We are committed to protecting your privacy as a user (referred to as "User", "you" or "your"), and we take our responsibility regarding the security of your Personal Data (defined below) very seriously. We will be clear and transparent about the Personal Data we are collecting and what we will do with that Personal Data.
- the types of Personal Data we collect on the Strong Curves App website www.strongcurvesapp.com, blog, online shop and membership web app or one of our other products or services, all of which are part of Strong Curves platform (the "Platform") and how we collect it;
- how we hold and use the information, including to provide promotional materials and advertisements that have been tailored to you based on the Personal Data that you have provided;
- with whom we may share it;
- the choices available to you regarding our use of your information;
- the measures we take to protect the security of the information; and
- how you can contact us about our privacy practices.
- Who is responsible for processing your Personal Data?
Shelley Darlington Pty Ltd (ABN 19640661203) and its affiliates (referred to as, "we", "us" or "our") is the “data controller” (i.e. the organisation responsible) for all Personal Data that is collected and used our customers for the purposes of data privacy laws, principles and regulations which may apply to you (including the Privacy Act 1988 (Cth)("Privacy Act"), the applicable Australian Privacy Principles under the Privacy Act, and the European General Data Protection Regulation ("GDPR")) (collectively, "Data Privacy Law").
- What Personal Data do we collect (including by automated means)?
We may ask for and collect your Personal Data (either directly through your use of the Platform or when you communicate with us in any other way, or indirectly through our third party partners or providers) in a number of ways to provide you with the products or services that you request – please refer to Section 3 below for more information on how we use your Personal Data. "Personal Data" has the meaning given in the Data Privacy Law applicable to you, and includes any information or opinion relating to you which allows us to identify you, such as your name, phone number, social media name or ‘handle’, postal address, email address, details of products or services you have purchased, payment details and information about your access to our website. Specifically, we may (either directly or indirectly) collect the following categories of Personal Data:
- first and last names, email address and date of birth (these are mandatory information which we require when opening a user account on the Platform ("User Account"));
- other information such as country of residence and gender, home address and telephone number;
- medical conditions or requirements, and dietary preferences, as well as data on your physical characteristics (e.g. weight, height and body measurements such as stride length and apparel size to the extent you choose to enter these on the Platform);
- information you provide about yourself and any preferences in your User Account;
- information about yourself which you choose to post or share on the Platform;
- information about your use of the Platform;
- communications with us or directed to us via letters, emails, chat services, calls, and social media;
- where you have selected particular services or features on the Platform (e.g. scheduling your workouts, sharing your fitness activities with friends through social media platforms), your photos, audio, contacts and calendar information, as well as your social network information (including credentials and any information from your public posts about Shelley Darlington or Strong Curves or your communications with us); and
- your location where the IP address of your computer or device is used to determine your geographic location so that we can customise your experience on the Platform (e.g. language settings);
Personal details including about your nationality or physical or mental health are considered “sensitive” personal data under applicable Data Privacy Law. We will process any such data only if you have given your explicit consent, or it is necessary (for instance if you request special assistance), or otherwise in compliance with applicable Data Privacy Law. Children – Users must be of legal age in their respective countries and not under 16 years old, or you must have consent from your parent or guardian. Individuals are not allowed to sign up for a User Account on the Platform without verifying that they are 16 years or older. If you are a parent or legal guardian of a child who is under 16 years old who you believe has provided Personal Data to the Platform, please contact us at the details in Section 9 if you want to exercise any of the rights available under applicable Data Privacy Law as set out in Section 6 below.
- Why and how do we use your Personal Data?
Your Personal Data may be used for the following purposes:
- 3.1 Provide features of the Platform and the products and services you request:
- to create and set up your User Account;
- to fulfil any orders for products that you place on the Platform, including to communicate with you about the orders and to process information for our internal accounting, billing and audit purposes;
- if you use the Platform to track your fitness activity, we will collect and store this information so that you can review it on the Platform and track your progress. We may also use this information to calculate further information about your activity so that this can be provided to you as part of the functionality of the Platform; and
- 3.2 Communicate information about our products and services and for other promotional purposes:
With your consent, or as otherwise permitted by applicable Data Privacy Law, we will use your Personal Data to provide information that we believe is of interest to you, prior to, during, and after your interactions with us, including marketing communications and news concerning our products, services, events and other promotions. You can opt-out at any time after you have given your consent to such communications. In providing tailored promotional materials to you, Shelley Darlington Pty Ltd may use the personal information collected through your use of the Platform, such as the user preferences you set and profile data you submit, any fitness activity data generated through your use of the Platform, and any medical conditions or dietary preferences that you have identified to us.
