Privacy policy

Thanks for being a KIC member! We love having you as part of our empowering community and your privacy is important to us.

In this Privacy Policy, ‘us’, ‘we’, ‘our’ or ‘KIC’ means KIC Wellness Pty Ltd (ACN 654 770 279) and any of our group companies.

This Privacy Policy sets out our commitment to protecting the privacy of your Personal Information provided to us, or otherwise collected, used, stored, handled or disclosed by us when providing our online platforms, website, app, studio classes, products and other services we make available from time to time (together, the “Services”) or when otherwise interacting with you in accordance with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

We may also choose or be required by law to provide different or additional disclosures relating to the processing of Personal Information about residents of certain countries, regions, or states. Please refer to our Region-Specific Disclosures below for additional disclosures that may be applicable to you.

By using our Services, or in providing any Personal Information to us, you consent to our collection, use, storage, handling and disclosure of your Personal Information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

Personal Information” includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.

Data protection laws sometimes differentiate between “controllers” and “processors” of Personal Information. A “controller” determines the purposes and means (the why and how) of processing Personal Information. A “processor” processes Personal Information on behalf of a controller subject to the controller’s instructions. In some jurisdictions, the term “service provider” is used instead of “processor”.

This Privacy Policy describes our privacy practices where we are acting as the controller of personal information.

If you access our Services or otherwise interact with us from the European Economic Area (“EEA”), United Kingdom (“UK”), please see Schedule 1 (Additional EEA and UK Privacy Disclosures) for more information.

1 What Personal Information do we collect?

1.1 Personal Information

We only collect Personal Information reasonably necessary to provide you with our Services, or for its functions or activities. By using our Services, you consent to our collection and use of any health or other Sensitive Information you choose to provide for the purpose of providing the Services to you.

The type of Personal Information we collect depends on how you interact with the Services. We may collect the following types of Personal Information:

  1. (a)  your name;

  2. (b)  your email address;

  3. (c)  your address, including shipping address;

  4. (d)  your age and date of birth;

  5. (e)  photos of you and any other content you or third parties on your behalf upload when using our Services;

  6. (f)  your gender;

  7. (g)  payment and transaction data including details about payments from you and other details of the Services you have purchased from us or that you have enquired about (however, we do not directly collect and hold credit card and bank details, but these may be collected on our behalf via our third-party payment service providers);

  8. (h)  emergency contact information for studio class participation;

  9. (i)  any additional information relating to you that you provide to us directly or indirectly through our Services or when making an enquiry with us, or through other websites or accounts from which you permit us to collect information;

  10. (j)  your device ID, device type, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;

  11. (k)  analytics data, such as data from third-party analytics tools to help us understand user interactions;

  12. (l)  any information that relates to studio class bookings and attendance records;

  13. (m)  any other information provided voluntarily by you as part of your membership or subscription;

  14. (n)  information you provide to us through loyalty programme activities, consumer surveys, competitions and promotions;

  15. (o)  your marketing and product preferences such as whether you’d like to receive communications from us and product and style interests; or

  16. (p)  any other Personal Information that may be required in order to facilitate your dealings with us.

In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.

1.2 Location Data

Our app, with your explicit consent, may access and use your location data while the app is in use or is continuing to operate in the background on your device. We may also collect location data when you visit our studio premises for safety, security, and operational purposes.

1.3 Studio-Specific Data Collection

When you access our studio facilities or participate in studio classes, we may collect additional information including:

  1. (a)  biometric data for secure facility access (where implemented);

  2. (b)  health screening information and temperature checks;

  3. (c)  fitness assessments, medical clearances, and physical limitations relevant to studio class participation;

  4. (d)  studio facility usage data including class attendance, facility access times, and equipment usage patterns;

  5. (e)  safety incident reports;

  6. (f)  performance metrics during classes (with your consent);

  7. (g)  images and recordings captured by studio CCTV systems for security and safety purposes;

  8. (h)  your image, voice, and likeness captured during studio classes that may be filmed or photographed for commercial purposes;

  9. (i)  feedback and incident reports related to studio experiences.

