Privacy Policy
Effective Date: 25 May 2026 • Last Updated: 25 May 2026
1. About This Policy
ME&F Wellness India Private Limited (hereinafter referred to as “Spartan”, “the Company”, “we”, “us”, or “our”) operates Spartan Fitness, a fitness facility in India. We are committed to protecting the personal data of our members, visitors, and website users in accordance with applicable Indian law.
This Privacy Policy explains:
What personal data we collect and why
How we use, store, and protect your data
Your rights as a Data Principal under the DPDPA, 2023
How to contact us, withdraw consent, or raise a grievance
This Policy applies to personal data collected through our website, mobile applications, in-person interactions at our facility, membership forms, and any other services we provide. By using our services or providing your personal data to us, you consent to the practices described in this Policy.
2. Key Definitions
The following terms are used in accordance with the DPDPA, 2023:
| Term | Meaning |
| Personal Data | Any data about an individual that can be used to identify them, whether directly or indirectly. |
| Data Principal | The individual to whom personal data relates — i.e., you, our member or website user. |
| Data Fiduciary | The entity that determines the purpose and means of processing personal data — i.e., ME&F Wellness India Private Limited. |
| Data Processor | Any third party that processes personal data on behalf of the Data Fiduciary. |
| Processing | Any operation carried out on personal data, including collection, storage, use, sharing, deletion, or disclosure. |
| Consent | A freely given, specific, informed, and unambiguous affirmative action by the Data Principal signifying agreement to processing of their personal data. |
| Data Protection Board | The Data Protection Board of India, established under the DPDPA, 2023, as the regulatory authority for data protection matters. |
3. Personal Data We Collect
We collect only the personal data that is necessary for the purposes described in this Policy. The categories of personal data we may collect include:
3.1 Data You Provide Directly
- Full name
- Date of birth
- Gender
- Contact details: mobile number, email address, residential address
- Government-issued identification (Aadhaar number, PAN, passport, or other ID, where required for KYC or statutory purposes)
- Emergency contact details
- Membership preferences and fitness goals (where voluntarily provided)
- Payment information (processed via secure third-party payment gateways; we do not store full card details)
- Photographs, where required for access control or membership records
3.2 Data Collected Automatically
- IP address and device information when you visit our website
- Browser type, operating system, and pages visited
- Time, date, and duration of website visits
- Cookies and similar tracking technologies (see Section 10)
3.3 Data from Third Parties
- Referral information provided by existing members who refer you
- Data from corporate partners where you access our services through a corporate membership arrangement
4. Purposes of Processing
We process your personal data only for specified, lawful purposes. The following table sets out the purposes for which we collect and use your personal data, in accordance with Section 5 of the DPDPA, 2023:
| Purpose | Details |
| Membership management | Creating and managing your membership account, processing payments, and administering your access to the facility. |
| Service delivery | Providing gym access, fitness services, training programmes, and any ancillary services you avail. |
| Communication | Sending membership confirmations, renewal reminders, facility notices, schedule updates, and responding to your queries or complaints. |
| Safety & security | Maintaining a safe environment through access control, CCTV monitoring (where applicable), and emergency contact usage. |
| Legal & regulatory compliance | Complying with applicable laws including the Companies Act, GST obligations, and any other statutory requirement. |
| Marketing & promotions | Sending you information about offers, events, or new services at Spartan Fitness. This requires your separate, explicit consent and may be withdrawn at any time. |
| Improvement of services | Analysing usage data and member feedback to improve our services, facilities, and member experience. |
| Grievance redressal | Addressing complaints or disputes raised by you in relation to our services or your data. |
5. Consent
Under the DPDPA, 2023, we are required to obtain your free, specific, informed, unconditional, and unambiguous consent before processing your personal data.
Consent is obtained through an affirmative action — by signing our membership agreement, completing an online form, or clicking an explicit consent button. Pre-ticked boxes or implied consent do not constitute valid consent under Indian law.
You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.
If you withdraw consent for processing that is essential to provide a service, we may be unable to continue providing that service.
For marketing and promotional communications, consent is sought separately and may be withdrawn independently of your membership consent.
For members who are minors (below 18 years of age), verifiable consent will be obtained from a parent or lawful guardian before any personal data is processed, in accordance with Section 9 of the DPDPA, 2023.
