Privacy Policy

MEMBR PRIVACY NOTICE FOR END USERS 

LAST UPDATED: April 2022

Who we are and why we have this notice

This Privacy Notice (the “Notice”) sets out how we Fit Cloud Technology Limited (trading under the Membr brand) (“Fit Cloud”, “us” or “we”) process personal information about you (the “User” or “you”) when you sign up to our fitness platform through membership of your gym. We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle.

Your gym is also a data controller of this information and has its own equivalent responsibilities. You can find out more about your gym’s responsibilities by reading its privacy policy or by contacting it using the contact details they have provided.

You can find out more about Fit Cloud’s responsibilities and about how and why we collect and use your personal information by reading this Notice. However, if anything is unclear or if you have any questions about this Notice, please contact us at helpme@membr.com. 

What information do we collect from you?

Personal data, or personal information, means any information about a person from which they can be identified.  We may collect, store, and use some or all of the following categories of personal information about you:

Identity Information

• personal contact details such as name, title, gender, addresses, telephone numbers, and personal email addresses
• date of birth and place of birth
• next of kin and emergency contact information
• start date
• physical measurements, training statistics and dietary information
• photographs
• information about your use of our information and communications systems (such as messages to personal trainers, goals and notes)

Subject to your explicit consent, we may also collect, store and use your health data. This is considered a special category of more sensitive data. Where we process health data, it will be treated confidentially and will never be used for direct marketing purposes.

System Information

When you log on to our fitness platform through our website or an app, we automatically collect information about your use of the platform including details of your visits such as pages viewed and the resources that you access. This information will include; traffic data, location data, IP address, browser, operating system, referral source, length of visit, clickstream data and other communication data.

How is this information collected?

Identity Information

We collect Identity Information provided voluntarily by you. For example, when you register with or use our fitness platform (by entering training plan details, goals or making a booking). 

We also collect Identity Information when you fill out a web form or questionnaire or contact us (by email or telephone) to ask a question or request information.  

We also collect Identity Information through your gym when they add information about you into our fitness platform. For example, a personal trainer may add information when they use the Connected Trainer feature to communicate with you.

System Information

As mentioned above, we collect System Information when you interact with our fitness platform, through the website or an app. 

What do we use it for?

Providing our services

As part of the provision of our services, we use the personal information that we collect from you to:

• register you as a user of our fitness platform
• provide the following benefits to you: health monitoring, live group fitness streaming, virtual fitness streaming and workout recordings
• process your bookings and notify you of activities, cancellations or payment details
• manage our relationship with you (for example by notifying you about changes to our terms or asking you to complete a survey)

Monitoring, administering and improving

We use your personal information to help us to monitor our performance, administer and improve our fitness platform by:

• tracking and analysing activity to identify patterns and help us improve our website and apps
• troubleshooting, conducting data analysis, testing, system maintenance, support, reporting and hosting of data
• using data analytics to improve customer relationships and experiences
• analysing information so that we can prioritise features that are relevant and popular
• educating, training and developing our staff’s performance
• ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
• preventing fraud
• other business administration such as management and planning, including accounting and auditing

Direct marketing

Where you have indicated you are happy to receive direct marketing, we use your information to provide details of our products or services that may be of interest to you.

This is likely to happen where you have given us your consent in advance. It may also happen where the message only contains information that we think will be of interest to you because it relates to services that you have already purchased from us and you have not opted out despite having the opportunity to do so (at the point we collected your information and in every follow-up message we send).

If you wish us to stop using your information for these purposes at any time, please use the appropriate opt-out link in our messages to you or contact us at helpme@membr.com.

What gives us the right to use your information?

Data protection law says we only have the right to use your personal information where we can identify a lawful basis for doing so. Your consent to the processing as specified in this Notice is our primary lawful basis. In some circumstances we may also rely on another lawful basis. Most commonly, these will be:

• where we need to use the information to perform the contract we have entered into with you
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• where we need to comply with a legal or regulatory obligation

When do we Share your information?

