CrossFit TWA – Privacy Policy

1. Who we are

• Business name: CrossFit TWA

• Street address: 2/12 Bon Mace Close, Berkeley Vale NSW 2261, Australia

• Email: info@crossfittwa.com.au

• Phone: (+61) 402924887

We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where our activities reach individuals in other jurisdictions (e.g. the EU, UK or California), we also align with the GDPR and CCPA/CPRA.

​

2. What information we collect

Identity & contact

• Name, date of birth, postal address, email, phone.

• Collected via website forms, Facebook/Instagram lead ads, in-gym sign-up sheets or direct enquiries.

Membership & training data

• Class attendance, membership tier, fitness goals, workout logs, injury notes.

• Collected through FitBox, coaching software and consultations.

Payment details

• Cardholder name, last four digits of card, billing history.

• Processed by secure payment providers such as Stripe, EziDebit and Square.

Marketing preferences

• Email/SMS opt-ins, social-media handles.

• Stored in Wingman CRM and our email/SMS platforms.

Website usage data

• IP address, device type, pages visited, cookies and analytics identifiers.

• Captured via cookies, Meta Pixel, Google Analytics 4 and Google Tag Manager.

Sensitive information (only with consent)

• Health or injury details, pregnancy or post-partum status.

• Provided voluntarily to coaches through pre-exercise questionnaires.

We do not knowingly collect information about anyone under 16 without parental consent.

3. Why we collect and use your information

• To provide our services: enrolling you as a member, scheduling classes, adjusting programs, monitoring injuries.

• To process payments: membership fees, personal-training packages, retail purchases.

• For marketing and communication: newsletters, promotions, event invites, retention surveys (always with an opt-out option).

• For analytics and service improvement: measuring attendance trends, ad effectiveness, website performance.

• For legal and compliance purposes: maintaining tax records, responding to lawful requests, managing insurance claims.

Our lawful grounds under the APPs are consent and legitimate expectations. Under GDPR/CCPA we rely on consent, contract performance, legitimate interests or legal obligation, as applicable.

4. How we share your information

We never sell or rent your data. We disclose it only to:

1. Service providers acting on our instructions (Wingman CRM, FitBox, payment processors, Mailchimp, Twilio, Meta, Google Workspace, Zapier, Airtable, content-creation contractors).

2. Coaches and authorised staff, each with role-based logins.

3. Professional advisers such as accountants, lawyers and auditors where necessary.

4. Regulators or law-enforcement agencies when required by law or to protect our rights.

Some providers store data outside Australia (e.g. the USA or EU). Where cross-border transfers occur, we use contractual safeguards, Standard Contractual Clauses or rely on the provider’s recognised certification.

5. Cookies and tracking technologies

We use the following on our website and in emails:

• Essential cookies for site security and basic functionality.

• Analytics cookies (GA4, Hotjar) for aggregated, anonymised statistics.

• Advertising pixels (Meta Pixel, Google Ads remarketing) for audience measurement and retargeting.

You can block non-essential cookies via our cookie-preferences banner or your browser settings. See our detailed cookie list at https://crossfittwa.com.au/cookies.

6. How we protect your data

• TLS encryption for data in transit and AES-256 encryption at rest in our primary SaaS tools.

• Unique logins, minimum-necessary permissions and multi-factor authentication for administrators.

• Restricted office access and CCTV in the gym.

• Documented incident-response and breach-notification procedures under APP 11 and GDPR Articles 33–34.

7. Data retention periods

• Marketing leads (non-members): kept for 18 months from the last interaction.

• Member files and health records: retained for 7 years after membership ends.

• Financial records: retained for 7 years to meet Australian Taxation Office requirements.

• CCTV footage: stored for 30 days unless an incident requires longer retention.

Data is securely deleted or anonymised once the relevant period expires, unless a longer period is required by law.

8. Your rights

You may:

• Access the personal information we hold about you.

• Correct any inaccurate or incomplete details.

• Withdraw consent or opt-out of marketing at any time (click “unsubscribe” or reply “STOP”).

• Request erasure of your data where legally permissible.

• Lodge a complaint: contact us first; if unresolved, complain to the Office of the Australian Information Commissioner (oaic.gov.au) or your local regulator.

Email info@crossfittwa.com.au to exercise any of these rights. 

9. Third-party links

Our website, social profiles and emails may link to external sites (e.g. partners or sponsors). We are not responsible for their privacy practices. Review those sites’ policies before sharing information with them.

10. Policy updates

We may update this Privacy Policy to reflect changes in law, technology or our services. The latest version is always available at https://crossfittwa.com.au/privacy-policy, and the “Last updated” date will change accordingly. Significant changes will also be announced via email or a website notice.

11. Contact us

Questions or complaints about privacy?

Email info@crossfittwa.com.au or write to:
Privacy Officer, CrossFit TWA, 2/12 Bon Mace Close, Berkeley Vale NSW 2261, Australia.

We aim to resolve complaints within 30 days. If you remain dissatisfied, you may contact the OAIC or the relevant authority in your jurisdiction.

By accessing our services or providing your information, you acknowledge that you have read and understood this Privacy Policy and consent to the handling of your personal information as described above.