privacy policy

The last update to this document was 21/05/2025

Introduction

The Commons Cowork Holding Pty Ltd ACN 612 577 134 (The Commons, we, us, our) and its related entities is committed to complying with applicable privacy laws in relation to the personal information that we collect in the course of running our business.

Please take a moment to read our Privacy Policy as it explains:
• how we collect and handle personal information; and
• your rights in relation to any of your personal information that we hold about you.

We may, in connection with particular goods or services we offer or provide to you, make other privacy disclosures to you or seek your authority to use your personal information in ways which are different from or more specific than those stated in this Privacy Policy. In the event of any inconsistency between the provisions of this Privacy Policy and those other disclosures, the other isclosures will apply. Where applicable privacy laws provide for exceptions or exemptions, we may rely on those exceptions or exemptions in our information handling practices.

This Privacy Policy (other than section 11 ) explains how we manage personal information about individuals other thanemployees. Section 11 explains the position of employees.

Key definitions

In this document:
• "APPs" means the Australia Privacy Principles set out in the Privacy Act;
"Health Records Laws" means laws governing the management, use and disclosure of an individual's health information, including the Health Records Act 2001 (Vic) and Health Records and Information Privacy Act 2002 (NSW).
• personal information has the meaning set out in the Privacy Act, and (in summary) means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or otherwise;
"Privacy Act" means the Privacy Act 1988 (Cth); and
"sensitive information" has the meaning set out in the Privacy Act, and includes certain specific types of personal information such as health information, and information about a person's racial or ethnic origin, sexual orientation or practices, criminal record, religious beliefs or affiliations, political opinions, membership of a political, professional or trade association, and biometric and genetic information.

1. How we collect your personal information

We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Some of the common ways in which we may receive personal information directly from you include:

• when you make an inquiry or order in relation to goods or services, including through our websites, including those located at https://www.thecommonshealthclub.com.au/ (the Website);
• when you enter into contracts with us for our goods or services;
• in administering and performing any contracts with service providers;
• when you apply for a role with us;
•  from correspondence (whether in writing or electronically) or when you contact us via telephone, e-mail, social media platforms or other means;
• when you upload content to or interact (in an identifiable manner) with our Website or our social media pages;
• through any mobile applications provided by our organisation;
• while conducting customer satisfaction and market research surveys;
• if you attend any of our premises, we may record certain contact details so that we can comply with applicable laws, and we may also record your image and/or voice if we have surveillance systems operating at those premises;
• when administering any of our services; and
• as otherwise required to manage our business.
Where it is reasonably practical to do so, we will collect your personal information directly from you. However, in certain cases we may collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, your employers, contractors, our clients, business partners, referees, government bodies (e.g. police checks, if required), academic and professional bodies (e.g. to validate details and currency of qualifications).
If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.

2. Types of personal information we collect

The types of personal information we collect about you depends on the circumstances in which the information is collected. Typically, the types of personal information we may collect can include (but is not limited to) your name, address, email address and phone numbers. If we enter into contracts with you, or you request or receive goods or services from us or have any other commercial dealings with us, we may also collect your signature, date of birth, social media information, credit card and/or banking details, and billing information. If you are an individual contractor to us, or apply for a role with us, we may also collect information relevant to your engagement with us including qualifications, length of engagement, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors, training records and logs of your usage of our equipment (e.g. phones, computers and vehicles). If we need to confirm your identity, we may collect a copy of appropriate identification which may include copies of valid government issued ID such as a valid driver's license, passport or other identity card.

If you access our Website or if you download and access any of our apps, we may:
• utilise cookies to collect additional information about your use of our Website and apps, such as your internet protocol (IP) address, device information, browser information, standard web log information, advertising data, and details on your usage. Please see the cookies section below for further details; and
• if you have provided us with permission to access your device location when using our Website or app, we may collect information about your geographical location.
If we communicate with you by email, we may use technology to identify you so that it will be in position to know when you have opened the email or clicked on a link in the email. See section 7.3 of this Privacy Policy for further details.
If you call us via telephone, we may monitor and in some cases record such telephone conversations for staff training, quality assurance and record-keeping purposes.
If you attend a premises we operate or manage, we may:
• collect certain contact details that you provide to us (which may be via digital check-in apps), including the date and time of attendance, including so that we can comply with applicable laws (such as public health directives). If we collect such information to comply with a particular law, we will only use and disclose it in accordance with applicable laws; and
• record your image and/or voice through the use of Closed-Circuit Television (CCTV) systems for the purposes of managing security of the premises and health and safety of occupants and the public generally.
We only collect sensitive information about you with your consent, or otherwise in accordance with the Privacy Act. The main types of sensitive information we may collect include:
• health information (including but not limited to, weight, height, body mass index and blood pressure information);
• details of injuries (i.e. health information) that may occur on our premises or arising through the use of our goods or services;
• details of disabilities or allergies (i.e. health information) you notify us of so we can accommodate any special requirements when you attend our premises;
• details of an individual's membership of professional associations and affiliations with relevant industry bodies or organisations;
• criminal record details, as part of pre-employment checks we undertake.
If you do provide sensitive information to us for any reason (for example, if you provide us with information about a health condition, injury or disability you have), you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the Privacy Act and other relevant laws including Health Records Laws.

