top of page

Privacy Policy

Last updated: April 01, 2026


Southern Ethos Limited, trading as NRG Fitness (“we”, “us”, “our”), is the Data Controller for the personal data we collect and process about you in connection with our gym, Website, and services.
This Privacy Policy explains what personal data we collect, how we use it, the legal bases for processing, with whom we share it, how we protect it, and your rights under the Jamaican Data Protection Act, 2020 (“DPA”).

 

1. Personal Data We Collect


We may collect and process the following categories of personal 

  • Identification and contact details (name, address, email, telephone number).

  • Account and membership details (membership type, start/end dates, activity related to bookings and attendance).

  • Payment‑related information (billing address, transaction details, partial card data via our payment processors – we do not store full card numbers on our systems).

  • Health‑related information that you voluntarily provide in connection with membership, PAR‑Q forms, injuries, medical notes for membership freeze or refunds (this may be sensitive personal data under the DPA).

  • Website usage data (IP address, browser type, device identifiers, pages visited, date/time of access) and cookie information.

  • Communications and feedback (emails, messages, forms, surveys, complaints, and marketing preferences).

 

We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided personal data, we will delete it as soon as reasonably practicable.

2. How We Collect Your Data


We collect data when:

  • You create an account or purchase a membership or product (online or in‑club).

  • You use our facilities, attend classes, or sign in at reception.

  • You complete forms, health questionnaires, feedback forms, or surveys.

  • You contact us by email, phone, or via the Website.

  • You browse the Website (via cookies and similar technologies).

     
We may also receive limited data from third parties such as payment processors, fraud‑prevention services, and advertising or analytics providers, consistent with this Policy and their privacy notices.

3. Purposes & Legal Bases for Processing
 

We process your personal data for the following purposes and legal bases under the DPA:

  • To provide and manage your membership and account (processing payments, enabling access, administering bookings, customer service). Legal basis: performance of a contract with you and steps taken at your request before entering into a contract.

  • To provide and improve our services and Website, including usage analytics and service development. Legal basis: our legitimate interests in operating and improving our business, balanced against your privacy rights.

  • To communicate with you, including service messages (renewals, operational notices, changes to Terms or Policy), responding to queries or complaints. Legal basis: performance of a contract, legal obligation, and legitimate interests.

  • For marketing and promotions, such as sending you news, offers, and event information about NRG Fitness (where permitted). Legal basis: your consent where required, or our legitimate interests where allowed, with the ability to opt out at any time.

  • To process health‑related data for risk management, safety, and accommodating medical needs (for example, membership freezes, exercise modifications). Legal basis: your explicit consent and/or other conditions permitted under the DPA for health‑related services.

  • To comply with legal and regulatory obligations, including tax, accounting, consumer protection, and data protection requirements. Legal basis: legal obligation.

  • To prevent and detect fraud, misuse or security incidents. Legal basis: legitimate interests in maintaining the security and integrity of our systems and services.

  

4. Cookies & Tracking Technologies
 

We use cookies and similar technologies on our Website to:

  • Recognise you and maintain your session.

  • Remember your preferences and improve user experience.

  • Analyse how the Website is used for performance and service improvement.

 
Some cookies may be set by third‑party services (for example, analytics, payment processors, advertising networks). Their use of your data is subject to their own privacy policies.
You can manage cookies through your browser settings. Disabling some cookies may affect Website functionality.

5. Sharing of Personal Data
 

We may share your personal data with:

  • Service providers who process data on our behalf (for example, IT hosting, payment processors, email and SMS platforms, analytics, marketing tools), under appropriate contracts and safeguards.

  • Professional advisers (lawyers, accountants, auditors) where necessary for our legitimate business and legal compliance purposes.

  • Regulators, law enforcement, or other authorities where required by law or to protect our rights or the rights and safety of others.

   
We do not sell your personal data.
If we undergo a business reorganisation, merger, or sale, your data may be transferred to a successor or purchaser, subject to the conditions and safeguards required under Jamaican law.

6. Cross‑Border Data Transfers
 

Some of our service providers may be located outside Jamaica. Where we transfer personal data to another country, we will ensure that an adequate level of protection is in place consistent with the DPA, for example through contractual safeguards or reliance on jurisdictions recognised as providing adequate protection.

7. Data Retention
 

We keep personal data only as long as reasonably necessary for the purposes described in this Policy, to fulfil our contractual obligations, to comply with legal and regulatory requirements (including tax, accounting, and reporting obligations), and to resolve disputes or enforce our rights.
Retention periods may vary depending on the type of data and the context in which it was provided. When data is no longer needed, we will delete it or anonymise it in a secure manner.


8. Data Security
 

We implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include access controls, encryption where appropriate, secure hosting, and staff training.
While we strive to protect your data, no system is fully secure. You are also responsible for safeguarding your account credentials and notifying us promptly of any suspected compromise.

9. Your Rights Under the Data Protection Act, 2020


Under the DPA, you have rights which may include:

  • The right to be informed about how your data is used.

  • The right to access your personal data.

  •  The right to request correction of inaccurate or incomplete data.

  • In certain circumstances, the right to prevent or restrict processing or to request deletion of your data.

  • The right to object to processing in specified cases, including for direct marketing.

  • The right to complain to the Office of the Information Commissioner if you believe your data protection rights have been infringed.

 
You can exercise these rights or ask questions about this Policy by contacting our Data Protection Officer at admin@nrgfitness.org. We may need to verify your identity before fulfilling certain requests.

10. Children’s Privacy


We do not knowingly collect personal data from children under 18 for online accounts or memberships. If you believe a child under 18 has provided us with personal data, please contact us immediately and we will take steps to remove such information.


Where we later introduce youth memberships, these will be governed by a separate agreement and parental/guardian consent, in accordance with applicable law.

11. Marketing Communications


We may send you marketing communications (for example, about promotions, classes, or events) where permitted by law and in line with your preferences.


You can opt out of marketing emails at any time by using the unsubscribe link in the email or by contacting us. Opting out of marketing does not affect service or transactional communications (such as renewal notices and important service updates).


12. Changes to This Privacy Policy
 

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements.
The “Last updated” date at the top of this Policy shows when it was last revised. Significant changes may be notified by email or Website notice. Continued use of our Website, facilities, or services after changes take effect indicates your acceptance of the updated Policy.


13. Contact Details
 

If you have any questions, requests, or complaints about this Privacy Policy or our handling of your personal data, please contact:
   •    Email (general): info@nrgfitness.org
   •    Data Protection Officer: admin@nrgfitness.org
   •    Address: Shop 26, Pines Plaza, Junction, St. Elizabeth, Jamaica

Fitness equipment
bottom of page