Penguin Fitness Data Protection Policy

Effective Date: 27 September 2025

Penguin Fitness Pte. Ltd. (“Penguin Fitness”, “we”, “our”, or “us”) is fully committed to protecting the privacy and personal data of our clients, trainers, employees, and website visitors. This Data Protection Policy outlines the measures we take to ensure that all personal data collected, used, and stored by Penguin Fitness is managed with the highest level of care, in compliance with the Personal Data Protection Act (PDPA) of Singapore and applicable international standards.

1. Purpose

The purpose of this policy is to clearly articulate how Penguin Fitness collects, uses, discloses, and protects personal data, and to demonstrate our unwavering commitment to data privacy and security.

2. Scope

This policy applies to all personal data handled by Penguin Fitness, including data from clients, potential clients, employees, contractors, vendors, website visitors, and all third parties who interact with our services.

3. Collection of Personal

DataWe collect personal data only when necessary and with consent. This includes, but is not limited to:
– Contact details (name, email, phone number, address)
– Health and fitness information relevant to training programmes
– Payment and billing details
– Website usage data and cookies for improving user experience.

4. Use of Personal Data

Personal data is used solely for legitimate business purposes, such as:
– Providing and improving our personal training services
– Processing payments and managing accounts
– Communicating updates, schedules, and marketing (only with consent)
– Ensuring the safety and customisation of training programmes.

5. Protection of Personal Data

Penguin Fitness employs strict safeguards to protect personal data, including:
– End-to-end encryption for data storage and transfer
– Secure servers with regular penetration testing and monitoring
– Role-based access control and multi-factor authentication
– Staff training on data privacy and cybersecurity best practices.

6. Data Retention

Personal data is retained only as long as necessary to fulfil the purposes outlined in this policy or as required by law. Data no longer required is securely deleted or anonymised.

7. Third-Party Disclosure

We do not sell or trade personal data. Data may be shared only with trusted third-party service providers who assist in operations, and only under strict confidentiality agreements ensuring equal levels of data protection.

8. Rights of Individuals

Individuals have the right to access, correct, or request deletion of their personal data. Requests can be made by contacting our Data Protection Officer (DPO) at privacy@penguinfitness.sg.

9. Data Breach Response

In the event of a data breach, Penguin Fitness will:
– Promptly investigate and contain the breach
– Notify affected individuals and relevant authorities within 72 hours
– Take remedial action to prevent future breaches.

10. Policy Updates

This policy will be reviewed annually and updated when necessary to reflect changes in laws, regulations, or business practices.
By interacting with Penguin Fitness, you consent to the terms of this Data Protection Policy. Your trust is our highest priority, and we are committed to protecting your personal data with the utmost diligence.