Hannah Eden Fitness Privacy Policy

Date of last update: August 7, 2023

Our Privacy Policy is as follows:

1. Introduction and who we are

1.1. Hannah Eden Fitness, LLC (“we”, “us” or “our”) is strongly committed to being responsible custodians of the personal

information you provide to us and the information that we collect in the course of operating our business and recognizes the importance of protecting your privacy.

1.2. We comply with our obligations under the European General Data Protection Regulation 2016 (GDPR) and the UK Data Protection Act 2018 and any other applicable data privacy laws concerning personal information of individuals.

1.3. This Privacy Policy does not apply:

(a) to business information (unless it is also about any identifiable person); or

(b) if you access a third party website through a link from our Platform or any Marketing Materials. In this case the Privacy Policy of the owner of the third party website (if any) will apply. We take no responsibility for the practices of any linked websites in the handling of your personal information.

2. Scope of Privacy Policy

This Privacy Policy explains and describes:

  • When this Privacy Policy applies.
  • How we collect your personal information.
  • The legal basis for usage of your personal information.
  • The use of “cookies” or other web tracking systems.
  • What happens when you access third-party services and content.
  • How we use the personal information we collect.
  • How and when we may disclose personal information that we collect.
  • What happens if your personal information is transferred overseas.
  • How we protect your personal information and keep it secure.
  • Your legal choices and rights.
  • The status of this Privacy Policy and any changes that are made to it.
  • How to request further information and our contact details.

3. Collection of Information

3.1. Personal information is any information about you, from which you can be identified or linked to. The personal information we collect from you will depend on our relationship with you, the circumstances of collection and the types of services we provide. We may collect your name, address, email address, telephone number and employment information. We may collect additional personal information from you from time to time.

3.2. We may collect Personal Information that you directly and voluntarily provide to us when we communicate by email or by telephone; when you sign up for or request that we send you newsletters, alerts, or other materials; when you sign up for a training

or event; when you respond to our communications or requests for information; and when you access and use our Platform and Marketing Materials. For example, we may collect your personal information when you:
(a) participate in any training sessions;
(b) subscribe to receive communications from us or notifications about offers;
(c) enter into any competitions;
(d) provide feedback on any of the products or services;

(e) interact with our Marketing Materials or Platform;

(g) complete a form to request pricing or more product information; or

(h) otherwise interact with us or disclose your personal information to us.

3.3. On some occasions, we may collect your personal information from third parties such as from a client or third-party supplier where you are a customer of that third party supplier. We may collect information from other sources, such as social media platforms that share information about how you interact with our social media content or the social media content of third party providers that you are a customer of, and any information gathered through these channels will be governed by the privacy settings, policies, and/or procedures of the applicable social media platform, which we strongly encourage you to review.

3.4. We will handle any unsolicited information in accordance with law, including destroying or de-identifying such information where we are required to do so.

3.5. You do not have to give us all the information we request. You may engage with us anonymously or using a pseudonym if it is feasible to do so. For example, if you wish to give feedback without requiring a response from us, you will not need to provide a full name or email address. However, if you do not provide us with some or all of the personal information required, we may not be able to provide you with our services or information you request, to the requested standard or at all, and you may also miss out on receiving valuable information about us and our and our client’s products and services.

4. Legal basis for usage of personal information

Where we are the controller of personal information that we gather (meaning that we determine what happens with your information and how) and intend to use your personal information, we rely on the following legal grounds:

4.1. Performance of a contract: We may need to collect and use your personal information to enter into a contract with you or to perform a contract that you have with us or with a third party who is using our services. For example where:

4.1.1.you have directly contracted with us for our services in accordance with our terms of business; or

4.1.2.we respond to your requests and provide you with services in accordance with our terms and conditions or other applicable terms of business.

4.2. Legitimate interests: Where we consider use of your information as being (a) non-detrimental to you, (b) within your reasonable expectations, and (c) necessary for our own, or a third party’s legitimate purpose, we may use your personal information, which may include:

For our own direct marketing or continued communication; direct marketing for a client or third-party supplier with whom you have an existing relationship or have agreed to be contacted for marketing purposes; the prevention of fraud; our own internal administrative purposes; personalization of the service(s) we provide to you; ensuring network and information security, including preventing unauthorised access to electronic communications networks and stopping damage to computer and electronic communication systems; and/or reporting possible criminal acts or threats to public security to a competent authority.

