CLUB GAMBIT PRIVACY POLICY

Privacy and Data Collection Policy

This policy (Policy) discloses BM Elite Pty Ltd ACN 677 245 573 T/A Club Gambit (us, our, or we) privacy and data collection practices which abide with the Privacy Act 1988 (Cth) (the Act) and the National Privacy Principles (NPPs). We are committed to managing your personal information in an open and transparent way. This Policy sets out how we collect, hold, use and disclose personal information.

  1. Definitions

    1. In this Policy, capitalised terms have the same definition as they do in our Service Terms and Conditions.

  2. Personal information and sensitive information

    1. “Personal Information” means information (or an opinion) about an identified individual, or an individual who is reasonably identifiable (whether true or not, and whether recorded in a material form or not). We do not knowingly collect the Personal Information of anyone under the age of 18 without the express consent of their parent or guardian. If you are the parent or guardian of a child and you believe they have provided us with Personal Information without your consent, then please contact us. The kinds of personal information we may collect and hold include but are not limited to:

      1. your name;

      2. gender;

      3. date of birth;

      4. email address;

      5. contact number;

      6. photographs or videos;

      7. professional or employment-related information;

      8. mailing address; and

      9. dating preferences.

    2. “Sensitive Information” is a special type of Personal Information that relates to health information, political beliefs, ethnicity, membership of a professional or trade association, gender, sexual preferences, philosophical beliefs, or criminal record. We will not collect Sensitive Information except with your express consent, and then only if collection of such information is necessary for a particular activity or function. You may provide us with sensitive information including but not limited to:

      1. geolocation data;

      2. biometric information;

      3. religious beliefs;

      4. ethnicity; and

      5. political views, which will only be used by us to provide the Services. You may choose to not specify in each of the above options in response to any questions requesting this information.

      which will only be used by us to provide the Services. You may choose to not specify in each of the above options in response to any questions requesting this information. If you do provide responses that are Sensitive Information, then you expressly consent to the collection, storage and use of such information.

    3. “Usage Information” means anonymous aggregate data that may be automatically collected through your use of the Services. This includes information that identifies your device, cookies, pixel tags, your operating system, your IP address, and dates and times that you access and use the Services. This information is used to resolve any technical issues that may arise, or for statistical analysis to help us to improve the Services.

    4. The GDPR recognises that Usage Information, whilst for the most part anonymous, can be cumulatively used to directly or indirectly identify you. Usage Information that can be used to identify you in any way, together with your Personal Information and Sensitive Information, will collectively be referred to in this Policy as “Personal Data”.

    5. We may deidentify your Personal Data so it cannot reasonably be used to infer information about you or otherwise be linked to you (Aggregate Data). To the extent we possess or process any Aggregate Data, we will maintain and use such information in deidentified form and not attempt to re-identify the information, except solely for the purpose of determining whether our deidentification process satisfies legal requirements. We may use such Aggregate Data for the same purposes of this Policy or share it with third parties.

  3. Information shared by you

    1. Any personal information that you share contained in the Content that you disclose to another member or display on your application, is at your own risk.

      1. It is not recommended to share the following information on your public application:

        1. contact number, email address and instant messaging details;

        2. full name and address;

        3. credit card information;

        4. driver's license information;

        5. and other sensitive information which can be misused and abused.

  4. Social Media Platforms

    1. As a requisite of signing up as a Member and condition of ongoing membership, you must link your account with your profile on Instagram and/or LinkedIn or other social media platform we accept from time to time, and you explicitly consent to the continued sharing of the information about you that we have specified collecting for our utilisation. We commit not to transmit any of your account particulars to the linked social media platform without prior notification to you. Each social media platform may afford privacy settings enabling you to manage your information within their platform, and we will conform to these permissions during data collection.

    2. In linking your social media account with your account with us, you give permission to the social media platform, to share with us your name and profile picture (if available). Unless you opt out, you give permission for the social media platform to share with us your email address (if one is associated with your social media account), date of birth, photos visible on your profile, gender and such other information which is available on your social media account.

  5. How is personal information collected?

    1. We collect personal information directly from you when we deal with you in person, by telephone, by mail or online. This may include collecting information:

      1. face to face, when you attend or take part in one of our events or activities;

      2. electronically, when you complete online forms on the Website or on our app;

      3. submit enquiries/forms online by email; and

      4. other correspondence, such as phone or mail.