1.4 Sensitive Information

Under the Privacy Act and other applicable law, “Sensitive Information” includes but is not limited to information or an opinion about an individual’s race or ethnic origin, religious belief, or criminal record and also includes health, genetic or biometric information about an individual.

In certain circumstances, when you use our Services, we may collect Sensitive Information such as information about your physical, mental or psychological health. We will only use Sensitive Information for the primary purpose it was collected, with your consent or where required or authorised by law.

1.5 AI-Specific Data Collection

We may make available artificial intelligence-enabled, machine learning-enabled or automated assistance features through the Services from time to time, including features that generate, suggest, reframe, summarise, personalise, organise or otherwise assist with content or user interactions (“AI Feature(s)”). This may include features and other AI-enabled tools made available through the Services from time to time.

If you use an AI Feature made available through the Services, we may collect and handle information you choose to submit to that feature, such as goals, action plans, reflections and related free-text inputs.

AI Features may be supported by third-party service providers that provide cloud hosting, infrastructure, storage, monitoring, security and model access services. We do not use data or inputs submitted through AI Features to train our own AI models, and we configure and use AI Features on the basis that customer inputs and outputs are not used by third-party providers to train underlying models.

Information submitted to AI Features, and information generated by AI Features for display to you, may constitute Personal Information and, depending on what you choose to enter, may include Sensitive Information, including information relating to your health, mental health, wellbeing, emotional state, treatment history, symptoms or other personal circumstances.

We recommend that you do not include information that is not reasonably necessary for your use of the feature, and that you avoid including highly sensitive Personal Information unless you are comfortable with that information being processed in accordance with this Privacy Policy. Where a particular AI Feature involves materially different handling practices, we may provide additional information or notices within the Services or at or before the time the information is collected.

1.6 Children

We are committed to protecting the privacy of children. Our Services are intended for individuals aged 18 years or over, although limited use by certain younger users (aged 16 years or over) may be permitted where expressly allowed under our Terms of Service. We do not intentionally collect Personal Information about users under the age of 16.

If we become aware that we have collected Personal Information from a user under the age of 16 in circumstances not permitted by this Privacy Policy or applicable law, we will take reasonable steps to delete that information.

If you become aware that information from a child under the age of 16 has been disclosed to us without consent of a parent or legal guardian, please contact us at hello@kicwellness.com so that we can delete that information.

2 Automatic Data Collection

2.1 Certain information is collected automatically when you access the Services. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

2.2 Cookies

Like many websites, we use cookies to personalise and streamline your browsing experience with us. This is because we want to provide you with the best and easiest experience possible when you’re using our site.

Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include Personal Information. For example, where a cookie is linked to your account, it will be considered Personal Information under the Privacy Act. We will handle any Personal Information collected by cookies in the same way that we handle all other Personal Information as described in this Privacy Policy.

The types of cookies we use include:

  1. (a)  Performance cookies: We require certain types of cookies in order for our Website to operate, for example cookies that allow you to log into secure areas of our website that require a membership;

  2. (b)  Analytical cookies: We like to know how many lovely members are on our site at any time, as well as where they are visiting from and which pages they visit. This allows us to create content that best suits your needs.

  3. (c)  Targeting cookies: These cookies allow us to see your user journey, so we can make this simple and easy for you. This allows us to customise your experience and our marketing activities, so they are relevant for you.

  4. (d)  Third party cookies: This refers to third party cookies from companies such as Facebook and Google, which allow us to bring you offers and content that might be of interest to you through those sites.

