Privacy policy

Legacy Health and Performance (ABN 52 618 406)

Last updated: 22/02/2026

Legacy Health and Performance ("Legacy Health and Performance", "we", "us", "our") respects your privacy and is committed to protecting your personal information.

This Privacy Policy explains how we collect, use, store, disclose and protect personal information when you visit "legacyhp.com.au", attend our facility, use our gym and coaching services, or engage with our online coaching platforms and related services.

1. What personal information we collect

Personal and contact information

·       Name

·       Email address

·       Phone number

·       Date of birth (where relevant, including for age verification or under-18 participation)

·       Emergency contact details

Payment and transaction information

·       Payment and billing information required to process purchases or memberships

·       Transaction records and purchase history

Important: Online checkout and payment processing are handled through Stripe. We do not store full payment card details on our own systems.

Health and fitness-related information

To provide gym, coaching and performance services safely and effectively, we may collect basic health and fitness information, such as:

·       Injury history

·       Relevant medical or health conditions

·       Training history, goals and exercise limitations

·       Screening and readiness information

·       Body composition or scan data (including through Evolt360)

·       Performance testing data (including through VALD Performance)

Coaching and program delivery information

·       Training program data and progress tracking (including through TrainHeroic)

·       Session notes, attendance or booking history

·       Communications relating to coaching, memberships or support

Website and technical information

When you use our website, we may automatically collect:

·       IP address

·       Browser/device information

·       Pages visited and usage activity

·       Referral source

·       Cookies and similar technologies (see Section 8)

CCTV footage and media content

·       CCTV recordings from our facility for safety, security and incident management purposes

·       Photographs and videos of members for social media or promotional content only where permission has been obtained

2. How we collect personal information

We collect personal information in a number of ways, including when you:

·       Sign up via our website (legacyhp.com.au)

·       Complete checkout through Stripe

·       Join our gym or purchase coaching services

·       Complete intake, screening, health history or waiver forms

·       Undertake body scans (Evolt360) or performance testing (VALD Performance)

·       Use training platforms (including TrainHeroic)

·       Contact us by email, phone, social media or in person

·       Attend our facility (including where CCTV operates)

·       Consent to photos/videos being taken for social media or marketing

We may also receive information from third-party providers that support our services and business operations (for example, payment, accounting, software, booking, or training platform providers).

3. Why we collect, hold and use personal information

We collect, hold and use personal information for purposes including:

·       Providing gym memberships, coaching and related fitness/performance services

·       Conducting onboarding, screening and risk management

·       Designing and delivering training programs

·       Monitoring progress, performance and outcomes

·       Completing body scans and performance testing (where applicable)

·       Processing payments and managing accounts

·       Communicating with you about your membership, coaching, bookings or enquiries

·       Sending service communications and, where permitted, marketing updates and promotions

·       Maintaining business records and accounting

·       Improving our services, systems and customer experience

·       Maintaining the safety and security of our facility, members and staff (including CCTV)

·       Creating social media/marketing content where you have given permission

·       Complying with legal and regulatory obligations

4. Health information and consent

Some of the information we collect (such as injury history, health conditions, body composition and performance data) may be considered health information or other sensitive information under applicable privacy laws.

We only collect this information where it is reasonably necessary for providing our services, and we handle it with additional care. By providing this information to us, you consent to us using it for the purposes described in this Privacy Policy, including to deliver safe and appropriate training and coaching services.

You can choose not to provide some information, but this may limit our ability to provide services safely or effectively.

5. Under-18 members and clients

We only collect personal information from individuals under 18 years of age where a parent or legal guardian has provided appropriate authorisation/consent (including sign-off for participation, where required).

If you believe we have collected personal information from a minor without appropriate consent, please contact us and we will take reasonable steps to address the issue.

6. Disclosure of personal information

We may disclose personal information to trusted third parties where reasonably necessary to operate our business and provide services, including:

·       Stripe (payment processing)

·       Square (payment/point of sale services)

·       Xero (accounting and bookkeeping)

·       Brevo (email communications and marketing communications)

·       TrainHeroic (program delivery and training tracking)

·       Evolt360 (body scan and body composition data)

·       VALD Performance (performance testing and related reporting)

·       IT, cloud storage and productivity providers

·       Professional advisers

·       Regulatory authorities, law enforcement, or other parties where required or authorised by law

We may also disclose photos/videos for marketing purposes only where you have provided permission.

We do not sell personal information to third parties.

7. Storage and security

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.

These steps may include:

·       Restricted access to records

·       Password-protected systems and devices

·       Use of reputable third-party platforms and service providers

·       Staff access only where required for business operations

·       Secure storage practices for digital records and media files

We use Google Drive and use third-party platforms to deliver our services. While we take reasonable precautions, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

8. Website cookies and online tracking

Our website may use cookies and similar technologies to:

·       Enable website functionality

·       Improve website performance and user experience

·       Understand how visitors use our website

·       Support checkout and service delivery processes

You can manage cookies through your browser settings. Disabling cookies may affect website functionality.

9. Email communications and marketing

We may use Brevo to send service-related communications (such as membership, coaching, booking or account updates) and, where you have opted in or where otherwise permitted by law, marketing communications (such as news, offers and updates).

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us using the details in Section 15.

Please note that even if you opt out of marketing communications, we may still send important service or administrative messages relating to your membership, coaching or transactions.

10. CCTV and surveillance at our facility

We use security cameras (CCTV) at our facility for purposes such as:

·       Safety and security of members, staff and visitors

·       Incident investigation

·       Protection of property and assets

CCTV footage is handled in accordance with applicable laws and our internal practices. We aim to use surveillance in a way that is proportionate and respectful of privacy.

11. Photos and videos for social media / marketing

We may take photographs or videos in our facility and use them for social media, website or promotional content.

Where an individual member is identifiable, we seek permission before using their image/footage for promotional purposes. If you have previously given permission and wish to withdraw it for future content, please contact us using the details below.

Please note that withdrawing consent will apply to future use and may not always be practicable for content already published or distributed.

12. Access, correction and privacy requests

You may request access to personal information we hold about you and request corrections if the information is inaccurate, incomplete or out of date, subject to any legal exceptions.

To make a request, or if you have a privacy complaint or question, please contact us using the details in Section 15.

13. Retention of personal information

We retain personal information only for as long as reasonably necessary for the purposes set out in this Privacy Policy, including to provide services and meet legal, accounting, insurance and operational requirements.

When information is no longer required, we take reasonable steps to securely delete, destroy or de-identify it where appropriate.

14. Overseas disclosure

Some of the third-party service providers we use (including cloud/software providers) may store or process personal information outside Australia.

By using our services, you acknowledge that your personal information may be disclosed to or stored by overseas recipients in connection with these services. This may include providers used for payments, email communications, cloud storage, training delivery, body scan and performance testing services. Where required, we take reasonable steps to ensure that third parties handle personal information in a manner consistent with applicable privacy obligations.

15. Contact us

If you have any questions, requests or complaints about this Privacy Policy or how we handle personal information, please contact:

Legacy Health and Performance
ABN: 52 618 406
Website: legacyhp.com.au
Email: chris@legacyhp.com.au
Address: 6/55 Simcock Street, Somerville 3912.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, technology, service providers or legal requirements. Any updated version will be published on our website with a revised "Last updated" date.

We encourage you to review this Privacy Policy periodically.