Core Foundations Experience is an is an education-first online platform for adults 40+ to improve posture, reduce pain, and build functional strength (“Services”). Program delivery is by structured modules (video lessons, practice sessions), weekly live Q&A, on-demand coach messaging, and a members-only community. We do not provide physiotherapy or medical care/advice, nor do we diagnose or provide medical treatment – this is educational movement coaching and content only. In order to provide you with the best user experience and protect your interests, we require all users of the Site and/or App to comply with the following Terms of Use and the Privacy Policy.
This privacy policy (“Privacy Policy”) sets out how Core Foundations Personal Training Pty Ltd ACN 602 140 036 of Level 1, 18 South Concourse, Beaumaris VIC 3193 (“Core Foundations”, “us”, “our” and “we”) collects, stores, uses, protects and shares your personal information. It applies to our website (https://www.corefoundationspt.com) and all related websites, applications, services and tools (together the Website). By visiting or using the Website you agree to the collection, storage, usage and disclosure of your personal information by Us in the manner described in this Privacy Policy. Unless we obtain your written consent, we will not sell, disclose, licence or rent your personal information to a third party for that third party’s marketing purposes. You must be over 18 years of age to use Core Foundations or have express parental/guardian consent, whereby your parent/guardian is also agreeing to abide by our policies and terms and indemnify us for your breach of any policies or terms.
We comply with the Australian Privacy Principles, and, for the benefit and security of our international customers, we also give consideration to privacy requirements of other countries.
We also comply with the privacy laws enacted in Indonesia, being Law No. 27 of 2022 regarding Personal Data Protection effective on 17 October 2022 (“PDP Law”). PDP Law specifies two subjects, with two separate functions, responsible for personal data, being: (i) Controller, any party (including individuals, public bodies and international organisations) who determines the purpose and controls the processing of personal data; and (ii) Processor, any party who processes personal data. The distinction of Controller and Processor would be relevant in their respective obligations, liabilities and compliance requirements. You would be the Controller of your personal information, and we act as the Controller. As the Controller, you essentially determine the purpose of data processing based on lawful grounds and as the Processor, we must conduct our services as directed by you, i.e. only use that information for those purposes stipulated in this Privacy Policy as agreed and approved by you prior to engaging our services.
In the event of our expansion into Europe, we intend to use Standard Contractual Clauses approved by the European Commission for transfers to United States, Japan, India, Canada, Australia and South Korea in providing the services.
Our privacy processes comply with the Asia-Pacific Economic Cooperation (‘APEC’) and Cross Border Privacy Rules (‘CBPR’) system, which provides a framework for organisations to ensure protection of personal data transferred among participating APEC economies, and the PRP demonstrates an organisation’s ability to provide effective implementation of a personal data controller’s privacy obligations related to the processing of personal information.
By using any of this website, you consent to the terms of this Privacy Policy. If you don’t agree to any part of this policy or our Terms of Use, do not access our Website or use any of our services as access and usage is conditional upon your acceptance of these terms as updated from time to time.
We reserve the right to amend this Privacy Policy at any time by posting the amended terms on the Website. If we make material changes to this policy, we will notify you by means of a notice on our announcements board and/or other means so that you access and review the changes. If you object to any changes, you may close your account or discontinue communication with us. By continuing to use the Website after notice of changes has been sent to you or published on the Website, you are deemed to have consented to the changes. “Personal Information” means information that can be associated with a specific person and can be used to identify that person and includes your Information. Information that has been made anonymous or aggregated so that it cannot be used, whether in combination with other information or otherwise, to identify a specific user is not personal information.
You understand that many online software packages including, but not limited to, Microsoft, Google and Xero, store data in facilities which may not be wholly or in part, based on Australian shores, and therefore may not fall under the jurisdiction of the Australian Privacy Principles. We and any third parties or software providers we engage now and, in the future, will take all reasonable steps to provide for the security of such stored data to the extent possible and act in accordance with the terms as provided by those third parties and software packages. You may refuse to work with us where you deem the risk of data breach to be greater than the convenience and cost effectiveness of the solution provided. To disengage our services, please notify us in writing and we will take measures to remove your details from our system.
We collect personal information in a few ways, including:
Third parties we integrate with may also collect personal information in a few ways, and this will be dealt with in their own privacy policies which you accept when engaging their services and integrating. Such collection may include the above information we collect plus:
We collect the following types of personal information to provide you with access to and use of the Website and for the purposes provided for in this Privacy Policy:
When interacting with us, you may be asked by third party providers to provide the following types of personal information to provide you with access to and use of the Website and for the purposes provided for in this Privacy Policy. We do not store this information and when you are providing this information, you are doing so in accordance with and acceptance of the privacy policy and terms of use of each of the third-party providers including but not limited to:
Stripe for payments – here is their privacy policy and terms of use
Slack for communication – here is their privacy policy and terms of use
Microsoft Teams communication – here is their privacy policy and terms of use
Other Software Programs we use in operating our business which may interact with your Personal Information include the following (which we may change at any time without consulting you):
Data map to be attached with purposes/retention/regions and DPA links
Our principal purpose in collecting, using and storing your personal information is to provide you with access to and use of the Website in a personalised, safe and efficient manner. You consent to us collecting, using, storing and sharing your personal information to:
While we use best endeavours to implement safeguards to protect your information, given the nature of the internet, no security system is impenetrable. We cannot provide any guarantees of absolute safety of that information from others, when the information is being stored with us or transmitted through integrated systems.