We will share your personal information with your gym. They have on-going access to your information through a dedicated channel on our fitness platform.

There are other circumstances when we want to or are compelled to share your personal information, including:

• with third party service providers or suppliers to enable us to provide our services (for example payment processors, webhosts, ID verification partners etc.). Where we share data with service providers, we require them to sign a contract that obliges them amongst other things to have stringent security measures in place, comply with our instructions and help us to comply with data protection law
• to another legal entity on a temporary or permanent basis, in connection with a business deal, such as a merger, financing, acquisition, or sale of our business
• where we are required to do so by law
• where you have provided your consent

Transferring information outside the EU

We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. Where this occurs we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at helpme@membr.com.

Security and retention

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  We also have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.

Rights of access, correction, erasure, and restriction

Your rights in connection with personal information

Under certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
• Request the transfer of your personal information to another party

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Respective responsibilities of Fit Cloud and your gym

As mentioned in Section 1, both Fit Cloud and your gym will act as data controller in relation to personal information processed through the fitness platform.

This means that we both have responsibilities in relation to that personal information. You can find out more and you can exercise the rights set out above by contacting either Fit Cloud or your gym. In order to ensure that any such enquiry is dealt with promptly and efficiently, we recommend in the first instance contacting your gym.

If you have any questions about this Notice or how we handle your personal information, please contact us at helpme@membr.com. You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice

We reserve the right to update this Notice at any time, and we will provide you with a new Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Privacy Policy

MEMBR PRIVACY NOTICE FOR END USERS 

LAST UPDATED: March 2023

Who we are and why we have this notice

This Privacy Notice (the “Notice”) sets out how we Fit Cloud Technology Limited (trading under the Membr brand) (“Fit Cloud”, “us” or “we”) process personal information, including Cookies, IP addresses, etc. about you (the “User” or “you”) when you sign up to our fitness platform through membership of your gym. We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws (GDPR and JAPAN APPI apply in principle, however, other regulations may apply outside the scope of these laws) in relation to the information we handle.

Your gym is also a data controller of this information and has its own equivalent responsibilities. You can find out more about your gym’s responsibilities by reading its privacy policy or by contacting it using the contact details they have provided.

You can find out more about Fit Cloud’s responsibilities and about how and why we collect and use your personal information by reading this Notice. However, if anything is unclear or if you have any questions about this Notice, please contact us at helpme@membr.com.

What information do we collect from you?

Personal data, or personal information, means any information about a person from which they can be identified. We may collect, store, and use some or all of the following categories of personal information about you:

Identity Information

• personal contact details such as name, title, gender, addresses, telephone numbers, and personal email addresses
• date of birth and place of birth
• next of kin and emergency contact information
• start date
• physical measurements, training statistics and dietary information
• photographs
• information about your use of our information and communications systems (such as messages to personal trainers, goals and notes)

Subject to your explicit consent, we may also collect, store and use your health data. This is considered a special category of more sensitive data. Where we process health data, it will be treated confidentially and will never be used for direct marketing purposes.

System Information

When you log on to our fitness platform through our website or an app, we automatically collect information about your use of the platform including details of your visits such as pages viewed and the resources that you access. This information will include traffic data, location data, IP address, browser, operating system, referral source, length of visit and other communication data.

How is this information collected?

Identity Information

We collect Identity Information provided voluntarily by you. For example, when you register with or use our fitness platform (by entering training plan details, goals or making a booking).

We also collect Identity Information when you fill out a web form or questionnaire or contact us (by email or telephone) to ask a question or request information.

We also collect Identity Information through your gym when they add information about you into our fitness platform. For example, a personal trainer may add information when they use the Connected Trainer feature which is one of our fitness platform features to communicate with you.

System Information

As mentioned above, we collect System Information when you interact with our fitness platform, through the website or an app. Membr currently uses Amazon Web Servers which are one of the largest in the world. AWS supports more security standards and compliance certifications than most other offerings, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, which assists with helping satisfy compliance requirements around the Globe.