In addition to the types of personal information identified above, we may collect personal information as otherwise permitted or required by law.

Where you do not wish to provide us with your personal information, we may not be able to provide you with requested goods or services and/or certain functionality of our Websites and apps.

3. Our purposes for handling your personal information

As a general rule, we only process personal information for purposes that would be considered relevant and reasonable in the circumstances. The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.
We may use or disclose your personal information:
• for the purposes for which we collected it (and related purposes which would be reasonably expected by you);
• for other purposes to which you have consented; and
• as otherwise authorised or required by law.
In general we collect, use and disclose your personal information to provide you with our goods and services,
so that we can do business together, and for purposes connected with our business operations.
Some of the specific purposes for which we collect, hold, use and disclose personal information are as follows:
• to provide you with our goods and services;
• to receive goods or services from you;
•  to consider you for a job (whether as an employee or contractor) or other relationships with us;
• to provide you with tax invoices for our goods and services and, if you have ordered goods from us, dispatch and tracking information, returns and exchange authorisations; to operate, monitor, develop and improve our Website, mobile applications, and our goods and services;
• to confirm your identity;
• to optimise and customise the user experience (including content and advertising) for users of the Websites, mobile applications and services;
• to facilitate communications via our Website, apps and our social media platforms, including communications with us or with other users of those platforms via direct messaging and posting to
forums;
• where you have provided us with access to your geographical location via our Website or any of our mobile applications, we may send you push notifications and other electronic communications
(including SMS) for purposes including providing location-based services, sending promotional offers relevant to your current location, notifying you of nearby events or services, enhancing your user experience, and delivering urgent safety or service updates
• where a business seeks to purchase our goods or services on credit, we may seek commercial credit reports that may include limited personal information about officeholders;
• to facilitate your entry and participation in a competition or trade promotion;
• to protect the security and integrity of our Website, apps and services;
• to contact you (directly or through our service providers and marketing research agencies) to obtain your feedback and to find out your level of satisfaction with our goods and services;
• to contact you regarding administrative messages such as reminders, notices, updates, security alerts and other information requested by you;
• to comply with our legal and regulatory obligations;
• to protect the security, health and safety of our premises, facilities, personnel and visitors;
• to address any issues or complaints that we or you have regarding our relationship; and
• to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner.

4. Who we disclose your personal information to

We may disclose your personal information to third parties in connection with the purposes described in section 3 of this Privacy Policy. This may include disclosing your personal information to the following types of third parties:
• our suppliers, contractors and organisations that provide us with technical and support services or who manage some of our business functions;
• our related entities (who may use and disclose the information in the same manner we can);
• our accountants, insurers, lawyers, auditors and other professional advisers;
• any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
• in the unlikely event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisors; and
• debt collection agencies.
We may also disclose your personal information in accordance with any consent you give or where disclosure is authorised, compelled or permitted by law.
If we disclose information to a third party who is handling it on our behalf, we generally require that the third party protect your information to the same extent that we do.
If you post information to certain public parts of our Website or to our social media pages, you acknowledge that such information may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.

5. De-identified information

We may use your personal information in de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to provide you with our goods and services and assist us in running our business (including to optimise and improve our services and solutions, and for other internal uses).
We also use de-identified data to provide analytics reports and statistical information to us and our commercial partners (which include companies that sponsor our programs). Any such reports and statistics are de- identified to ensure that customer personal information is not disclosed.
We may also use de-identified data for research purposes, as described previously.
We may also use, and provide the de-identified data in aggregated form to, other third parties. This information may include (but is not limited to) health information such as age, gender, weight, body mass index, exercise undertaken after set periods of time or results of physical testing such as strength testing.
When referring to the use of 'aggregate data', this means the aggregate of data composed of at least 10 or more customer records.

6. Storage and protection of personal information

We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers, which may be located overseas. We use a range of security measures to protect the personal information we hold, including by implementing IT security tools to protect our electronic databases.
We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law. We may need to retain records containing personal information to comply with record keeping obligations, and for other legitimate business purposes (such as quality assurance).