- 3.3 Customer service communications:
we use your data to manage our relationship with you as our customer and to improve our services and enhance your experience with us (e.g. to respond to your inquiries when you reach out to us). From time to time, we may also conduct customer surveys to gauge satisfaction with our Platform and the services and products that we provide.
- 3.4 Administrative or legal purposes:
We use your Personal Data to operate our business, including for statistical and marketing analysis, systems testing and to diagnose technical and service problems, maintenance and development of our Platform, or in order to deal with a dispute or claim. We may also perform data analysis based on the data we collect from you for statistical and marketing analysis purposes – for example, we may use information about how users of our Platform search for and find specific workouts to better understand the best ways to organise and present the content that we offer.
- 3.5 Security, health, administrative, crime prevention/detection and legal purposes:
We may use your Personal Data to verify your information and identity, and to protect against, identify and prevent fraud and other unlawful activities. We may also share your Personal Data with government authorities or enforcement bodies for compliance with legal requirements, or as otherwise required or permitted by applicable Data Privacy Law.
- 3.6 Other purposes:
- to comply with a legal obligation;
- if it is in our legitimate interests to do so as a business (e.g. for administrative purposes) and to improve the functionality of our Platform;
- where you have consented to our using your personal data (e.g. for marketing related uses); and
- to protect your vital interests or those of another person (e.g. in case of a medical emergency).
- How do we protect and manage your Personal Data (including international transfers and retention periods)?
- 4.1 Encryption and security
We follow strict security procedures in the storage and disclosure of your Personal Data, which are designed to protect it against misuse, unauthorised access, modification or disclosure and accidental loss, destruction or damage. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard method of encrypting personal information and credit card details so that they can be securely transferred over the internet.
- 4.2 International transfers of your Personal Data
- 4.3 Retention of your Personal Data
We will not retain your data for longer than is necessary to fulfil the purposes for which it is being processed. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means. We also consider the periods for which we might need to retain personal data in order to meet our legal obligations, or to deal with complaints and queries, and to protect our legal rights in the event of a claim being made.
In general, this means that we will likely keep your Personal Data for as long as your User Account is open. Following closure of your User Account, however, we may still retain a limited portion of your Personal Data so that we can maintain a continuous relationship with you if and when we are in contact with you again, and to comply with our internal processes and any legal obligations. When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
- Who do we share your Personal Data with?
- other members within Shelley Darlington Pty Ltd;
- where you have selected particular services or features on the Platform (e.g. scheduling your workouts, sharing your fitness activities with friends through social media platforms), other Users of the Platform;
- third party social media platforms in various circumstances, including where
- you are able to access third party social media services through our Platform or before coming to our Platform;
- we use social media plugins on our Platform (e.g. a “share” or “like” button), and your use of these plug-ins, may result in the disclosure of certain of your information to the social media platform in question, and possibly presented on your social media profile, to be shared with others in your network – however, we will only share your Personal Data with these social media platforms if you have provided your express consent for us to do so.
- other companies, contractors or agents that assist us in providing services to you, including our online e-commerce platform that allows us to sell and deliver our products and services to you (which may include SendOwl), support ticketing, legal services, debt collection, administration services, customer services and information technology support;
- only where you have provided consent, other companies, contractors or agents in connection with our marketing efforts, or marketing platform providers (ConverterKit);
- government authorities, law enforcement bodies and regulators for compliance with legal requirements, or where otherwise required by applicable Data Privacy Law; and
- our legal and other professional advisers in order to enforce our legal rights in relation to our contract with you.
We may also transfer your Personal Data to potential buyers in the event that we sell or transfer all of a part of our business or assets (including in the event of a reorganization or dissolution / liquidation), under strict non-disclosure restrictions, and solely in order to allow a buyer to determine whether to proceed with the transaction, or where such a determination is made, to complete it.
- Your Rights and Choices
- 6.1 Under certain circumstances, by applicable Data Privacy Law you may have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it;
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see (e) below);
- Object to processingof your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you;
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format; and
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another proper and legitimate basis for doing so.
- 6.2 If you wish to exercise your rights related to your Personal Data (including the rights set out above), please contact email@example.com.
