Rebel Fitness Pte. Ltd. (“REBEL”), Fitness Asia Pte. Ltd., their subsidiaries and affiliates are committed to managing personal information in accordance with the Singapore Data Protection Act and in accordance with other applicable privacy laws.
This document sets out our policies for managing your personal information and is referred to as our Privacy Policy. In this Privacy Policy, "
we", "
us" and "
our" refers to REBEL and "
you" refers to any individual about whom we collect personal information.
ABOUT REBEL
REBEL is an online fitness and wellness application. REBEL offers a range of services, including online workouts, food, nutrition and wellness content.
WHAT INFORMATION DOES REBEL COLLECT ABOUT YOU?
Members and prospective members
When you enquire about our services or when or when you become a member of REBEL, a record is made which includes your personal information. The type of personal information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:
your age;
your fitness and nutrition statistics which you provide to us;
your login details and passwords which you use to access your account with us as well as your online interactions with us;
details of the products and services (such as membership options) you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
any additional information relating to you that you provide to us directly through our websites or by other means such as over the phone, via email or in person;
information you provide to us via voluntary members feedback or engagement surveys;
any additional personal information you provide to us, or authorize us to collect, as part of your interaction or membership with REBEL.
REBEL may connect to the Google APIs to help you track your health and wellness data such as your steps.
REBEL's use and transfer of information received from Google APIs to any other app will adhere to
Google API Services User Data Policy, including the Limited Use requirements
Location Information
We collect and process location information when you sign up for and use the Services. In order to use our core features (e.g., GPS activity tracking, routes, segment leaderboards, etc.), it is necessary for you to permit us to track your device location while you use the Services, as well as in the background if you start a run and you track this run in the background. If you would like to stop the device location tracking, you may do so at any time by adjusting your device settings.
Health Information
REBEL may collect or infer
health information. Certain health information may be inferred from sources such as heart rate or other measurements, including power, cadence, and weight or other indicators. Before you can upload health information to REBEL, you must give your explict the processing of that health information by REBEL. You can withdraw your consent to REBEL processing your health information at any time.
Prospective employees/applicants
We collect personal information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.
We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional information necessary to conduct background checks to determine your suitability for certain positions.
We may also collect relevant information from third party sources such as [LinkedIn] and other professional websites.
Other individuals
REBEL may collect personal information about other individuals who are not members of REEBEL. This includes customers and members of the public who participate in events we are involved with; individual service providers and contractors to REBEL; and other individuals who interact with REBEL on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with REBEL. Generally, it would include name, contact details, and information regarding our interactions and transactions with you.If you are participating in an event we are managing or delivering, we may take images or audio-visual recordings which identify you.You can always decline to give REBEL any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.
Your sensitive information
REBEL may collect and process your sensitive information or special category data, such as your health information, generally with your express consent and only as reasonably necessary in order for us to provide our services to you. We may also collect such information about you in an emergency or otherwise with your consent or in accordance with applicable laws.
Visitors to our websitesThe way in which we handle the personal information of visitors to our websites is discussed below.
What happens if you don’t provide your personal information?
You can always decline to give REBEL any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested or we may not be able to do business with you effectively. If you have any concerns about personal information we have requested, please let us know.
Payment Information
When you make a payment on REBEL, you may provide
payment information such as your payment card or other payment details. We use Payment Card Industry (PCI) compliant third-party payment services and we do not store your credit card information.
HOW AND WHY DOES REBEL COLLECT AND USE YOUR PERSONAL INFORMATION?
REBEL collects personal information reasonably necessary to carry out our business, to assess and manage our members' needs, and provide our services to you. We may also collect information to fulfill administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing member relationships.
The purposes for which REBEL usually collects and uses personal information depends on the nature of your interaction with us, but may include:
• to fulfill obligations under a membership agreement and/or any other contract you may have with us;
• to provide information about products, services and/or special offers to members;
• to obtain opinions or comments about products and/or services from members;
• to record statistical data for marketing analysis from members;
• responding to requests for information and other general inquiries;
• managing, planning, advertising and administering programs, events, competitions and performances;
• researching, developing and expanding our facilities and services;
• informing you of our activities, events, facilities and services;
• recruitment processes; and
• responding to enquires and complaints.
Record your activities and analyze your performance. For example, to compare your past efforts, and rank them in leaderboards. We may also match your GPS activities to specific segments or routes to analyze your efforts against those of other users and to establish leaderboards.
Interact with other users. For example, to compete on leaderboards, participate in challenges, or events, and use features that help users interact with one another.