You can find out more information about Cookies on these third party websites:

  1. (a)  https://www.oaic.gov.au/privacy/your-privacy-rights/advertising-and-marketing/targeted-advertising; and

  2. (b)  https://youronlinechoices.com

2.3 Managing Automatic Data Collection Preferences

Where a specific preference or privacy setting is not available, you may be able to utilize third-party tools and features to further restrict our use of automatic data collection technologies. For example:

  1. (a)  some browsers may allow you to change browser settings to limit automatic data collection technologies on websites;

  2. (b)  some email providers allow you to prevent the automatic downloading of images in emails that may contain automatic data collection technologies; and

  3. (c)  many devices allow you to change your device settings to limit automatic data collection technologies for device applications.

Please note that blocking automatic data collection technologies through third-party tools and features may negatively impact your experience using our Services, as some features and offerings may not work properly or at all. Depending on the third-party tool or feature you use, you may not be able to block all automatic data collection technologies, or you may need to update your preferences on multiple devices or browsers. We do not have any control over these third-party tools and features and are not responsible if they do not function as intended.

3 How do we collect, hold, use and disclose Personal Information?

3.1 We collect Personal Information directly from you when you:

  1. (a)  access or use our Services;

  2. (b)  communicate with us;

  3. (c)  subscribe to updates or marketing communications;

  4. (d)  provide any additional information to us directly through our studio, website, app, AI Feature, or indirectly through your use of our website, app, or online presence through other websites or accounts from which you permit us to collect information;

  5. (e)  complete customer surveys;

  6. (f)  otherwise interact with us in relation to the Services; or

  7. (g)  apply for a role with us.

We may, from time to time, work with trusted third parties who also hold other information about you and we may collect your data (including Personal Information and Sensitive Information) from that third party for the purposes below. We take steps to ensure that any data we collect from third parties including HealthKit and WatchKit is shared with us with your permission.

3.2 We may collect, hold, use and disclose your Personal Information for the following purposes:

  1. (a)  to enable you to access and use our Services;

  2. (b)  to operate, protect, improve and optimise our Services, business and our users’ experience, such as to perform analytics, conduct research, develop new features and for advertising and marketing;

  3. (c)  to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;

  4. (d)  to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;

  5. (e)  to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;

  6. (f)  to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and

  7. (g)  to consider your employment application.

We may also disclose your Personal Information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

If you are in the UK or EEA, please refer to Schedule 1 (Additional EEA and UK Privacy Disclosures) for further information regarding the lawful basis we rely on and process your Personal Information.

3.3 What happens if we are unable to collect your Personal Information?

If we are unable to collect your Personal Information, we may not be able to fulfil our obligations to you including providing the Services. We may not be able to provide you with goods and services, or answer enquiries about your membership or the goods and services we provide. Your experience when interacting with us may be delayed or not as efficient as we would like. We also will be unable to keep you informed of the latest updates, promotions, rewards, competitions and marketing messages.

We will provide you with the opportunity of remaining anonymous or using a pseudonym in your dealings with us where it is lawful and practicable. Generally, it is not practicable or lawful for us to deal with individuals anonymously or pseudonymously.

4 Do we use your Personal Information for direct marketing?

4.1 We and/or our carefully selected business partners may send you direct marketing communications and information about our Services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us at hello@kicwellness.com or by using the opt-out facilities provided (e.g. an unsubscribe link).

4.2 If you are in the UK or EEA, we will only use your Personal Information for direct marketing where we have your consent to do so and we do not sell Personal Information. Please refer to the Schedule 1 (Additional EEA and UK Privacy Disclosures) for further information about our use of your Personal Information for direct marketing and how to withdraw consent.

5 Who we may disclose your Personal Information to

5.1 We will not sell Personal Information we collect about you to any third parties. However, we work with other companies that help us provide our systems and Services to our customers and we may provide Personal Information to these companies for the purpose of providing the Services to you and to facilitate our interests. Those service providers will only be provided with access to your Personal Information as is reasonably necessary for the purpose that we have engaged the service provider, and we will require such third parties comply with our standards and all applicable laws.

