Privacy Policy

This Privacy Policy sets out the policy of Adrenaline Rush (“Adrenaline Rush,” “we,” “our,” or “us”) with respect to the way in which we collect, use, store, and disclose personal information. This includes information collected through our gym, website at www.adrenalinerush.lk, social media channels, and mobile application (App) developed and maintained by our in-house development team.

We are committed to protecting your privacy and complying with our obligations under Sri Lanka’s Personal Data Protection Act (PDPA) 2022. This Privacy Policy applies to all Adrenaline Rush staff, contractors, and affiliated entities.

By using our facilities, website, Apps, or services, you consent to the collection, use, storage, and disclosure of your personal information in accordance with this Privacy Policy. You may withdraw your consent at any time; however, this may limit our ability to provide services or access to our website and Apps.

Note: If you are a member of a gym or fitness program using the Adrenaline Rush application, the respective gym or trainer may control how your personal data is used within the application. Adrenaline Rush processes such data only on behalf of the gym or trainer and in accordance with their instructions.

1. What Personal Information We Collect

We collect personal information necessary to provide our services and operate our business. This includes:

• Name, date of birth, gender, email address, and phone number
• Residential or postal address
• Credit card or bank account details for subscriptions or purchases (not through our mobile app)
• Occupation and employer details (if corporate)
• Health information relevant to fitness and training programs
• Information from your membership agreement and health questionnaire
• Video footage from security cameras and data from access control systems
• Information from your use of our website, Apps, or social media platforms
• Transactional information from purchases of Adrenaline Rush products or services
• Information provided via phone, email, or in-person at Adrenaline Rush location

We may also collect non-identifiable information, such as cookies, browser type, IP address, and device details.

Some Apps may allow integration with third-party fitness apps (e.g., MyZone, Apple Health, Google Fit). By enabling this functionality, you consent to:

• The receipt of personal data from these third-party apps
• Our use of that data in accordance with this Privacy Policy

You can disable such integration at any time via your App settings.

2. When and How We Collect Personal Information

We collect your personal information when:

• You provide it directly (in person, via forms, online, or over the phone)
• You use our website, social media channels, or Apps
• You engage with third-party integrations through our services
• You authorise us to obtain it from other sources
• It is publicly available or collected through security and access systems

3. How We Use Personal Information

We may use your personal information to:

• Identify and authenticate you for service access
• Administer and manage your membership and account
• Provide you with access to our facilities, services, and programs
• Process payments and subscriptions
• Communicate with you about services, updates, promotions, or events
• Improve our website, Apps, social media platforms, and physical facilities
• Conduct research and internal development
• Maintain security across our physical and digital premises
• Comply with legal obligations under Sri Lankan law

We may also use aggregated, anonymised information to:

• Analyse service usage and customer engagement
• Improve service delivery and product offerings
• Conduct marketing and statistical reporting

Additional Data Collected via Mobile Applications

When you use our mobile applications, we may collect:

• App usage data (features accessed, session duration)
• Device information (device model, OS version)
• Login activity and timestamps
• Fitness activity

4. Disclosure of Personal Information

We may disclose personal information:

• To Adrenaline Rush staff, contractors, and affiliated entities to ensure seamless service delivery
• To service providers (e.g., IT support, analytics providers) under strict confidentiality agreements
• To government or regulatory bodies, law enforcement, or legal representatives as required by law
• To third parties with your consent or as necessary for the purpose for which you provided it
• To debt collection agencies or credit reporting services when necessary

All third parties are required to use your personal information only for the purposes for which they were engaged.

5. Data Storage and Transfers

Some data collected through our website or Apps may be stored on servers located outside Sri Lanka. We ensure that any overseas data transfer:

• Is to a recipient with comparable privacy safeguards, or
• Is based on your express consent

All credit card or banking data is stored with PCI DSS-compliant partners and held within secure systems.

6. Cookies and Online Tracking

Cookies are small files stored on your device that help manage website functionality, security, and preferences. We use cookies to:

• Help manage security and navigation on our website and Apps
• Analyse website and App usage to improve your experience
• Deliver analytics and marketing (third-party cookies may apply)

You can disable cookies through your browser settings, though some features may not function properly.

7. Security and Retention

We take reasonable steps to keep your personal information secure, confidential, and accurate.

• Digital information is stored behind industry-standard firewalls, with user authentication.
• Physical records are kept in secure locations.
• We retain personal information only as long as necessary for its purpose or as required by law.

8. Access and Correction

You may request access to or correction of your personal information. Requests should be directed to our Privacy Officer. Verification of identity may be required. If we decline a request, we will provide reasons.

8A. Your Rights

Under applicable data protection laws, including the Personal Data Protection Act (PDPA) 2022, you have the right to:

• Access your personal information
• Request correction of inaccurate data
• Request deletion of your personal data
• Object to or restrict processing of your data
• Withdraw consent at any time
• Request a copy of your data in a portable format

To exercise these rights, please contact us using the details in Section 14.

9. Privacy Breaches

In the event of a privacy breach likely to cause serious harm, we will:

• Investigate the incident promptly
• Notify affected individuals and the Data Protection Authority of Sri Lanka, where required

10. Links to Other Websites

Our website or communications may contain links to third-party websites. We are not responsible for their content, privacy policies, or data handling practices.

11. Third-Party Services

We may use third-party service providers such as analytics tools, cloud hosting providers, and payment gateways to support our services. These providers may process personal data on our behalf under strict confidentiality and security obligations.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on our website. Continued use of our services constitutes acceptance of any changes.

13. Children’s Privacy

Our services are not intended for individuals under the age of 13. We do not knowingly collect personal information from children without parental consent. If we become aware that such data has been collected, we will take steps to delete it.

14. Contact Us

We aim to respond to all inquiries promptly. If you are not satisfied with our response, you may contact the Data Protection Authority of Sri Lanka.