Martial Arts Australia - Industry Body Serving All Styles

MARTIAL ARTS AUSTRALIA
PRIVACY POLICY

1. Introduction

This Privacy Policy explains how Martial Arts Australia ("the Association") collects, uses, and protects your personal and health information. We are committed to meeting the Australian Privacy Principles (APPs) and the Notifiable Data Breaches (NDB) scheme.

2. Types of Information Collected

2.1 Personal Information

Names, addresses, phone numbers, emergency contacts, but do not store billing details as card details are taken securely through 'Stripe'

2.2 Sensitive (Health) Information

As an association providing some training and educational services, we may collect medical history, injury records, physical assessment data, for accessibility to a tournament, special training seminars, camps / retreats (weight, body fat %, heart rate, medication taken, allergic reactions etc), and fitness goals. MAA only uses this health information to qualify and give feedback to a participant if required for an event. Health related data is deleted after 30 days, leaving just the waiver form for insurance purposes. Collection of this data requires your express consent.

3. Purpose of Collection

Data is collected to ensure safety during training, customize seminars / workshops / camps / retreats programming, processing memberships, waiver forms, incident reporting and comply with insurance requirements.

4. Data Storage and Security

We take significant technical and organizational measures to protect data, including:

-Encryption of all digital records via our software

-Mandatory Multi-Factor Authentication (MFA) for staff access.

-Limited access (staff only see data required for their specific role).

-Our computers have 24/7 monitoring by a external IT security company.

5. Disclosure of Information

We do not sell your data. We only disclose data to third-party providers (e.g., booking software, billing platforms) who are also compliant with Australian Privacy Laws. We will not ask for your credit card details over the phone only via our ‘Stripe’ automated payment gateway when purchasing memberships, courses and events.

We will not speak to or respond to an email regarding an account, membership or other service, without the person being identified as an authorised person to speak with. If someone contacts you stating they are from our office, you may ask for verification from us as well.

6. Your Rights

You have the right to access your data, request corrections, or withdraw consent for health data tracking at any time. Under the 2026 Statutory Tort, you have a right to privacy that we are legally bound to uphold.

7. Data Breach Notification

In the event of a data breach likely to result in serious harm, we will notify you and the OAIC as soon as practicable, within the 30-day legal assessment window.

We will also employ a specialist cyber security company via our insurance, to find the hacker's access point, then pursue data suppression and recovery.