5.2 We may disclose Personal Information for the purposes described in this Privacy Policy to:

  1. (a)  our employees, contractors or service providers and related entities;

  2. (b)  third party suppliers and service providers (including providers for the operation of our application, websites and/or our business) or in connection with providing our Services to you;

  3. (c)  marketing or advertising providers;

  4. (d)  IT service providers, data storage, web-hosting and server providers;

  5. (e)  third party service providers that support AI Features made available through the Services and the related infrastructure, including cloud hosting, storage, monitoring, security and model access providers;

  6. (f)  professional advisors, dealers, agents, auditors, business partners, sponsors, business brokers, our insurers and insurance brokers;

  7. (g)  payment systems operators (e.g. merchants receiving card payments);

  8. (h)  our existing or potential agents, business partners or partners;

  9. (i)  our sponsors or promoters of any competition that we conduct via our Services;

  10. (j)  specific third parties authorised by you to receive information held by us; and

  11. (k)  courts, tribunals, governmental agencies, regulatory authorities and law enforcement agencies, or as required, authorised or permitted by law.

6 Do we disclose your information overseas?

6.1 KIC is based in Australia. As we operate on a global scale, we may store and process Personal Information in cloud services or data centres located outside the country in which you are located, including but not limited to Australia, New Zealand, EU, the United States or in any country where we or our service providers operate.

6.2 Examples of when your Personal Information may be shared overseas include:

  1. (a)  for storage purposes. Our main data storage systems are based in Sydney, Australia; however, we also store data in servers based in the United States of America and throughout Europe;

  2. (b)  in order for our third-party service providers who assist us with our business to undertake required work. For example, such personnel or providers may be engaged in, among other things, the provision of software services or systems, the fulfilment of your order, the processing of your payment details and the provision of support services;

  3. (c)  where you use AI Features, we may disclose information you submit to those features, and information generated in response, to third party service providers supporting those features and related infrastructure, for the purpose of providing the features to you and maintaining, securing and improving them in accordance with this Privacy Policy; or

  4. (d)  to collaborate with overseas partners from time to time.

6.3 Additionally, we may disclose Personal Information overseas when required by legal or regulatory obligations, such as responding to a lawful request from a foreign law enforcement body.

6.4 We take reasonable steps to ensure that any international transfer of Personal Information is carefully managed to protect your privacy rights and interests. This includes implementing measures such as encryption, pseudonymisation, and contractual safeguards to ensure your data is handled securely and in compliance with applicable privacy laws.

6.5 We only ever disclose your Personal Information outside the jurisdiction where it was collected where we are permitted to do so under applicable laws. This means we have taken necessary steps to keep your information safe, and to protect it against misuse, interference, or loss, and from unauthorised access, modification, or disclosure.

6.6 If you are in the UK or EEA, please refer to Schedule 1 (Additional EEA and UK Privacy Disclosures) for further information regarding international transfers of your Personal Information and the transfer mechanisms we rely on.

7 Data Retention

7.1 We will only retain your Personal Information for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

7.2 Where you use AI Features, we may store information you submit to those features, information generated by those features, and related technical metadata, where reasonably necessary to provide the features, maintain security, investigate incidents, and maintain the performance and reliability of AI Features. The way in which such information is stored may depend on how the relevant feature is configured and the third party services used to support it.

7.3 To determine the appropriate duration of the retention of Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of Personal Information and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations.

7.4 Once retention of the Personal Information is no longer reasonably necessary for the purposes outlined above, we will either delete or deidentify the Personal Information or, if that is not possible (for example, because Personal Information has been stored in backup archives), we will securely store the Personal Information and isolate it from further active processing until deletion or deidentification is possible.

8 Region-Specific Disclosures

8.1 We may choose or be required by law to provide different or additional disclosures relating to the processing of Personal Information about residents of certain countries, regions or states. Please refer below for disclosures that may be applicable to you:

  • EEA or UK: If you are located in the EEA (Member States of the European Union together with Iceland, Norway, and Liechtenstein) or the UK, please click here for additional European-specific privacy disclosures, including a description of the Personal Information rights made available to individuals located in those jurisdictions under applicable law.

