top of page

Privacy Policy

Data Privacy and Security Policy

 

Effective Date: Feb 19, 2024

 

1. Introduction

 

Innovate Exercise Physiology ("the Company") is committed to safeguarding the privacy and security of personal and sensitive data collected, processed, and stored as part of its operations. This Data Privacy and Security Policy outlines the measures and procedures in place to protect data and comply with applicable privacy laws and regulations.

 

2. Scope

 

This policy applies to all employees, contractors, vendors, and third parties who handle or have access to personal and sensitive data on behalf of Innovate Exercise Physiology.

 

3. Definitions

 

3.1 Personal Data: Any information relating to an identified or identifiable individual.

 

3.2 Sensitive Data: Personal data that requires special protection due to its nature or the potential risks involved, such as health information, financial details, or government-issued identifiers.

 

4. Collection and Use of Data

 

4.1 Purpose Limitation: The Company collects and processes personal data only for specified and legitimate purposes. Data is obtained with the consent of the individual or as permitted by applicable laws and regulations.

 

4.2 Data Minimization: The Company collects and retains only the minimum amount of personal data necessary to achieve the defined purpose.

 

4.3 Lawful Basis: The Company processes personal data based on one or more lawful bases, such as consent, contract performance, legal obligations, or legitimate interests.

 

5. Data Security

 

5.1 Confidentiality and Integrity: The Company implements appropriate technical and organizational measures to protect personal and sensitive data from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to, encryption, access controls, firewalls, and regular system audits.

 

5.2 Employee Training: All employees and individuals with access to personal and sensitive data receive training on data privacy and security awareness. This training covers the proper handling, protection, and disposal of data, as well as the identification and reporting of potential security incidents.

 

5.3 Incident Response: The Company maintains an incident response plan to promptly detect, respond to, and recover from any data breach or security incident. In the event of a breach, affected individuals will be notified as required by applicable laws and regulations.

 

6. Data Retention and Disposal

 

6.1 Retention Period: Personal and sensitive data will be retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by legal or regulatory obligations.

 

6.2 Data Disposal: When personal and sensitive data is no longer needed, it will be securely disposed of using methods that prevent unauthorized access or disclosure.

 

7. Third-Party Data Processors

 

7.1 Data Processor Selection: The Company carefully selects and reviews third-party vendors and service providers to ensure they meet the required data privacy and security standards. Contracts with these processors include appropriate data protection clauses.

 

7.2 Data Processor Oversight: The Company maintains procedures to monitor and evaluate the data privacy and security practices of third-party data processors to ensure compliance with applicable regulations.

 

8. Individual Rights

 

8.1 Access and Correction: Individuals have the right to request access to their personal data and to request correction, amendment, or deletion of inaccurate or outdated information.

 

8.2 Data Subject Requests: The Company responds to individuals' requests to exercise their rights within the timeframes required by applicable data protection laws.

 

9. Compliance

 

9.1 Compliance with Laws and Regulations: The Company complies with all applicable data protection laws, regulations, and industry standards.

 

9.2 Policy Review: This policy is regularly reviewed and updated to ensure its ongoing suitability and effectiveness in protecting personal and sensitive data.

 

10. Reporting and Accountability

 

10.1 Data Privacy Officer: The Company designates a Data Privacy Officer (DPO) who is responsible for overseeing data privacy and security practices, handling data protection inquiries, and ensuring compliance with this policy and applicable laws.

 

10.2 Reporting Breaches: Any suspected or actual breaches of data privacy or security must be promptly reported to the DPO, who will initiate an investigation and take appropriate actions to address the incident.

 

11. Policy Acknowledgment

 

All employees, contractors, vendors, and third parties who handle personal and sensitive data on behalf of Innovate Exercise Physiology must acknowledge their understanding and compliance with this Data Privacy and Security Policy.

 

By adhering to this policy, Innovate Exercise Physiology aims to protect personal and sensitive data and maintain the trust of its stakeholders in regard to data privacy and security.

Innovate Exercise Physiology

0419 159 903

www.innovatexphys.com.au

shop 4/ 3- 5 Hewish Rd, Croydon VIC 3136, Australia

Acknowledgment of Country

Innovate Exercise Physiology acknowledges the Wurundjeri Woi-wurrung people of the Kulin Nation as the Traditional Custodians of the land on which we operate in Croydon.


We pay our respects to Elders past and present, and recognise their continuing connection to land, waters, culture, and community.


We extend our respect to all Aboriginal and Torres Strait Islander peoples and are committed to promoting inclusion, respect, and reconciliation.

Privacy Policy

Terms & Conditions

 

© 2025 by Innovate Exercise Physiology.  

 

bottom of page