Privacy Policy
This Privacy Policy explains how MTM Group ("MTM", "we", "us", "our") collects, uses, stores and shares personal information when you use the VO2 Ladies mobile application (the "App"). The App is operated for members and guests of the VO2 Ladies club in Qatar.
By creating an account or using the App, you confirm that you have read and understood this Policy. If you do not agree with it, please do not use the App.
1. Who we are
Controller: MTM Group, operator of VO2 Ladies (the "Club"), Qatar.
Data Protection contact: privacy@vo2gym.qa
General support: support@vo2gymqa.com
2. Information we collect
We only collect what we need to register you, run your membership, and operate the Club services in the App.
2.1 Information you provide
| Category | Examples | When collected |
|---|---|---|
| Account identity | First name, last name, gender, date of birth, nationality. | Registration / member activation. |
| Contact information | Email address, mobile number (with country code), Qatar ID (QID), guardian name (when applicable). | Registration / profile update. |
| Credentials | Password (transmitted to our backend, never stored on the device in plain text), one-time verification codes (OTP). | Registration, login, password reset, member activation. |
| Profile photo | An image you choose to upload as your member photo. | Optional, from the Profile screen. |
| Preferences | Language (English / Arabic), appearance (light / dark / auto), unit preference. | Settings screen. |
| Communications | Messages you send us via in-app WhatsApp or email shortcuts. | When you tap the help / contact links. |
2.2 Information generated by your use of the App
| Category | Examples | Purpose |
|---|---|---|
| Membership & activity | Membership plan, start / expiry dates, class bookings, attendance, PT packages, class credits, day passes, InBody assessments returned by our backend. | To operate your membership and show the right information in the App. |
| Location at check-in | Approximate or precise device location (latitude / longitude) captured only at the moment you tap "Check in". | To verify you are physically at a VO2 Ladies branch before recording a check-in. Coordinates are sent once per check-in to our backend for distance validation and are not stored on the device. |
| Authentication tokens | API key and API secret returned by the backend after login. | Stored locally on your device (system secure preferences) so you stay signed in. Cleared when you sign out. |
| Last used email | The email you last signed in with. | Stored locally to prefill the login form. Never your password. |
| Cached branch contact info | Branch phone, WhatsApp, email, location (public Club information). | Cached locally for up to 7 days so the contact screen works offline. |
2.3 Information we do not collect
- We do not embed third-party advertising or analytics SDKs in the App.
- We do not collect advertising identifiers (IDFA / AAID).
- We do not access your camera roll, contacts, calendar, microphone, or files.
- We do not track your background location. Location is requested only while you are using the App and only at the moment of check-in.
- We do not handle, see, or store your full card number — payments happen on the payment provider's own page (see Section 5).
3. Why we use your information
- To create and manage your member account.
- To verify your identity at login, registration and password reset (including email and WhatsApp OTP delivered through our partner WATI).
- To let you book group classes, personal training, day passes and other Club services.
- To validate that you are at a VO2 Ladies branch before recording a check-in.
- To display your activity history, attendance, streaks, InBody trends and packages.
- To enable in-app payment flows by handing you off to our payment provider.
- To respond when you contact us through the in-app WhatsApp or email links.
- To keep the App secure, prevent abuse, and meet our legal and accounting obligations in Qatar.
4. Legal basis
We process personal information under the following bases (consistent with Qatar Law No. 13 of 2016 concerning Personal Data Privacy Protection and any successor legislation):
- Performance of a contract — to provide the membership and services you have signed up for.
- Consent — for optional features such as enabling location at check-in, uploading a profile photo, or receiving optional communications. You can withdraw consent at any time.
- Legitimate interest — to keep the App and your account secure, to prevent fraud, and to operate the Club efficiently.
- Legal obligation — to comply with tax, accounting and other obligations applicable to the Club.