6. Disclosure of Personal Data to Third Parties
We do not sell your personal data to any third party. We may disclose your personal data in the following circumstances:
6.1 Service Providers and Data Processors
- We may share your personal data with trusted third-party service providers who assist us in operating our business, subject to contractual obligations to maintain confidentiality and comply with the DPDPA, 2023. These include:
- Payment gateway and banking service providers
- IT infrastructure, software, and cloud hosting providers
- SMS and email communication platforms
- Accounting and audit service providers
- Legal and compliance advisors
6.2 Group Companies
We may share your personal data with our parent company, affiliates, or group entities for internal administrative, compliance, or reporting purposes, subject to equivalent data protection standards being maintained.
6.3 Legal and Regulatory Disclosure
We may disclose your personal data where required to do so by law, court order, or at the direction of a government or regulatory authority, including the Data Protection Board of India.
6.4 Safety Disclosures
In the event of a medical emergency or safety-related incident on our premises, we may disclose relevant personal data (including emergency contact details) to appropriate authorities or healthcare providers.
7. Cross-Border Transfers of Personal Data
Your personal data may be transferred to, stored, or processed in countries outside India where our service providers or group entities operate. Such transfers shall be made in accordance with the DPDPA, 2023 and any restrictions or conditions that the Government of India may notify from time to time under Section 16 of the Act.
We will ensure that any cross-border transfer of your personal data is made only to countries or organisations that provide an adequate level of data protection, or subject to appropriate contractual safeguards.
8. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specifically:
Membership records are retained after the expiry or termination of membership, unless a longer period is required under applicable law.
Financial and transaction records are retained in accordance with applicable tax and accounting laws.
Marketing consents and related communications are retained until you withdraw your consent.
CCTV footage (where applicable) is retained for a period of [30] days or more and thereafter securely deleted, unless required for an ongoing investigation.
9. Security of Personal Data
We implement reasonable technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, loss, or destruction. These measures include:
Encryption of data in transit and at rest where applicable
Access controls limiting personal data access to authorised personnel only
Secure storage of physical records
Regular review of our data handling and security practices
In the event of a personal data breach that is likely to result in harm to you, we will notify both the Data Protection Board of India and you as soon as practicable and in any event within 72 hours of becoming aware of the breach, in accordance with Section 8(6) of the DPDPA, 2023. The notification will include the nature of the breach, the data affected, and the steps we are taking to address it.
10. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance your browsing experience and gather analytical data. Cookies are small data files stored on your device.
We use the following types of cookies:
Essential cookies — necessary for the basic functioning of the website.
Analytical cookies — help us understand how visitors use our website so we can improve it (e.g., Google Analytics).
Marketing cookies — used to deliver relevant promotional content, where you have consented.
You may control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website. Where required under applicable law, we will seek your consent before placing non-essential cookies on your device.
11. Children’s Personal Data
We are committed to protecting the personal data of children. In accordance with Section 9 of the DPDPA, 2023:
We do not knowingly collect personal data from individuals below the age of 18 without obtaining verifiable consent from their parent or lawful guardian.
Where a member is below 18 years of age, the parent or guardian must complete the membership registration and provide consent on behalf of the child.
We do not process children’s data in a manner that is detrimental to their well-being or for purposes of behavioural tracking or targeted advertising.
If we become aware that personal data has been collected from a child without appropriate parental consent, we will take immediate steps to delete such data.
12. Grievance Officer
In accordance with the DPDPA, 2023 and DPDP Rules, 2025, we have designated a Grievance Officer to address any queries, concerns, or complaints relating to the processing of your personal data.
If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India at: https://www.meity.gov.in (or such URL as notified by MeitY from time to time).
14. Third-Party Links
Our website may contain links to external websites or services not operated by us. We have no control over and accept no responsibility for the content, privacy policies, or practices of any third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our business, legal requirements, or regulatory developments. Where we make material changes, we will:
Update the “Last Updated” date at the top of this Policy
Post the revised Policy on our website and in our facility
Where required under the DPDPA, 2023, seek fresh consent from you for any new purposes of processing
We encourage you to review this Policy periodically. Your continued use of our services after the posting of an updated Policy constitutes your acceptance of the changes, to the extent permitted by law.
16. Governing Law
This Privacy Policy is governed by and shall be construed in accordance with the laws of India. Any disputes arising under or in connection with this Policy shall be subject to the jurisdiction of the courts at India, and to the authority of the Data Protection Board of India as applicable under the DPDPA, 2023.
17. Contact Us
For any questions, requests, or concerns regarding this Privacy Policy or the handling of your personal data, please contact:
ME&F Wellness India Private Limited
Website: https://spartan.in
Email: info@spartan.fitness
Mobile: 080090 05009