DATA PROTECTION NOTICE FOR CUSTOMERS
We at Alpha Fitness Pte Ltd (“AFPL”) respect the privacy and confidentiality of the personal data of our AFPL’s customers, associates, partners, visitors and other individuals whom we interact with in the course of providing our products and services. We are committed to implementing policies, practices and processes to safeguard the collection, use and disclosure of the personal data you provide us, in compliance with the Singapore Personal Data Protection Act (PDPA) 2012.
We have developed this Data Protection Notice to assist you in understanding how we collect, use, disclose, process, protect and retain your personal data that is in our possession.
1. How We Collect Your Personal Data
Personal data refers to any information that can uniquely identify an individual person either (a) on its own (e.g. NRIC No., FIN No.), or (b) when combined with other information (e.g. Full Name + Full Address).
We collect your personal data when you:
- participate in our programmes and assessments or purchase our products
- respond or subscribe to our mailing list, surveys, events or campaigns
- provide feedback to us on our quality of service or your user experience
- visit our websites or social media platforms and leave behind your contact information
- communicate with us online, via email or written correspondence including for job application purposes
2. Types of Personal Data We Collect About You
The types of personal data we collect about you include:
Your sign-up information (name, age, email address, photo, fitness records)
Your personal and contact information (such as name, date of birth, premises address, email address and mobile phone number) and employment related information in your resume for job application purposes
3. How We Use Your Personal Data
We use the personal data you provide us for one or more of the following purposes:
- Customer care and user account management
- Marketing, promotions and customer relationship management
- Respond to enquiries, update requests and feedback on user experience
- Carry out our obligations arising from any contracts entered into between you and us
- Comply with legal obligations and regulatory requirements
4. Who We Disclose Your Personal Data To
We disclose some of the personal data you provide us to the following entities or organisations outside AFPL in order to fulfil our services to you:
- Government Agencies & Regulatory Authorities such as Health Promotion Board
- Providers of Professional Services such as Auditors, Lawyers, Consultants, Insurers.
- Data Processing and Hosting Companies such as IT Service Providers, Webhosting Companies and Cloud Service Providers.
Where required to do so by law, we may disclose personal data about you to the relevant authorities or to law enforcement agencies.
5. How We Manage the Collection, Use and Disclosure of Your Personal Data
5.1 Obtaining Consent
Before we collect, use or disclose your personal data, we will notify you of the purpose why we are doing so. We will obtain written confirmation from you on your expressed consent. We will not collect more personal data than is necessary for the stated purpose. We will seek fresh consent from you if the original purpose for the collection, use or disclosure of your personal data has changed.
[Legitimate Interests: We may rely on the legitimate interests exception to consent in the following circumstances which are our organisation’s lawful interests. When we rely on this exception, we conduct an assessment as required under law and will provide such documented assessments to PDPC upon their request.]
5.2 Withdrawal of Consent
If you wish to withdraw consent, you should give us reasonable advance notice. We will advise you of the likely consequences of your withdrawal of consent, e.g. without your personal contact information we may not be able to inform you of our future events and product launches.
Your request for withdrawal of consent can take the form of an email or letter to us.
6. How We Ensure the Accuracy of Your Personal Data
We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete and kept up-to-date.
From time to time, we may do a data verification exercise for you to update us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us of any changes to your personal data (such as a change in your mailing address).
7. How We Protect Your Personal Data
We have implemented appropriate information security and technical measures (such as data encryption, firewalls and secure network protocols) to protect the personal data we hold about you against loss; misuse; destruction; unauthorised alteration/modification, access, disclosure; or similar risks.
We have also put in place reasonable and appropriate organisational measures to maintain the confidentiality and integrity of your personal data, and will only share your data with authorised persons on a ‘need to know’ basis.
8. How We Retain Your Personal Data
We have a document retention policy that keeps track of the retention schedules of the personal data you provide us, in paper or electronic forms. We will not retain any of your personal data when it is no longer needed for any business or legal purposes.
We will dispose of or destroy such documents containing your personal data in a proper and secure manner when the retention limit is reached.
9. How You Can Access and Make Correction to Your Personal Data
You may write in to us to find out what personal data about you that we have in our possession or under our control and how it may have been used and/or disclosed by us in the previous one year. Before we accede to your request, we may need to verify your identity by checking your NRIC or other legal identification document. We will respond to your request as soon as possible, or within 30 days from the date we receive your request. If we are unable to do so within the 30 days, we will let you know and give you an estimate of how much longer we require. We may also charge you a reasonable fee for the cost involved in processing your access request.
If you find that the personal data we hold about you is inaccurate, incomplete or not up-to-date you may ask us to correct the data. Where we are satisfied on reasonable grounds that a correction should be made, we will correct the data as soon as possible, or within 30 days from the date we receive your request.
10. How We Transfer Your Personal Data
If there is a need for us to transfer your personal data to another organisation outside of Singapore, we will ensure that the standard of data protection in the recipient country is comparable to that of Singapore’s PDPA. If this is not so, we will enter into a contractual agreement with the receiving party to accord similar levels of data protection as that in Singapore.
11. Use of Cookies and Tags
11.1 Use of Cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
How do we use cookies?
We use cookies in a range of ways to improve your experience on our website, including:
- Keeping you signed in
- Understanding how you use our website
What types of cookies we use?
There are several different types of cookies which our website uses:
Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
Google Analytics - We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available at: https://policies.google.com/privacy
How to Manage Cookies
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
11.2 Use of Tags
Tags are segments of code that are inserted onto our website to track user behavior. They may consist of technologies such as web beacons or tracking pixels. Tags can be grouped into two large categories:
- Statistical Tags
- Advertising Tags
We only employ tags of a statistical nature and do not use any marketing tags within our website.
Some of the tags we use set cookies which may collect data from our users in order to compile our statistics. For such tags, please refer to our section about cookies on how to manage them.
We also employ some tags that uses images or other similar mechanism to track certain browser behavior. You will not be unable to opt out of these, unless you blacklist all requests from Google.
About Google Tag Manager
Google Tag Manager is used on our website to manage these tags. Other than data in standard HTTP request logs, all statistics collected at Google is deleted within 14 days of being received.
Our Usage of Google Tag Manager
We do not use any 3rd party tags that are not provided by Google. We do not upload any data to Google Tag Manager that might be used to personally identify an individual (e.g. a name, email address or billing information). Information collected is anonymized and collected purely for statistical purpose. We only keep statistical reports, and do not make any backups of the raw data that Google Tag Manager collects on behalf of us.
12. Contacting Us
If you have any query or feedback regarding this Data Protection Notice, or any complaint you have relating to how we manage your personal data, you may contact our Data Protection Officer (DPO) at: dpo@alphafitness.com.sg
Any query or complaint should include, at least, the following details:
- Your full name and contact information
- Brief description of your query or complaint
We treat such queries and feedback seriously and will deal with them confidentially and within reasonable time.
13. Changes to this Data Protection Notice
We may update this Data Protection Notice from time to time. We will notify you of any changes by posting the latest Notice on our website. Please visit our website periodically to note any changes.
Changes to this Notice take effect when they are posted on our website.