7. Our marketing and advertising activities

7.1 Overview
Like most businesses, marketing and advertising is important to our continued success. We therefore like to stay in touch with customers and let them know about new offers and opportunities.
We may provide you with information and advertisements about products, services and promotions either from us, or from third parties which may be of interest to you, where:
• you have asked us to (or have otherwise consented to us doing so); or
• it is otherwise permitted by law.


7.2 Direct marketing

We conduct direct marketing through various channels, including social media, over the phone, email, SMS and post.
If you would like us to stop sending you direct marketing communications, you can request this by contacting our Privacy Officer (see contact details in section 12 of this Privacy Policy).
Please note that there are certain types of communications that you may not be able to opt-out from, such as communications that we are required or permitted by law to send you.

7.3 E-mail analytics

Like many organisations, we use e-mail analytics to track and measure the success of our e-mail newsletters and other e-mail campaigns.
We use various technologies (such as tracking pixels) to collect information such as: which of our emails you have opened, which links you have clicked, which email client you are using, whether you opened our e-mail on a computer or mobile device, and the geolocation of your IP address. We use this data to analyse and improve the performance of our e-mail campaigns.

7.4 Internet advertising

We may also collect and use information about you for the purposes of online targeted advertising services that help our ads to reach you (and other people who may be interested in our products and services) on websites, apps and social media platforms across the Internet. These online targeted advertising services are operated by third party vendors, such as Facebook, Instagram, Google and LinkedIn.
Some of these services work by using non-identifying data about your behaviour and demographics that has been collected through cookies and other tracking technologies (such as tracking pixels and device identifiers) when you use the Internet, including when you move between different websites and apps and use different devices. For example, third-party vendors may use cookies and/or device identifiers to serve ads based on your past visits to our websites. Your browser or device may provide you with the option to disable or opt-out of some of these cookies and other tracking technologies (such as device identifiers).
Other services require us to use limited amounts of your personal information. For example, we may include your information in a customer list that we provide to selected online advertising service providers so that we can conduct audience-based advertising. This allows us to show our ads to you (if you also use those platforms) and to other users of those platforms who share similar characteristics with you. The customer list is usually hashed (to improve security and confidentiality) before it’s processed by the service provider to target and serve our ads.
The data that is collected through these cookies and other tracking technologies, or provided by us, may be combined with other data (supplied by our advertising service provider, or third parties) to improve the targeting and serving of ads.
Our online advertising service providers also help us by measuring the effectiveness of our ad campaigns (e.g. conversion tracking) and providing us with analytics data that we use to inform and optimise our ad campaigns. These analytics are based on usage data that may be collected through cookies and other tracking technologies (such as tracking pixels and web beacons). This usage data may include, for example, information about whether you visited our website (and/or submitted a query or request to be contacted) after seeing or clicking on one of our ads. The analytics data we receive is generally aggregated and non- identifying.
Our advertising service providers may also retain and use the usage data that they collect through these tracking technologies for their own purposes, which may include:
• correlating or matching the data with other data about you, if you use their services;
• analyse and optimise their algorithms, and find their members probabilistically across devices;
• improving the effectiveness of their services and advertising platforms;
• improving the user experience of, promoting and ensuring the safety and security of, and maintainingthe integrity of their products and services;
• research and development;
• optimising advertising decisioning and content personalisation;
• sharing data with selected third parties only in aggregated and anonymous form; and
• producing benchmark reports for their advertising customers.
This usage data will be stored on our advertising service provider's servers, which may be located outside of Australia. Our advertising service providers may also share the usage data to third parties, some of whom may be located in countries other than Australia.
When we use any advertising service that requires us to use or disclose your personal information, we will only do so if we are permitted to do so by applicable privacy laws. You can notify us at any time if you would like us to stop using your personal information for these targeted advertising purposes. Our contact details are set out in section 12 of this Privacy Policy.
You can also:
• Opt-out of certain online targeted advertising networks directly by visiting:
o the Digital Advertising Alliance’s opt-out portal at: http://optout.aboutads.info/; and
o the Network Advertising Initiative’s opt-out page: http://www.networkadvertising.org/managing/opt_out.asp

• view the relevant social media platform's website to learn more about how they collect and use your information and adjust your preferences regarding the types of advertising you are shown.


8. Cookies and other tracking technologies on our Website

We may use cookies and other tracking technologies (such as tracking pixels and web beacons) on our Website to collect various information about how you interact with our Website. Our Website usage data is not intended to identify any particular user, but in some cases may include personal identifiers (e.g. IP address, device IDs and session details) and details of your user interactions on our Website (e.g. what pages you visit and what you choose to click on).
When you access our Website, we may send a “cookies” (which is a small summary file containing a unique ID number) to your computer or device. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. It also enables us to keep track of products or services you view so that we can send you news about those products or services.

