responding to enquiries and providing support

  • Document analysis and generation: For creating reports, summaries, and administrative documents

  • Productivity tools: Such as AI features in business applications for scheduling, note-taking, and workflow management

Important Safeguards:

  • We do not input sensitive health information or personally identifiable details into publicly available AI systems

  • Any AI tools used are configured to prevent the sharing of personal information with third-party AI providers where possible

  • All AI-generated content involving personal information is reviewed by our staff before use

  • We maintain human oversight of all AI-assisted decisions that may affect our members

4.3 Legal Requirements and Emergency Situations

We may disclose information when required by:

  • Court orders or legal processes

  • Law enforcement agencies

  • Regulatory authorities

  • Emergency services: In medical emergencies, we will share your information (including health details and emergency contacts) with paramedics, hospitals, and your nominated emergency contact

  • Insurance providers: When processing liability or insurance claims

  • Public health authorities when required by law

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

Your Rights During Business Transfers:

  • We will notify all active members at least 30 days before the transfer

  • The new entity will be bound by the same privacy obligations

  • You may object to the transfer and request deletion of your information (subject to legal retention requirements)

  • Existing consents remain valid unless you withdraw them

  • You will receive information about the new entity's privacy practices

4.5 With Your Consent

We may share information with third parties for marketing or promotional purposes only with your explicit consent.

4.6 Dispute Resolution and Mediation

When you engage in our complaint or dispute resolution process:

  • Information relevant to your complaint may be shared with the Director or senior management

  • If mediation is required, relevant information will be shared with the agreed mediator

  • External resolution bodies (NSW Fair Trading, ACCC, OAIC) may receive information necessary to investigate your complaint

  • We will only share the minimum information necessary to resolve the dispute

  • All dispute-related information is subject to the same security and retention standards

---

5. International Data Transfers (APP 8)

Some of your personal information is stored or processed outside Australia in the following countries:

  • United States: Exercise.com servers, Wix hosting, Google services

  • New Zealand: Xero accounting platform

  • Israel: Wix development and support services

5.1 Transfer Safeguards

When transferring data internationally, we ensure adequate protection through:

  • Contractual data protection clauses with overseas recipients

  • Regular adequacy assessments of destination countries' privacy laws

  • Encryption and secure transmission protocols

  • Ongoing monitoring of international data handling practices

5.2 Your Rights Regarding International Transfers

You have the right to request information about international transfers and to object to such transfers where possible. Note that objecting may limit our ability to provide certain services.

---

6. Data Security

Your data security is our priority.

6.1 Technical Safeguards

  • End-to-end encryption for data transmission

  • Encrypted database storage

  • Secure payment processing (PCI DSS compliant)

  • Regular security audits and penetration testing

  • Multi-factor authentication for staff access

  • Automated backup and disaster recovery systems

  • Secure CCTV footage storage with access logging

6.2 Organizational Safeguards

  • Staff privacy and security training programs

  • Restricted access controls based on job requirements

  • Regular review of access permissions

  • Incident response and breach notification procedures

  • Privacy impact assessments for new systems

  • Enhanced protocols for sensitive information (health data, minors' information, biometrics)

6.3 Physical Security

  • Secure server facilities with controlled access

  • CCTV monitoring of gym premises (see Section 2.5)

  • Locked filing systems for physical records

  • Secure document destruction procedures

---

7. Data Breach Notification

7.1 Our Response Procedures

In the event of a data breach that is likely to result in serious harm:

  • We will notify the Office of the Australian Information Commissioner (OAIC) within 72 hours of becoming aware of the breach

  • Affected individuals will be notified as soon as practicable after we become aware of the breach

  • We will provide clear information about the breach, potential risks, and recommended actions

7.2 What Constitutes a Notifiable Breach

A notifiable data breach includes unauthorized access, disclosure, or loss of personal information that could result in serious harm to affected individuals.

7.3 Your Actions

If you suspect a data breach affecting your information, please contact us immediately using the details in Section 14.

