1. Introduction

Your confidentiality is of paramount importance to us at Kor Klub. This Privacy Policy outlines how we collect, use, protect, and manage your personal information across all touchpoints—whether online through our website, mobile app, or third-party booking platforms like Mindbody, or offline during in-studio interactions and events.

Kor Klub is committed to creating a safe, empowering, and transparent wellness environment. This policy reflects our ethical commitment to protecting your privacy and our compliance with applicable data protection laws, including the Information Technology Act (India) and relevant international standards.

This document governs all personal data collected in connection with:

• Visiting our website

• Booking and attending classes or events

• Engaging with us on social media or via email/telephone

• Making purchases or enrolling in subscriptions

• Participating in surveys, promotions, or CCTV-monitored studio spaces

Our goal is to help you make informed decisions about the information you choose to share with us. By using our services, you agree to the practices described in this Privacy Policy. We encourage you to read it carefully and revisit it periodically for any updates.

2. Information We Collect and When

We only collect information that is necessary for us to provide our services, ensure your safety and comfort, and improve your experience at Kor Klub. We collect personal information directly from you when you:

• Create an account or register via our website, app, or booking partners like Mindbody

• Book or attend classes, workshops, consultations, or events

• Purchase class packs, memberships, or retail items

• Communicate with us via email, phone, WhatsApp, or social media

• Participate in promotions, feedback forms, surveys, or waitlists

• Enter Kor Klub premises equipped with CCTV systems

The categories of personal data we may collect include:

• Identification & Contact Information: Name, email, phone number, address

• Account Details: Login credentials, membership plans, booking history

• Payment Information: Cardholder name, masked card details (via secure third-party gateways)

• Health & Fitness Information: Voluntary disclosures on injuries, medical history, pregnancy, or physical limitations

• Device & Usage Data: IP address, browser type, device information, site interactions

• Location Preferences: Preferred studio location(s), classes attended

• Marketing Preferences: Opt-in/opt-out records for communications

We do not collect sensitive personal data (e.g., Aadhaar, religious or biometric data) unless explicitly required and consented.

You are under no statutory or contractual obligation to provide us with this data. However, refusal to do so may affect your ability to access our services.

3. How We Use Your Information

Your personal data is processed lawfully and transparently under the principles of the DPDP Act 2023, and only for purposes relevant to your experience at Kor Klub. Specifically, we use your information to:

• Create and manage your user account

• Process payments and deliver services you’ve requested

• Contact you regarding class bookings, reminders, or studio updates

• Personalize your wellness journey based on your preferences and fitness goals

• Provide customer support and address feedback or complaints

• Notify you about promotions, new offerings, or events (only if you opt in)

• Improve our platform and service delivery through performance analytics

• Monitor the premises through CCTV for safety, loss prevention, and incident tracking

We may also anonymize your data and use it for statistical research and internal performance metrics to better understand customer behavior and improve our offerings.

We do not use your data for automated decision-making or profiling without your knowledge or consent

4. Who We Might Share Your Information With

We will never sell or rent your personal data. We only share your information with trusted third parties under strict confidentiality and data protection standards, and only when necessary to fulfill our services, legal obligations, or operational needs.

We may share your information with the following categories of service providers:

• Mindbody Online
   Our booking and customer management platform. Your name, email, class attendance, purchase history, and account data are securely stored and processed in accordance with global data protection standards (including GDPR and relevant Indian guidelines).

• Razorpay
   Our secure payment gateway for processing online transactions. When making a purchase, your payment information (such as card details or UPI ID) is handled directly by Razorpay through their encrypted and PCI-DSS compliant infrastructure. Kor Klub does not store your full card details.

• Google Services (Analytics & Ads)
   We use tools like Google Analytics and Google Ads to understand how users engage with our website and optimize the digital experience. Information such as device type, time spent on pages, and IP address may be anonymized and shared with Google in aggregate form. You may manage cookie settings via your browser.