Manage your training. For example, to set goals and use your training dashboard.
Share insights with your Organization community. Subject to your privacy controls,
your information, including parts of your profile, username, profile photo, organization, team, your activities, the devices you use, may be shared on REBEL so that you may be able to participate in the Services, for example to show your place on a leaderboard.
In addition, some of your personal information may be used for other business purposes.
Examples of the types of uses are set out below:
• for our reasonable commercial purposes (including quality control and administration and assisting us to develop new and improved products and services);
• to follow up with you after you request information to see if we can provide any further assistance (for example if you enquire about a membership package);
• to comply with any requirement of any applicable statute, regulation, rule and/or good practice, whether originating from Singapore or elsewhere;
• to fulfill our obligations under any reporting agreement entered into with any tax authority or revenue service(s) from time to time; to check your instructions to us, to analyze, assess and improve our services to members, as well as for training and quality purposes, we may monitor, record and analyze any communications between you and us, including phone calls;
• to prevent or detect abuse of our services or any of our rights (and attempts to do so), and to enforce or apply our Privacy Policy and/or any other agreement (such as your membership agreement with us) and to protect our (or others') property or rights;
• to share information with relevant third parties in the context of a sale or potential sale of a relevant part of our business, subject always to confidentiality obligations;
• if instructed to do so by you or where you give us your consent to the use and/or processing involved;
• to bring to your attention (in person or by post, email or telephone) information about additional services offered by us and/or our [global affiliates], which may be of interest to you, unless you indicate at any time that you do not wish us to do so; and
• to improve the relevance of marketing messages we may send you (which you can opt out of as explained below).
REBEL generally collects personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person. We may also collect personal information about you from other sources, for example:our affiliated and related companies; third party suppliers and contractors who assist us to operate our business. REBEL also collects and uses personal information for market research purposes and to innovate our delivery of products and services.We have a legitimate interest in using your information in the ways listed above. In some cases, it will be lawful for us to collect and use your personal information, for example where it is necessary as part of our, or a third party’s, statutory or public functions or because the law permits or requires us to.
HOW DOES REBEL INTERACT WITH YOU VIA THE INTERNET?
You may visit our website without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry / logging into our online membership portal), any personal information you provide to REBEL will be managed in accordance with this Privacy Policy.REBEL's websites may contain links to third-party websites. REBEL is not responsible for the content or privacy practices of websites that are linked to our website.
REBEL’s cookies policy
What is a cookie?
REBEL's websites use cookies. A 'cookie' is a small file stored on your computer's browser, which assists in managing customized settings of the website and delivering content. We collect certain information such as your device type, browser type, IP address, pages you have accessed on our websites and on third-party websites.While the cookie may identify your computer, it should not identify you unless you are registered with our website (for example, because you are a member and subscribe to our website) or logged in using your social media profile. In that case, the cookie will be linked to your profile so that we can identify you and provide more relevant content.
Why we use cookies
We use cookies to personalize your browsing experience (for example, by remembering your preferences and recognizing you as a repeat visitor to our website), and to track statistics about the usage of our website. This allows us to better understand our members and improve the layout and functionality of our websites.
The types of cookies we use
Specifically, we use the following cookies:
Strictly necessary cookies: are required for the operation of our website, such as cookies that enable you to log into secure areas of our website (for example, our membership portal).
Analytical/performance cookies: allow us to count the number of users and see how users move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Targeting cookies: these cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information, subject to your choices and preferences, to make our website and any advertising displayed on it more relevant to your interests.
Third party/sharing cookies: are cookies that are set by a domain other than the one being visited by you. If you visit our website and a separate company sets a cookie through that website this is a third party cookie. To try to bring you offers and advertisements that are of interest to you, we have relationships with third party companies including [Google, Adobe Analytics, Facebook, LinkedIn] (Third Party Providers) that allow them to place cookies on our websites.These Third Party Providers may:
use Third Party Cookies, web beacons, and other storage technologies to collect or receive information from our Websites and elsewhere on the internet;
compare de-identified information from us with information collected elsewhere on the internet; and use that information to provide measurement services and target ads to you.
How long cookies will be stored on your device
Session cookies are temporary. They allow website operators to link the actions of a user during a browser session, the time period between a user opening a browser window and closing it. Once closed, the cookies are deleted. Persistent cookies remain on a user’s device for the period of time specified in the cookie.