4.3. Compliance with a legal obligation: We may be required to process your information due to legal requirements, including employment laws, tax laws and other regulatory provisions applicable to FitForm as a provider of digital marketing services.

4.4. Consent: You may be asked to provide your consent in connection with certain services that we offer, for example in respect of processing of your personal information for marketing purposes where you are not a client of FitForm nor a customer of a third party supplier for whom we provide digital marketing service. Where we are reliant upon your consent, you may withdraw this at any time by contacting us, however please note that we will no longer be able to provide you with the products or services that rely on having your consent.

Please note that where we only process personal information on behalf of a third party data controller who determine what happens with your information and how then it is that third party data controller who will need to ensure that a legal basis exists for the processing of personal information and whose privacy policy will apply to such processing. In these circumstances, you should read and understand the privacy policy of that third party.

5. Use of “cookies” or other web tracking systems

5.1. Our Platform, Marketing Materials and services use cookies and other similar technologies, for example, to distinguish you from other users when you browse our Platform or to allow us to improve our services.

5.2. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently to improve the user experience, as well as to provide certain information to the owners of the site.

5.3. We may for example collect general information from your device when you interact with our Platform and Marketing Materials. This might include your geo-location, IP address, device identifier, the browser and operating system you are using, and details of the website that IP address has come from, the pages accessed on our website and the next website visited.

5.4. We (and authorized service providers) also use cookies and tools, such as web beacons and web server logs to monitor visitor traffic and actions on our Platform and Marketing Materials.

5.5. We may use and combine information collected using cookies and tools with information we already have about you to maintain, secure and improve our website, enhance your experience when using our website, display and deliver relevant information and advertising (including direct marketing and targeted ads on third party websites and social media sites) and understand the effectiveness of our marketing and advertising.

5.6. If you want to prevent cookies being used, you can change your browser settings to disable cookies or to notify you when you receive a new cookie. However, you may not be able to access all or parts of our website, or you may experience reduced functionality when accessing certain services (for example, automatic login may not function properly). For more information, visit www.youronlinechoices.com.au. Third party service providers may have their own privacy policies in relation to their cookies and tools.

5.7. We use Google Display Advertising, and other third-party providers, for re-marketing purposes. In addition to using cookies and related technologies as described above, we also may permit certain third-party companies to help us tailor and serve advertising that we think may be of interest to users and to collect and use other data about user activities on our Platform and Marketing Materials. These companies may deliver ads that might also place cookies, and related technologies as described above, and otherwise track user behaviour. This means we will continue to show ads to you across the internet, specifically, but not limited to, on the Google Content Network (GCN). As always, we respect your privacy and are not collecting any identifiable information through the use of Google’s or any other 3rd party remarketing system. You can opt- out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Preferences Manager.

6. Links to third party sites, services and content

6.1. In addition to the services that we operate and provide access to directly, which we control, we also use and provide links to websites which are controlled by third parties, which may include:

Twitter, LinkedIn and YouTube, where we have certain FitForm accounts and profiles

Facebook, where we have a social page

Websites, social media platforms, online portals or other online forums operated by or on behalf our clients or third-party suppliers.

6.2. If you use or follow a link to any of these third-party providers, please be aware that these third party operated sites or other online destinations have their own privacy policies and that we cannot accept any responsibility for their use of information about you.

6.3. Our services may include integrated content or links to content provided by third parties (such as video materials). This Privacy Policy does not address the privacy, security, or other practices of the third parties that provide such content.

6.4. We engage third parties that support the operation of our services, such as analytics providers. These third parties may use technologies to track your online activities over time and across different websites and online platforms. Please see section 4 (Use of “cookies” or other web tracking systems) above for more information.

7. Use of Personal Information

7.1. We collect, use, hold and disclose your personal information for purposes reasonably necessary for or related to one or more of our functions or activities. Such purposes include:

(a) to provide and administer our products and services, including to send digital marketing material on behalf of ourselves or third-party suppliers, including marketing emails, posts on social media platforms or display advertising;

(b) to provide customer support and respond to questions, queries, requests for information and applications;

(c) to operate our competitions and promotions including determining entry eligibility, awarding prizes and publishing or otherwise making available a list of prize winners;

(d)to conduct marketing and advertising activities, including displaying content on our Platform and Marketing Materials and serving display advertising on third party websites;

(e) to provide information about our products and services, including through distributing newsletters and other communication on information about us and our related services and your use of our services;

(f) to develop and improve our products and services, including our Platform and Marketing Materials and to provide a more personalized service;

(g) to analyse the effectiveness and optimize the performance of any specific marketing campaign we undertake, including on behalf of our clients;

(h) to create aggregated, de-identified profiling data, by combining your personal information with information from other users of our Platform or Marketing Materials including statistical and analytical data;

(i) to undertake re-marketing and to permit third-party suppliers to undertake re-marketing as specified in section 5 of this Privacy Policy; and

(j) to manage and carry out our business and operational functions, including business decisions and technical operations.