• Email and Communication Platforms
   For sending transactional messages (like class confirmations) and promotional content (if you've opted in), your email address and preferences may be securely stored with email automation providers integrated through Mindbody.

• Technology & Security Partners
   Our infrastructure is supported by IT service providers and cloud hosting platforms who help ensure the uptime, performance, and security of our systems.

• Legal or Regulatory Authorities
   We may disclose personal data when required to comply with applicable laws, court orders, or government requests, or to defend our legal rights.

We ensure that any data shared with third parties is limited to the minimum necessary for the relevant purpose, and governed by contracts that require all partners to maintain confidentiality, use the data solely for its intended purpose, and implement appropriate security safeguards.

5. Electronic Communications

Kor Klub may contact you electronically via:

• Email, SMS, WhatsApp, or push notifications through our app

• Communication platforms integrated through third-party services such as Mindbody

These communications may include:

• Class confirmations and reminders

• Payment receipts and account updates

• Studio schedule changes or operational notices

• Responses to customer service inquiries

• Wellness guidance or feedback follow-ups

• Promotional content (with your explicit consent)

Your Rights and Responsibilities:

• By providing your contact information, you consent to receive essential communications required to deliver the services you request.

• You may opt out of promotional and marketing communications at any time by:

  • Clicking “unsubscribe” at the bottom of any marketing email

  • Replying with “STOP” to WhatsApp or SMS messages

  • Adjusting your communication preferences in your Kor Klub profile (when available)

Please note: You cannot opt out of essential service messages, such as class confirmations, payment alerts, or safety notices, as they are necessary for the delivery of your services.

Kor Klub is not liable for unauthorized access or delays caused by outdated or incorrect contact information provided by you. If you receive a message in error, please inform us immediately and delete it from your device.

6. Cookies and Tracking Technologies

Our website and booking platform may use cookies, pixels, and similar tracking technologies to improve your user experience, measure website performance, and deliver personalized content.

What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They help us:

• Recognize you on your next visit

• Store your preferences (e.g., language, location)

• Track usage patterns to improve navigation and features

• Monitor the performance of our marketing campaigns

Cookies do not give us access to your device or personal files.

Types of Cookies We Use:

• Essential Cookies: Required for website functionality (e.g., secure logins, bookings)

• Performance Cookies: Help us understand how users navigate our site (e.g., via Google Analytics)

• Functionality Cookies: Store your preferences to personalize your experience

• Marketing Cookies: Used with third parties like Google and Facebook to show you relevant ads based on past visits or interactions

Third-Party Technologies:

We may allow trusted third parties to place cookies and track technologies on our site. These include:

• Google Analytics: Tracks website performance and visitor behavior (aggregated and anonymized)

• Facebook Pixel / Meta Ads: Measures conversions from advertising campaigns

• Mindbody Online: May set session cookies when you interact with booking tools

You can read their privacy policies here:

• Google Privacy & Terms

• Meta Privacy Center

• Mindbody Privacy Policy

Managing Your Preferences:

You can control or delete cookies anytime via your browser settings. Most browsers allow you to:

• Block cookies by default

• Clear cookies manually

• Notify you when a cookie is set

However, disabling certain cookies may impact your experience, especially with booking and payment functions.

7. Marketing Preferences and User Rights

At Kor Klub, we respect your privacy and offer you full control over how your personal information is used for promotional purposes.

Marketing Communications

We may send you updates about:

• New classes, workshops, or wellness programs

• Limited-time offers or discounts

• Studio announcements or seasonal campaigns

• Wellness tips and curated content relevant to your fitness goals

These communications may be sent via:

• Email

• WhatsApp

• SMS

• App notifications

You will only receive promotional content if you have explicitly opted in at the time of sign-up or through your account preferences.