What do we use it for?

Providing our services

As part of the provision of our services, we use the personal information that we collect from you to:

• register you as a user of our fitness platform
• provide the following benefits to you: health monitoring, live group fitness streaming, virtual fitness streaming and workout recordings
• process your bookings and notify you of activities, cancellations or payment details
• manage our relationship with you (for example by notifying you about changes to our terms or asking you to complete a survey)

Monitoring, administering and improving

We use your personal information to help us to monitor our performance, administer and improve our fitness platform by:

• tracking and analysing activity to identify patterns and help us improve our website and apps
• troubleshooting, conducting data analysis, testing, system maintenance, support, reporting and hosting of data
• using data analytics to improve customer relationships and experiences
• analysing information so that we can prioritise features that are relevant and popular
• educating, training and developing our staff’s performance
• ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
• preventing fraud
• other business administration such as management and planning, including accounting and auditing

Direct marketing

Where you have indicated you are happy to receive direct marketing, we use your information to provide details of our products or services that may be of interest to you.

This is likely to happen where you have given us your consent in advance. It may also happen where the message only contains information that we think will be of interest to you because it relates to services that you have already purchased from us and you have not opted out despite having the opportunity to do so (at the point we collected your information and in every follow-up message we send).

To achieve the above purposes, we may jointly use your information with your gym, or share your information with third party service providers or suppliers, or another legal entity as mentioned below. If you wish us to stop using your information for these purposes at any time, please use the appropriate opt-out link in our messages to you or contact your gym.

What gives us the right to use your information?

Data protection law says we only have the right to use your personal information where we can identify a lawful basis for doing so. Your consent to the processing as specified in this Notice is our primary lawful basis. In some circumstances we may also rely on another lawful basis. Most commonly, these will be:

• where we need to use the information to perform the contract we have entered into with you
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• where we need to comply with a legal or regulatory obligation

When do we Share your information?

We will share your personal information with your gym. They have on-going access to your information through a dedicated channel on our fitness platform.

We will also share your personal information with Fast Fitness Japan, Inc. and Anytime Fitness LLC. Membr’s web-based software and mobile application is supported by Anytime Fitness LLC and sharing data with Anytime Fitness LLC will help ensure that your use and experience of Membr’s services is delivered effectively.

The categories of your personal information we will share includes the following;

There are other circumstances when we want to or are compelled to share your personal information, including:

• with third party service providers or suppliers to enable us to provide our services (for example payment processors such as Transaction Services Group, webhosts such as Amazon Web Services, ID verification partners etc). Where we share data with service providers, we require them to sign a contract that obliges them amongst other things to have stringent security measures in place, comply with our instructions and help us to comply with data protection law
• to another legal entity on a temporary or permanent basis, in connection with a business deal, such as a merger, financing, acquisition, or sale of our business
• where we are required to do so by law
• where you have provided your consent

The categories of your personal information that we share with third party service providers or suppliers include the following;

• Providing analysis to best support and provide Membrs’ fitness, Software as Service
• To enhance the current product and stay up to date with localizations, customs and requirements
• From time to time at the request of Anytime Fitness LLC

Whilst Membr processes your data in the EU and the UK, we may transfer the personal information we collect about you outside the EU and the UK in order to perform our contract with you. Where this occurs, we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at helpme@membr.com. At the time when your consent for the international transfer to an offshore third party would be obtained by us, the name of the country to which your personal information would be transferred, whether or not comparable privacy rules are available in that country, the terms and contents of the privacy rule in the destination country, if any, and the privacy policy of the offshore third party will be provided to you.

Transferring information outside Japan

For individuals based in Japan, Membr will transfer the personal information we collect about you outside Japan. As set out above, this will include to the EU and UK. Where you have provided your consent, we will also transfer your personal information to Anytime Fitness LLC in the United States. At the time when your consent for the international transfer to an offshore third party would be obtained by us, the name of the country where your personal information would be transferred, whether or not comparable privacy rules are available in that country, the terms and contents of the privacy rule in the country if any and the privacy policy of the offshore third party will be provided to you.

