ANNAFIT PRIVACY POLICY

Download Privacy Policy PDF
  1. Definitions and Abbreviations:
      • Personal information is as defined in section 7 of the Privacy Act 2020 as “information about an identifiable individual”. “The Policy” refers to this Privacy Policy for AnnaFit. AnnaFit shall be referred to throughout the Policy as “AnnaFit”. “The Act” refers to the New Zealand Privacy Act 2020. “Glofox” refers to the third-party cloud business management platform and booking app used by AnnaFit. “Vimeo” refers to the third-party on demand video platform and video streaming service used by AnnaFit.
  2. Policy Statement:
      • AnnaFit respects and protects the privacy of anyone they are involved with and are bound by the New Zealand Privacy Act 2020, which requires AnnaFit to comply with the Information Privacy Principles (IPPs) set out in section 22 of the Act. The Policy sets out guidelines to assist AnnaFit, and its employees comply with the Act and the IPPs in relation to the collection, storage, use, protection and disclosure of records containing an individual’s personal information. This Policy forms part of AnnaFit’s Terms and Conditions and is available on the AnnaFit website.
  1. Privacy Officer:
      • AnnaFit has appointed a Privacy Officer as required under section 201 of the Act. The Privacy Officer is responsible for ensuring AnnaFit complies with its privacy obligations, handling access and correction requests, and liaising with the Office of the Privacy Commissioner where required. The Privacy Officer can be contacted at studio@annafit.co.nz.
  1. Collecting Personal Information:
      • AnnaFit may collect personal information for a lawful purpose, necessary to the purpose(s) for which the information is to be used and connected with a function or activity of AnnaFit, in accordance with IPP 1 of the Act. The information collected by AnnaFit varies depending on the purpose for which AnnaFit is collecting the information and may include your name, address, contact details, credit and financial information, health and fitness information, and information about your use of AnnaFit’s services. The information will only be collected:
        1. From you directly when you provide it to us through the phone, email, electronic form, other documents or in person (IPP 2); and/or
        2. From AnnaFit’s own records of business such as (but not restricted to) previous interactions with AnnaFit and payment history.
        3. At or before the time of collection, AnnaFit will take reasonable steps to make you aware of the fact that your information is being collected, the purpose for which it is being collected, the intended recipients of the information, and your right to access and correct the information (IPP 3).
  1. Using Personal Information:
      • Your personal information will only be used for the purpose for which it was collected, or a directly related purpose, in accordance with IPP 10 of the Act. Specifically, your information will only be used to:
        1. Respond to an enquiry by you or to arrange the delivery of services you require;
        2. Administer and manage transactions – including charging, billing and collecting debts;
        3. Improve our services and cater them to your health requirements; and
        4. Meet legal or regulatory requirements.
        5. AnnaFit will not use your personal information for any other purpose without your consent, and will not sell, rent, or share your personal information with third parties for marketing purposes without your explicit consent.
  1. Information Disclosure:
      • AnnaFit will only disclose your personal information to third parties where you have authorised the disclosure, the disclosure is directly related to the purpose for which the information was collected, AnnaFit is required to do so by law, or the disclosure is necessary to prevent or lessen a serious and imminent threat to life or health (IPP 11).
      • In line with many New Zealand organisations, AnnaFit obtains some routine services from external service providers, and your information may be provided to them on a confidential basis. These disclosures may be for a range of purposes such as:
        1. Mailing systems;
        2. Information technology services;
        3. Market research; and
        4. Billing and debt recovery services.
      • Details may also be disclosed to credit reporting agencies, fraud checking facilities and the company’s professional advisers such as Lawyers and Accountants.
      • AnnaFit uses Glofox as its cloud business management platform and booking app. Your personal information, including booking history and membership details, may be processed through Glofox. Glofox is subject to its own obligations regarding the security of your personal information processed via its platform. However, your rights in relation to your personal information processed through Glofox are owed to you by AnnaFit, and you should contact us at studio@annafit.co.nz if you have any queries about how your personal information is used through Glofox.
      • AnnaFit uses Vimeo as its on demand video platform and video streaming service for AnnaFit on Demand subscription service. Vimeo may collect personal information such as your IP address, browser type, and interaction data (e.g. video playback activity) if you subscribe to AnnaFit on Demand. This information may be processed by Vimeo in the United States and other jurisdictions. We take reasonable steps to ensure that any overseas disclosure of personal information complies with the New Zealand Privacy Act 2020. Vimeo may also process information in accordance with its own privacy policy, which you can view here: https://vimeo.com/privacy AnnaFit use Vimeo to provide video functionality and to improve user experience. Where possible, we configure privacy settings to limit unnecessary data collection.
      • AnnaFit use Google Workspace (including Gmail and Google Drive) to provide email, document storage, and collaboration services. Personal information stored through these services may include contact details, communications, and business documents. Google processes this information solely on our behalf and in accordance with our instructions. Personal information may be stored or processed on secure servers located outside New Zealand. Where this occurs, we take reasonable steps to ensure the information is protected in a way that is comparable to the protections required under the New Zealand Privacy Act 2020.
