DATA PRIVACY POLICY
Introduction
Lazy Lifter Fitness Instruction Services and its related entities, affiliates, and subsidiaries (collectively referred to as “Company”, “Kaizen”, “we”, “our” and “us”) are committed to protecting your right of privacy, as our client. Your privacy is important to us and we shall exert all reasonable efforts to protect your personal information against unauthorized use or disclosure.
Purpose of Privacy Policy
This Privacy Policy is designed to assist you as a Client in understanding how we collect, use, disclose, or otherwise process personal information you provide to us in accordance with the relevant data privacy laws and to make informed decisions when you are disclosing your personal data to us.
Our policy applies to personal data in our possession or under our control, including personal data in the possession of entities which we have engaged to collect, use, disclose, or process personal data for our purposes.
Scope of this Policy
This Privacy Policy applies to all information we process about you, including but not limited to information gathered from client forms and through our websites and website cookies, in connection with your relationship with us as a client or potential client. It is designed to provide transparency into our privacy practices, particularly with regard to the types of personal information we collect, how we collect it, what we may use it for, and who we may share it with.
We follow this Privacy Policy in accordance with applicable law in the Philippines.
Definition of Terms
a. “Client” means an individual who provided payment to the Company in return for the delivery of the Company’s fitness program, and whose personal information has been processed.
b. “Personal data” means data, whether true or not, whether recorded in a material form or not, from which the identity of a Client is apparent or can be reasonably and directly ascertained, or when put together with other information, would directly and certainly identify the client: (a) from that data; or (b) from that data and other information to which we have or are likely to have access.
Personal data includes Sensitive Personal Information, a subset of personal data. Sensitive Personal Information means information about an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and specifically established by an executive order or an act of Congress to be kept classified.
Our policy is that we endeavor to not collect sensitive personal information, unless it is relevant to the effectiveness by which we deliver our products and services. When we do collect, we will take all reasonable steps to ensure that the sensitive personal information is always protected.
Depending on the nature of our interaction, we may collect your name, contact information and other particulars, such as but not limited to your address, email address, or other contact information, nationality, race, gender, date of birth, marital status, photographs and other audio-visual information (such as recordings of calls), employment information.
We do not collect or store credit card numbers, debit card numbers as these are processed by a 3rd-party payments software. Bank account information may be collected for the purposes of refunds or awarding prizes as part of our products and services.
Personal Information We Collect and Process
As our rule, we do not collect personal data unless:
a. You provide us your personal data voluntarily after proper notification on the objectives of collecting data; or
b. Whenever the collection of personal data without consent is allowed or required by the Data Privacy Act (DPA) and its Implementing Rules and Regulations (IRR) or other relevant laws.
We will ask for your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except when permitted or authorized by law).
For the purpose of carrying on the Company's business, including registration and administration of the Company's related products and services (including relevant online services), you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:
a. personal data you voluntarily choose to disclose to us such as but not limited to your name, contact number, email address, FB Profile URL, Country and City of Residence;
b. payment information, such as credit or debit card information and/or banking information, including the name of cardholder, card number, billing address, and expiry date;
c. website cookies, which may include, but not limited to, IP address, username, user location, region/language.
Sensitive Personal Information
To the extent that the personal information we collect constitutes sensitive personal information under applicable law, we will collect and process this sensitive personal information within the limits provided by said law and shall treat the same with utmost care and confidentiality when we do. This includes, but not limited to the following:
a. Body Fat %, Employment Status, Income Range, Medical Conditions, Food Allergies or Intolerances, Fitness Goals, Exercise habits, Past Diets, Life Situation That Made You Join Kaizen;
We endeavor to limit the collection of sensitive personal information and shall ensure that your specific consent is sought prior to its processing, where no other lawful bases exist for processing such information (such as to fulfill laws promoting a substantial public interest).
If you provide us or our service providers with personal information of other people in connection with the services we offer, you hereby represent that you have the authority to do so and have secured consent to permit us to use the information in accordance with this Privacy Policy.
How We Collect Information
We may manually or automatically collect information when you:
a. Enter into transactions, contracts, or agreements with us;
b. Submit your onboarding forms, together with supporting documents to us;
c. Access our platforms, websites and other tools used in programs or services you availed; and
d. File complaints, inquiries, or requests.
Purposes for Collection, Use, Disclosure and Processing of Personal Data
We may collect, use, disclose and/or process your personal data for one or more of the following purposes:
a. To verify your identity;
b. To provide services to you or implement transactions which you request, allow or authorize;
c. To address your queries and send information on transactions or related services;
d. Any other purposes for which you have provided the information;
e. Conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities in order to enhance your client experience and results with us or for your benefit, or to improve any of our products or services for your benefit;
f. Storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside the Philippines;
g. To transmit to any unaffiliated third-parties, including our third-party service providers and agents, and relevant governmental and/or regulatory authorities, for the aforementioned purposes;
h. To inform you about our new or related products and services of the Company, including but not limited to offers, promotions, discounts, rewards, via (i) electronic transmission to your email address(es), and via telephone calls, SMS/MMS and/or facsimile to your telephone number(s);
i. Any other incidental business purposes related to or in connection with the above, which may at times include, but not be limited to: due diligence and quality review; audit requirements; internal reporting; regulatory reporting; compliance with internal policies; law enforcement or investigation; subpoena or other legal directive; other specific requests from official government or statutory bodies; and protection of our rights, interests, property and security.