We will not collect your identification documents i.e. drivers’ licence or passport, your date of birth or bank account details, therefore if you do get an email bearing our logo or similar identifying mark, this is highly likely to be a phishing scam and you should not respond. If you have concerns or queries, contact us to discuss.
It is your responsibility for securing storage and access to the information you provide when using our service, not ours. You should speak with your IT division around using SSL and two factor authentication, and any other methods of security in your own systems, along with using caution when integrating into our systems.
If we need to transfer and/or store your collected information outside of your country of residence, generally for the purpose of enabling services to be provided via third party integrations you have selected, we take care in protecting that information within our control. Given privacy laws may vary from region to region, we not only comply with the privacy laws of Australia but also take guidance from those in the region your information may be transferred to, to a reasonable extent, given the type and sensitivity of information being transferred.
You have the right to request a copy of your information and for your information to be deleted or restricted at any time. Given we store limited information, you may be required to make the same request from those third parties who you have integrated into our services also and this will be your responsibility to communicate directly with those third parties given such information is not in our control nor do we have any rights to supply it to you, or amend or delete it in any way.
You may deactivate your account at any time however please note that we are legally required to retain some information for record keeping purposes and may be required to retain information to finalise provision of services provided to you. We may also retain course analytics for 24 months, billing records for 7 years and support tickets for 24 months.
If you think your information has been used by another person to provide our services, you may request that we delete your account. You are solely responsible for ensuring the safety and security of your account and your storage of passwords. Should you make a request to delete your account, we reserve the right to investigate the matter prior to deleting the account, to ensure the integrity and safety of our own system and to provide information on the unauthorised access if legally required of us.
You may opt out of personalised communications, though even after opting out, you may still receive some general communications. You will be responsible for opting out of communications sent by third parties as we are unable to make this request on your behalf, and opting out may impact the services that can be provided to you. You may request to opt out from third parties who subscribe to the Digital Advertising Alliance's Self-Regulatory Principles for Online Behavioural Advertising or are members of the Network Advertising Initiative or. You can find out more here: http://www.youronlinechoices.eu, http://www.aboutads.info and http://optout.networkadvertising.org/.
Notwithstanding section 6 above, you agree that we may disclose your personal information to:
We (or a third-party providing services to us) may use cookies, pixel tags, "flash cookies”, or other local storage provided by your browser or associated applications (each a Cookie and together Cookies). A Cookie is a small file that stays on your computer or device until, depending on whether it is a sessional or persistent cookie, you turn your computer or device off or it expires (typically between 7 and 30 days depending on user settings).
Cookies may be used to provide you with our range of services including to identify you as a user or member of the Website, remember your preferences, customise and measure the effectiveness of the Website and our promotions, advertising and marketing, analyse your usage of the Website, and for security purposes.
Cookies may collect and store your personal information. This Privacy Policy applies to personal information collected via cookies. You may adjust your internet browser to disable cookies. If Cookies are disabled, We may not be able to provide you with the full range of Our services.
You also may encounter Cookies used by third parties and placed on certain pages of the Website that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.
The Website may also include links to third party websites (including links created by users or members) and applications and advertising delivered to the Website by third parties (Linked Sites). Organisations who operate Linked Sites may collect personal information including using Cookies. We are not responsible nor liable for Linked Sites and recommends that you read the privacy policies of such Linked Sites before disclosing your personal information.
If you wish to restrict or block cookies, you can set your internet browser to do so - click on the following link for more information: www.aboutcookies.org.
You are prohibited from engaging in spam, spyware or spoofing type activities, regardless of whether directed towards us or other users of Us.
You must not use the Website to send, upload or distribute spam, viruses or malicious, illegal or prohibited content to the Website or otherwise send content that would breach our Terms of Service or this Privacy Policy.
You are not permitted to add a user or member to our mailing list (postal or email details included) without the written consent of a user or member.
We may (or we may engage a third-party service provider to) take steps to scan and filter messages to check for spam, viruses, phishing attacks and other malicious activity or unlawful or content prohibited by this Privacy Policy and our Terms of Service.
To report spam, spyware or spoof activities to us, please email us on the details below.
We store and process your personal information on our host’s servers, currently located in multiple locations around the world. You consent to the transfer, storage and retention of that information onto the servers of our host provider used from time to time by Us, regardless of the location of those servers.
We have taken steps to protect your personal information by contracting with a third party to provide technical and security measures. These measures are designed to mitigate, but do not guarantee against, the risk of loss, misuse, unauthorised access, disclosure and alteration.
The third-party providers will advise in their own policies and terms where data is stored. Where possible, we will use best endeavours to store data in the country where your business operations are, for example if you are an Australian company, we will consider Australia the better option for storage of your data, however we reserve the right to store the data in any location that is secure and deemed the right option by our development team from time to time.
If you have a question regarding this Privacy Policy, would like to amend your Personal Information stored securely by us or you would like to make a complaint, please contact the Privacy Manager at:
Email: [email protected]
Phone: (03) 9589 1015
Address: Level 1, 18 South Concourse, Beaumaris VIC 3193
Contact: Regan Zampogna