How you can manage your cookies
If you do not wish to receive any cookies (other than those which are strictly necessary) you may set your browser (such as Firefox, Google Chrome, Internet Explorer or Safari) to either prompt or refuse cookies. Please note that rejecting cookies may mean that not all the functions on our Websites you visit will be available to you. If you do not wish to receive any cookies (other than those that are strictly necessary) you can use the settings in your browser to control how your browser deals with cookies (e.g. to either prompt or refuse cookies). However, in doing so, you may be unable to access certain pages or content on our website.
How Information is Shared
We do not sell your personal information for monetary value. We may share personal information in accordance with your preferences, as needed to run our business and provide the Services, and where required for legal purposes, as set forth below. In addition, we may sell or share aggregated data about our users, as described in more detail in the “Aggregate Information” section below.
Service Providers We may share your information with third parties who provide services to REBEL such as supporting, improving, promoting and securing the Services, processing payments, or fulfilling orders. These service providers only have access to the information necessary to perform these limited functions on our behalf and are required to protect and secure your information. We may also engage service providers to collect information about your use of the Services over time on our behalf, to promote REBEL or display information that may be relevant to your interests on the Services or other websites or services.
Third Party Business via API or Other IntegrationsWe enable you to share your information and content with third party apps, plugins, or websites that integrate with the Services, as well as with third parties who work with REBEL to offer an integrated feature, such as a challenge sponsor, media streaming, or tracking device. You can choose to share your profile data and activity data (including private activities) with these third parties. Information collected by these third parties is subject to their terms and policies. REBEL is not responsible for the terms or policies of third parties.
Aggregate Information
REBEL may deidentify and aggregate the information you and others make available in connection with the Services and post it publicly or share it with third parties. Examples include information about usage, demographics, routes, performance, and challenge participation and completion. REBEL may
use, sell, license, and share this
aggregated information with third parties for research, business or other purposes or to help our partners organisations understand more about users, including the people who use their products and services.
How We Protect Information
REBEL implements technical, physical, and organizational measures and controls to safeguard and protect the transmission and storage of the data we collect. We employ careful protections for your information that are appropriate to its sensitivity. Please be aware that despite our efforts, we cannot guarantee absolute security of your account or information. In addition, you can take steps to protect your account and information such as creating a unique password for REBEL that is not easily guessed and that you don't use anywhere else, not sharing your password with others, and promptly reporting suspicious activity or unauthorized account access.
CAN YOU DEAL WITH US ANONYMOUSLY?
REBEL will provide you with the opportunity of remaining anonymous or using a pseudonym in your dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for REBEL to deal with you anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilize our services or participate in our events, programs or activities we manage or deliver.
HOW DO WE HOLD INFORMATION?
REBEL stores information in paper-based files or other electronic record keeping methods in secure databases (including trusted third-party storage providers based in Singapore and the United States). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorized access, modification or disclosure.REBEL maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security; for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to our computer systems.Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
HOW LONG WILL YOUR PERSONAL INFORMATION BE KEPT BY REBEL
We will only keep the personal information we collect about you for as long as is necessary for the purposes set out in this Privacy Policy or as required to comply with any legal obligations to which we are subject. The retention periods we apply take account of:
legal and regulatory requirements and guidance;
limitation periods that apply in respect of taking legal action;
our ability to defend ourselves against legal claims and complaints;
good practice; and
the operational requirements of our business.We take steps to destroy or de-identify information that we no longer require or as required by an applicable law.
DOES REBEL USE OR DISCLOSE YOUR PERSONAL INFORMATION FOR DIRECT MARKETING?
REBEL may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you or as otherwise permitted under applicable privacy laws.This means under certain privacy laws we do not always need your consent to send you marketing communications such as our member newsletter. However, where consent is required under applicable privacy laws, we will ask for this consent separately and clearly. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below or using the opt-out functionality contained in the electronic message.If you opt-out of receiving marketing material from us, REBEL may still contact you in relation to its ongoing relationship with you.We will not use or share your Apple Health Data with advertising platforms, data brokers or information resellers
HOW DOES REBEL USE AND DISCLOSE PERSONAL INFORMATION?
For members
The purposes for which we may use and disclose your personal information will depend on the services we are providing you. For example, if you have engaged us to deliver a service, we may disclose information about you to service providers (including a personal trainer who is a contractor) where this is relevant to our services. We may use Apple HealthKit Data for customer relationship management purposes as well as to improve our services including providing tailored services, i.e. using your data to provide you with information we believe will be of interest to you (excluding marketing communications) prior to, during, and after your interactions with us.
For customers and participants
If you are a customer or participant in an event, we may disclose your personal information to venues where this is reasonably necessary for, and relevant to, the delivery of the event. We may use images or audio-visual recordings which identify you for promotional purposes where you would reasonably expect this to occur.
