This Privacy Policy outlines how Phuket Fit Co., Ltd and its subsidiary, Inmotion Health and Fitness Services Limited (collectively referred to as "we," "us," or "our"), comply with the General Data Protection Regulation (GDPR) in relation to the collection, use, and protection of personal data through our website, https://www.phuketfit.com, and all other websites owned and operated under our ownership or management.
1. Personal Data Collection:
We collect and process personal data necessary for the provision of our health, wellness, fitness, and weight-loss programs. This data may include:
- Name, contact details (email address, phone number), and demographic information.
- Health-related information, including medical history and dietary preferences.
- Fitness goals, preferences, and measurements.
- Payment and billing information.
- IP address, browser information, and website usage data collected through cookies or similar technologies.
2. Lawful Basis for Processing:
We rely on the following lawful bases for processing personal data:
- Contractual necessity: Processing data necessary for the performance of our services and programs.
- Consent: Obtaining explicit consent for specific processing purposes, such as marketing communications.
- Legal obligations: Complying with legal obligations, such as tax or accounting requirements.
3. Purpose of Data Processing:
We process personal data for the following purposes:
- Providing health, wellness, fitness, and weight-loss programs and services.
- Communicating with you regarding program bookings, inquiries, and updates.
- Customizing programs based on your preferences and goals.
- Ensuring a safe and secure environment during your stay at our retreat.
- Marketing and promotional activities, with your consent.
- Complying with legal obligations and resolving disputes.
4. Data Retention:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal requirements. We regularly review our data retention practices to ensure compliance with GDPR principles.
5. Data Sharing and Disclosure:
We may share personal data with the following entities:
- Employees and authorized personnel involved in program delivery and administration.
- Third-party service providers who assist in program bookings, payments, IT infrastructure, marketing, and customer support.
- Legal or regulatory authorities when required by law or in response to a valid request.
- Successors in the event of a merger, acquisition, or transfer of assets.
6. International Data Transfers:
As an international business, personal data collected may be transferred to and processed in other countries. We ensure appropriate safeguards, such as standard contractual clauses or binding corporate rules, to protect your data during international transfers.
7. Data Security:
We implement reasonable technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, or destruction. This includes encryption, access controls, regular security assessments, and staff training on data protection.
8. Individual Rights:
You have the following rights regarding your personal data, subject to applicable legal limitations:
- Right to access: Request access to your personal data held by us.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data under certain circumstances.
- Right to restriction: Request a restriction on the processing of your personal data.
- Right to data portability: Request a copy of your personal data in a machine-readable format.
- Right to object: Object to the processing of your personal data based on legitimate interests.
- Right to withdraw consent: Withdraw consent for processing personal data where applicable
8. Individual Rights:
You have the following rights regarding your personal data, subject to applicable legal limitations:
- Right to access: Request access to your personal data held by us.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data under certain circumstances.
- Right to restriction: Request a restriction on the processing of your personal data.
- Right to data portability: Request a copy of your personal data in a machine-readable format.
- Right to object: Object to the processing of your personal data based on legitimate interests.
- Right to withdraw consent: Withdraw consent for processing personal data where applicable
9. Cookies and Tracking Technologies:
We use cookies and similar technologies to enhance your browsing experience and collect website usage data. By using our website, you consent to the use of these technologies as described in our separate Cookie Policy.
10. Contact Information:
For any questions, concerns, or requests related to your personal data, please contact our Data Protection Officer at the following email address: [insert DPO email].
11. Updates to the GDPR Privacy Policy:
We may update this GDPR Privacy Policy from time to time to reflect changes in our services, legal requirements, or industry best practices. We encourage you to review this policy periodically for any updates.
By using our services or providing your personal data, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal data as described herein.