      • Where AnnaFit discloses personal information to overseas recipients (including through the use of overseas-based platforms or cloud services), AnnaFit will take steps to ensure that the overseas recipient protects the information in a manner comparable to the Act, in accordance with IPP 12.
  1. Cookies and Tracking Technologies:
      • The AnnaFit website may use cookies and similar tracking technologies (such as analytics tools) that collect personal information about your device and browsing behaviour, including your IP address, browser type, pages visited, and time spent on the site. This information is used to understand how visitors use the website and to improve AnnaFit’s services. You may disable cookies through your browser settings at any time, though this may affect the functionality of the website.
  1. Health Questionnaire / Pre-Exercise Screening Tool:
      • Personal information provided by prospective clients will only be used for the purposes of providing the best services for our clients. Any information provided will be securely stored and only accessed by relevant employees. For clients who no longer wish to continue with us, the personal information will either be destroyed immediately or securely stored for a period of up to three (3) months. During that time, it will not be used for any other purpose than improving our services and keeping our clients safe.
  1. Information Security:
      • AnnaFit will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure, in accordance with IPP 5 of the Act. These steps include, but are not limited to, secure encrypted connections (SSL/TLS), password-protected and access-controlled systems, regular software updates, and limiting access to personal data to authorised staff only. AnnaFit will take reasonable steps to destroy, or permanently de-identify, personal information once it is no longer required.
  1. Accuracy:
      • AnnaFit will take reasonable steps to ensure that the personal information it holds is accurate, up to date, complete, relevant, and not misleading before it is used or disclosed, in accordance with IPP 8 of the Act. Clients are encouraged to keep their contact and personal details current by notifying AnnaFit of any changes.
  1. Openness:
      • Where AnnaFit holds personal information in such a way that it can readily be retrieved, the individual concerned shall be entitled to obtain from AnnaFit confirmation of whether or not AnnaFit holds such personal information and to have access to that information.
  1. Access and Correction:
      • If AnnaFit holds personal information about an individual, it will comply with its legislative obligations to provide the individual with access to the information on request, in accordance with IPP 6 of the Act. AnnaFit will respond to any such request within 20 working days of receipt.
      • If AnnaFit holds personal information about an individual and the individual is able to establish that the information is not accurate, complete and up-to-date, AnnaFit will take reasonable steps to correct the information so that it is accurate, complete and up-to-date, in accordance with IPP 7 of the Act. AnnaFit will provide reasons for any denial of access or refusal to correct personal information. Where AnnaFit holds personal information but is unwilling to correct that information in accordance with a request by the individual concerned, AnnaFit shall, if so requested by the individual concerned, take such steps (if any) as are reasonable in the circumstances to attach to the information any statement provided by that individual of the correction sought.
  1. Notifiable Privacy Breaches:
      • AnnaFit will notify the Privacy Commissioner and any affected individual(s) as soon as practicable, and in any event within approximately 72 hours, after becoming aware that a notifiable privacy breach has occurred, in a manner conforming to the requirements set out in section 117 of the Act, subject to any exceptions under section 116 of the Act. In the event that it is not reasonably practicable to notify an affected individual or each member of a group of affected individuals, AnnaFit will instead give public notice of the privacy breach in a form in which no affected individual is identified and in accordance with any regulations made under section 215(1)(a) of the Act.
      • AnnaFit will maintain internal records of all privacy breaches, whether or not they meet the threshold for notification to the Privacy Commissioner.
  1. Third Party Websites:
      • The AnnaFit website may have links to third party websites which are not controlled or owned by AnnaFit. All links to third party websites do not constitute sponsorship, endorsement or approval of these websites. AnnaFit is not responsible for the privacy practices of any other websites or companies.
  1. Contact and Complaints:
      • Any questions, concerns or complaints about this Policy or the way AnnaFit handles personal information should be directed to the Privacy Officer at: AnnaFit | Email: studio@annafit.co.nz | Phone: +64 21 874 445
      • AnnaFit will acknowledge any complaint promptly and aim to resolve it within 20 working days. If you are not satisfied with AnnaFit’s response, you may make a complaint to the Office of the Privacy Commissioner at www.privacy.org.nz or by calling 0800 803 909. If the Privacy Commissioner refers your complaint to the Human Rights Review Tribunal, the Tribunal has the power to award damages and make other orders.
  1. Updates to This Policy:
      • AnnaFit may update this Policy from time to time to reflect changes in its practices or legal requirements (including the introduction of new obligations under the Privacy Amendment Act 2025). Any material changes will be notified by posting the updated Policy on the AnnaFit website. Continued use of AnnaFit’s services after any changes constitutes acceptance of the updated Policy.
      • Last updated: 15 May 2026

If you have any questions please contact Anna at studio@annafit.co.nz