Privacy Policy
This policy statement provides information on the obligations and policies of NEUST t its subsidiaries, affiliates, and associated companies (the “Company”) equal to any in the world in respect of the protections they provide to an individual. As such, the Company undertakes to apply, where practicable, those principles and the processes set out herein to its operations globally. You are required to read and understand all the conditions stated in this policy before using NEUST Products/Services. By using NEUST Products/Services, you are deemed to have accepted and agreed to all provisions in this Policy.
The Company’s officers, management, and members of staff shall, at all times, respect the confidentiality of and endeavour to keep safe any and all personal data collected and/or stored and/or transmitted and/or used for, or on behalf of, the Company. The Company shall endeavour to ensure all collection and/or storage and/or transmission and/or usage of personal data by the Company shall be done in an appropriate manner for membership applications, and internal purposes. Where an individual legitimately requests access to and/or correction of personal data relating to the individual, held by the Company, then the Company shall provide and/or correct that data in an appropriate time and manner.
Types of Personal Data Collected:
For the purpose of carrying on the Company’s business, including registration and administration of the Company’s related products and services (including relevant online services), you may be requested to provide personal data such as, but not limited to, the following, without which it may not be possible to satisfy your request:
- Your name;
- Correspondence address, and/or billing address;
- Payment details, including credit card and banking information;
- Contact details, including contact name and telephone number or email address
- Your image taken at our premises with a web cam (or like equipment ) for visual identification
NEUST may employ other companies or individuals to assist us in providing our services, or to provide certain services such as analysing customer lists, providing marketing assistance or consulting services. These third parties may have access to information needed to perform their function but cannot use that information for other purposes.
In some instances, you may also be requested to provide certain data that may be used to further improve our products and services and/or better tailor the type of information presented to you. In most cases, this type of data is optional although, where the requested service is a personalised service, or provision of a product or dependent on your providing all requested data, failure to provide the requested data may prevent us from providing the service to you. This type of data includes, but is not limited to:
- Your age;
- Gender;
- Salary range and employment details;
- Education and Profession;
- Hobbies and leisure activities;
- Other related products and services subscribed to; and
- Family and household demographics.
Some of the Company’s Websites may place a “cookie” on your machine; for example to provide personalised services and/or maintain your identity across multiple pages within or across one or more sessions. This information may include, but is not limited to, relevant login and authentication details as well as information relating to your activities and preferences across our Websites.
Under certain circumstances, telephone calls made to our order and/or service hotlines and/or inquiry telephone numbers are recorded for the purposes of quality control, appraisal, as well as staff management and development. Unless expressly indicated at the time of calling, such recordings are NOT personal data of the caller and therefore, in respect of the caller, are not subject to the various provisions of the Ordinance and the caller has no rights and/or claims; either statutory, contractual or tortuous, over or to such data. At all times, every care is taken to protect such recordings from inadvertent and/or unauthorized access.
You represent and warrant that all data and information to be provided to NEUST is given correctly and truly. You may take full responsibility in the event that we found inaccuracies and incorrect on data and information to be provided by you and you will hold harmless NEUST for any loss, demand or responsibility from any party arising to the inaccuracies and incorrect on data and information as mentioned herein.
