privacy policy

This Privacy Notice explains how we collect, use, disclose, store, and protect your personal data when you use believefitness.com and our related online services. It is prepared to comply with the Malaysian Personal Data Protection Act 2010 (Act 709) (the PDPA).

If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

This Privacy Policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in believefitness.com. This policy is not applicable to any information collected offline or via channels other than this website.

1) Who we are (Data Controller)

Believe Fitness ("we", "us", "our") operates the website https://believefitness.com/ and processes personal data in connection with inquiries, trials, class bookings, membership, and marketing.

Registered entity: Believe Ventures Malaysia Sdn. Bhd. (Company No. 1332401-A)]

Contact (privacy matters):
Email: info@believefitness.com
Postal: E-05-01, 2 Plaza Mont Kiara, Jalan Kiara, Mont Kiara, 50480 Kuala Lumpur, Malaysia
Phone: 03-62115556

2) Scope

This notice applies to personal data we process through our website and online forms (including embedded third‑party forms and widgets), our official social media pages that link to this notice, and our email communications. For in‑club data processing (e.g., CCTV, access control), see the on‑site privacy notices posted at each club.

3) What personal data we collect

Depending on your interaction with us, we may collect and process the following categories of personal data:

  • Identity & contact data – name, email address, mobile number, postal address, age range/date of birth.
  • Membership & inquiry data – club/location of interest, preferred time, fitness goals, appointment or trial details, messages, and attachments you send.
  • Transaction data – membership/package selection and status; (note: payment processing is performed by our payment service provider, and we do not store full card details on our servers).
  • Technical & usage data – IP address, device and browser type, pages viewed, referral URLs, approximate location, session logs, cookies, and similar technologies.
  • Marketing preferences – your opt‑in/opt‑out choices for email, SMS, or messaging apps.
  • Special circumstances – if you submit health or injury information to book assessments/classes, we process only what is relevant for scheduling and safety purposes.

We collect personal data directly from you (e.g., web forms, WhatsApp/DMs, phone calls), automatically via cookies/analytics when you use the site, and from service providers who operate systems on our behalf (for example, our bookings/membership platform).

4) Purposes – how and why we use your data

We use your personal data to:

  • Provide services – process inquiries, free trials, and class bookings; create and manage member records; provide customer support.
  • Operate and improve our website – monitor performance, fix errors, enhance user experience, and develop new features.
  • Analytics and measurement – understand site usage, campaign performance, and audience interests.
  • Communicate with you – send service messages (e.g., confirmations, reminders, notices) and respond to your questions.
  • Marketing – send updates, offers, and content about our clubs, classes, and events (only in line with your consent and choices—see Section 7).
  • Security and fraud prevention – detect, prevent, and investigate misuse or illegal activities.
  • Legal and compliance – comply with laws, regulatory requests, and enforce our terms.

Where consent is required under the PDPA (including for direct marketing and certain disclosures/transfers), we will request and record your consent, and you may withdraw it at any time (see Section 10).

5) Whether you must provide personal data

When information is necessary for us to process your inquiry, book a trial, or fulfill a membership/service you request, we will indicate that it is obligatory. If you choose not to provide obligatory information, we may be unable to provide the requested service. Other information is voluntary, and you can choose whether to share it.

6) Cookies & similar technologies

Our website uses cookies and similar technologies to recognize your browser, remember preferences, analyze traffic, and improve performance. You can control cookies through your browser settings. If you disable certain cookies, some site features may not function as intended.

Types of cookies we use include:

  • Strictly necessary cookies - required for core site functions and security.
  • Performance/analytics cookies – to measure and improve site usage.
  • Advertising cookies – where used, to deliver and measure advertisements; you can opt out/adjust settings as provided in the cookie banner or your browser.

See also Section 8 (Log files & analytics).

7) Marketing communications & your choices

We only send direct marketing (email/SMS/messaging) with your consent or as otherwise permitted by law. You can opt out at any time by using the unsubscribe link in our emails/SMS, adjusting preferences in your account (if available), or contacting us (Section 17). We will honor your request promptly.

8) Log files & analytics

Like many websites, our servers automatically record technical data (e.g., IP address, browser type, pages visited, timestamps, referrers). We use this to administer the site, analyze trends, and improve services. We may also use web analytics tools (e.g., Google Analytics or equivalents) that set cookies to help us understand aggregate usage; these providers process data on our instructions and for our purposes.

