Any changes will come into effect when the updated Privacy Policies are posted to the website. We have created these Privacy Policies to demonstrate our commitment to protecting your privacy and to disclose our information and privacy practices for our website, our software and our services.
If you have any further questions about our Privacy Policies, email us at firstname.lastname@example.org
1. WHO ARE WE?
This Service is operated by Fitwell Limited “Fitwell”, which is a company registered in England and Wales with company number 08944434. Its registered office is at Northcliffe House, 4th Floor, Young Street, London, United Kingdom, W8 5EH.
2. COLLECTION AND USE OF PERSONAL INFORMATION
Personal data is collected by us when you sign up for an account to use our Service, when you contact us through a contact form or send us an email. If, in that email or any attachment to the email, you voluntarily provide us with personally identifiable information about yourself, such as your name, email, address or telephone number, we will collect and store that personal information. By signing up to an account, or by using the contact form, you consent to us doing so.
By using our Services you are also providing us with information about your exercise activities. We take the view that this is sensitive personal data under the European data protection legislation as it potentially relates to your health and well being. As a result, we process it and protect it as though it were sensitive personal data.
Information that we may collect from you or you provide to us includes:
- The type and frequency of your use of the app
- Information about your height, weight, exercise levels, health, exercise activities you complete or add using the service, food that you record in the Service that you have consumed, any photos you upload via our Service and any data that you permit the Service to read from the Apple HealthKit or Google Fit platforms.
- Information you provide to us when interacting with Hailee, our interactive fitness bot
- Other communications that you send to us for example for email or a contact form on our website
- Information collected from surveys that we may send to you from time to time about your experience or preferences when using our Services
- Information contained in a CV if you are applying to us for a job
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful,basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity
|Performance of a contract with you|
|To provide our services:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(c) Provide our services to you under the contract
(e) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
(c) Your explicit consent
|To manage our relationship with you which will include:
(b) Notifying you about Service updates
(c) Asking you to leave a review or take a survey
(d) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To,administer and protect our business (including troubleshooting, data,analysis, testing, system maintenance, support, reporting and hosting of,data)||(a) Identity
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|To deliver relevant content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our mobile apps, websites, products/services, marketing, customer relationships and experiences||(a) Technical
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
3. CONTROL AND PROCESSING OF PERSONAL INFORMATION
We process personal data on behalf of our customers, who use our Service to gather information about an application made to them. However, when we Fitwell, do this we do so as a Data Controller under UK and EU data protection law. This means that we may make independent decisions about how personal information is processed in order to provide the Services to our users and customers. For example, we may store your personal information in our user database, and on our servers, accounting, credit card processing and customer relationship management software in order to record and process your personal data so as to be able to provide you with the Service that you have subscribed for or purchased from us.
4. SHARING OF PERSONAL INFORMATION
It is necessary for the operation of our service for you or us to disclose your personal information to:
· our third party suppliers whose products and services we use to deliver the Service;
· any third party, such as Apple or Google, that you authorise to have access to your sensitive personal data via the Service;
· employees and agents, and any current or future group companies and their employees and agents, for the purpose of communicating with you; AND
· anyone who may purchase any or all of our assets, including your personal information (we will contact you using the details you provide if there is any change in the person controlling your information).
As a result of us disclosing your personal information to any of the parties mentioned above, you consent to your personal information being held by us and additionally by the parties mentioned above for the purposes of providing the Service.
5. IP ADDRESSES AND COOKIES
6. SECURITY OF PERSONAL INFORMATION
We take the security and disclosure of personal information very seriously and as such we will not sell, trade, rent or otherwise provide personal information sent to us via the Service to any third parties save as set out above.
We are mindful of the importance of upholding the security of information under our control. All data collected through our website that is stored electronically, is stored on secure servers, and we have stringent security and confidentiality procedures covering the storage and disclosure of such information, in accordance with UK data protection law.
We endeavour to take all reasonable steps to protect the privacy of your personal information. However, we cannot guarantee the security of any personal information you disclose on-line. You accept the inherent security risks of providing information and transacting over the Internet, and will not hold us responsible for any breach of security, unless this is due to our negligence or wilful default.