5. Payments
The App does not process card payments itself. When you check out, the App opens the secure payment page of our payment provider (SkipCash / QPay) in your browser. Your card details are entered there and are handled by the provider in line with PCI-DSS standards. We only receive the payment status (paid / pending / failed) and an order reference, which are linked to your member account.
6. Sharing of information
We do not sell your personal information. We share it only with parties that help us operate the App and the Club, under contracts that require them to protect it:
- MTM backend system — our internal system that stores your member record. Access is restricted to authorised MTM staff on a need-to-know basis.
- Payment processor — SkipCash / QPay, to take payment for memberships, packages, day passes and other purchases.
- WhatsApp messaging gateway (WATI) — to deliver one-time verification codes to your mobile number.
- Email delivery service — to deliver one-time verification codes, receipts and account notices to your email address.
- Hosting and infrastructure providers — that store the backend database and uploaded files on our behalf.
- Government, regulators, or law enforcement — when required to do so by Qatari law, a valid court order, or a lawful request.
- Successors — in the event of a merger, acquisition or sale of MTM Group, your information may transfer with the business, and you will be notified.
7. International transfers
Our primary servers are operated for the Qatar market. Some of the service providers listed above (for example email or WhatsApp messaging) may process information outside Qatar. Where that happens, we use providers that apply appropriate technical and contractual safeguards.
8. Data retention
- Your member profile and transactional history are kept for as long as you have an active account, plus the period required by Qatari accounting and tax law (typically up to 10 years for financial records).
- Locally stored login tokens are kept on your device until you sign out or uninstall the App.
- The cached branch contact info is kept on your device for up to 7 days.
- Check-in coordinates are used only to validate the check-in at the time it is created and are not retained as a live location history.
- If you ask us to delete your account, we will delete or anonymise personal data that is no longer required for a lawful purpose, within a reasonable period.
9. Security
We use industry-standard measures to protect your information:
- All traffic between the App and our backend is sent over HTTPS / TLS.
- Passwords are never stored on the device in plain text. The App holds only an API key and API secret returned after a successful login.
- OTP codes expire after a short period and can only be used once.
- Access to the backend is restricted to authorised staff on a need-to-know basis.
No system is completely secure. If we become aware of a security incident that affects your data, we will notify you and the competent authority as required by Qatari law.
10. Your rights
Subject to Qatari law, you can ask us to:
- Access the personal information we hold about you.
- Correct information that is inaccurate or incomplete.
- Delete your account and associated personal data, except where we must keep it for a legal reason.
- Withdraw consent you previously gave (for example by turning off location for check-in or by removing your profile photo).
- Object to, or restrict, certain processing.
- Receive a copy of the data you provided to us in a portable format.
- Lodge a complaint with the competent Qatari authority for personal data protection.
To exercise any of these rights, email privacy@vo2gym.qa. We aim to respond within 30 days.
11. Permissions used by the App
| Platform | Permission | Why |
|---|---|---|
| iOS | NSLocationWhenInUseUsageDescription |
To capture your latitude / longitude at the moment of check-in and confirm you are at the Club. |
| Android | ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION |
Same as above. Background location is not requested. |
| iOS & Android | Internet | To communicate with the VO2 Ladies backend and the payment page. |
12. Children
The App is intended for adults and minors who hold a valid VO2 Ladies membership. If you are under 18, your parent or guardian must register or activate your account on your behalf and provide guardian details where requested. We do not knowingly collect personal data from children outside this membership context. If you believe a child has provided us data without parental consent, contact privacy@vo2gym.qa and we will remove it.
13. Third-party links
The App contains links that open external services (for example WhatsApp, your email client, the payment provider's page, or your browser). Once you leave the App, this Privacy Policy no longer applies. Please review the privacy policies of those services separately.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will change the "Last updated" date at the top of this page and, if the change is significant, we will let you know in the App. Continuing to use the App after a change means you accept the updated Policy.
15. Contact us
If you have any question about this Policy or about how we handle your personal information, please contact:
- Privacy: privacy@vo2gym.qa
- Support: support@vo2gymqa.com