Data Protection
GENERAL
This policy statement (the “Data Protection
Policy”) provides information on the obligations, practices and policies
of CWC Traing Ltd t/a LC Fitness., its subsidiaries, affiliates,
representatives, and related companies (“Company”) in relation to data
protection and data privacy.
For enquiries around our Data Protection Policy or should
you have any complaints regarding data protection issues, please e-mail us at dataprotection@lcfitness.net
COLLECTION OF PERSONAL DATA
The Company’s officers, management and members of staff
shall, at all times, respect the confidentiality of, and endeavour to
safeguard, personal data collected, used, disclosed and/or transferred by, or
on behalf of, the Company.
The Company takes reasonable measures to ensure all
collection, use, disclosure and/or transfer of personal data by the Company
shall be done in an appropriate manner for customer membership and other
reasonable internal purposes.
Individuals who provide personal data to the Company will be
informed in writing as soon as reasonably practicable of the following:
a)
that their personal data is being
processed;
b)
the purposes for which their personal
data is collected and further processed;
c)
any information available to the
Company as to the source of that personal data;
d)
the individual’s right to request
access to and to request correction of their personal data, and how to contact
the Company with any inquiries or complaints;
e)
the class of third parties to whom
their personal data is disclosed;
f)
the choices and means the Company
offers for limiting the processing of their personal data;
g)
whether it is obligatory or voluntary
for such individual to supply their personal data; and
h)
the consequences arising from a failure
to supply their personal data where it is obligatory for the individual to
supply such personal data to the Company.
WHAT KIND OF PERSONAL DATA DO WE COLLECT?
For the purpose of carrying on the Company’s business,
including registration and administration of your membership with the club and
the provisions by the Company of related products and services (including any
relevant online services), you may be requested to provide personal data such
as, but not limited to, the following, without which it may not be possible to
register your membership or provide products or services to satisfy your
request:
a)
your name;
b)
your correspondence and/or billing
address;
c)
payment details, such as credit card
and banking information;
d)
contact details, such as your name,
telephone number and/or email address;
e)
your date of birth;
f)
your medical history; and
g)
your image taken at our premises with a
camera for visual identification.
In addition, the Company may require other optional
additional personal information from you in order to personally tailor our
services to fit your individual needs. Such personal information may include:
a)
your gender;
b)
your salary range and employment
details;
c)
your education and profession;
d)
your hobbies and leisure activities;
e)
other related products and services you
subscribe to; and
f)
your family and household demographics;
g)
how often and when you visit the club
The Company may engage other companies or individuals to
assist us in providing our services, or to provide certain services such as
analysing customer lists, providing marketing assistance or other third party
consulting services. These third parties may have access to information needed
to perform their function but cannot use that information for other purposes.
ACCURACY OF PERSONAL DATA
·
Customers who provide the Company with
personal data will be asked to confirm that their personal data provided is
accurate.
·
In addition, the Company will endeavour
to verify data provided using generally accepted practices and guidelines,
which includes checking data provided against pre-existing data held by the
Company. In some cases, the Company will ask to see original documentation in
relation to personal data such as personal identification cards.
ACCESS AND CORRECTION OF PERSONAL DATA
Individuals have the right to:
·
check whether the Company holds any
personal data relating to them and, if so, obtain copies of such data; and
·
require the Company to correct any
personal data relating to them if the individual knows that their personal data
as held by the Company is inaccurate, incomplete, misleading and/or not
up-to-date.
However, the Company will not deal with access or correction
requests from individuals which are frivolous, vexatious or unreasonable.
Where an individual legitimately requests access to and/or
correction of personal data relating to the individual held by the Company, the
Company shall endeavour to provide and/or correct such data within in an
appropriate time and in an appropriate manner.
STORAGE, SECURITY AND RETENTION OF PERSONAL DATA
The Company endeavours to take all reasonable steps to keep
secure any personal data. These include physical measures such as storing in
locked areas or containers customer information which are contained in physical
hardcopy documents, and technological measures such as ensuring that digital
information is stored on secure servers. For Indonesia-related electronic
transactions, the relevant data will be stored within Indonesia.
Computer data is stored on computer systems and storage
media to which access is strictly controlled and/or are located within
restricted areas. Access to records and data without appropriate authorisation
is strictly prohibited and access to such personal data is only granted where
there is a business need to do so. Company records are under the control of
assigned information officers who are responsible to ensure the transfer of or
access to information is legitimate. [Encryption technology, such as SSL (i.e.
secure sockets layer), may be employed for the transmission of data collected
online.
The Company’s employees and data processors are obliged to
respect the confidentiality of any personal data held by the Company. However,
security of communications over the internet cannot be guaranteed, and the
Company will not be held responsible for events arising from unauthorised
access to personal data.
The Company will use reasonable endeavours to destroy or
permanently delete any personal data when it is no longer necessary to fulfil
the original purpose for which such personal data was collected, unless such
personal data must be retained to satisfy any applicable statutory or
contractual obligations or there is otherwise a business purpose to retain such
personal data.
The Company will endeavour inform you in writing of a
failure in relation to the protection of confidential personal data.
DISCLOSURE OF PERSONAL DATA
All personal data held by the Company will be kept
confidential but the Company may, where such disclosure is necessary to satisfy
the purpose(s), or reasonably related purpose(s) for which such data was collected,
provide such information to the following parties:
·
any subsidiaries, holding companies,
associated companies, or affiliates of, or companies controlled by, or under
common control with the Company;
·
any person or company who is acting for
or on behalf of the Company, or jointly with the Company, in respect of the
purpose(s) or reasonably related purpose(s) for which such data was provided;
·
any other person or company who has
undertaken to provide a comparable standard of protection as that provided by
the Company with respect to such data, provided such person or company has a
legitimate right to such information; and
·
any financial institutions, charge or
credit card issuing companies, credit information or reference bureaux, or
collection agencies necessary to establish and support the payment of any
services being requested.
Personal data may also be disclosed to any person or persons
that have a right under any applicable law to gain access to such information
provided they are able to prove their authority to access such information.
TRANSFER OF PERSONAL DATA OVERSEAS
At times it may be necessary and/or prudent for the Company
to transfer certain personal data to places outside of the country where such
personal data was collected in order to carry out the purposes, or reasonably
related purposes, for which such personal data were collected. Where such a
transfer is performed, the transferred personal data will be afforded a
comparable level of protection as set out within this Data Protection Policy
and in any event will be in accordance with the requirements set out under
applicable law.
DIRECT MARKETING
The Company will only send promotional and other direct
marketing materials in accordance with all applicable laws. Customers can
withdraw consent to receiving marketing materials by informing the Company or
reaching out to the Company’s data protection officer at dataprotection@lcfitness.net
COOKIES AND LINKS TO OTHER WEB SITES
Some of the Company’s websites may place a
“cookie” on your machine. Such cookies may be used to provide
personalised services and/or maintain your identity across multiple pages
within or across one or more sessions. This information may include, but is not
limited to, relevant login and authentication details as well as information
relating to your activities and preferences across the Company’s websites.
The Company may also provide links to web sites outside of
its own websites. These linked sites are not under the control of the Company,
and the Company is not responsible for the conduct of persons, companies or
entities linked to the Company’s website, nor for the performance or otherwise
of any content and/or software contained in such external websites.
CHANGES TO THE POLICY
The Company reserve the right to alter any of the provisions
contained in this Data Protection Policy for compliance with relevant local
legislation, to meet its global policy requirements, and for any other purpose
deemed necessary by the Company.