Core Zone Privacy & Data Protection

At Core Zone, we believe privacy is a cornerstone of trust. This deeply detailed Privacy Policy outlines how we safeguard your personal data, empower your rights, and protect your experience at our gym and online. We go beyond compliance with GDPR and other international standards, striving for transparency, control, and security at every step.

1. What Data We Collect

  • Contact & Identity: Full name, address, email, phone, date of birth, emergency contact, gender (optional).
  • Fitness & Health: Optional health details, fitness goals, class attendance, assessment results, trainer feedback, wellness surveys.
  • Membership Details: Membership type, status, renewal dates, payment history, product/service purchases, loyalty points, membership preferences.
  • Device & Technical Data: IP address, browser, device model, session logs, cookies, unique identifiers, and app analytics.
  • Physical Facility Data: Entry/exit logs, locker usage, CCTV images (public spaces only, for safety), class bookings, event participation.
  • Marketing & Communication: Preferences, survey responses, feedback, email/SMS opt-ins, and records of communications with our staff.
  • Website/App Usage: Pages visited, interaction time, clickstream data, referral sources, location (city/country, approximate).
We never collect: Biometric data, political/religious info, or sensitive health data without explicit consent.

2. Legal Basis & Consent

  • We process your data based on contract (membership), consent (health, marketing, cookies), legitimate interest (security, analytics, customer service), and legal obligations (tax, safety).
  • You can withdraw consent for optional data uses at any time via your account or by contacting us.

3. How Your Data Is Used

  • To manage memberships and gym access.
  • To personalize your fitness journey: recommendations, class invitations, wellness tips.
  • To process payments, renewals, upgrades, and handle billing queries securely.
  • To ensure gym safety, including emergency procedures and incident management.
  • To communicate important updates, offers, and event invitations (with your opt-in).
  • To improve facilities, website/app, and service quality through analytics and feedback.
  • To comply with legal, tax, and health & safety obligations.

4. Data Sharing & Trusted Partners

  • Never sold or rented. Your data is not monetized, ever.
  • Shared with trusted providers for: payment processing, membership software (e.g. Shopify), email/SMS notifications, analytics, legal compliance.
  • All partners are contractually bound to strict privacy and security standards, with regular audits.
  • Anonymous data may be used for research, improvement, and trends analysis.

5. International Transfers

  • Some data may be processed outside your country. We ensure legal safeguards (GDPR Standard Contractual Clauses, adequacy decisions).
  • All transfers are encrypted and partners vetted for compliance.

6. Cookies & Tracking

  • We use cookies to remember preferences, secure your sessions, and improve usability.
  • Analytics (Google Analytics, Meta Pixel, Shopify Analytics) help us understand visitor trends and optimize your experience.
  • Advertising cookies are used only with your consent; you can opt-out or customize settings anytime.

7. Data Retention & Deletion

  • Personal data is retained only as long as needed for your membership, legal, or safety purposes.
  • Upon account closure, your data is deleted or anonymized within statutory periods (usually 6 years for tax records).
  • You may request deletion or correction at any time.

8. Security & Safeguards

  • Encryption: SSL/TLS for all web/app traffic, encrypted backups.
  • Physical security: restricted access to servers and gym data terminals.
  • Access controls: Only trained staff access personal data, for legitimate purposes only.
  • Regular audits and penetration testing to proactively identify risks.
  • Incident response: Immediate action in case of breach, notification as required by law.

9. Your Rights & Controls

  • Right to access, correct, delete, or restrict your personal data.
  • Right to data portability (export your data).
  • Right to object to processing (e.g. direct marketing).
  • Right to withdraw consent for optional uses.
  • Right to lodge complaints with your local supervisory authority.
  • Contact our Privacy Team: privacy@corezone.com

10. Children & Minors

  • Core Zone does not knowingly collect personal data from children under 16 without parental consent.
  • Parents/guardians may request review or removal of data at any time.

11. Club Surveillance & Facility Safety

  • CCTV is used in public areas for safety and incident management. Footage is stored securely and deleted regularly.
  • CCTV is never used for marketing and is only accessible to authorized staff.
  • Emergency protocols are in place to protect member privacy during incidents.

12. Marketing, Events, & Communications

  • We communicate offers, events, and updates only with your consent.
  • You may opt-out or customize preferences at any time via your account or by contacting us.
  • Event photos/videos are used for marketing only with explicit permission.

13. Data Breach Protocol

  • In case of any suspected data breach, affected users are notified promptly with full details and guidance.
  • We work with legal authorities and partners to resolve breaches and minimize risks.

14. Policy Updates & Contact

  • This Privacy Policy is reviewed annually and updated as needed to reflect changes in law, technology, or our practices.
  • Significant changes are communicated by email or website notice.
  • Contact us at privacy@corezone.com or write: Core Zone Gym, 123 Core Street, Fit City.

15. Complaints & Supervisory Authority

  • If you feel your rights have been violated, you may file a complaint with your national Data Protection Authority.
  • We are committed to resolving all complaints promptly and transparently.

16. Transparency Report & Principles

  • Core Zone publishes annual transparency reports summarizing data requests, breaches, and compliance actions.
  • We prioritize respect, transparency, and empowerment for all members and visitors.

17. Glossary & Definitions

  • Personal Data: Any information relating to an identifiable person.
  • Processing: Any operation on personal data (collection, storage, use, deletion).
  • Data Controller: The entity determining how and why your data is processed (Core Zone).
  • Data Processor: Third parties processing data on our behalf (e.g. payment providers).
  • Consent: Freely given agreement for specific data uses.
Last updated: August 22, 2025