Security and retention

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.

Rights of access, correction, erasure, and restriction

Your rights in connection with personal information

Under certain circumstances (situations where an individual has a right reason to exercise the rights of access, correction, erasure and restriction), by law you have the right to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
•  

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

You may provide the above requests by sending a letter to the following address or contact us at helpme@membr.com.

Membr Fitness Japan K.K.
Cerulean Tower 15F
26-1, Sakuragaoka-cho, Shibuya-ku,
Tokyo, Japan 150-0031

Our response may be made by written or electronic manner, depending on your specific request, provided, however, that when the manner of your request would cause a significant expense to us, the manner of our response may be limited to a response in writing.

Respective responsibilities of Fit Cloud and your gym

As mentioned in Section 1, both Fit Cloud and your gym will act as data controller in relation to personal information processed through the fitness platform.

This means that we both have responsibilities in relation to that personal information. You can find out more and you can exercise the rights set out above by contacting either Fit Cloud or your gym. In order to ensure that any such enquiry is dealt with promptly and efficiently, we recommend in the first instance contacting your gym.

If you have any questions about this Notice or how we handle your personal information, please contact us at helpme@membr.com. You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice

We reserve the right to update this Notice at any time, and we will provide you with a new Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

プライバシー・ポリシー

会員様向けの Membr システムプライバシーについて

最終更新日︓2023年 3 月

当社と本通知について

当社が収集する情報

個人データあるいは個人情報とは、個人に関する情報であってその個人を特定できるものをいいます。当社は、会員様について、以下のカテゴリーの一部または全ての個人情報を収集、保存、利用することがあります。

身元情報 

• 氏名、役職、性別、住所、電話番号、個人の E メール・アドレスなどの個人の連絡先情報 
• 生年月日および出生地 
• 近親者および緊急連絡先 
• 利用開始日
• 身体計測値、トレーニング統計および食事に関する情報 
• 写真 
• 当社情報通信システムの利用に関する情報（パーソナル・トレーナーへのメッセージ、目標、メモなど） 

会員様から明確な同意を得ることを条件として、当社は、会員様の健康データも収集、保存、利用することがあります。これは、より機密性の高い特殊なカテゴリーのデータとして扱われ、当社がこのデータを処理するときは、機密情報として取り扱われ、ダイレクト・マーケティングの目的には決して利用されることはありません。

システム情報 

当社のウェブサイトまたはアプリを通じてフィットネス・プラットフォームにログインした際、会員様が閲覧したページやアクセスしたリソースなどのアクセス状況の詳細を含め、会員様による当社プラットフォームの利用に関する情報が自動的に収集されます。この情報には、トラフィックデータ、位置データ、IPアドレス、ブラウザー、オペレーティングシステム、照会元、アクセス期間その他の通信データが含まれます。

情報の収集方法 

身元情報

たとえば、当社フィットネス・プラットフォームで入会登録したとき、または当社プラットフォームを利用したとき（トレーニングプランの詳細や目標の入力、またはクラスの予約などの際に）、会員様から自主的に提供された身元情報を収集します。

さらに、質問や情報請求のためにWebフォームやアンケートに記入したとき、または（Eメールや電話で）当社に連絡したときも、身元情報が収集されます。

他にも、会員様のジムが会員様に関する情報を当社フィットネス・プラットフォームに追加したときも、ジムを通じて身元情報が収集されます。たとえばパーソナルトレーナーは、コネクテッド・トレーナー機能（当社フィットネスプラットフォームのサービスの一つ）を利用して会員様と通信する際に、情報を追加することがあります。

システム情報 

上記のとおり、ウェブサイトまたはアプリを通じて当社フィットネス・プラットフォームと連携する際に、システム情報が収集されます。 弊社では世界最大のクラウドサービスプラットフォームの１つであるアマゾンウェブサービス(AWS)を使用しております。AWSは、PCI-DSS、HIPAA/HITECH、FedRAMP、GDPR、FIPS 140-2、NIST 800-171など、他のどのサービスよりも多くのセキュリティ標準とコンプライアンス認証をサポートしており、世界中の規制当局のコンプライアンス要件を満たすのに役立っています。