Disclosure to contractors and other service providers
REBEL may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mail-outs, and market research. Personal information may also be shared between related and affiliated companies of REBEL, located in Singapore and overseas. Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.
Use and disclosure for administration and management
REBEL will also use and disclose personal information for a range of administrative, management and operational purposes. This includes: administering billing and payments and debt recovery; planning, managing, monitoring and evaluating our services; quality improvement activities; statistical analysis and reporting; training staff, contractors and other workers; risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives); responding to enquiries and complaints regarding our services; obtaining advice from consultants and other professional advisers; and responding to subpoenas and other legal orders and obligations.
Other uses and disclosures
We may use and disclose your personal information for other purposes explained at the time of collection (such as in a specific privacy collection statement or notice) or otherwise as set out in this Privacy Policy.
DOES REBEL DISCLOSE YOUR PERSONAL INFORMATION OVERSEAS?
REBEL is a global organization and works with members, service providers, sponsors and commercial interests across the globe. It is likely that your personal information will be disclosed to overseas recipients including service providers who may handle, process or store your personal information on our behalf.We generally collect personal information about you in Singapore or the jurisdiction in which the REBEL affiliate you are dealing with is located.It is likely that your personal information will be transferred outside of the jurisdiction it was collected. We only ever disclose your personal information outside the jurisdiction it was collected where we are permitted to do so under applicable privacy laws. Generally, this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable privacy laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area. The EU standard contractual clauses are available
here.There are circumstances where we may disclose your personal information to an overseas recipient. For example, you have provided your consent or we are otherwise permitted to do so under the Singapore Data Protection Act or other relevant laws.
RESIDENTS IN THE EUROPEAN ECONOMIC AREA
We have described the purposes for which we may use your personal information. If the GDPR applies to you, we are permitted to process your personal information in this way, in compliance with the GDPR, by relying on one or more of the following lawful grounds:
you have explicitly agreed to us processing your information for a specific reason;
the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
the processing is necessary for compliance with a legal obligation we have; or
the processing is necessary for the purposes of a legitimate interest pursued by us, which might be:
to prevent fraud;
to protect our business interests;
to ensure that complaints are investigated;
to evaluate, develop or improve our products; or
to keep our clients informed about relevant products and services, unless you have indicated at any time that you do not wish us to do so.
If the GDPR applies to you, you have the following additional and specific rights in relation to your personal information (where applicable):
Access: you have the right to request a copy of any personal information we hold about you. Any request for access to or a copy of your personal information must be in writing and we will endeavor to respond within a reasonable period and in any event within one month (in compliance with the GDPR).
Rectification: you have the right to the rectification of your personal data, if you consider that it is inaccurate.
Deletion: you have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.
Restriction: you have the right to erasure of your personal information, if you consider that we do not have the right to hold it.
Portability: you have the right to ask us to transfer a copy of your personal information to you or to another service provider or third party where technically feasible.
Objection: you have the right to object to your personal information being processed for a particular purpose or to request that we stop using your information.
Complaint: If you are unhappy with our treatment of your personal information, and you have contacted us as set out below, you have the right to lodge a complaint with the local data protection authority.
If you have consented to our processing of your personal information, you have the right to withdraw, at any time, any consent that you have previously given to us for use of your personal information. In certain circumstances, even if you withdraw your consent, we may still be able to process your personal information if required or permitted by law or for the purpose of exercising or defending our legal rights or meeting our legal and regulatory obligations. To make a request to exercise any of these rights (where applicable) in relation to your personal information, please contact us using the contact details below.
HOW CAN YOU ACCESS OR SEEK CORRECTION OF YOUR PERSONAL INFORMATION?
You are entitled to access your personal information held by REBEL on request. To request access to your personal information please contact our Privacy Officer using the contact details set out below. We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change. However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information. We may decline your request to access or correct your personal information in certain circumstances in accordance with the Singapore Data Protection Act. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
WHAT SHOULD YOU DO IF YOU HAVE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL INFORMATION?
You may contact REBEL at any time if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.You may make a complaint about privacy to the Privacy Officer at the contact details set out below.The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps, which can be taken to resolve the complaint. We will generally respond to your complaint within a week.If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavor to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
HOW CHANGES ARE MADE TO THIS PRIVACY POLICY?
REBEL may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes. We also try to let you know about major changes to our Privacy Policy (for example by putting a notice up on our website).
HOW CAN YOU CONTACT REBEL?
The contact details for REBEL are:
E: hello@rebelwithus.com