Privacy Policy

1. Introduction

Khivaronphak ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Pilates studio or use our services.

2. Information We Collect

We may collect information that you provide directly to us, including:

Name and contact information (email address, phone number)
Payment information for class bookings
Health information relevant to your practice (voluntarily provided)
Communication preferences

3. How We Use Your Information

We use the information we collect to:

Process and manage your class bookings
Communicate with you about your sessions and our services
Send you updates about classes, events, and promotions (with your consent and in accordance with the Spam Act 2003)
Improve our services and customer experience
Comply with legal obligations
Ensure the safety and security of our studio and participants

Direct Marketing: We will only send you marketing communications if you have consented to receive them, or if you have an existing relationship with us and we believe you would be interested in our services. You can opt-out of marketing communications at any time by contacting us or using the unsubscribe link in our emails. We comply with the Spam Act 2003 (Cth), which requires us to obtain your consent before sending commercial electronic messages.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

Consent: When you provide explicit consent for specific purposes, such as marketing communications
Contract Performance: To fulfill our contractual obligations, such as processing class bookings
Legal Obligation: To comply with applicable laws and regulations
Legitimate Interests: To improve our services, ensure security, and prevent fraud

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

With service providers who assist us in operating our business (under strict confidentiality agreements)
When required by law or to protect our rights
With your explicit consent
In connection with a business transfer or merger

6. Data Protection

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure servers, and regular security assessments.

In accordance with Australian Privacy Principle 11 (APP 11), we take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. We regularly review and update our security measures to ensure they remain effective.

7. Your Rights and Options

Under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), you have the right to:

Access your personal information (APP 12)
Correct inaccurate, incomplete, or out-of-date information (APP 13)
Request that we delete or de-identify your information when it is no longer needed
Opt-out of direct marketing communications (APP 7)
Make a complaint about how we handle your personal information
Request that we not use or disclose your information for direct marketing purposes

If you are located in the European Economic Area (EEA), you also have additional rights under GDPR, including the right to data portability, the right to object to processing, and the right to restriction of processing.

To exercise these rights, please contact us using the information provided in the Contact Us section. We will respond to your request within a reasonable timeframe, usually within 30 days.

Making a Complaint: If you believe we have breached the Australian Privacy Principles or the Privacy Act, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). We encourage you to contact us first so we can resolve your concerns directly.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We take appropriate safeguards to ensure that your personal information receives an adequate level of protection, including:

Using standard contractual clauses approved by relevant authorities
Ensuring that service providers comply with applicable data protection laws
Implementing appropriate technical and organisational security measures

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are based on:

The nature of the information collected
Legal and regulatory requirements
Business needs and operational requirements
Your consent and preferences

When we no longer need your information, we will securely delete or anonymise it in accordance with our data retention policies.

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information promptly.

11. Third-Party Services

Our website and services may use third-party services that collect, use, and share information. These services include:

Google Analytics: We use Google Analytics to understand how visitors interact with our website. Google Analytics collects information such as page views, time on site, and referral sources. You can opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
Google Ads Conversion Tracking: We may use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. This service uses cookies to track conversions.
Google Ads Remarketing: We may use Google Ads remarketing to show you relevant advertisements based on your previous visits to our website. You can opt-out of Google's use of cookies for remarketing by visiting Google's Ads Settings.
Google Maps API: Our contact page uses Google Maps API to display location information. Google may collect information about your use of the map feature. Please review Google's Privacy Policy for more information.

These third-party services have their own privacy policies. We encourage you to review their policies to understand how they collect, use, and share your information.

12. Use of Cookies

Our website uses cookies to enhance your browsing experience, analyse site traffic, and provide personalised content. For detailed information about the types of cookies we use and how to manage them, please see our Cookies Policy.

13. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website with a new "Last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: reach@khivaronphak.world
Phone: +61 488 795 588
Address: Level 2/93 Bathurst St, Sydney NSW 2000, Australia

Privacy Officer: For privacy-related inquiries, you can contact our Privacy Officer using the contact details above.

External Complaints: If you are not satisfied with how we have handled your privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au