Purposes for collection, use, disclosure and processing of personal data:
We may collect, use, disclose and/or process your personal data for one or more of the following purposes:
- Considering and/or processing your membership application with us, including to require you to fill in relevant forms which sets out your health and lifestyle to ascertain your fitness level at the point of application with us;
- Facilitating and managing your membership with us, including, without limitation;
- Granting you access into the NEUST facilities and clubs according to the terms of your membership;
- Providing and arranging your personal training programmes and other fitness lessons provided by NEUST ;
- Providing you with service or club/facilities status updates;
- Administering your personal training and other training/fitness packages;
- Processing the payment of your membership fees and / or any other relevant charges that may be incurred by you;
- Operating NEUST members’ database;
- Providing you with any benefits as indicated by the terms of your membership, including to administer the relevant referral programs applicable to your membership;
- Providing you with our Class Booker application for you to making booking(s) for Group Exercise classes;
- Tracking your fitness levels with systems provided by us or our service providers;
- Providing you with a fitness evaluation where requested by you;
- Facilitating the payment and provision of private locker rentals;
- Managing your access to online services provided by NEUST ;
- Managing your access to our mobile apps (including the NEUST app) and online services provided by the Company;
- Where your image is captured on any NEUST club/facilities, to be used for publicity purposes;
- Carrying out your instructions or responding to any enquiry given by (or purported to be given by) you or on your behalf;
- Contacting you or communicating with you via phone/voice call, text message and/or fax message, email and/or postal mail for the purposes of administering and/or managing your membership with us such as but not limited to communicating information to you related to:
- The status of your membership;
- Any service or club/facilities status updates;
- Reminders for appointments and / or sessions that you have booked with NEUST , whether through email or a notification through our Class Booker application;
- Rutstanding payments or membership fees; or
- Any of the purposes as indicated in paragraphs 1 and 2 above;
- Carrying out due diligence or other screening in accordance with any legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us;
- To prevent or investigate any fraud, unlawful activity or omission or misconduct, whether relating to your membership with us or any other matter arising from your membership with us, and whether or not there is any suspicion of the aforementioned;
- Complying with or as required by any applicable law, governmental or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law binding on us and/or for the purposes of any guidelines issued by regulatory or other authorities, whether in Malaysia or elsewhere, with which we are expected to comply;
- Complying with or as required by any request or direction of any governmental authority; or responding to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that we may/will disclosure your personal data to the aforementioned parties upon their request or direction;
- Conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve our services and facilities in order to enhance your membership with us or for your benefit, or to improve any of our products or services for your benefit;
- Storing, hosting, backing up (whether for disaster recovery or otherwise) of your personal data, whether within or outside Malaysia;
- Providing and sending you marketing, advertising and promotional information, materials and/or documents relating to your membership with us which we think may be of benefit or interest to you, via (i) postal mail to your postal address(es) and/or electronic transmission to your email address(es), and via telephone calls, SMS/MMS and/or facsimile to your telephone number(s);
- If you have used our clubs as a guest or trial pass user, or have signed up with us during our promotional events, providing and sending you marketing, advertising and promotional information, materials and/or documents relating to our membership and clubs, via (i) postal mail to your postal address(es) and/or electronic transmission to your email address(es), and (ii) if so consented by you, via telephone calls, SMS/MMS and/or facsimile to your telephone number(s) provided by you;
(collectively, the “Purposes”)
As the purposes for which we may/will collect, use, disclose or process your personal data depend on the circumstances at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of your personal data without your consent is permitted by the PDPA or by law.
In order to conduct our business operations more smoothly, we may also be disclosing the personal data you have provided to us to our third party service providers, agents and/or our affiliates or related corporations, and/or other third parties whether sited in Indonesia or outside of Indonesia, for one or more of the above-stated Purposes. Such third party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated Purposes. Examples of service providers include companies that provide web hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing, debt recovery and other services. Such third party service providers shall be notified to not misuse your personal data, however the third party service providers shall be fully responsible in using your personal data.
- Where possible, we will validate data provided using generally accepted practices and guidelines. This includes the use of checksum verification on some numeric fields such as account numbers or credit card numbers. In some instances, we are able to validate the data provided against pre-existing data held by the Company. In some cases, the Company is required to see original documentation before we may use the personal data such as with Personal Identifiers and/or proof of address.
WAYZT will endeavour to take all reasonable steps to keep secure any personal information recorded, and to keep this information accurate and up to date. The information is stored on secure servers if in digital format, or in locked areas if in hard copy format: these repositories are protected in controlled facilities. In some cases these facilities may be overseas.
WAYZT in providing user data to every employee or third party service provider with WAYZT will use the precautionary principle and will keep each user’s data with the utmost confidentiality and WAYZT will ensure that each employee or third party service provider also applies the principle stated. Employees or third-party service provider with WAYZT may enter into a confidentiality agreement to ensure the user’s data privacy and security.
However, security of communications over the Internet cannot be guaranteed, and therefore absolute assurance that information will be secure at all times cannot be given. WAYZT will notify you in writing in the event of any failure on the Personal Data protection and in the event this matter is occurred, therefore WAYZT will endeavour to take all reasonable steps according to the Indonesian prevailing laws and regulations. WAYZT will not be held responsible for events arising from unauthorized access to personal information, however, WAYZT will endeavor to take all necessary action to ensure that all of your data is always kept confidential and secure. To fulfill this purpose, you hereby grant permission to WAYZT to take all necessary actions.