9) Disclosure – who we share your data with

We do not sell personal data. We disclose personal data only as necessary and in line with the PDPA, including to:

  • Service providers/“data processors” who host our website, run our bookings/membership systems, send emails/SMS, provide analytics, security, and customer support. They are bound by contracts to protect your data and use it only on our instructions.
  • Group/related companies (where applicable) for centralized administration, reporting, and support.
  • Professional advisors (lawyers, auditors) and authorities/regulators where required by law.
  • Event partners or co‑organizers only where (i) you have consented, or (ii) the disclosure is directly related to the purpose for which the data was collected and is permitted under the PDPA.

10) International (cross‑border) transfers

Some of our service providers and systems may be located outside Malaysia (for example, reputable SaaS platforms used for bookings, payments, or emails). When we transfer personal data abroad, we will:

  • rely on your consent where required; or
  • apply other conditions permitted by Section 129(3) PDPA (e.g., where necessary for the performance of a contract with you),

and take reasonable steps to ensure that the recipient provides a comparable level of protection to the PDPA. By submitting forms that clearly indicate such transfers, you acknowledge that your data may be processed in those jurisdictions for the stated purposes.

11) How long we keep your data (Retention)

We keep personal data only for as long as necessary to fulfill the purposes in this notice or to comply with legal, accounting, or reporting requirements. We periodically review our records and securely delete or anonymize data that is no longer needed.

Examples (guiding practice, subject to change):

  • Member account/transaction records: for the duration of membership and a reasonable period thereafter (e.g., up to 7 years) to meet legal/financial obligations.
  • Analytics logs: kept for shorter periods where possible and aggregated/anonymized for reporting.

12) How we protect your data (Security)

We implement organizational and technical measures appropriate to the risks, including access controls, encryption in transit, secure configuration, staff confidentiality obligations, and vendor due diligence. While no method is 100% secure, we continuously work to protect your information.

If a personal data breach occurs that is likely to result in significant harm, we will notify the authorities and affected individuals in accordance with Malaysian law and guidelines.

13) Your rights under the PDPA

Subject to conditions and exceptions under the PDPA, you have the right to:

  • Access your personal data we hold (Data Access Request).
  • Correct personal data that is inaccurate, incomplete, misleading, or not up‑to‑date (Data Correction Request).
  • Withdraw consent / choose to limit processing (including for direct marketing).
  • Require us to cease processing where processing is likely to cause you substantial damage or distress.

How to exercise your rights: Email us (Section 17) with enough information to identify you and the data requested. We will respond within 21 days of receiving a valid request, or inform you if more time is needed as permitted by the PDPA. We may request information to verify your identity and, where allowed, charge a small fee for access requests.

For members aged 13-17 years old, requests should be made by or with the involvement of a parent/guardian or a person with parental responsibility.

14) Children’s privacy

Our services are available to individuals aged 13 and above. For members under 18 years old:

  • Parental/guardian consent is required for membership registration and processing of personal data.
  • Access to club facilities during unstaffed hours (outside of operating hours with staff present) is restricted to members aged 18 and above for safety reasons.

We do not knowingly collect personal data from under-aged members without appropriate parental or guardian consent. If you believe a minor has provided personal data without appropriate consent, please contact us so we can take appropriate steps.

15) Third‑party links and platforms

Our website may contain links to third‑party sites, plug‑ins, or embedded services. We are not responsible for the privacy practices of those third parties. Please review their privacy notices before providing any personal data.

16) Updates to this notice

We may update this Privacy Notice from time to time. When we make material changes, we will post the updated version on this page with a new "Last updated" date and, where appropriate, notify you by email or a site banner.

17) How to contact us

Questions, requests, or complaints about this notice or our data practices can be sent to:

  • Email: info@believefitness.com
  • Postal: Data Protection, Believe Fitness, E-05-01, 2 Plaza Mont Kiara, Jalan Kiara, Mont Kiara, 50480 Kuala Lumpur, Malaysia
  • Phone: 03-62115556

If you are not satisfied with our response, you may also contact or lodge a complaint with the
Malaysian Personal Data Protection Department (JPDP).

Bahasa Malaysia version

Notis Privasi dalam Bahasa Malaysia boleh disediakan atas permintaan. Sila hubungi kami untuk salinan.

Last updated: October 16, 2025