Gym Xplode Pty Ltd (“Gym Xplode”, “we”, “us”, or “our”) provides marketing services, automation tools and customer relationship management (“CRM”) systems to gyms, fitness studios and franchise networks (“Clients”).
This Privacy Policy outlines how we collect, use, store, disclose and protect personal information when delivering our services.
Under the Australian Privacy Principles (APPs), our Clients remain the data controllers of all lead and member information they collect or upload. Gym Xplode acts strictly as a data processor on behalf of Clients, unless otherwise stated.
Gym Xplode complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
This Policy is designed to meet the requirements of APP 1 (Openness), APP 5
(Collection Notification), APP 6 (Use and Disclosure), APP 10 (Quality of Personal Information),
APP 11 (Security of Personal Information), and APP 12/13 (Access and Correction).
Where applicable, we also align with international data protection standards including GDPR-style rights and safeguards.
2. Who This Policy Applies To
This policy applies to:
-Individuals who visit our website or submit enquiries -Leads, prospects and members whose information is captured through Gym Xplode systems
-Clients and authorised staff using Gym Xplode services
-Users of any forms, landing pages, automations or digital assets powered by Gym Xplode
Clients are responsible for ensuring they have obtained valid consent before supplying us with end-user information.
3. Types of Personal Information We Collect We may collect or process the following categories of personal information:
-Appointment bookings, attendance, follow-up history
-Communication logs (SMS, email, call timestamps)
-Call recordings where enabled by the Client
3.3 Health & Fitness Information
Gym Xplode processes Sensitive Information (such as health, fitness or injury disclosures) only on the instruction of the Client, who is responsible for obtaining the individual’s explicit consent before collecting or supplying such information to us. Gym Xplode treats Sensitive Information with a higher level of protection and does not use it for marketing or any purpose beyond the Client’s direct business needs.
3.4 Technical & Usage Information
-Device type and browser details
-IP address -Website/page activity
-Cookies and analytics data
3.5 Marketing Consent Records
-Consent timestamps
-Unsubscribe or opt-out activity
We do not knowingly collect personal information from children under 16.
4. How We Collect Personal Information We collect personal information through:
Direct interactions — forms, enquiries, landing pages, online bookings
Client submissions — when gyms upload or integrate their lead/member lists
Third-party integrations — e.g., Facebook Lead Ads, Google Ads forms
Clients remain responsible for ensuring the lawful collection of information they provide to us.
5. How We Use Personal Information
Gym Xplode takes reasonable steps to ensure the Personal Information we process is accurate,
up-to-date, complete and relevant. We also support Clients in correcting or updating
information and in maintaining data minimisation practices.
We process information solely for legitimate business purposes and to support our Clients, including:
-Delivering CRM and automation services
-Managing leads, bookings, follow-ups and member communication
-Facilitating SMS, email and phone communications
-Monitoring campaign performance and engagement
-Providing technical support and service improvements
-Conducting analytics, security monitoring and troubleshooting
-Billing, administration and account management
-Complying with legal and regulatory obligations
We do not sell personal information.
All lead and member information remains the property of the Client.
6. Legal Basis for Processing Where relevant, we rely on:
-Consent
-Performance of our service agreement
-Legitimate business interests
-Compliance with applicable laws
-Instructions from the Client
7. Disclosure of Personal Information Personal information may be disclosed:
7.1 To the Client
Clients always retain ownership and primary control over the data.
7.2 To Service Providers (“Sub-processors”)
Trusted providers assisting us in delivering services, including:
Cloud hosting platforms
Email/SMS communication services
Data backup and analytics providers
These parties are bound by confidentiality and security obligations.
A current list of Gym Xplode’s Sub-processors is available to Clients upon request.
All Sub-processors are contractually required to implement data protection measures
that meet or exceed the standards described in this Policy.
7.3 Where Required by Law
We may disclose information to comply with legal processes or regulatory requirements.
7.4As Part of a Business Transaction
In the event of a merger, acquisition or restructure, information may transfer under the same protections.
8. International Data Transfers Some data may be stored or processed overseas.
Where transfers occur, we take reasonable steps to ensure any overseas recipients of Personal Information do not breach the Australian Privacy Principles.
Use of our services indicates consent to such transfers.
9. Data Retention & Deletion
We retain personal information only for as long as necessary to:
-Provide services to the Client
-Meet legal or operational requirements
-Resolve disputes
Upon Client request or termination:
-Data will be securely deleted or anonymised; or
-Returned to the Client if requested prior to deletion
Gym Xplode uses a secure third-party CRM platform to manage lead and member information. This platform provides a 60-day data restoration period for deleted contact records.
After this period, information is permanently deleted by the system and cannot be recovered. Certain associated data such as messages or notes may not be restored even within the recovery window.
If long-term or permanent record-keeping is required, we recommend Clients maintain their own archive or export of contact information.
10. Security Measures
We implement industry-standard security controls, including:
-Encrypted storage
-Secure access controls
-Multi-factor authentication where supported
-Regular monitoring, patching and auditing
-Confidentiality requirements for all staff
While no system is completely immune to risk, we take reasonable steps to safeguard information.
In the event of a data breach involving Personal Information that is likely to cause
serious harm, Gym Xplode will notify the Client as soon as practicable and assist the
Client in meeting their obligations under the Notifiable Data Breaches (NDB) Scheme.
This includes investigating the incident, assessing potential impacts, and supporting
communication with affected individuals.
11. Individual Rights
Individuals may request: -Access to their personal information
-Correction of inaccurate details
-Deletion of information where appropriate
-Withdrawal of marketing consent
-Details about how their information is used
Requests may be directed to the Client or to Gym Xplode.
12. Cookies & Analytics
We use cookies and analytics tools to enhance service performance. Users may disable cookies, though some functionality may be restricted.
13. Third-Party Links
Our website may contain links to external sites. We are not responsible for third-party privacy practices. Please review the Third Party website policies of each site you visit.
14. Updates and Changes to Privacy Policy
We may update this Privacy Policy periodically. The latest version will always be available on our website.
If you have questions about this Privacy Policy or want to contact us, please send an email to [email protected].
15. Complaints & OAIC Individuals may request access to, correction of, or deletion of their Personal Information
by contacting the Client directly or by contacting Gym Xplode at [email protected].
We will respond to privacy enquiries or complaints within a reasonable timeframe.
If the individual is not satisfied with our response, they may lodge a complaint with the
Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
Copyright 2025 - Gym Xplode Pty Ltd - All Rights Reserved