Data Privacy
Directive

Elite Fitness ("The Lab", "We", "Us") operates under strict confidentiality protocols. This Privacy Directive articulates the parameters under which we collect, utilize, process, and store the personal data of our members ("Agents") and visitors. This policy constitutes a binding electronic record under the Information Technology Act, 2000 and the rules made thereunder.

By entering our facilities or interfacing with our digital nodes (Website, App), you explicitly consent to the data practices outlined herein. If you dissent from these protocols, immediate termination of facility access is required.

To maintain the operational integrity of The Lab, we harvest specific data vectors:

Processing: Biometric inputs are not stored as raw images. They are immediately converted into a cryptographic hash (a one-way mathematical string) that cannot be reverse-engineered into a visual representation of your face or fingerprint.

Consent: By enrolling in the membership, you grant explicit permission for the processing of this biometric data solely for security and access authentication. This data is isolated from external marketing databases.

For the safety of all Agents and the protection of Lab equipment, the facility is monitored by a closed-circuit television (CCTV) network 24 hours a day.

• Coverage AreasEntry/Exit points, workout floors, reception, and equipment zones. Locker rooms and restrooms are strictly excluded from video surveillance to preserve privacy.
• Data StorageFootage is stored on secure local servers for a period of 30 to 90 days (rolling cycle) depending on storage capacity, after which it is overwritten unless flagged for incident investigation.
• Access ProtocolFootage access is restricted to the Chief of Security and Legal Management. Law enforcement agencies may request access via proper legal warrants.

Your data is processed to execute the following mission-critical commands:

We operate a closed loop. We do not sell, rent, or trade your personal identity vectors to unauthorized external nodes. However, data may be transmitted to the following trusted sub-processors:

• Financial Gateways(Razorpay / Stripe) for secure payment processing.
• CRM Systems(Salesforce / GymMaster) for membership database management.
• Legal AuthoritiesWhen compelled by a court order or to prevent physical harm.

Encryption: All sensitive data at rest is encrypted using AES-256 standards. Data in transit is secured via TLS 1.3 protocols.

Retention: We retain your data only as long as your membership is active or as required by tax laws (usually 5-7 years for financial records). Upon termination, your biometric hash is purged from the active access controller within 48 hours.

Under the IT Act and global privacy standards, you possess the following rights:

• Right to Access: Request a copy of all data held about you.
• Right to Rectification: Update incorrect metrics or contact details.
• Right to Erasure: Request deletion of data (subject to legal retention requirements).
• Right to Withdraw Consent: Revoke permission for marketing communications.