We also use cookies to conduct website analytics - for example, to measure traffic patterns, to determine which areas of our Website have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our Website and other online products and services. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

We may use cookies to log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the Website, track users movements, and gather broad demographic information.
We also use cookies as part of our online targeted advertising activities (see section 6 of this Privacy Policy above). If you do not wish to receive cookies, you can set your web browser or mobile device so that your browser or device does not accept them.
Most web browsers have features that allow you to manage and control the use of cookies by the sites that you visit (including ours), and to see and delete cookies stored on your device and to block cookies from all or selected sites. You can also use your mobile device settings to control your mobile advertising identifiers, which are used to track your activity across different apps and show you personalised ads. Please refer to your mobile device's documentation for further information.
Some of the tracking technologies that we use may collect data about your use of our websites without using cookies. If you wish to opt-out of data collection by these other types of tracking technologies, you may be able to do so by:
• installing and configuring appropriate ad-blockers or no-script plugins / extensions in your web browser; and
• configuring your email client (for example, by selecting settings that block the automatic display of images).

9. Accessing and correcting your personal information

You may contact our Privacy Officer (see section 12 ) to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access (which we will only do in accordance with applicable laws), we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to the personal information we hold about you.
We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.

We will respond to all requests for access to or correction of personal information within a reasonable time.

10. Overseas transfers of personal information

Some of the third parties to whom we disclose personal information may be located outside Australia. The countries in which such third party recipients are located depend on the circumstances. In the ordinary course of business we commonly disclose personal information to recipients located in Singapore, the United States and the Philippines.
Such recipients provide billing, payment, IT and other administrative services to us (including offshore data hosting and processing, data analytics, help desk and data-entry). From time to time we may also engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not
always involve a disclosure of personal information to that overseas provider.
By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agree that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles, such overseas disclosures are made on a confidential basis and we take reasonable steps to ensure such recipients comply with applicable privacy laws.
Whenever we transfer your personal information outside of Australia, we will do so in accordance with the requirements of applicable privacy and data protection laws. We may disclose your personal information to overseas recipient without your consent where permitted by the Privacy Act (and, in such circumstances, we will comply with the applicable requirements of the Privacy Act in doing so).

11. Employees

We collect information in relation to employees as part of their job application and during the course of their employment, either from the employee directly or, in some cases, from third parties such as recruitment agencies, referees, government bodies (e.g. police checks, if required) and academic and professional bodies (e.g. to validate details and currency of qualifications). 
The information we collect may include contact details, qualifications, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors and training records.
We may also collect details of disabilities, allergies and health issues that may impact the employee’s role, or which arise while on our premises or in the performance of the employee’s duties, so we can accommodate and otherwise assist the employee with any such health requirements or incidents.
We collect camera/video footage of employees while on our premises (via CCTV) and logs of the employee’s usage of our equipment (e.g. phones, computers and vehicles) on a continuous and ongoing basis using various technologies, including monitoring:
• employee attendance;
• email, internet and network use; and
• the location of our vehicles and other equipment via GPS.
Under the Privacy Act, personal information about a current or former employee may be held, used or disclosed in any way that is directly connected to the employment relationship.  We handle employee information in accordance with legal requirements and our applicable policies in force from time to time.

12. Resolving personal information concerns

If you have any questions, concerns or complaints about this Privacy Policy or how we handle your personal information, including if you believe we have breached the APPs, please contact our Privacy Officer (see section 12 ). When contacting us please provide as much detail as possible in relation to your question, concern or complaint. We take all complaints seriously and will respond to your complaint in accordance with any applicable timeframes imposed by law and otherwise within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need. If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5288, Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au

13. Contact details of Privacy Officer

The contact details for our Privacy Officer are as follows:
Postal address: 36-38 Gipps St, Collingwood VIC 3066
Telephone: 1300 848 568
Email hello@thecommons.com.au

14. Links

Our Website may contain links to other websites operated by third parties. We make no representations or warranties in relation to privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices and procedures.

15. Social media platforms

We use social media platforms such as Facebook, Instagram, TikTok,Twitter and LinkedIn to communicate with the public about our services and businesses. We may collect the information that you choose to share with us through these platforms, including photos, videos and comments and posts.
These social media platforms have their own privacy policies, and may handle your information for their own purposes. You can access the privacy policies for Facebook, Instagram, TikTok, Twitter and LinkedIn on their websites.
If you choose to use these social media platforms to communicate with us, please be mindful that certain pages within these platforms may be publicly available. We encourage you to use the privacy settings available on each platform. If you would like to contact us directly, you can do so using the contact details in section 12 .

15. Changes


We reserve the right to change the terms of thiss Privacy Policy from time to time, without notice to you. An up-to-date copy of our Privacy Policy is available on our website.