---

8. Data Retention

8.1 Retention Periods

We retain:

  • Membership records: 7 years after membership termination (tax compliance)

  • Health information: 7 years after last service provision (medical record requirements)

  • Financial records: 7 years (Australian Taxation Office requirements)

  • Biometric data: 7 years after last service provision (aligned with health information)

  • Website analytics: 26 months (Google Analytics default)

  • Marketing communications: Until consent is withdrawn

  • CCTV footage: 30 days (unless incident requires longer retention)

  • Complaint/dispute records: 7 years after resolution (legal requirements)

  • Minor's records: 7 years after reaching age 18 or last service (whichever is later)

  • Emergency contact information: Duration of your membership plus 7 years

8.2 Payment Failure and Billing Disputes

When payment failures or billing disputes occur:

  • Failed payment records retained for 7 years for financial compliance

  • Dispute correspondence retained for 7 years after resolution

  • No additional personal information is collected beyond what's necessary for resolution

8.3 Secure Disposal

Information is securely destroyed or anonymized when retention periods expire, using industry-standard data destruction methods including:

  • Secure digital deletion with verification

  • Physical document shredding

  • CCTV footage automatic overwriting

---

9. Your Privacy Rights

You're in control of your information.

9.1 Access Rights (APP 12)

You can request access to your personal information. We will respond within 30 days and provide information in a commonly used format. A reasonable fee may apply for complex requests.

What You Can Access:

  • Your membership and account information

  • Health and fitness records

  • Payment history

  • Marketing preferences

  • CCTV footage containing your image (within 30-day retention period)

  • Records of consents provided

9.2 Correction Rights (APP 13)

You can request correction of inaccurate, incomplete, or out-of-date information. We will take reasonable steps to correct information within 30 days.

9.3 Deletion Rights

You can request deletion of your personal information where:

  • It's no longer needed for the original purpose

  • You withdraw consent (for consent-based processing)

  • The information was unlawfully collected

  • You are not satisfied with our services and wish to exercise your rights under consumer law

Important Limitations: We cannot delete information we are legally required to retain (e.g., financial records for 7 years, health records for 7 years).

9.4 Portability Rights

You can request your personal information in a structured, commonly used, machine-readable format (such as CSV or PDF) for transfer to another service provider.

Available for Portability:

  • Contact and membership details

  • Fitness assessments and progress data

  • Booking and attendance history

  • Communication preferences

9.5 Objection and Restriction Rights

You can object to or request restriction of processing for:

  • Direct marketing (absolute right): We will immediately stop sending marketing

  • Processing based on legitimate interests

  • Automated decision-making

9.6 Complaint Rights

Step 1: Complain to Us

Contact Mind to Muscle Fitness using the details in Section 14. We will:

  • Acknowledge your complaint within 2 business days

  • Investigate and respond within 10 business days

  • Escalate to the Director if you're not satisfied (response within 10 business days)

Step 2: External Complaints

If you're not satisfied with our response, you can lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

For Consumer-Related Privacy Issues:

  • NSW Fair Trading: 13 32 20 – fairtrading.nsw.gov.au

  • ACCC: 1300 302 502 – accc.gov.au

How to Exercise Your Rights

To exercise any of these rights:

Timeline:

  • Access/Correction requests: Response within 30 days (APP requirement)

  • Privacy complaints: Acknowledgment within 2 business days, resolution within 10 business days (internal policy)

  • Deletion requests: Processed within 30 days (where permitted by law)

We'll respond within the timeframes specified above.

9.7 Self-Service Account Settings

You can manage some preferences directly through your member account:

What You Can Manage Yourself:

  • Marketing communication preferences (email, SMS)

  • Contact information updates

  • Cookie preferences

  • Communication history review

What Requires Staff Assistance:

  • Health information corrections

  • Biometric data access/deletion

  • CCTV footage requests

  • Consent withdrawals (other than marketing)

Access your account settings at www.mindtomusclefitness.com.au or through our mobile app.

---

10. Cookies and Online Tracking

10.1 Types of Cookies Used

  • Essential cookies: Required for website functionality

  • Performance cookies: Anonymous analytics and usage tracking

  • Functional cookies: Enhanced user experience features

  • Marketing cookies: Personalized advertising (with consent)

10.2 Third-Party Analytics

We use Google Analytics to understand website usage patterns. You can opt-out using Google's Opt-out Browser Add-on.