You have the right to withdraw your consent at any time.
 You can unsubscribe or change your preferences by:

• Clicking the “unsubscribe” link at the bottom of any marketing email

• Contacting us at hello@korklub.com

Please note: Essential service communications (e.g., class confirmations, payment receipts, safety notices) will still be sent even if you opt out of promotional messages.

Your Privacy Rights

You have several rights under applicable Indian privacy laws, including the Digital Personal Data Protection Act, 2023. These include the right to:

1. Access – Request a copy of the personal data we hold about you

2. Rectification – Request correction of inaccurate or incomplete data

3. Erasure – Ask us to delete your data where it’s no longer necessary for the purpose

4. Objection – Object to processing of your data for marketing or profiling purposes

5. Restriction – Request that we temporarily pause the processing of your data

6. Data Portability – Request transfer of your personal data to another service provider

7. Withdraw Consent – Revoke your consent at any time (without affecting prior lawful use)

To exercise any of these rights, please email us at hello@korklub.com We aim to respond within 15 working days, as required by Indian data protection norms.

If you are not satisfied with our response, you may escalate your concern to the Data Protection Board of India under the DPDP Act.

8. Data Security

At Kor Klub, we are committed to protecting the personal and sensitive data you entrust to us. We implement a comprehensive range of digital and physical security measures to ensure your information remains private and secure.

Digital & System Security

• Encryption in Transit and at Rest: All sensitive data, including booking details and payment information (processed via Razorpay), is encrypted using industry-standard SSL/TLS protocols.

• Secure Hosting and Firewalls: Data is stored on encrypted servers protected by firewalls and real-time monitoring systems.

• Role-Based Access Control: Only authorized personnel have access to customer data, restricted by operational roles and verified credentials.

• Regular Audits: We perform internal reviews and system updates to strengthen data security and eliminate potential vulnerabilities.

• Data Breach Protocol: In the unlikely event of a data breach:

  • Affected individuals will be notified promptly

  • Corrective steps will be taken immediately

  • Regulatory authorities (such as the Data Protection Board of India) will be informed in accordance with the DPDP Act, 2023

• Account Safety: We advise all users to keep their login credentials private and to use strong, unique passwords. Kor Klub will never request your password via email, WhatsApp, or phone.

Physical Studio Security: CCTV & Visitor Logs

To ensure a safe and secure environment for clients, instructors, and staff, Kor Klub studios may be equipped with CCTV cameras that operate in accordance with lawful purposes, including:

• Crime prevention and deterrence

• Incident response and investigation

• Ensuring safety of property and individuals

• Monitoring unauthorized or suspicious activity

CCTV Footage Handling:

• Recorded footage is stored securely on encrypted hard drives or secured cloud storage

• Access is restricted to authorized personnel and studio management

• Footage is retained for up to 30 days unless required longer for legal purposes

• No audio is recorded unless explicitly stated or permitted under law

• Footage will never be shared with third parties, except as required by law enforcement

Visitor Logs:

• All non-member visitors (vendors, service personnel, guests) may be asked to sign in at the front desk

• Visitor logs are stored securely and only accessed by studio management when necessary

• These records are maintained for security auditing purposes and not used for marketing or profiling

 9. Processing of Children’s Personal Date

Kor Klub acknowledges its obligations under the DPDP Act with respect to the processing of personal data relating to children. Kor Klub does not knowingly collect, process, or retain personal data of children without first obtaining parental or legal guardian consent, as required under Section 9 of the DPDP Act. Such consent shall be obtained prior to collection or processing of any personal data and shall be retained as a record for lawful processing. 

In the event Kor Klub becomes aware that personal data of a child has been collected without the necessary verifiable consent, all reasonable steps shall be taken to cease the processing and permanently delete such data without undue delay. 

Further Kor Klub undertakes that: 

• No tracking, behavioral monitoring, targeted advertising, or profiling shall be conducted in respect of any child whose data is processed at Kor Klub. 

