Privacy Policy

I. Age Restriction Clause

EFX24 Fitness Center [TSUEN WAN -KOLOUR I] (hereinafter referred to as "the Center") clearly stipulates that all individuals who use the Center's services, register as members, or visit the Center must be at least 18 years old. Minors under 18 years of age are not allowed to use any services of the Center, register as members, or enter the Center's premises. The Center does not accept any registration applications from minors nor provide any fitness and related services to them.

II. Scope of Personal Information Collection

(1) Basic Personal Information

To provide services and manage members, the Center will collect the following basic personal information of members and visitors: name, contact phone number, email address, ID card number (some stores require a complete ID card number for identity verification), gender, and date of birth.

(2) Health-Related Data

To ensure the safety of members' fitness activities and avoid sports risks, the Center may collect members' health data such as health status (e.g., allergy history, disease history), dietary restrictions, smoking habits, and vaccination-related information. Such data is only used for fitness safety assessment and service adaptation.

(3) Payment-Related Information

When members apply for membership, purchase courses, or related services, the Center will collect payment-related information, including credit/debit card numbers and payment account details. Such information is only used for transaction settlement and no other purposes.

(4) Other Relevant Information

According to service needs, the Center may collect members' account information (username, profile photo, social media account ID), country of residence/citizenship, occupation, education background, language proficiency, travel and visa-related information (if applicable), insurance data, and the name and contact information of emergency contacts.

III. Data Collection Technologies and Methods

(1) Website-Related Technologies

The Center's official website will use technologies such as Cookies and pixel tags to collect visitors' browsing preferences, access records, etc., for optimizing website experience and counting access data. Visitors can disable Cookies through browser settings, but this may affect the normal use of some website functions.

(2) Member Management System

The Center adopts a member management system to uniformly manage member information, membership status, consumption records, etc.; except for special instructions, all stores of the Center use face recognition technology for member entry verification. Members need to provide facial image information during registration, which is only used for entry identity verification.

(3) Fitness Equipment and Other Technologies

Some fitness equipment in the Center is equipped with sensors that will collect members' sports data (such as exercise duration, intensity, etc.) to help members understand their exercise effects; at the same time, the Center may scan or take photos of members' ID cards through AI technology for identity verification and information entry to ensure the authenticity of member information.

In addition, the Center may also collect server log data, application usage data, device location data (only when the device function is activated), page browsing and website navigation records, etc., for service optimization and safety guarantee.

IV. Use and Sharing of Personal Information

(1) Purposes of Information Use

The personal information collected by the Center is only used for the following legitimate purposes: providing fitness services and related supporting services; member identity verification, membership management, and consumption settlement; ensuring members' fitness safety and assessing sports risks; optimizing service processes and improving service quality; sending service notifications and activity information (members can unsubscribe at any time); other purposes required by laws, regulations, and regulatory requirements.

(2) Third-Party Sharing Instructions

The Center strictly protects members' personal information and will not arbitrarily share it with third parties. Information can only be shared in the following cases, and protective measures such as encryption will be taken:

 Payment processors: Used to complete members' payment transactions, only necessary payment-related information is provided;

 Marketing partners and local sales agents: Used to promote the Center's services, only non-sensitive basic contact information is provided (members can refuse such sharing);

 Data analysis companies and related software service providers: Used to analyze member behavior, optimize services, and conduct digital marketing; shared data will be anonymized;

 Insurance companies: When members are involved in insurance-related applications, necessary personal and health-related information is provided;

 Legal and regulatory requirements: Provide relevant personal information in accordance with the requirements of government departments and judicial authorities.

V. Data Security Protection Measures

The Center attaches great importance to personal information security and takes the following security measures to protect the information of members and visitors:

 Encryption protection: Encryption technology is used for the transmission and storage of sensitive personal information (such as payment information, ID card information, health data) to prevent information leakage;

 Access control: Strict access authority management is implemented, only authorized staff can access personal information, and access behaviors will be recorded;

 Regular audits: Regular audits of data processing activities and security measures are conducted to timely identify and prevent security risks;

 Compliance management: Strictly follow the General Data Protection Regulation (GDPR) and relevant data protection laws and regulations, adhere to the principle of "necessity and appropriateness", and clearly define information purposes, storage arrangements, and protection measures;

 Other measures: Formulate a sound information security management system, and regularly conduct information security training for staff to improve their awareness of security protection.

VI. Members' Data Rights

As the subject of personal information, members have the following data rights in accordance with the law, and the Center will actively cooperate with members to exercise these rights:

 Right of access: Members can request access to their own personal information at any time to understand the collection, use, and sharing of information;

 Right of correction: If members find that their personal information is inaccurate or incomplete, they can request the Center to correct the relevant information;

 Right to erasure: Members can request the Center to delete their own personal information (except as required by laws and regulations); if it is found that a minor has mistakenly provided personal information, the Center will delete it immediately;

 Right to data portability: Members can request the Center to provide a copy of their personal information for transfer to other service providers;

 Right to unsubscribe: Members can unsubscribe from receiving marketing information and activity notifications from the Center at any time;

 Right to object: Members can object to certain data processing activities of the Center (such as unnecessary information sharing);

 Rights related to automated decision-making: Members have the right to understand the Center's automated decision-making process and can object to unreasonable automated decisions.

VII. Processing of Special Categories of Personal Data

For special categories of personal data processed by the Center (including health data, biometric information, etc.), the following principles will be strictly followed:

 Health data: Including members' health status, medical information, allergy history, disease history, dietary restrictions, etc., which is only used for fitness safety assessment and can be collected only after obtaining the member's explicit consent;

 Biometric information: Including facial images, ID card scans, etc., which is only used for identity verification. Before collection, the purpose will be clearly informed to the member, and the member's explicit consent will be obtained, and it will not be used for other purposes;

 Other sensitive information: Such as ethnicity, religious beliefs, trade union membership, etc., the Center will not actively collect it. If a member voluntarily provides it, it will be strictly kept confidential and only used for the purposes explicitly agreed by the member.

For special categories of personal data, the Center will set a clear "consent" checkbox, which will not be pre-filled, to ensure the member's right to independent choice.

VIII. Update and Revision of the Privacy Policy

The Center will regularly update this Privacy Policy in accordance with changes in laws and regulations and adjustments to service content. After each update, it will be published in a prominent position on the Center's official website, and the updated policy will take effect from the date of publication. Members should regularly check this Privacy Policy to understand the latest information protection regulations.

IX. Contact Information

If members and visitors have questions about this Privacy Policy, need to exercise their data rights, or find problems such as personal information leakage, they can contact the Center through the following methods:

 Phone: 68917771 (Available on WhatsApp);

X. Important Reminders

 Strict implementation of age restrictions: The Center does not provide any services to minors. If it is found that a minor has mistakenly used the service or provided information, the service will be terminated immediately and the relevant information will be deleted;

 Protection of sensitive information: Before providing sensitive information such as ID card number, facial image, and health data, members should fully understand its purpose and protection measures and voluntarily provide relevant information;

 Exercise of rights: Members can exercise their data rights through the above contact methods at any time, and the Center will respond within a reasonable time limit;

 Policy check: It is recommended that members regularly visit the Center's official website to check the updated content of the Privacy Policy to ensure they understand the protection of their own information.