9 Security

9.1 We may hold your Personal Information in either electronic or hard copy form. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information.

For example, depending on the relevant system and use case, we may use measures such as:

  1. (a)  encryption of data in transit and, where appropriate, at rest using industry-standard protocols (such as HTTPS/TLS);
  2. (b)  secure cloud-hosted infrastructure (including infrastructure hosted by AWS);
  3. (c)  multi-factor authentication for accounts that access sensitive data or systems;
  4. (d)  single sign-on and session timeout controls where appropriate;
  5. (e)  audit logging, access monitoring and periodic access reviews;
  6. (f)  vulnerability scanning, dependency monitoring, patch management and independent security testing;
  7. (g)  backups that are stored separately from primary systems and tested for recoverability;
  8. (h)  hard copy data is stored in a location which is locked and to which access is restricted to authorised-only personnel, which can only access the information for a legitimate purpose; and
  9. (i)  staff training, onboarding and offboarding controls relating to privacy and security.

9.2 While we take reasonable steps to safeguard Personal Information, no method of electronic transmission or storage is completely secure. Accordingly, we cannot guarantee the absolute security of your Personal Information.

10 Links

10.1 Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

11 Your access to your Personal Information

11.1 You can access the Personal Information we hold about you at any time. Please email hello@kicwellness.com to make this request. Please note that it may take us a few days to respond to your request. Sometimes, we may not be able to provide you with access to all of your Personal Information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your Personal Information.

11.2 We take reasonable steps to ensure that the Personal Information we collect, use and disclose is accurate, complete and up-to-date. However, because the accuracy of the information we store is dependent on the information you provide, we encourage you to regularly review and update your Personal Information. If you think that any Personal Information we hold about you is inaccurate, or requires updating:

  1. (a)  where possible, update your Personal Information via the app; or

  2. (b)  email hello@kicwellness.com to make a request for your Personal Information to be updated.

11.3 If you would like to request deletion of your Personal Information from our records, please contact us at hello@kicwellness.com.

12 Privacy Complaints

12.1 If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your Personal Information, you can contact us at privacy@kicwellness.com so we can investigate and respond to you. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.

12.2 If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, you can contact the relevant regulatory authority, whose contact details are below:

Individuals based in Australia

Office of the Australian Information Commissioner

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

Address: Level 3, 175 Pitt Street, Sydney NSW 2000, Australia


Individuals based in New Zealand

Office of the Privacy Commissioner

Telephone: 0800 803 909

Email: enquiries@privacy.org.nz

Address: PO Box 10 094, Wellington 6140


Individuals based in the United Kingdom

Information Commissioner’s Office

Telephone: +44 (0) 303 123 1113

Email: casework@ico.org.uk

Address: Wycliffe House, Water Lane, Wilmslow SK9 5AF, United Kingdom

Schedule 1 Additional European Economic Area (EEA) and United Kingdom (UK) Privacy Disclosures

These disclosures supplement the information above by providing additional information about our Personal Information processing practices relating to individuals who access our website (“Site Users”) and individuals who access and use our Services or otherwise interact with us from the EEA and UK (“Service Users”). For a detailed description of how we collect, use, disclose, and otherwise process personal information, please read Section 3 (How do we collect, hold, use and disclose Personal Information) of this Privacy Policy.

1. EEA and UK Controller

KIC Wellness Pty Ltd (ACN 13 654 770 279) (“KIC”) is the “controller” responsible for determining the purposes and means of processing personal information in connection with our EEA and UK Services. This means KIC determines and is responsible for how your personal information is used. You may contact KIC by sending an email to: privacy@kicwellness.com.

2. Automated Decision-Making and Profiling

We do not conduct automated processing of personal information, including profiling, for the purposes of making decisions about you with legal or similarly significant effects.

3. Purposes and Legal Bases of Use

When we use your personal information, we will do so in reliance on the following lawful bases under applicable data protection law.