• The processing of children’s personal data shall be limited to the specific purpose for which such data was collected, and Kor Klub will ensure that such processing is fair, lawful, and secure. 

Parents or lawful guardians of a child whose personal data is collected or processed by the Kor Klub shall have the rights enumerated under Clause 7 and Clause 12 of this Privacy Policy, in addition to any other law for the time being in force with respect to such data collected. 

10. Data Retention and Disposal

Kor Klub retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required under applicable Indian laws. This includes:

• Delivering the services you’ve requested

• Meeting legal, financial, and contractual obligations

• Ensuring service continuity, safety, and accountability

Typical Retention Timeframes:

Note: These timeframes may be adjusted if otherwise mandated by law, regulation, or audit requirements.

Secure Disposal of Data

Data that is no longer needed is securely disposed of:

• Digital data is deleted, anonymized, or purged from our servers and cloud partners.

• Physical documents are securely shredded or destroyed.

• Where applicable, third-party providers (e.g., Mindbody, Razorpay) are instructed to delete corresponding records.

11. Data Breach Notification & Response

Kor Klub takes all reasonable precautions to protect your personal data. However, in the unlikely event of a personal data breach — such as unauthorized access, loss, alteration, or disclosure — we are committed to responding swiftly and transparently.

What Happens in Case of a Breach:

If a data breach occurs, we will:

• Immediately assess the situation to contain and investigate the breach

• Notify affected individuals without undue delay, if there is a risk of harm

• Report the breach to the Data Protection Board of India (DPBI) within the legally required time frame, as per the Digital Personal Data Protection Act, 2023

• Work with third-party vendors (e.g., Mindbody, Razorpay) if they are involved in the breach

• Take corrective actions to secure systems and prevent future incidents

What You Can Expect:

If your data is affected by a breach:

• You will be informed of the nature and scope of the incident

• We will share the categories of personal data involved

• You’ll receive guidance on protective measures you can take

• We’ll provide a dedicated contact point for support

Prevention First:

Our breach-prevention approach includes:

• Encrypted data storage and transmission

• Firewalls, role-based access controls, and multi-factor authentication

• Staff training and audit protocols

• Immediate revocation of compromised credentials

12. Your Rights, Complaints, and Contact Information

At Kor Klub, we respect your right to privacy and are committed to helping you exercise control over your personal data.

Your Rights Under the Law

You have the following rights under the Digital Personal Data Protection Act, 2023 (India), and we are committed to honoring these:

1. Right to Access: You can request a copy of your personal data held by us.

2. Right to Correction: You can ask us to update or correct any inaccuracies in your data.

3. Right to Erasure: You may request that we delete your data when it is no longer necessary for the purpose it was collected.

4. Right to Withdraw Consent: You may withdraw your consent for data processing at any time (e.g., unsubscribe from marketing).

5. Right to Data Portability: Where applicable, you can request that your data be transferred to another service provider.

6. Right to Grievance Redressal: You have the right to file a complaint with us if you believe your rights have been violated.

Note: These rights are subject to certain conditions and legal obligations. In some cases, we may need to retain limited information to comply with regulatory or contractual obligations.

How to Contact Us

To exercise your rights or to raise a privacy-related concern, please contact our team:

Email: hello@korklub.in
 Mail:
 Kor Klub (Elanora India Pvt. Ltd.)
 5th Floor, Plot No. 702,
 The Eternity, Road No. 36,
 Jubilee Hills, Hyderabad – 500033
 India

We aim to respond to all valid requests within 15 working days. You may be asked to verify your identity before your request is processed.

Escalation

If you are not satisfied with our response, you may escalate your concern to the Data Protection Board of India (DPBI), which is the regulatory authority under the DPDP Act, 2023.

Last Updated

This Privacy Policy was last updated on 18th June 2025. We may revise this policy from time to time. Material changes will be communicated through email or posted clearly on our website and booking platforms.