10.3 Cookie Management

Manage your cookie preferences through:

  • Our cookie settings panel (available on first visit and in account settings)

  • Browser settings and controls

  • Third-party opt-out tools

---

11. Third-Party Links and Services

Our website and app may contain links to third-party websites and services. We are not responsible for their privacy practices. We recommend reviewing their privacy policies before providing any information.

Purchasing Through Third-Party Links: If you click through to a third-party website and purchase directly from them:

  • That company's privacy policy applies

  • We do not receive or control your information shared with them

  • We may receive commission information but not your personal details

---

12. Marketing and Communications

12.1 Direct Marketing

We may send marketing communications about:

  • New services and facilities

  • Special offers and promotions

  • Health and fitness tips

  • Community events

12.2 Opt-Out Mechanisms

You can opt-out of marketing communications by:

  • Clicking unsubscribe links in emails

  • Updating preferences in your account settings

  • Contacting us directly

  • Replying "STOP" to SMS messages

You have an absolute right to opt-out of direct marketing at any time.

12.3 Consent Management

Marketing consent is:

  • Voluntary and specific to communication types

  • Separate from service-related communications

  • Easily withdrawn using the same mechanism used to provide consent

Service Communications (Not Marketing): You will continue to receive essential communications about your membership, bookings, payments, and safety notices even if you opt-out of marketing.

---

13. Updates to This Policy

13.1 Review Schedule

This policy is reviewed annually or when significant changes occur to:

  • Australian privacy laws

  • Our business operations

  • Technology systems

  • Data handling practices

13.2 Change Notification

We may update this policy occasionally to reflect changes in our services or legal requirements. The latest version will always be available on our website at www.mindtomusclefitness.com.au.

If we make significant changes, we'll notify active members at least 30 days in advance via:

  • Email notification to members

  • Prominent website notices

  • In-gym notifications

  • Updated version numbers and dates

What Constitutes a Significant Change:

  • Changes to how we collect or use sensitive information

  • New third-party data sharing arrangements

  • Changes to international data transfers

  • Modifications to your rights

  • Changes to retention periods

13.3 Version Control

Previous versions of this policy are available upon request.

---

14. Contact Information

Mind to Muscle Fitness Pty Ltd

ABN: 53 660 077 994

Address: Unit 2, 24 Durgadin Drive, Albion Park Rail, NSW, 2527

14.1 Privacy Enquiries

Email: enquiries@mindtomusclefitness.com.au
Phone: 0433 923 570
Mail: Mind to Muscle Fitness Pty Ltd
Unit 2, 24 Durgadin Drive, Albion Park Rail, NSW, 2527, Australia

14.2 General Enquiries

Email: enquiries@mindtomusclefitness.com.au

14.3 Data Protection Officer

For complex privacy matters, contact our Data Protection Officer at: enquiries@mindtomusclefitness.com.au

Operating Hours: As displayed on our website and facility noticeboard

---

15. Acknowledgment and Consent

By using our services, you acknowledge that you have:

  • Read and understood this privacy policy

  • Consented to the collection and use of your personal information as described

  • Been informed of your rights regarding your personal information

For sensitive information collection, explicit consent will be sought at the time of collection through:

  • Signed consent forms for health assessments and biometric data

  • Digital consent for online services

  • Verbal consent (documented by staff) for photography

  • Specific opt-in for marketing communications

---

Related Policies

For complete information about your rights and our commitments, please review:

Terms of Service: Your rights, responsibilities, and our service terms
www.mindtomusclefitness.com.au/terms-of-service

Refunds & Returns Policy: Detailed refund procedures, Money-Back Guarantee, and cancellation processes
www.mindtomusclefitness.com.au/returns-and-refunds

All policies are available on our website and at our facility.

---

Policy Ownership & Review

Policy Owner: Mind to Muscle Fitness Pty Ltd – Management Team
Review Frequency: Annually, or as required by law or business changes
Next Review Date: October 2026

---

Australian Business Number: 53 660 077 994
Registered Office: Unit 2, 24 Durgadin Drive, Albion Park Rail, NSW, 2527, Australia
Contact: enquiries@mindtomusclefitness.com.au

---

This policy complies with the Privacy Act 1988 (Cth), Australian Privacy Principles, and other applicable Australian privacy laws and regulations.

bottom of page