You are not required to provide personal information to us, but we do rely on your personal information to provide our Services. If you choose not to provide us with your personal information, we may not be able to provide you with the Services you request. Where required, we will inform you at the point of collection whether the provision of particular personal information is mandatory or optional.

Our Services are generally intended for individuals aged 18 years or over. However, users aged 16 or 17 may be permitted to use certain Services with the consent of a parent or legal guardian. If you are a user aged 16 or 17, we may collect some or all of the information below for the purpose of providing the Services, managing your account and complying with applicable law.

4. Personal Information We Collect

We collect personal information that you submit directly to us when you contact us or access or use our Services, as follows:

Categories of Personal Information used How we use Personal Information Lawful basis

Site Users and Services Users
Contact information and identifiers, including first name, last name, email address, and telephone number.

We use this information to communicate with you in response to any enquiries that you submit to us.

We use this information to send notifications and alerts to if you have signed up to receive our newsletter or other marketing emails, surveys and/or information about promotions.

If you purchase or use our Services, this processing is necessary for the performance of, or to take steps prior to, a contract with you.

Otherwise, the processing is necessary for our legitimate interests, namely, to communicate with you and respond to and appropriately investigate specific information requests made by you. We will only process this personal information to the extent we have your consent to do so.
Communications with us, including information you provide when contacting us by email, webform, phone, social media or support channels

We use this information to handle your customer service requests including:

  • directing your questions to the appropriate team members; and

  • investigating and addressing any concerns.

If you purchase or use our Services, this processing is necessary for the performance of, or to take steps prior to, a contract with you.

Otherwise, the processing is necessary for our legitimate interests, namely to respond to and appropriately investigate your request.
We use this information to identify ways in which we can improve the Services as well as to inform our development of new products and digital content. The processing is necessary for our legitimate interests, namely identifying ways in which we can improve and further develop the Services.
Marketing and communications preferences, including your preferences in receiving marketing from us and our third parties, and your communication preferences. We use this information to send notifications and alerts in accordance with your preferences. The processing is necessary to comply with legal obligations to which we are subject, namely privacy and electronic communications legislation.

Services Users Only
Account information, including username and password or security credentials We use this information to create and administer your account and authenticate you when using the Services. The processing is necessary for the performance of a contract with you.
Profile information, including name, contact details, postal address, age or date of birth, gender, photo and other information you choose to add to your profile or account. We use this information to set up your account profile for your use when using our Services. The processing is necessary for the performance of a contract with you.
Account and settings, including subscription settings, preferences, notification settings and app settings. We use this information to manage your account, apply your preferences and provide the Services in accordance with your settings. The processing is necessary for the performance of a contract with you.
Service User content, including photos and other materials you or others on your behalf upload to the Services We use this information to provide the relevant functionality of the Services and enable you to upload, store, display or otherwise use content through the Services. The processing is necessary for the performance of a contract with you.
Transaction information, including details of Services you purchase from us and app subscription details. We use this information to process purchases, administer subscriptions, maintain internal records and provide the Services to you. The processing is necessary for the performance of a contract with you and our legitimate interests in maintaining records and identifying suspicious or fraudulent activity.

Payment details, including card and bank details, purchased Services and date/time of purchases.

Note that we do not directly collect and hold credit card and bank details, but these may be collected on our behalf via our third-party payment service providers.