The Company will destroy any personal data it may hold in accordance with our internal retention policy. The policy states that:
- Personal data will only be retained for as long as is necessary to fulfill the original or directly related purpose for which it was collected, unless the personal data is also retained to satisfy any applicable statutory or contractual obligations; and
- Personal data are purged from the Company’s electronic, manual, and other filing systems in accordance with specific schedules based on the above criteria and the Company’s internal procedures.
All personal data held by the Company will be kept confidential but the Company may, where such disclosure is necessary to satisfy the purpose, or a directly related purpose, for which the data was collected provide such information to the following parties:
- Any subsidiaries, holding companies, associated companies, or affiliates of, or companies controlled by, or under common control with the Company;
- Any person or company who is acting for or on behalf of the Company, or jointly with the Company, in respect of the purpose or a directly related purpose for which the data was provided;
- Any other person or company who is under a duty of confidentiality to the Company and has undertaken to keep such information confidential, provided such person or company has a legitimate right to such information; and
- Any financial institutions, charge or credit card issuing companies, credit information or reference bureau, or collection agencies necessary to establish and support the payment of any services being requested. Personal data may also be disclosed to any person or persons that have a right under Malaysian law to gain access to such information provided they are able to prove their authority to access such information. For example, if the Company were served with a court order demanding certain customer information then the Company would disclose the information to the duly appointed officer of the court or such other persons as the court orders.
- At times it may be necessary and/or prudent for the Company to transfer certain personal data to places outside of Indonesia in order to carry out the purposes, or directly related purposes, for which the personal data were collected. Where such a transfer is performed, it will be done so in accordance with WAYZT policy and local legislation such as including without limitation Law No 11 of 2008 regarding Electronic Information and Transaction (and it amendments the Law No. 19 Year 2016), Government Regulation No 82 of 2012 regarding Implementation of Electronic System and Transaction, Government Regulation No. 71 of 2019 regarding Implementation of Electronic System and Transaction and Ministry of Communication and Informatics Regulation No. 20 of 2016 regarding Personal Data in Electronic System (MOCI Regulation).
Physical records containing personal data are securely stored in locked areas and/or containers when not in use. Computer data are stored on computer systems and storage media to which access is strictly controlled and/or are located within restricted areas. Access to records and data without appropriate management authorization are strictly prohibited. Authorizations are granted only on a “need to know” basis that is commensurate with an individual’s Company responsibilities and their training. Records of the Company are under the control of assigned information officers who are responsible to ensure the transfer of or access to information is legitimate. Audit records may be produced to validate data modifications in order to verify the data’s integrity. There may be violations logging processes for investigation of any unauthorized attempt to access information. Encryption technology, such as SSL, may be employed for the transmission of data collected online.
Access and Correction of Personal Data
Individuals have the right to :- Check whether the Company holds any personal data relating to them and, if so, obtain copies of such data;
- Require the Company to correct any personal data relating to them which is inaccurate for the purpose for which it is being used.
- Request of personal data correction addressed to fred@neust.com
- NEUST provides links to web sites outside of the NEUST site. These linked sites are not under the control of NEUST , and NEUST is not responsible for the conduct of companies linked to the NEUST web site, nor for the performance or otherwise of any content and/or software contained in such external websites.
NEUST reserve the right to alter any of the clauses contained herein in compliance with local legislation, to meet its global policy requirements, and for any other purpose deemed necessary by the Company.
- Indonesian KITAS availalbe valid until 2023
Any form of notification, complain, request for information or communication to or about NEUST will be deemed accepted by NEUST if it has been made in writing and sent to NEUST ’s address by courier or registered mail at:
Frederik “Fred” Neust –Director of PT Ecosocial Impact Tech
Jl. Gatot Subroto No.Kav 74-75, RT.2/RW.1, Menteng Dalam, Kec. Tebet, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 12870, Indonesien
Fred@Neust.com
- All disputes relating to this Policy, will first resolved by deliberation to reach consensus by the Parties within 30 (thirty) calendar days. In the event that settlement of consensus cannot be reached within 30 (thirty) calendar days, the Parties decide to resolve the conflict that occurred through mediation.