The purposes listed above may continue to apply even in situations where your relationship with us (for example, pursuant to a contract or transaction) has been terminated or altered in any way, for a reasonable period thereafter, or until the expiration of the retention limits set by applicable laws, whichever comes later (including, where applicable, a period to enable us to enforce our rights under any contract with you).
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the DPA or by other relevant laws.
In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether sited in or outside of Philippines, for one or more of the above-stated Purposes. Such third party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes. Examples of service providers include companies that provide web hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing, debt recovery and other services.
Storage and Retention of Personal Data
Lazy Lifter Fitness Instruction Services will endeavor to take all reasonable steps and safeguards to keep secure any personal information recorded, and to keep this information accurate and up to date.
These safeguards are regularly reviewed to protect against unauthorized access, disclosure and improper use of your information, and to maintain the accuracy and integrity of the data. We will adapt and implement the necessary changes for security measures to ensure continuous security of your personal information.
Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas. Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a "need to know" basis that is commensurate with an individual's Company responsibilities and their training. Records of the Company are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate. Audit records may be produced to validate data modifications in order to verify the data's integrity. There may be violations logging processes for investigation of any unauthorized attempt to access information.
Lazy Lifter Fitness Instruction Services employees and data processors are obliged to respect the confidentiality of any personal information held by Lazy Lifter Fitness Instruction Services. However, security of communications over the Internet cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. Lazy Lifter Fitness Instruction Services will not be held responsible for events arising from unauthorized access to personal information.
The Company will destroy any personal data it may hold in accordance with our internal retention policy. The policy states that:
a. Personal data will only be retained for as long as is necessary to fulfill the original or directly related purpose for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and
b. Personal data are purged from the Company's electronic, manual, and other filing systems in accordance with specific schedules based on the above criteria and the Company's internal procedures.
Disclosure of Personal Data
All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
a. Any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided;
b. Any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information; and
c. Any financial institutions, charge or credit card issuing companies, credit information or reference bureaux, or collection agencies necessary to establish and support the payment of any services being requested. Personal data may also be disclosed to any person or persons that have a right under Philippine law to gain access to such information provided they are able to prove their authority to access such information. For example, if the Company were served with a court order demanding certain client information then the Company would disclose the information to the duly appointed officer of the court or such other persons as the court orders.
Rights of Data Subject
You may contact our Data Protection Office (clients@thelazylifter.com) to exercise any of the rights you are granted under applicable data protection laws as enumerated below. Kindly note that we will require you to provide us with proof of identity before responding to any requests to exercise your privacy rights.
We will respond to your request within a reasonable time of you making the request and give you access in the manner you requested, unless it is unreasonable or impracticable for us to do so.
a. Right to Access
You may ask us whether or not we process any of your personal information and, if so, receive access to that data in the form of a copy.
b. Right to Rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness.
You can ask us to stop or restrict how we process your personal information unless we need to process your information to carry out our day-to-day business functions or where we have compelling legitimate grounds for processing your information.
c. Right to File a Complaint
You have the right to lodge a complaint with a supervising authority (a regulator that oversees data protection law compliance) where you live or work, if you feel your privacy rights have been infringed. You may also be entitled to seek compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal information.
d. Right to Data Portability
You can ask us to help you move your personal information to other companies, where this is technically possible and only if we have collected and used your data via electronic means. Other conditions may apply to the exercise of this right.
e. Right to Object to Processing
You have the right to object to the processing of your personal information. You can likewise ask us to stop or restrict how we process your personal information unless we need to process your information to carry out our day-to-day business functions or where we have compelling legitimate grounds for processing your information.
f. Right to Erasure
You can ask us to delete your personal information unless it remains necessary for us to process your information for the purposes for which it was collected, we are required by law to retain your information, or your information is relevant to a legal dispute.
When you would like to exercise your rights, please send us a request through our Data Protection Officer (clients@thelazylifter.com) Kindly give us a sufficient time of 10 business days to process the request and notify you of the consequences of revoking your consent. We need at least 10 business days to process request from the date we received your request.
While we respect your decision to withdraw your consent, please note that the revocation should not prejudice pending transactions.
Please note that revoking consent does not affect our right to continue to collect, use, and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.
The Data Protection Officer
Lazy Lifter Fitness Instruction Services
clients@thelazylifter.com
Monday - Friday, 8:30 a.m. - 5:30 p.m. (PT)
We do not discriminate against clients who have chosen to exercise their privacy rights as provided under applicable data privacy and protection laws.
Updates to the Privacy Policy
In the Company’s discretion, we may amend, interpret, modify or withdraw any portion of this Data Privacy Policy at any time by posting updated contents on our website, via email notice, and/or our community platform (e.g. Circle), and your continued use of our services constitutes your consent to those changes.
Last updated: May 2024