 We use this information to allow you to purchase our Services. The processing is necessary for the performance of a contract with you.
We use this information for our own internal record-keeping purposes and to identify suspicious transactions and prevent unlawful, fraudulent, or malicious use of the Services. The processing is necessary for our legitimate interests in maintaining records and identifying suspicious or fraudulent activity.
Sensitive Information, including health or wellbeing-related information you choose to provide through the Services We use this information to provide the relevant Services and features to you, including AI Features where you choose to use them. We process this information with your consent and, where permitted by applicable law, where the processing is necessary for the provision of the relevant Services or otherwise authorised by law.
AI Feature inputs and outputs, including information you choose to submit to AI Features and information generated by AI Features for display or use within the Services We use this information to provide, operate, maintain, secure, monitor and improve AI Features and the Services, and to investigate incidents, misuse and technical issues. The processing is necessary for the performance of a contract with you and for our legitimate interests in operating, securing and improving the Services.
All of the above information (other than sensitive data collected, such as data regarding your health). Where permitted by law, we may use all of the above personal information to allow us, and our partners, to present advertising that is tailored to you. We will only process your personal information in this way to the extent that you have given us your consent to do so via our cookie consent banner or in-app preferences.
5. Personal information we collect automatically

Like all online services, we also collect certain personal information about you automatically when you use the Services in order to understand how the Services are used and how we can improve it, as well as to tailor the adverts you see online to your interests.

If you are a Service User, certain information (e.g. your use of the Services) is collected automatically to provide you with features of the Services, as described further below.

Categories of Personal Information used How we use Personal Information Lawful basis

Site Users / Services Users
Your IP address, including date and time, browser and device information. We use this information to tailor the website or Services to you and ensure they are personalised to your needs and preferences. We will only process your personal information in this way to the extent that you have given us your consent to do so via in-app preferences.
Where relevant and where permitted under applicable law, we use this information to identify potential risks or unlawful behavior including fraud detection, theft prevention, emergency response purposes and legal compliance. The processing is necessary for our legitimate interests, namely identifying and mitigating the risk of unlawful behavior to protect the Services, KIC and its users.
Information about how you access and use the Services, the time you access the Service and how long you access it for, the approximate location that you access the website or Services, the site from which you came and the site to which you are going when you leave the Services, the pages you visit, the links you click, your interactions on the website or service and other actions you take on the Service. We use necessary information to present the Services to you on your device. The processing is necessary for our legitimate interests, namely presenting the Services to our users so they can access and use our Services.
Where relevant and where permitted under applicable law, we use this information to ensure the security and integrity of the Services, including identifying and preventing unlawful, fraudulent, or malicious use of the Services. The processing is necessary for our legitimate interests, namely identifying and mitigating the risk of unlawful behavior to protect the Services, KIC and its users.
We use this information to tailor the Services to you and ensure it is personalized to your needs and preferences. We will only process your personal information in this way to the extent that you have given us your consent to do so via in-app preferences.
We use this information to monitor and improve the Service and to resolve any issues. We will only process your personal information in this way to the extent that you have given us your consent to do so via in-app preferences.
Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the Services. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the Service through the device, your IP address and your device’s telephone number (if it has one). We use necessary information to present the Services to you on your device. The processing is necessary for our legitimate interests, namely presenting the Services to our users so they can access and use our Services.
Where relevant and where permitted under applicable law, we use this information to ensure the security and integrity of the website or Services, including identifying and preventing unlawful, fraudulent, or malicious use of the website or Services. The processing is necessary for our legitimate interests, namely identifying and mitigating the risk of unlawful behavior to protect the Services, KIC and its users.
We use this information to tailor the website or Services to you and ensure it is personalized to your needs and preferences. We will only process your personal information in this way to the extent that you have given us your consent to do so via in-app preferences.
We use this information to monitor and improve the Services and to resolve any issues. We will only process your personal information in this way to the extent that you have given us your consent to do so via in-app preferences.
We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure traffic and usage trends for the Services and to understand more about the demographics of our users. You can learn more about Google’s practices here and view its additional opt-out options here. We use this information to help us measure traffic and usage trends for the Services and to understand more about the demographics of our users. We will only process your personal information in this way to the extent that you have given us your consent to do so via in-app preferences.
All of the above information Where permitted by law, we may use all of the above personal information to allow us, and our partners, to present advertising that is tailored to you. We will only process your personal information in this way to the extent that you have given us your consent to do so via in-app preferences.
6. Adequacy Decisions

We may transfer personal information about you to countries that the relevant regulatory authority has deemed to adequately safeguard personal information, either automatically or in connection with a specific safe harbor framework.

