PRIVACY POLICY
Effective Date: July 2026
Focus Boutique Fitness Limited (“FOCUS”, “we”, “us” or “our”) respects your privacy and is committed to protecting the personal data that we collect, hold, process and use.
This Privacy Policy explains how we handle personal data when you:
- visit focuscycle.com.hk;
- create or use a FOCUS account;
- use our mobile application or booking platform;
- purchase a package or membership;
- book or attend a class, event or private session;
- visit or communicate with our studios;
- contact us through email, telephone, WhatsApp, social media or other channels; or
- otherwise use any service provided by FOCUS.
This Privacy Policy should be read together with our Terms and Conditions and any Personal Information Collection Statement provided at the time personal data is collected.
1. WHO WE ARE
The data user responsible for your personal data is:
Focus Boutique Fitness Limited
Website: https://focuscycle.com.hk
Business location: Hong Kong
Privacy enquiries, data access requests and correction requests should be submitted through the official contact details published on our website.
2. PERSONAL DATA WE MAY COLLECT
Depending on how you interact with us, we may collect the following categories of personal data.
Identity and Contact Information
This may include:
- full name;
- date of birth or age range;
- gender, where voluntarily provided;
- telephone number;
- email address;
- residential or correspondence address;
- emergency contact details;
- account username or membership number; and
- identity or student-status verification information where required for a specific package.
Account and Booking Information
This may include:
- account login information;
- class bookings and cancellations;
- waitlist records;
- attendance and no-show history;
- purchased packages and memberships;
- package activation and expiry dates;
- instructor, bike or reformer selections;
- class preferences;
- transaction history; and
- records of account sharing under eligible shareable packages.
Payment and Transaction Information
This may include:
- payment status;
- transaction date and amount;
- payment method;
- invoice or receipt details;
- billing information;
- payment reference numbers; and
- limited payment information received from payment processors.
We generally do not directly store complete payment-card information where payment is processed by an independent payment provider.
Health and Safety Information
Where relevant to your participation or voluntarily provided by you, we may collect:
- information concerning injury, pregnancy or physical limitations;
- medical clearance documents;
- doctor’s letters;
- package-freeze requests;
- incident reports;
- accessibility requirements; and
- other health-related information necessary to assess participation or respond to an emergency.
You should only provide health information that is reasonably necessary for these purposes.
Communications
We may retain records of communications made through:
- email;
- telephone;
- WhatsApp;
- website forms;
- mobile applications;
- social media;
- customer-service platforms; and
- in-person communications with our staff.
Website and Device Information
When you visit our website or use a digital service, we may automatically collect:
- IP address;
- browser type and version;
- device type;
- operating system;
- approximate location derived from technical data;
- referring website;
- pages visited;
- access date and time;
- cookie identifiers;
- session information; and
- interactions with website features and advertisements.
Images, Video and CCTV
Our studios may use CCTV for security, incident investigation, safety and property-protection purposes.
Photography or video recording may also take place during certain classes, events or promotional activities. Where reasonably practicable, we will provide notice and give members an opportunity to inform staff if they do not wish to appear.
3. HOW WE COLLECT PERSONAL DATA
We may collect personal data:
- directly from you;
- when you register for an account;
- when you purchase or book a service;
- when you attend a studio or event;
- when you complete a waiver, form or survey;
- when you contact our customer-service team;
- through our website, applications and cookies;
- through Mindbody or another authorised booking platform;
- from payment providers;
- from an authorised person making a booking for you;
- from social-media platforms where you communicate with us; or
- from other lawful sources.
Where another person makes a booking for you, that person should ensure that they are authorised to provide your personal data to us.
4. PURPOSES FOR WHICH WE USE PERSONAL DATA
We may collect, hold, process and use personal data for the following purposes:
Providing Our Services
- creating and managing accounts;
- processing purchases and payments;
- administering packages and memberships;
- managing bookings, cancellations and waitlists;
- recording class attendance;
- arranging private or group sessions;
- providing customer support;
- verifying eligibility for offers or student packages;
- operating shareable packages; and
- providing receipts, confirmations and service notices.
Studio Operations and Safety
- managing studio access;
- allocating bikes, reformers and equipment;
- supporting instructors in providing safe classes;
- responding to medical incidents or emergencies;
- reviewing accidents, complaints or safety concerns;
- handling lost-property enquiries;
- protecting members, staff, premises and equipment; and
- enforcing our Terms and studio policies.
Business Administration
- accounting, auditing and financial reporting;
- fraud prevention;
- debt recovery;
- resolving disputes;
- handling complaints;
- maintaining internal records;
- staff training and quality assurance;
- business analysis and service improvement;
- legal and regulatory compliance; and
- establishing, exercising or defending legal rights.
Digital Services
- operating and maintaining our website and applications;
- troubleshooting technical problems;
- maintaining website security;
- preventing unauthorised access;
- understanding how visitors use our services;
- measuring website performance; and
- improving the user experience.
