Privacy policy

PRIVACY POLICY

PERSONAL DATA PROTECTION ACT

Our business is bound by the Personal Data Protection Act 2010 (PDPA) and its related regulations in Malaysia. Our business is committed to protecting the privacy and security of your personal data in accordance with Malaysian law.

"We", "us" and "our" means The Lelli Group Sdn Bhd 202501051600 (1653008-K) and its affiliates.

WHAT IS PERSONAL DATA?

Personal data means any information in respect of commercial transactions that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject.

WHAT PERSONAL DATA DO WE COLLECT AND HOLD?

The information we gather from you helps us to continually improve your experience with us. We collect and hold personal data relating to you as may be provided or disclosed to us in the course of our business. Such personal data may include, but is not limited to, your name and contact information, NRIC/passport number, date of birth, preferred communication methods, bank details and/or credit card details, health information relevant to fitness activities, and your fitness objectives and interests.

Personal data is collected in the following ways:

  • By providing it to us directly
  • By authorising third parties to provide it to us
  • By other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on your behalf

We collect information about you and your interactions with us, for example, when you purchase or use any of our products or services, call us or otherwise visit our website. The information we collect from you may include your identity and contact details, your history of purchases and use of our products and services and details of enquiries or complaints you make.

We may collect information about how you access, use and interact with our website. This information may include:

  • The location from which you have come to the site and the pages you have visited
  • Technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system

COOKIES

We use cookies on our website. Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your web browser to enable our systems to recognise your browser and to automatically collect information from your computer such as your IP address and other details about your computer which are automatically collected by our web server.

We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website for any of your future visits to our website. We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the website. You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the website.

HOW IS PERSONAL DATA RECEIVED AND HELD?

Personal data may be received and held either as hard copy, paper, or soft copy being electronic data, in any available form. In either case, we take the security of personal data very seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents. We never ask for bank details or other sensitive information by email.

WHY DO WE COLLECT, HOLD AND USE YOUR PERSONAL DATA?

We collect, hold and use your personal data so that we can:

  • Provide you with products and services, and manage our relationship with you
  • Contact you, for example, to respond to your queries or complaints, or if we need to tell you something important
  • Comply with our legal obligations and assist government and law enforcement agencies or regulators
  • Identify and tell you about other products or services that we think may be of interest to you
  • Facilitate our internal and external administrative processes including financial and business operations and reporting requirements
  • Obtain, maintain and comply with the terms of our professional indemnity and other insurance policies
  • Comply with applicable laws

If you do not provide us with your personal data, we may not be able to provide you with our services, communicate with you or respond to your enquiries.

HOW DO WE STORE AND HOLD PERSONAL DATA?

We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely.

We implement and maintain processes and security measures to protect personal data which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.

These processes and systems include:

  • The use of identity and access management technologies to control access to systems on which information is processed and stored
  • Requiring all employees to comply with internal information security policies and keep information secure
  • Requiring all employees to complete training about information security
  • Monitoring and regularly reviewing our practice against our own policies and against industry best practice

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal requirements. Once no longer required, we will take reasonable steps to destroy or permanently de-identify personal data.

WHO DO WE DISCLOSE YOUR PERSONAL DATA TO, AND WHY?

We may transfer or disclose your personal data to our related companies.

We may disclose personal data to external service providers so that they may perform services for us or on our behalf.

We may also disclose your personal data to others outside our group of companies where:

  • We are required or authorised by law to do so
  • You may have expressly consented to the disclosure, or the consent may be reasonably inferred from the circumstances
  • We are otherwise permitted to disclose the information under the PDPA

If the ownership or control of all or part of our business changes, we may transfer your personal data to the new owner.

DO WE USE YOUR PERSONAL DATA FOR MARKETING?

We will use your personal data to offer you products and services we believe may be of interest to you, but we will not do so if you tell us not to. These products and services may be offered by us, our related companies or our service providers.

Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication or by contacting us at the details below.

DATA BREACHES

All staff are responsible for protecting the confidentiality of your information. Any data breaches, or suspected data breaches, must be referred to the customer services team as soon as possible.

HOW CAN PERSONAL DATA BE ACCESSED OR CORRECTED?

You have the right to request access to and correction of your personal data held by us. Although we will be able to provide you with most personal data we hold about you, in some circumstances it may not be possible for us to provide you with access to all of your personal data. Where this is the case, we will notify you and give you the reasons why (except to the extent it would be unreasonable for us to do so).

If you wish to seek access to, correction of or deletion of the personal data that we hold about you, please contact us using the details set out in this Privacy Policy.

WHAT IS THE COMPLAINTS PROCESS RELATING TO PERSONAL DATA?

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal data, you should contact us. Our contact details are set out below.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may lodge a complaint with the Department of Personal Data Protection (JPDP) Malaysia at www.pdp.gov.my.

CONTACT DETAILS

If you have any questions, comments, requests or concerns, please contact us at:

Email: [CONTACT EMAIL ADDRESS]

Address: ATLAS 24:7 Fitness Head Office [STREET ADDRESS] [CITY, STATE, POSTCODE] Malaysia

CHANGES TO THIS POLICY

From time to time, we may change our policy on how we handle personal data or the types of personal data which we hold. Any changes to our Policy will be published on our website.

You may obtain a copy of our current Privacy Policy from our website or by contacting us at the contact details above.

By visiting us and submitting any personal data (whether in any of our locations, via our website or otherwise), you are accepting and consenting to the practices described in this Privacy Policy.

Effective Date: 25/12/2025