情報の利用目的 

サービスの提供 

サービス提供の一環として、当社は、会員様から収集した個人情報を以下の目的に利用します。

• 当社フィットネス・プラットフォームの会員様として登録するため
• 以下の特典を提供するため：健康モニタリング、グループフィットネスのライブストリーミング、バーチャルフィットネスストリーミングおよびワークアウトの記録
• 予約の手続きを行い、アクティビティー、キャンセルまたは支払情報を通知するため
• 当社と会員様の関係を管理するため（たとえば、規約の変更を通知する、またはアンケート調査協力を依頼するなど）

モニタリング、運営管理および改善 

当社は、運営するフィットネス・プラットフォームのパフォーマンスのモニタリング、フィットネス・プラットフォームの運営管理および改善に資するため、以下の形で会員様の個人情報を利用します。

• パターンを特定し、当社のウェブサイトおよびアプリの改善に資するためのアクティビティーの追跡と分析 
• トラブルシューティング、データ分析、テスト、システムメンテナンス、サポート、報告およびデータのホスティング 
• 顧客関係と顧客体験を改善するためのデータアナリティクスの利用 
• 人気のある関連機能を優先させるための情報分析 
• 当社スタッフの教育、トレーニングおよびパフォーマンス開発 
• 当社のコンピューターや電子通信システムへの不正アクセスの防止や、悪意のあるソフトウェアの配信防止を含む、ネットワーク・セキュリティーと 情報セキュリティーの確保 
• 詐欺の防止 
• 経営や企画などの他の事業管理（会計および監査を含む） 

ダイレクト・マーケティング 

ダイレクト・マーケティングの受け取りを希望する旨の意思表示をした場合、当社は、会員様情報を利用して、会員様が関心を持つと思われる当社の製品またはサービスの情報を提供します。 

これは通常、会員様からあらかじめ同意を受けた場合に行われます。また、オプトアウトの機会（情報収集時およびその後の当社からのすべてのメッセージに含まれるフォローアップ）があったにもかかわらず、オプトアウトしていない場合、会員様が当社から購入したサービスに関連する、会員様が関心を持つと思われる情報のみについてダイレクト・マーケティングが行われることがあります。 

上記目的のため、当社は、会員様の情報をジムと共有するほか、下記に記載する第三者サービス提供者もしくはサプライヤーまたはその他の法人と共有することがあります。自らの情報が当社によってこうした目的に利用されることを望まない場合は、いつでも、当社からのメッセージに含まれる適切なオプトアウトリンクにアクセスするか、ご所属のジムまでご連絡をお願いします。

情報を利用する当社の権利の根拠

データ保護法により、当社は、法的根拠を明らかにできる場合に限り、会員様の個人情報を利用する権利を有しています。当社においては、本通知に明記される処理に対し会員様が同意することが主要な法的根拠です。場合によっては、当社は別の法的根拠に依拠することがあります。一般的な例を以下に挙げます。 

• 当社が会員様と締結した契約を履行するために当該情報を利用する必要がある場合 
• 当社（または第三者）の正当な利益および会員様の利益のために必要であり、かつ、基本的権利がこれらの利益よりも優先されない場合 
• 当社が法律上または規制上の義務を順守する必要がある場合 

いつ個人情報を共有するか

会員様の個人情報は、会員様のジムと共有されます。ジムは、当社フィットネス・プラットフォーム上の専用チャンネルを通じて会員様の情報に継続的にアクセスすることができます。 

また、会員様の個人情報は、株式会社Fast Fitness Japanおよび米国Anytime Fitness LLCとも共有されます。Membrのウェブベース・ソフトウェアおよびモバイル・アプリは株式会社Fast Fitness Japanおよび米国Anytime Fitness LLCによってサポートされており、株式会社Fast Fitness Japan および 米国Anytime Fitness LLCとデータを共有することでMembrサービスをより効果的に利用し、体験できるようになります。 