    2. If we collect your Personal Data from third parties in circumstances where you may not be aware that we have collected such Personal Data, we will take reasonable steps to notify you of the collection and circumstances surrounding the collection. Circumstances where we collect Personal Data about you from sources other than you directly include where:

      1. you have expressly consented for a third party to share information with us (for example, in connection with your social media accounts at paragraph 4);

      2. where we are authorised by law to collect the information from a third party; or

      3. where it is unreasonable or impracticable to collect the information from you personally.

  6. Cookies and third party websites

    1. The Website uses software known as ‘cookies’ to collect information about your visit to the website, including the date and time of your visit, which pages you viewed and how you navigate through the site, and collects statistical information about visits to the website. This information is used both to help improve the functionality of our website and to remember your preferences when you return. This information does not identify you personally, though it forms part of Usage Data.

    2. For the convenience of visitors to the Website, there may be web pages that have plugins or link to external sites, including links to booking websites such as Open Table and Eventbrite and links to our trusted third party clubs, for reasons including but not limited to registering your attendance to events and obtaining access to special club membership discounts. This Policy does not cover the privacy practices of any third party site. We do not have access to, or control over, the technologies that third party sites may use to collect information about you. We disclaim all liability in connection with the services of any third party sites integrated or otherwise linked to our Services. If you have any concerns about the privacy practices of a third party site, we encourage you to reach out to them directly.

  7. Why do we collect your personal information?

    1. We collect personal information in order to achieve the following outcomes including but not limited to:

      1. provide and ensure the functionality of our Services;

      2. establish and oversee your accounts to ensure compliance with our Services;

      3. show the publicly viewable aspects of your application to other Members, such as recent login activity, images, videos, and other application content;

      4. deliver customer assistance, address issues, administer our Services, and attend to inquiries, concerns, and remarks;

      5. facilitate transactions;

      6. to identify your physical location and make it easier to interact with other Members, enabling your general location to be displayed to other Members and showing you the application of Members that are near you;

      7. to suggest or recommend other Members that you may wish to connect with and/or share similar interests to you, which you have expressly disclosed to us;

      8. in the case of Aggregate Data only, to share with certain third parties to show you marketing, advertising or promotional material that you may be interested in as direct marketing;

      9. to verify your identity and prevent the creation of fake accounts to ensure safety and security of other Members and to prevent deceiving other Members, fraud, malicious activities and other crime;

      10. to send you information about the promotions and offers we have available including invites to exclusive events, event passes and discounted membership fees to join our partner clubs, by electronic direct marketing or other modes of communication;

      11. sharing your personal data with trusted third parties including clubs that we partner with to fulfil functions such as signing you up as a Member to a club and sending your invites to club events, but only for the purposes of performing these functions and providing such services;

      12. correspond with you about our Services, including payment verification, refund and renewal processing, informing about other Members, transmit announcements and notifications;

      13. inform you about promotions, offerings, discounts, event notifications;

      14. conduct market and consumer research and analyse trends;

      15. undertake financial activities such as accounting, auditing, billing, reconciliation, and collection;

      16. protect our Members and third parties from actual or potential harm;

      17. prevent, identify, investigate, and respond to potential or actual claims, prohibited conduct, and criminal acts;

      18. adhere to the laws and regulations of Australia;

      19. fulfill other purposes for which we will provide disclosures at the point of data collection.

  8. Profile Verification

    1. For the safety and security of our Member community we may request your phone number, photos and social media account for verification purposes.

    2. The process of photo verification involves requiring you to take a selfie and scanning each photo you submit on your application. Facial recognition technology may be used to conduct this process.

    3. We will retain scans of photos for future verification and record-keeping purposes until the closure of your account. After the period of retention expires, we will take commercially reasonable measures to delete the scans from our system.

  9. Disclosure of personal information

    1. We may need to disclose your personal information to others in order to provide you with our Services, and to support our operations. These may include:

      1. third parties including partner clubs, sponsors or promoters (as advertised on our Services from time to time), business and marketing partners (including for the purposes of direct marketing or commercialisation of our Services);

      2. service providers who assist us in providing services or who perform functions on our behalf such as:

        1. third party CRM business;

        2. customer support representatives;

        3. technology support personnel;

        4. service fulfillment providers;

        5. form processing entities;

        6. website management and hosting services;

        7. IT and security specialists;

        8. email and newsletter distribution services;

        9. advertising partners and corporate sponsors;

        10. auditing firms;