- 6.3 While you will generally not be required to pay a fee to access your Personal Data or to exercise any of your other statutory rights, where permitted by applicable Data Privacy Law, we may charge a reasonable fee if your request for access would require an exceptional amount of effort, or may decline to comply with frivolous or vexatious requests.
- 6.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it and to prevent unauthorised modification of your personal information.
- 6.5 You also have the right to lodge a complaint about our processing of your Personal Data with the body regulating data protection in the country or state / province in which you live.
- Links to other websites
Our Platform may provide links to other websites for your convenience and information. These websites may operate independently from us. If you visit any website linked to our Platform, you are subject that website’s own privacy policies. Linked websites may have their own privacy notices or policies, which we strongly suggest you review. To the extent any linked websites are not owned or controlled by us, we are not responsible for their content, any use of the websites, or the privacy practices of the websites.
- How to contact us?
- 1.1 Section 3.6 (Other purposes) is replaced with the following:
"We may also collect, use and disclose your Personal Data in other ways, and where we do so, we will obtain your further consent.
We may also collect, use and disclose your personal information without your consent, as required or permitted by applicable Data Privacy Law, such as to use or disclose your Personal Data in the case of an emergency that threatens the life, health or security of you or another individual."
- 1.2 Section 4.2 (International transfers of your Personal Data) is replaced with the following:
- CALIFORNIA, UNITED STATES OF AMERICA
- 2.1 The provisions in this paragraph 2 of the Additional Terms are intended to fulfil the requirements of the California Consumer Privacy Act ("CCPA") and shall apply to Users who are resident in California.
- identifiers and personal information categories referenced in applicable California law (first and last names, email address, home address, telephone number, where you have selected particular services or features on the Platform, social network information);
- protected classification characteristics under California or US federal law (age, gender, country of residence, medical conditions or requirements);
- commercial information (information about your purchases of products and services from us or our third party partners who may provide or promote their own products or services through the Platform);
- biometric information (physical characteristics such as weight, height, and body measurements such as stride length and apparel size) to the extent you choose to enter these on the Platform;
- internet or other similar network activity (information about your use of the Platform and your IP address;
- geo-location data where the IP address of your computer or device is used to determine your geographic location so that we can customise your experience on the Platform (e.g. language settings); and
- audio, electronic, visual, thermal, olfactory, or similar information (e.g. your photos and audio where you have selected particular services or features on the Platform); and
- inferences drawn from other Personal Data (dietary preferences, information you provide about yourself and any preferences in your User Account, communications with us or directed to us via letters, emails, chat services, calls, and social media, fitness activity data provided by you on the Platform;
- 2.5 In the last 12 months, we have disclosed to third parties all of the categories of Personal Data listed in paragraph 2.3 above for a business purpose.
- 2.6 For the preceding twelve (12) months, we have not sold your Personal Data to third parties.
- 2.7 Additional rights under the CCPA
- Access: Once we receive and confirm your verifiable consumer request, we will disclose the following to you:
- the categories of your Personal Data and the specific Personal Data that we have collected;
- the categories of sources from which your Personal Data was collected;
- our business or commercial purpose for collecting your Personal Data; and
- the categories of third parties with whom we share your Personal Data, and where such third parties received your Personal Data from us for a business purpose, the categories of your Personal Data that we disclosed to such third parties;
- Under the CCPA, you are only entitled to exercise the Personal Data access right set out in this paragraph 2.7(a)(i) twice a year.
- Deletion: Once we receive and confirm your verifiable consumer request, we will (and will direct our service providers to whom we have disclosed your Personal Data to) delete your Personal Data unless an exception under the CCPA applies.
- The rights set out in paragraph 2.7(a) do not apply to Personal Data collected from Shelley Darlington Pty Ltd's employees as part of their employment with Shelley Darlington Pty Ltd or Personal Data collected as part of a business-to-business transaction.
- To exercise any of the rights set out in paragraph 2.7(a), please contact firstname.lastname@example.org.
- 2.9 We will not discriminate against you for exercising any of your rights under the CCPA. Specifically, unless permitted by the CCPA, we will not:
- deny you access to goods and/or services provided by us on the Platform;
- charge you different prices or rates for the goods and/or services provided by us on the Platform, or imposing penalties on you;
- provide you with a different level or quality of goods and/or services than otherwise generally provided by us on the Platform; or
- suggest that you will receive a different price or rate for, or a different level or quality of, the goods and/or services generally provided by us on the Platform.