当社が共有する個人情報のカテゴリーには、次のものが含まれます。 

• 氏名、役職、性別、住所、電話番号、個人の Eメールアドレスなどの個人の連絡先情報 
• 生年月日および出生地 
• 近親者および緊急連絡先 
• 利用開始日 
• 身体計測値、トレーニング統計および食事に関する情報 
• 写真 
• 当社情報通信システムの利用に関する情報（パーソナルトレーナーへのメッセージ、目標、メモなど） 

また、以下の場合を含め、会員様の個人情報の共有が望ましい場合やその共有を余儀なくされる場合があります。

• 当社によるサービス提供を可能にするため、第三者サービス提供者またはサプライヤー（たとえば、Transaction Services Group社のような支払処理業者、アマゾンウェブサービスといったウェブホスト、ID 検証パートナーなど）と共有する場合。当社は、サービス提供者とデータを共有する場合、当該サービス提供者に対し厳格なセキュリティー措置を導入し、当社の指示を遵守し、当社によるデータ保護法の遵守に資することを義務づける契約に署名するよう要請します。 
• 合併、融資、買収、当社事業の売却などの事業取引に関連して、一時的または恒久的に他の法人と共有する場合 
• 法令により当該共有が義務づけられる場合 
• 会員様の同意を得た場合 ƒ

当社が第三者サービス提供者またはサプライヤーと共有する個人情報のカテゴリーには、次のものが含まれます。

• 氏名、役職、性別、住所、電話番号、個人の E メールアドレスなどの個人の連絡先情報

当社はAPIコールによるデータの転送のためにお客様の個人情報を第三者のサービスプロバイダーまたはサプライヤーと共有します。

お客様の個人情報の共有は、以下の目的のために行われます。

• より良いサポートとMembrフィットネスソフトウェアのサービスを提供するための分析
• 現在の製品の強化と地域、習慣、要件を常に対応するため
• 米国Anytime Fitness LLCからの要請があった際に随時提供

この共有についての責任者は下記のとおりです。

Fit Cloud Technology Limited
David Rushton, Chief Product Officer

EU および英国外への情報の移転 

当社は、会員様のデータの処理をEUおよび英国内で行いますが、会員様との契約を履行するために、当社が収集した会員様の個人情報をEUおよび英国外に移転することがあります。その場合、当社は、会員様の個人情報が適切な水準の保護を受けるよう徹底するとともに、会員様の個人情報がEUおよび英国のデータ保護法に則った方法で扱われるよう徹底するために適切な措置を導入します。これらの保護対策についてさらに情報が必要な場合は、helpme@membr.comまでご連絡ください。海外の第三者サービスプロバイダーへの国際的な転送についてお客様より同意を得る際、お客様の個人情報が転送される国名、当該国における同等のプライバシー規則の有無、転送先の国におけるプライバシー規則の条項および内容（もしあれば）、そして海外第三者のプライバシーポリシーがお客様に提供されることになります。

日本国外への情報の移転 

日本に所在する個人については、当社は、収集した会員様の個人情報を日本国外に移転します。上記のとおり、これにはEUおよび英国への移転も含まれます。会員様の同意を得た場合、当社は、会員様の個人情報を米国のAnytime Fitness LLCにも移転します。海外の第三者サービスプロバイダーへの国際的な転送についてお客様より同意を得る際、お客様の個人情報が転送される国名、当該国における同等のプライバシー規則の有無、転送先の国におけるプライバシー規則の条項および内容（もしあれば）、そして海外第三者のプライバシーポリシーがお客様に提供されることになります。

セキュリティーと保持 

当社は、会員様の個人情報の偶発的な紛失、不正な使用もしくはアクセス、改変または開示を防止するために適切なセキュリティー措置を導入しています。当社はさらに、データセキュリティー侵害の疑いに対処する手順も導入しており、侵害が疑われる場合は、法的要件に応じて会員様および該当する規制当局に報告します。 

