Policy Statement
We recognise that the we collect valuable and sensitive information from our clients, that is needed for the purposes of conducting business in a safe and efficient manner. We understand that this information must be treated sensitively and be protected from various forms or misuse or loss.
This policy aims to ensure that the personal and sensitive information of all clients is protected from unauthorised use, disclosure, access, theft or loss according to the requirements of the national privacy laws.
Scope
This policy applies to all CrossFit Revelation staff including contractors and management, during their engagement with CrossFit Revelation. It outlines the key principles and expected standards of behaviour in relation to employees and contractors at CrossFit Revelation and their access to and use of client’s personal and sensitive information, including risk management strategies and reporting procedures.
Principles
The following principles underpin this policy:
- Information protection is the duty of all coaches, contractors, managers and staff at CrossFit Revelation
- All workers at CrossFit Revelation must adhere to the 10 Australian Privacy Principles (APPs).
Relevant Legislation
CrossFit Revelation recognises its obligation to comply with the following legislation:
- Privacy Act 1988 (Cth).
Key Definitions
- Australian Privacy Principles – The APPs are contained in schedule 1 of the Act and explain how personal information may be collected, used and protected in the course of doing business with a client.
- Personal information – According to the Act, refers to information relating to an individual, including an opinion, which may be provided to CrossFit Revelation as part of its sales quotation or order processing either in material form or not, and whether true or not. Such information may personally identify an individual or make the person’s identity reasonably apparent.
- The Act – Refers to the Privacy Act 1988 (Cth).
- Sensitive information – According to the Act, means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual practices, criminal record or health information.
- Worker – Meaning any manager, coach, contractor or other staff member at CrossFit Revelation.
Collection and Use of Information Procedure
CrossFit Revelation may require the collection of personal and sensitive information from individuals to enable it to provide safe and high-quality health and fitness products and services to its clients. The reasons for the collection of personal and sensitive information may include, but are not limited to:
- Responding to new/existing client enquiries
- Confirming membership
- Identifying health and physical conditions and injuries
- Writing individualised health and fitness programs
- Providing a fitness or nutrition coaching service
- Conducting body composition measurement activities.
CrossFit Revelation may collect and hold personal information, such as, but not limited to, full name of potential clients, home address, telephone numbers, email addresses, emergency contact details and payment/bank details. These details are collected for the purpose of providing CrossFit Revelation services to clients, and the selling and marketing of its products and range of services.
CrossFit Revelation may also use such information to apply marketing surveys and promote events or speciality programs. CrossFit Revelation will not disclose this information to any other organisation, nor will it send any information overseas for any purpose without the written consent from the information owner.
CrossFit Revelation may collect and hold sensitive information, such as, but not limited to, medical history and health goals. In the event that sensitive information is collected by CrossFit Revelation it will not be used for any purpose without the express permission of the individual. The collection, use and disclosure of information will be in accordance with the principles outlined in this policy document.
Storage, Access and Retention of Personal & Sensitive Information Procedure
- All personal and sensitive information collected by CrossFit Revelation will be retained as part of a database, which will be securely monitored and maintained by the Managing Director of CrossFit Revelation. The data will not be made available to a third party, unless it is legally required and verified, without the authority of the individual who provided the personal information.
- CrossFit Revelation will make available for inspection all personal and sensitive information, based on the information supplied by the individual, that it holds in relation to that individual, provided reasonable notice is given.
- In the event that any part of the personal information that the individual inspects is determined to be incorrect and requires alteration, then CrossFit Revelation will make such alteration in compliance with the corrected advice provided by the individual.
- CrossFit Revelation will take all reasonable steps to protect the security of the personal information that it holds. This includes appropriate measures to protect electronic materials and materials stored and generated in hard copy.
- Where information held by CrossFit Revelation is no longer required to be held, and the retention is not required by law, then CrossFit Revelation will destroy such personal information by secure means.
- Unfortunately, no website, database or server is fully secure, or “hacker proof.” CrossFit Revelation therefore cannot guarantee that your personal data will not be accessed and/or misused by the unauthorised acts of others. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- CrossFit Revelation cannot control dissemination of personal data you post on any CrossFit Revelation social media networking tools and you should have no expectation of privacy in such circumstances.