7.2. In addition to the matters set out at the paragraph above, we may collect, hold and use your personal information:

(a) when you give us express consent to do so;

(b) for purposes related to the reason for which you gave us the personal information that are in the legitimate business interests of us or of our clients, but only if you would reasonably expect us to use it for those purposes; and

(c) as otherwise permitted or required by or under any law, including to comply with any court order, law or legal process, including to respond to any government or regulatory request.

7.3. If at any time we intend to change the purpose for which we hold your personal information, for example to offer you with a complimentary service that we may provide in the future, we will give you prior information of that new purpose so you are aware of this.

7.4. We will take all reasonable steps to destroy or permanently de- identify personal information if we no longer need it for any purpose for which we have collected, used or disclosed your personal information in accordance with our Data Disposal and Retention Policy and applicable laws.

8. Direct Marketing

8.1. We will not send any direct marketing to you unless you have opted-in to receive direct marketing communications from us, our clients or our third party suppliers or we are or we are able to rely on another lawful basis for contacting you in accordance with section 4, including for our legitimate interests or those of our third-party suppliers. If we do send you direct marketing information:

(a) such direct marketing will generally be sent on behalf of us or our third party suppliers; and

(b) we will also give you the opportunity to opt-out of receiving any further direct marketing information from us.

8.2. Every time that we send emails or other materials for marketing or promotional purposes, our communications will contain instructions on how you may opt out of receiving direct marketing.

8.3. You can also opt out of receiving direct marketing from us by contacting our Privacy Officer, details below.

9. Disclosure of Personal Information

9.1. We may, in providing our services and operating our business, allow access to your personal information to the different entities within FitForm‘s group for our internal administrative purposes such as billing, promoting our events and services, and providing you or your organisation with services, provided in all instances that such processing is consistent with section 4 (Legal basis for usage of personal information) and applicable law.

9.2. In order to carry out our services, we may disclose your personal information:

(a) to our clients and our third-party suppliers to analyse the effectiveness and optimize the performance of a marketing campaign, provide information to you, draw a prize, or validate a sale;

(b) where we deem reasonably necessary to provide you with the services that you have required at any particular time in order to help us deliver, administer, host and support our functions and activities,including to help maintain our Platform, Marketing Materials and corresponding databases, conducting data analysis, serving advertising, providing IT services, data processing, storage and back up and telemarketing services;

(c) toabuyerorothersuccessorintheeventofamerger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Platform and Marketing Materials is among the assets transferred;

(d) in circumstances where you have given us your consent to do so, whether pursuant to this Privacy Policy or otherwise; or

(e) in circumstances permitted or required by or under any law.

9.3. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only to fulfil the service they provide you on FitForm’s behalf. When such third parties no longer need your personal information to fulfil this service, they will dispose of such details in line with FitForm’s procedures unless they are themselves under a legal obligation to retain information (provided that this will be in accordance with applicable data privacy laws). If we wish to pass your sensitive personal information onto a third party we will only do so once we have obtained your consent, unless we are legally required to do otherwise.

9.4. We also provide anonymous statistical information about users of our Platform, Marketing Materials and related usage information to our clients, where no personal information is included in such disclosure.

10. International Transfers

10.1. Where you are submitting personal information from within the European Economic Area (“EEA”), such information may be transferred to countries outside the EEA.

10.2. By way of example, some of the third parties we disclose your personal information to may be based or have servers located overseas outside of the EEA in various countries, including the United States. Before we disclose your information to our overseas recipients, we will take all reasonable steps to ensure that your information is only used for authorised purposes, in a manner that is consistent with our Privacy Policy and adequately protected using the appropriate technical, organizational, contractual or other lawful means. You consent to us disclosing your personal information to overseas recipients on this basis.

