This policy statement provides information on the obligations and policies of Evolution Wellness Holdings Pte. Ltd., its subsidiaries, affiliates, and associated companies (the “Company”, “we” or “us”) in connection with its obligations under the Singapore Personal data Protection Act 2012 (“PDPA”)
If you, at any time, have any queries on this policy or any other queries in relation to how we may manage, protect and/or process your personal data, please do not hesitate to contact our Data Protection Officer (the “DPO”) at:
Data Protection Officer
Evolution Wellness Holdings Pte. Ltd.
Our Corporate Privacy
Statement of Practices
We will collect your personal data in accordance with the PDPA. We will notify you of the purposes for which your personal data may be collected, used, disclosed and/or processed, as well as obtain your consent for the collection, use, disclosure and/or processing of your personal data for the intended purposes, unless an exception under the law permits us to collect and process your personal data without your consent.
Types of Personal Data Collected :
For the purpose of carrying on the Company’s business, including registration and administration of the Company’s related products and services (including relevant online services), you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:
- Your name;
2. Correspondence address, and/or billing address;
3. Payment details, including credit card and banking information;
4. Contact details, including contact name and telephone number and email address;
5. Location-related data including IP address; and/or
5. Your image taken at our premises with a web cam (or like equipment) for visual identification
We may employ other companies or individuals to assist us in providing our services, or to provide certain services such as analysing customer lists, providing marketing assistance or consulting services. These third parties may have access to information needed to perform their function but cannot use that information for other purposes.
In some instances, you may also be requested to provide certain data that may be used to further improve our products and services and/or better tailor the type of information presented to you. In most cases, this type of data is optional although, where the requested service is a personalised service, or provision of a product or dependant on your providing all requested data, failure to provide the requested data may prevent us from providing the service to you. This type of data includes, but is not limited to:
- Your age;
3. Salary range and employment details;
4. Education and Profession;
5. Health condition, hobbies and leisure activities;
6. Other related products and services subscribed to; and
7. Family and household demographics.
Purpose for collection, use, disclosure and processing of personal data
- considering and/or processing your membership application with us, including to require you to fill in relevant forms which sets out your health and lifestyle to ascertain your fitness level at the point of application with us;
- facilitating and managing your membership with us, including, without limitation;
a) granting you access into the Company’s facilities and clubs according to the terms of your membership;
b) providing and arranging your personal training programmes and other fitness lessons provided by the Company;
c) providing you with service or club/facilities status updates;
d) administering your personal training and other training/fitness packages;
e) processing the payment of your membership fees and / or any other relevant charges that may be incurred by you;
f) operating the Company’s members’ database;
g) providing the services (such as fitness classes) you have purchase or requested;
h) providing you with any benefits as indicated by the terms of your membership, including to administer the relevant referral programs applicable to your membership;
i) making booking(s) for classes;
j) tracking your fitness levels with systems provided by us or our service providers;
k) providing you with a fitness evaluation where requested by you;
l) facilitating the payment and provision of private locker rentals;
m) where your image is captured on any of the Company’s club/facilities, to be used for publicity purposes;
- carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
- contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your membership with us such as but not limited to communicating information to you related to;
a) the status of your membership;
b) any service or club/facilities status updates;
c) reminders for appointment and/or sessions that you have booked with the Company, whether through email or a notification through one of our mobile applications;
d) outstanding payments or membership fees;
e) any of the purposes as indicated in paragraphs 1 and 2 above.
- carrying out due diligence or other screening in accordance with any legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us
- to prevent or investigate any fraud, unlawful activity or omission or misconduct, whether relating to your membership with us or any other matter arising from your membership with us, and whether or not there is any suspicion of the aforementioned;
- complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Singapore or elsewhere, with which we are expected to comply;
- complying with or as required by any request or direction of any governmental authority; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclosure your personal data to the aforementioned parties upon their request or direction;
- conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities in order to enhance your membership with us or for your benefit, or to improve any of our products or services for your benefit;
- storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Singapore;
- providing and sending you marketing, advertising and promotional information, materials and/or documents relating to your membership with us which we think may be of benefit or interest to you, via (i) postal mail to your postal address(es) and/or electronic transmission to your email address(es), and (ii) if so consented by you, via telephone calls, SMS/MMS and/or facsimile to your telephone number(s);
- if you have used our clubs as a guest or trial pass user, or have signed up with us during our promotional events, providing and sending you marketing, advertising and promotional information, materials and/or documents relating to our membership and clubs, via (i) postal mail to your postal address(es) and/or electronic transmission to your email address(es), and (ii) if so consented by you, via telephone calls, SMS/MMS and/or facsimile to your telephone number(s) provided by you;
(collectively, the “Purposes”)
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.
