GymMaster Privacy Policy

Here at GymMaster, we take your privacy seriously. This privacy policy is here to ensure that we are giving you a clear understanding of how we treat personal information collected by facilities and their members. By using our website, app and services, you consent to the terms of this policy and agree to be bound by it.

Name and address of the controller

Controller for the purposes of General Data Protection Regulation (GDPR) and other provisions related to data protection is:

Treshna Enterprises

EPIC Innovation

78-106 Manchester Street

Christchurch 8011

New Zealand

Phone: -64 3 974 9169

Email: data.officer@gymmastersoftware.com

Website: www.gymmastersoftware.com

Cookies & Google Analytics

Cookies are text files placed on your computer to help us analyse how users use our site. A cookie is a small data file able to track the online movements of an individual, and distinguish between different users. Our website uses session cookies to ensure that you have a good user experience.

You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies.

We use Google Analytics to help us to understand how you make use of our content and work out how we can make things better. These cookies follow your progress through our website, collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. This data is then stored by Google in order to create reports. These cookies do not store your personal data.

The information generated by the cookie about your use of the website, including your IP address, may be transmitted to and stored by Google on servers in the United States. Google may use this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

The Google website contains further information about Analytics and a copy of Google's privacy policy pages.

GymMaster collects personal information.

GymMaster is a membership management system that provides gym and and health club facilities a simple and effective way of managing their business, amenities, and members.

This service involves storing data about a company or individual. This data can include personal information. "Personal Information" is information about an identifiable individual, and may include information such as an individual's, name, address, telephone number, email address, location, and login information.

GymMaster collects, holds and uses personal information for limited purposes.

GymMaster collects personal information so that we can provide you with services. In doing so, GymMaster may use the personal information we have collected for purposes related to the services including to:

All passwords are non-reversibly encrypted. However it is your responsibility to keep your password to the service safe and secure. You should change your password immediately should you become aware of any misuse of your password using the "Forgot Password" process.

GymMaster may receive personal information from you about others.

Facilities that use GymMaster may provide personal information about other individuals. It is the facility's responsibility to ensure they are authorized to disclose that information with GymMaster and that, without GymMaster taking any further steps required by applicable data protection or privacy laws, GymMaster may collect, use and disclose such information for the purposes described in this policy.

GymMaster does not store credit card information

GymMaster does not store credit card information. Should you choose to enter your credit card information for your membership, your credit card details are encrypted and securely sent over a connection directly to the facility's billing provider.

GymMaster only stores bank account information in the instance of the facility opting to do manual billing. The vast majority of facility billing is done automatically, in which case bank account information is encrypted and securely sent over a connection directly to the facility's billing provider.

GymMaster discloses your personal information to your fitness provider.

Besides our staff, we share this information with your facility in order to update your bookings and personal details in their system.

Any information collected from our users will not be sold, shared, or rented to others in ways different from what is disclosed in this privacy statement.

You can choose not to share your personal information with GymMaster, but it may mean that we are unable to provide you with the service.

GymMaster holds your personal information on servers located across the world.

GymMaster stores your data on a server close to you. We use top tier, third party data hosting providers in The United States, Singapore, Australia, and Germany.

GymMaster takes steps to protect your personal information.

GymMaster is committed to protecting the security of your personal information and we take reasonable precautions to protect it from unauthorised access, modification or disclosure.

However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information to the service within a secure environment (look for https:// at the beginning of the URL)

Rights of the data subject

Please refer to our document What we're doing to conform to GDPR Requirements for a specific list of changes being made to our system.

  1. Right of confirmation

You have the rights to obtain the confirmation of whether or not personal data concerning you are being processed. Should you wish to avail yourself of the rights of confirmation, please contact any member of our support staff by emailing support@gymmastersoftware.com

  1. Right of access

Each data subject shall have the right granted by the European legislator to obtain free information about his or her personal data stored at any time. Furthermore, the European directives and regulations grant the data subject access to the following information:

  1. Right to rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of processing, the data subject shall have the right to have incomplete data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, they can at any time contact our support staff.

  1. Right to be forgotten

Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by Treshna Enterprises, he or she may at any time contact our Data Protection Officer or another employee of the controller. The Data Protection Officer of Treshna Enterprises or another employee shall promptly ensure that the erasure request is complied with immediately.

  1. Right of restriction of processing

Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by Treshna Enterprises, he or she may at any time contact our Data Protection Officer or another employee of the controller. The Data Protection Officer of Treshna Enterprises or another employee will arrange the restriction of the processing.

  1. Right of data portability

Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact the Data Protection Officer designated by Treshna Enterprises or another employee.

  1. Right to object

Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

Treshna Enterprises shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If Treshna Enterprises processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Treshna Enterprises to the processing for direct marketing purposes, the gfgdh will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by Treshna Enterprises for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may directly contact the Data Protection Officer of Treshna Enterprises or another employee. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications.

  1. Right to withdraw data protection consent

Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may at any time directly contact our Data Protection Officer of Treshna Enterprises or another employee of the controller.

The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and the shareholders.

Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

This policy may be updated at any time.

We retain the right to amend this privacy statement at any time.