        11. collection agencies; and

        12. credit card processing entities,

      3. to Members to disclose your profile information but excluding your contacting information, subject to your prior approval and express consent;

      4. to the appropriate authorities if we in our sole discretion, suspect or have reason to suspect that the personal information involves a party that may be an abuse victim;

      5. to the appropriate authorities if we determine such disclosure is necessary and appropriate to mitigate physical, financial, or other forms of harm, injury, or loss, including to safeguard against fraud or credit risks;

      6. to legal or governmental bodies to comply with applicable laws;

      7. to requisite third parties in association with, or during discussions for, an acquisition, merger, asset transfer, or analogous business transition involving all or a significant portion of our assets or operations, where personal data is transferred or exchanged as part of the business assets;

      8. our Related Bodies Corporate (as that term is defined in the Corporation Act 2001 (Cth));

      9. other people with your prior consent.

    2. Some of the organisations to which we may disclose your Personal Information are situated outside of Australia. In order to meet your requirements, we may need to transfer your Personal Information to these countries. We will take all reasonable steps to ensure that any organisation to whom we release your information will comply with this Policy.

  10. Where is personal information stored?

    1. Our information storage comprises electronic storage systems, paper-based documentation, and other record-keeping methods.

    2. While we cannot ensure absolute security of your Personal Information at all times, we implement security protocols and safeguards to mitigate risks of loss, misuse, and unauthorised alteration of collected and processed information.

    3. Personal information held as electronic data is securely stored on local Australian servers which are backed up. We may also use a third party CRM to assist with data hosting and will ensure that their practices align with this Policy.

    4. Access to your personal information is restricted to our staff, contractors and agents that have specific authorisation.

  11. Marketing communications and opting out

    1. When you provide your personal information to us, you automatically opt-in to receive direct marketing communications, such as event information, event invites, access to club membership discounts, and other opportunities related to our operations and activities. We do not use sensitive information for marketing purposes without your consent.

    2. You can choose to ‘opt-out’ of direct marketing communications at any time by contacting us using the details set out below.

  12. Third party advertising

    1. We reserve the right to engage third-party advertising agencies or other service providers to display advertisements on our website. Any data collected by these third parties through cookies and pixels remain anonymous.

  13. Notifiable data breaches

    1. We are committed to managing any data breach incidents; and in accordance with the requirements of the Notifiable Data Breaches scheme (as referred to in Part IIIC of the Act), notifying particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’.

    2. In compliance with the Act, we will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action.

  14. Retention and storage of personal information

    1. We will not retain your personal information for any longer than needed for authorised purposes and only as long as necessary to fulfil the purposes for which it was collected. We will then take all reasonable steps to delete, destroy or de-identify this personal information.

    2. This will apply unless we are required, under Australian law, to retain the personal information for a specific period of time.

  15. Accessing and updating personal information

    1. You may access your personal information collected and stored by us unless a legal exception applies.

    2. If you become aware of any inaccuracy in the Personal Information we hold about you, you may contact us to have this Personal Information updated. You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information and your failure to do so may inhibit our ability to provide the Services. You agree that you remain solely responsible for maintaining the truth, accuracy, and completeness of your information at all times, and we shall have no liability to you or any third party arising from your failure to do the same.

    3. In accordance with the GDPR, we acknowledge the right of EU subjects to:

      1. have their data erased that is no longer being used for a legitimate purpose;

      2. request a copy of all Personal Data held about you by us in a readable format, along with supplementary information to verify that such Personal Data is being processed lawfully; and

      3. request restricted processing of your Personal Data whilst any complaints or concerns are being resolved.

    4. To access or change the personal information we hold please contact us at the contact details outlined below.

  16. Changes to Policy

    1. We may revise this Policy from time to time. The most current version of the Policy governs how we use your information. If we make a change to the Policy which we consider to be material, we will notify you or post a notice on our Website.

    2. In some circumstances, the GDRP provides additional protection to individuals located in Europe. Where this is the case, there may be additional rights and remedies available to you under the GDPR if your Personal Data is handled in a manner inconsistent with that law.

  17. Contact details

    1. If you have any questions about this Policy you can contact us via email at info@clubgambit.com.

    2. If you are not satisfied with our handling of your Personal Data, or have any other concern over our Policy, then you may lodge a formal complaint with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au) or with the European Data Protection Supervisor (for more information, please see https://edps.europa.eu).

Current as at 08/09/2025