Certain regulatory authorities have adopted standard contractual clauses, which provide safeguards for personal information transferred outside of the originating jurisdiction. We may use these standard contractual clauses when transferring personal information to a third country that has not been deemed to adequately safeguard personal information.

7. EU-U.S. Data Privacy Framework and UK Extension

The EU-U.S. Data Privacy Framework and UK Extension (“DPF”) was designed by the U.S. Department of Commerce and the European Commission (and the UK Secretary of State) to ensure adequate protection for personal information transferred to a company participating in the DPF. If we transfer any personal information about you from the EEA or UK to a third party outside the EEA or UK who is participating in the DPF, we may rely on their participation in the DPF to ensure adequate protection for personal information so transferred.

We may transfer your personal information to, or store your personal information in, the following countries:

Country

Appropriate Safeguard

Australia

Standard Contractual Clauses adopted by the European Commission / regulation of the UK Secretary of State.

EEA

If you are in the UK, Adequacy

UK

If you are in the EEA, Adequacy
8. Your Additional EEA and UK Privacy Choices

Subject to certain limitations at law, you may be able to exercise the following rights:

  • Right to Access: The right to obtain confirmation of whether we are processing personal information about you, access to and a copy of the personal information we are processing about you, and information relating to its processing, including:

    • the categories of personal information being processed;

    • the purposes of the processing;

    • the sources of the personal information;

    • the categories of recipients to whom the personal information have been or will be disclosed;

    • the envisaged period for which the personal information will be stored, or the criteria used to determine that period;

    • any automated decision-making or profiling performed in connection with your personal information; and

    • the safeguards relied upon for the transfer of personal information to any third country.

  • Right of Portability: The right to obtain a copy of the personal information we have collected about you in a structured, commonly used, and machine-readable format, and the right to transmit that personal information to another controller without hindrance.

  • Right to Rectification: The right to correct or update any personal information about you that is inaccurate or incomplete.

  • Right to Restriction of Processing: The right to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.

  • Right to Object to Processing: The right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.

  • Right to Withdraw Consent: The right to withdraw your previously provided consent to our processing of your personal information. Please note withdrawing your consent will not affect the lawfulness of our use of your personal information before your consent was withdrawn, nor our processing of personal information pursuant to a different lawful basis for processing.

  • Right to Erasure: The right to have us erase your personal information if the continued processing of that personal information is not otherwise justified.

Please note that if the exercise of these rights limits our ability to process personal information, we may not be able to provide our Services to you or otherwise engage with you in the same manner.

9. Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by contacting us at privacy@kicwellness.com.

Before processing your request to exercise certain rights (taking into account the confidential nature of any personal information we maintain), we will need to verify your identity and confirm you are accessing our Services or otherwise interacting with us from the EEA or UK. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us with to the information we maintain about you in our systems. As a result, we require requests submitted to include first and last name, email address, phone number, state of residency and/or the date of your last transaction with us.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity as needed to protect your personal information or locate your information in our systems, or where you are not accessing our Services or otherwise interacting with us from the EEA or UK.

You can withdraw your consent to marketing materials by clicking on the unsubscribe link in the footer of our marketing emails or by contacting us at hello@kicwellness.com. We make every effort to promptly process all unsubscribe requests. You may not opt-out of service-related communications (e.g., account verification, transactional communications, changes/updates to the features of the Services, technical and security notices).

To exercise your right to withdraw your consent as it relates to the use of automatic data collection technologies (including cookies) that facilitate our online targeted advertising activities, please adjust your cookies preferences in your browser or device accordingly. Please note this preferences tool is website, device, and browser specific, so you will need to change your preferences on each device and browser you use to interact with the specific website you are visiting. In addition, you may follow the steps in Section 8 (Your Additional EEA and UK Privacy Choices) above to further exercise control over automatic data collection technologies.

 

Last updated on 30.04.2026