11. Security

11.1. We take the security of your personal information seriously and we take reasonable steps to ensure that all Personal Information we collect or use:

(a) is stored in a secure environment;

(b) is safeguarded from misuse, interference, loss and unauthorized access, modification or disclosure; and

(c) is accessed only by authorized personnel for permitted purposes.

11.2. We have implemented procedures to safeguard the security and confidentiality of your personal information such as electronic and physical restrictions to files containing personal information and ensuring encryption of personal information sent and received. Whilst we continually strive to ensure that our systems and controls are updated to reflect technological changes, the transmission of information via the internet is not completely secure and as such we cannot guarantee the security of your data transmitted to us online, which is at your own risk.

11.3. If you communicate with us using a non-secure web platform, you assume the risks that such communications between us are intercepted, not received, delayed, corrupted or are received by persons other than the intended recipient.

11.4. You can help to keep your information secure by ensuring that any user name or password in relation to our services is kept strictly personal to you and not be made available to any other person. You should stop using your username and password and notify us immediately if you suspect that someone else may be using your user details or password.

11.5. Once your personal information is no longer required by us, including under any contractual or legal requirement, we will take all reasonable steps to ensure that it is either destroyed or de-identified in a secure manner and in accordance with our Data Disposal and Retention Policy and our legal and regulatory obligations.

12. Your Rights

12.1. It is important to us that the information we hold about you is up- to-date, accurate and complete, and we will try to confirm your details through our communications with you and promptly add updated or new personal information to existing records when we are advised.

12.2. Where you have consented to the processing of your personal information (either directly through consent provided to us, or indirectly by way of consent to our clients or third party suppliers), you can at any time withdraw such consent and/or tell us not to contact you with updates and information regarding the products and services (or part of them) that we, our clients or third party suppliers offer, either at the point such information is collected, (by leaving the relevant box unticked where applicable) or, where you do not wish us to continue to use your information in this way, by following the unsubscribe instructions on any communications sent to you. Please note that where you withdraw your consent we will no longer be able to provide you with the services that rely on having your consent. You can also exercise this right at any time by contacting us using the contact details at the end of this Privacy Policy.

12.3. Please contact our Privacy Officer, via the contact details below, if you:

(a) wish to access the personal information which we hold about you;

(c) wish to request the removal of personal information about you from our records;

(d) wish to request the portability of your personal information that you have provided to us in a structured, commonly used and machine- readable format; or

(e) wish to object to, or request the restriction of, our use of your personal information.

12.4. After verifying your identity, we will generally provide you with access to your personal information if practicable and will take reasonable steps to amend any personal information about you which is inaccurate or outdated. In some circumstances and in accordance with the data privacy laws, we may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will provide you with reasons for this decision unless we have a legally permitted reason not do to so.

13. Complaints

(a) wish to modify, correct or update the personal information which we hold about you;

13.1. We take your complaints seriously and we will attempt to resolve any issues quickly and fairly. If you think that an act or practice has interfered with your privacy in relation to your personal information, you can contact us using the details below. If you make a privacy complaint, we will respond to let you know how your complaint will be handled. We may ask you for further details, consult with other parties and keep records regarding your complaint.

13.2. Within 7 days of receiving a complaint the Privacy Officer will seek to contact you to confirm that we have commenced an investigation, and we will endeavour to complete our investigation within 30 days of the complaint being made. We will let you know the outcome of our investigation once it is complete, including any actions that we will take to address your complaint.

13.3. If you believe that your complaint has not been satisfactorily addressed by us, you may submit a complaint to the Information Commissioners Office, details of which can be found at https://ico.org.uk/global/contact-us.

14. Status of this Policy

Your provision of personal information to us or to our clients or third- party suppliers for whom we are providing services, use or engagement with our services; and/or access to our Platform or Marketing Materials constitute your acceptance of the terms of this Privacy Policy.

We may need to revise or update this Privacy Policy when our information handling practices change, as technologies and information governance practices develop, and data privacy laws (and surrounding guidance) evolve, or when required. Any revised Privacy Policy will take effect when it is published on our website and, if the changes are significant or may materially impact upon your rights, we will provide a more prominent policy or contact you by other means, but in any event your continued use of our website or services will constitute your consent to those changes.

15. Contact Details

If you require any further information or have any questions or comments about this Privacy Policy or if you wish to access your personal information or make a written complaint about our handling of your personal information, please contact our Privacy Officer via any of the following means:

Email: [email protected]