当社が会員様の個人情報を保持する期間は、法的、会計上または報告上の要件を満たす目的を含め、これを収集した目的を果たすために必要な期間に限定されます。 

個人情報の適切な保持期間を決定する際に、当社は、当該情報の量、内容および機微性、情報の不正使用または不正開示によって生じうる損害リスク、当社が当該情報を処理する目的、当社が他の手段によってこれらの目的を達成できるか否か、ならびに適用される法的要件を考慮します。 

アクセス、訂正、消去および制限の権利 

個人情報に関する会員様の権利 

ある特定の状況（然るべき理由によりアクセス、訂正、消去および制限の権利を行使する必要がある場合）において、会員様は、法令により、以下の権利を有します。 

• 自ら個人情報へのアクセスを要請すること（「データ主体によるアクセス要請」として一般に知られている）。これにより、当社が保有している自らの 個人情報のコピーを受け取り、当社が当該情報を適法に処理しているかを確認することができます。 
• 当社が保有している自らの個人情報の訂正を要請すること。これにより、当社が会員様に関して保有している不完全または不正確な情報を訂正することができます。 
• 自らの個人情報の消去を要請すること。これにより、当社が個人情報の処理を継続する正当な理由がない場合に、当社に対し、その消去または削 除を要請することができます。 
• 当社が正当な利益（または第三者の正当な利益）に依拠しており、かつ、これを根拠に、会員様が処理に対して異議申立てを望む理由となる要素がある場合に、自らの個人情報の処理に異議を申し立てること。 
• 自らの個人情報の処理に対する制限を要請すること。これにより、個人情報の正確性やそれらを処理する理由を明確にするよう求める場合など、 自らに関する個人情報の処理を停止するよう当社に求めることができます。 
• 自らの個人情報の他者への転送を要請すること。

会員様は、自らの個人情報にアクセスする際（または他の権利を行使する際）に料金を支払うよう求められることはありません。ただし、アクセス要請に明らかに根拠がない場合やそれが過度な場合には、合理的な料金が請求されることがあります。あるいは、そのような場合にはアクセス要請に応じられないことがあります。 会員様の身元を確認し、会員様の情報アクセス権（または他のいずれかの権利を行使する権利）を確実にするため、当社は、特定の情報を求めなければならない場合があります。これは、個人情報がそれを受け取る権利のない者に開示されないようにするための別の適切なセキュリティー措置です。 

上記の依頼は下記住所宛に書面を送付するか、helpme@membr.com までご連絡いただくことに より行うことができます。

〒150-0031
東京都渋谷区桜丘町 26-1 セルリアンタワー15 階
Membr Fitness Japan 株式会社

当社からの回答は、お客様からのご要望に応じて書面又は電子的方法によって行われます。ただし、お客様のご要求の方法が当社に多額の費用をもたらす場合、当社の応答の方法は書面による応答に限定される場合があります。

Fit Cloud およびジムの責任 

ここまでに述べたとおり、Fit Cloudおよびジムはいずれも個人情報に関するデータ管理者としてフィットネス・プラットフォームを通じて会員様の個人情報を処理します。 

つまり、両者が個人情報について責任を負っているということです。会員様は、Fit Cloudまたはジムのいずれかに連絡することで詳細を確認し、上記の権利を行使することができます。こうした問い合わせを迅速かつ効率的に処理できるよう、まずは所属のジムにご連絡いただくことを推奨いたします。本通知または当社における個人情報の取り扱いについて質問があれば、当社（helpme@membr.com）までご連絡をお願いします。会員様は、英国のデータ保護に関する問題の監督機関である英国個人情報保護監督機関（ICO）にいつでも不服を申し立てる権利も有しています。

本プライバシー通知の変更 

当社はいつでも本通知を更新する権利を留保し、実質的な更新を行ったときは新たな本通知を提供 します。また、会員様の個人情報の処理について、随時別の方法で通知を行うことがあります。