Communications and Marketing
Subject to applicable requirements, we may use your contact details to:
- provide service announcements;
- send class or booking reminders;
- notify you about package expiry;
- provide operational updates;
- send newsletters;
- promote classes, packages, events and offers;
- request feedback; and
- provide information about related FOCUS services.
Service-related communications are not necessarily marketing communications and may still be sent where reasonably necessary to administer your account, booking or purchase.
5. WHETHER PROVIDING PERSONAL DATA IS VOLUNTARY
Unless otherwise indicated, providing personal data is generally voluntary.
However, certain information is necessary for us to:
- create an account;
- process a payment;
- confirm a booking;
- provide a service;
- verify package eligibility;
- contact you concerning your booking;
- respond to an emergency; or
- comply with legal obligations.
If you do not provide required information, we may be unable to open or maintain your account, process your purchase, accept your booking or provide the requested service.
6. DIRECT MARKETING
We may use your name, telephone number, email address, account information, booking history, class interests and package information to provide direct marketing concerning:
- indoor cycling;
- Reformer Pilates;
- private training;
- fitness classes;
- studio events;
- memberships;
- class packages;
- promotions;
- wellness-related services; and
- other services offered by FOCUS.
We will not use personal data for direct marketing unless we have provided the required information and obtained your consent or indication of no objection as required by applicable law.
You may withdraw your consent or request that we stop using your personal data for direct marketing at any time and without charge by:
- using the unsubscribe link in an email;
- changing available communication preferences;
- replying to the relevant communication; or
- contacting us through our official customer-service channel.
Stopping marketing communications will not prevent us from sending essential operational, account, payment, safety or booking-related communications.
7. COOKIES AND SIMILAR TECHNOLOGIES
Our website may use cookies, pixels, local storage and similar technologies.
Cookies are small files stored on a user’s device and may be used to recognise a browser, remember preferences, maintain sessions, analyse website usage and support advertising. Whether cookie information constitutes personal data depends on whether it can identify an individual directly or indirectly.
We may use the following types of cookies:
Essential Cookies
These are necessary for website operation, security, account login, booking functions, payment processes and user preferences.
Functional Cookies
These help remember settings, language choices and other preferences.
Analytics Cookies
These help us understand website traffic, page performance and user interactions.
Advertising and Social Media Cookies
These may support advertising measurement, campaign performance, embedded social content and customised advertising, subject to applicable consent requirements.
You may manage or block cookies through your browser settings. Blocking certain cookies may prevent some website, account or booking functions from operating correctly.
Where information collected through cookies is used for direct marketing, we will comply with applicable notification and consent requirements.
8. COMMENTS AND USER-SUBMITTED CONTENT
Where website comments, reviews or public submissions are enabled, we may collect:
- information entered in the form;
- the visitor’s IP address;
- browser information; and
- other information used for security and spam detection.
Content submitted to a public area may become visible to other users. You should not submit sensitive, confidential or third-party personal data in a public comment.
Comments may be checked using an automated spam-detection service.
9. MEDIA UPLOADS
Where users are permitted to upload photographs or other media, they should remove embedded location information, including EXIF GPS data, before uploading.
Other website visitors may be able to download publicly available images and extract embedded metadata.
10. EMBEDDED CONTENT AND EXTERNAL WEBSITES
Our website may contain embedded or linked content from third parties, including:
- videos;
- maps;
- social-media posts;
- booking widgets;
- payment services;
- analytics tools; and
- external websites.
Third-party content may collect information, place cookies or monitor interactions as if you had visited the third party’s website directly.
Third parties operate under their own privacy policies. We are not responsible for the privacy practices of an independent third-party website or service.
11. WHO WE MAY SHARE PERSONAL DATA WITH
We may disclose personal data, where reasonably necessary, to the following classes of recipients:
- our directors, employees, instructors and authorised contractors;
- related or affiliated entities;
- Mindbody and other booking-system providers;
- website-hosting and technical-service providers;
- payment processors and financial institutions;
- email, messaging and customer-support providers;
- analytics, advertising and social-media providers;
- professional advisers, including accountants, auditors, insurers and legal advisers;
- landlords, building management or security providers where required for safety or access;
- medical or emergency-service providers;
- law-enforcement agencies, regulators, courts or government authorities;
- debt-collection or fraud-prevention providers;
- prospective purchasers, investors or advisers involved in a corporate transaction; and
- other persons where you have authorised disclosure or where disclosure is permitted or required by law.
We do not sell personal data as an independent commercial product.
Service providers are expected to process personal data only for authorised purposes and to apply appropriate confidentiality and security safeguards.
12. CROSS-BORDER PROCESSING
Some booking, hosting, payment, analytics, communications or cloud-service providers may process or store personal data outside Hong Kong.
Where personal data is processed outside Hong Kong, it may be subject to the laws of another jurisdiction.