In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether sited in Singapore or outside of Singapore, for one or more of the above-stated Purposes. Such third party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes. Examples of service providers include companies that provide web hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing, debt recovery and other services.
Specific issues for the disclosure of personal data to third parties
We respect the confidentiality of the personal data you have provided to us.
In that regard, we will not disclose your personal data to third parties without first obtaining your consent permitting us to do so. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations, including, without limitation, the following :
- cases in which the disclosure is required or authorized based on the applicable laws and/or regulations;
- cases in which the purpose of such disclosure is clearly in your interests, and if consent cannot be obtained in a timely way;
- cases in which the disclosure is necessary to respond to an emergency that threatens the life, health or safety of yourself or another individual;
- cases in which the disclosure is necessary for any investigation or proceedings;
- cases in which the personal data is disclosed to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer;
- cases in which the disclosure is to a public agency and such disclosure is necessary in the public interest; and/or
- where such disclosure without your consent is permitted by the PDPA or by law.
Where we disclose your personal data to third parties with your consent, we will employ our best efforts to require such third parties to protect your personal data.
Storage and Retention of Personal Data
The Company will endeavour to take all reasonable steps to keep secure any personal information recorded, and to keep this information accurate and up to date. The information is stored on secure servers if in digital format, or in locked areas if in hard copy format: these repositories are protected in controlled facilities. In some cases these facilities may be overseas. The Company’s employees and data processors are obliged to respect the confidentiality of any personal information held by the Company. However, security of communications over the Internet cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. The Company will not be held responsible for events arising from unauthorized access to personal information.
The Company will destroy any personal data it may hold in accordance with our internal retention policy. The policy states that:
- Personal data will only be retained for as long as is necessary to fulfil the original or directly related purpose for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and
- Personal data are purged from the Company’s electronic, manual, and other filing systems in accordance with the Company’s internal procedures.
Transfer of Personal Data Outside of Singapore
At times it may be necessary and/or prudent for the Company to transfer certain personal data to places outside of Singapore in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, we will comply with the PDPA in doing so. In this regard, this includes us obtaining your consent unless an exception under the PDPA or law applies, and taking appropriate steps to ascertain that the foreign recipient organisation of the personal data is bound by legally enforceable obligations to provide to the transferred personal data a standard of protection that is at least comparable to the protection under the Act. This may include us entering into an appropriate contract with the foreign recipient organisation dealing with the personal data transfer or permitting the personal data transfer without such a contract if the PDPA or law permits us to.
Security of Personal Data
Physical records containing personal data are securely stored in locked areas and/or containers when not in use. Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas. Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a “need to know” basis that is commensurate with an individual’s Company responsibilities and their training. Records of the Company are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate. Audit records may be produced to validate data modifications in order to verify the data’s integrity. There may be violations logging processes for investigation of any unauthorized attempt to access information. Encryption technology, such as SSL, may be employed for the transmission of data collected online.
Access and Correction of Personal Data
Individuals have the right to:
- request to access personal data relating to them which the Company holds and, if so, obtain copies of such data;
- request the Company to correct any personal data relating to them which is inaccurate for the purpose for which it is being used.
Request to withdraw consent
You may withdraw your consent for the collection, use and/or disclosure of your personal data in our possession or under our control by submitting your request DPO@fitnessfirst.com.sg
We will process your request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter not collect, use and/or disclose your personal data in the manner stated in your request.
However, your withdrawal of consent could result in certain legal consequences arising from such withdrawal. In this regard, depending on the extent of your withdrawal of consent for us to process your personal data, it may mean that we will not be able to continue with your existing relationship with us
The Company will honour an individual’s request not to use his or her personal data for the purposes of direct marketing. Any such request should clearly state details of the personal data in respect of which the request is being made. Specifically, we request that you include the corresponding Company assigned account numbers which are printed on the Company’s statements/invoices. Please also state clearly the authority under which you are authorized to make such a request. Unless otherwise instructed as per the above, the Company may use any of the data collected in the normal course of its business for the purposes as set out in the “Purposes for collection, use, disclosure and processing of personal data” section.
Links to other websites
The Company provides links to web sites outside of the Evolution Wellness Holdings website. These linked sites are not under the control of the Company, and the Company is not responsible for the conduct of companies linked to the Evolution Wellness Holdings website, nor for the performance or otherwise of any content and/or software contained in such external websites.
This Policy may be updated from time to time. The continued access to the App shall constitute your acknowledgement and acceptance of the updated Policy. You should frequently check this page to be apprised of any updates or changes to this Policy.