We will take reasonably practicable steps to select appropriate service providers and protect personal data through contractual, organisational or technical measures where appropriate.
13. DATA RETENTION
We retain personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including:
- providing services;
- maintaining transaction and attendance records;
- resolving disputes;
- responding to complaints;
- enforcing agreements;
- satisfying accounting, tax, insurance and legal requirements; and
- protecting legitimate business interests.
The Personal Data (Privacy) Ordinance’s Data Protection Principles provide that personal data should not be retained longer than necessary for its permitted purposes.
Different types of data may be retained for different periods.
When personal data is no longer reasonably required, we may securely erase, destroy or anonymise it, subject to legal, regulatory, contractual or legitimate record-keeping requirements.
Comments and associated metadata may be retained while necessary for moderation, fraud prevention and recognising follow-up comments.
CCTV footage is generally retained for a limited period unless it is required for an incident, investigation, dispute or legal purpose.
14. DATA ACCURACY
We take reasonably practicable steps to ensure that personal data is accurate, complete and up to date for the purposes for which it is used.
You are responsible for keeping your account and contact information current.
Please notify us promptly if your name, telephone number, email address, emergency contact or other relevant information changes.
15. DATA SECURITY
We take reasonably practicable organisational, administrative and technical measures to protect personal data against:
- unauthorised or accidental access;
- processing;
- erasure;
- loss;
- use;
- disclosure; and
- modification.
Such measures may include access controls, account authentication, staff confidentiality obligations, system monitoring, restricted access, data backups and service-provider controls.
No online platform, electronic transmission or storage system is completely secure. You should protect your password, avoid sharing account access and notify us promptly if you suspect unauthorised access.
The PCPD’s published policy similarly describes protection against unauthorised or accidental access, processing, erasure, loss or use as an important personal-data security practice.
16. DATA BREACHES
Where we become aware of a personal-data security incident, we may:
- investigate the incident;
- take containment and remedial measures;
- assess potential risks;
- notify affected persons where appropriate;
- notify relevant authorities where required or appropriate; and
- review our safeguards and procedures.
17. CHILDREN AND MINORS
Our services are not intended to be purchased independently by persons who do not have legal capacity to enter into a contract.
A person under 18 may only participate with the required consent of a parent or legal guardian and subject to our class-specific age and safety requirements.
Where a parent or guardian provides a minor’s personal data, they confirm that they are authorised to do so.
18. YOUR RIGHTS
Subject to the Personal Data (Privacy) Ordinance and applicable exceptions, you may request:
- confirmation as to whether we hold your personal data;
- access to personal data held by us; and
- correction of inaccurate personal data.
The right to request access to and correction of personal data is recognised under Data Protection Principle 6.
A request should include sufficient information to verify your identity and identify the relevant records.
We may require a written request, identity verification and payment of a reasonable fee where permitted by law.
We may refuse or limit a request where permitted or required by law and will provide the applicable reason where required.
Requests should be submitted through the official privacy contact details published on our website.
19. ACCOUNT INFORMATION
Registered users may be able to review or update certain information through their account.
Users may not always be able to delete all account information immediately where records must be retained for:
- transactions;
- bookings;
- legal compliance;
- fraud prevention;
- dispute resolution;
- accounting; or
- security purposes.
A request to close an account does not automatically require deletion of all associated records.
20. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in:
- our services;
- our technology;
- our business operations;
- legal requirements;
- booking platforms; or
- data-handling practices.
The updated version will be published on our website with a revised effective date.
Material changes may also be communicated through email, our application, booking platform or another reasonable channel.
21. CONTACT US
For privacy questions, direct-marketing opt-out requests, data access requests, correction requests or complaints concerning our handling of personal data, please contact:
Focus Boutique Fitness Limited
Website: https://focuscycle.com.hk
Email: [info@fitnesspanda.hk]
Address: [Shops L708-L709 , The ONE, No. 100 Nathan Road, Tsim Sha Tsui, Kowloon, Hong Kong]
Please include sufficient details to allow us to identify and respond to your request.
PERSONAL INFORMATION COLLECTION STATEMENT
When you provide personal data to Focus Boutique Fitness Limited, the information may be used for:
- account registration;
- booking and attendance management;
- package and membership administration;
- payment processing;
- customer service;
- safety and emergency management;
- verification and fraud prevention;
- legal and regulatory compliance;
- service improvement; and
- direct marketing where the required consent has been obtained.
Providing information marked as mandatory is necessary for the relevant service. Failure to provide it may prevent us from processing your registration, purchase, booking or request.
Personal data may be disclosed to the classes of persons stated in this Privacy Policy, including booking, payment, technology, professional and operational service providers.
You may request access to and correction of your personal data by contacting us through the official details above.
For direct marketing, you may withdraw your consent or opt out at any time and without charge through the unsubscribe method provided or by contacting us.