7. OTHER WEBSITES
Some websites that have links to and from our website from time to time may also use their own cookies. We have no access to, or control over these cookies, and you are advised to check the cookie policies on such other websites or to amend your website browser's settings with respect to cookies accordingly.
If you visit a website that has been linked to from our website, you should review the privacy and cookies policies of that website or service in order to understand how that website or service is using any personal information that they have collected.
9. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
· Request access to your personal data.
· Request correction of your personal data.
· Request erasure of your personal data.
· Object to processing of your personal data.
· Request restriction of processing your personal data.
· Request transfer of your personal data.
· Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you? We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have any questions about our processing of personal information, or the rights set out in these Privacy Policies and how to exercise them you can write to:
The Data Protection Officer
Northcliffe House, 4th Floor, Young Street,
London, United Kingdom, W8 5EH
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
YOUR LEGAL RIGHTS
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
FITWELL – HOW WE CONTACT CUSTOMERS AND OTHERS
This page provides information about how we use and share personal data relating to our customer contacts and their representatives.
1. WHAT DO WE USE CUSTOMER PERSONAL DATA FOR?
This section explains the purposes for which we use personal data about our customer contacts and their representatives.
We use personal data for marketing purposes. This includes informing you about products and services that we think may be of interest to you and providing you with related materials such as news items and blog posts. We would contact you for marketing purposes by email, telephone or post with your consent and would stop any such communication upon your request. You might also be contacted through any channel for other purposes – for example, as part of our ordinary relationship management activity and as necessary to deliver the Service.
We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with our customers. This could include activities such as letting you know about product changes or planned maintenance activity, contacting you with billing enquiries, dealing with your enquiries, or asking you for feedback or about what sorts of products, services you want us to develop.
Sometimes we might need to use your personal data to provide you with information, services and facilities that you have asked for. For example, if you ask us for more information about one of our apps or ask for assistance.
Monitoring and improving our Service
We may use information such as how different people navigate around our mobile apps and websites, how long they spend on particular pages, how and when they interact with our Service, whether they download any of our content or watch videos in order to help improve the user experience of our Service offerings and your experience of them.
2. WHAT ARE OUR LEGAL GROUNDS FOR HANDLING PERSONAL DATA?
Generally speaking, we rely on your consent to make contact with you by email for marketing purposes. You can withdraw that consent and ask us to delete your information at any time by contacting us directly via email@example.com – please see section 6 below.
In relation to sensitive personal information, such as health information that you share with us or our employees or agents via our Service, we process this sensitive personal information only with your explicit consent. By providing that information in the course of using our Service, you are consenting to us doing so explicitly. You may revoke that consent at any time using the features made available to you in the Service.
The United Kingdom’s data protection law also allows the use of personal data where the benefits (or “legitimate interests”) of doing so outweigh the possible negative implications for the relevant individuals. These are the grounds on which we usually rely when we use your information for anything other than making contact with you by email for marketing purposes with your consent.
In some circumstances, we may have other grounds to process personal data for example:
· Necessary for performance of a contract with the relevant individual, or to take steps for entering into a contract. For example, if you sign up to one of our products or services online or download our app, it will often be necessary for us to use your details in order to provide that product or service and you must consent to our use of your details to the extent required to provide that product or service in order to use that product or service.
· Necessary in order to comply with a legal obligation. For example, some regulators, government bodies and courts have powers to order us to provide personal information and, like any other organisation, we sometimes have to comply with their requests and we whilst we may make commercially reasonable efforts to defend personal information from unjustified regulatory or governmental access, we cannot make any guarantee about the extent to which we are able to do so.
3. WHO DO WE SHARE THE INFORMATION WITH?
Your personal data may be shared between the employees and agents of Fitwell Limited and any of its group companies to allow them to perform their job functions and current or future members of Fitwell Limited’s group companies and their employees and agents.
We also provide your information to third parties who help us use it to deliver the service. For example:
· We use Microsoft Azure to host our servers.
· We use analytics providers including Google Analytics, Fabric, Hotjar.
· We also use the credit card payment processing services provided by Stripe for taking subscription and other payments through our web site.
· We use mailing and communication providers to send personalised emails and push messages. These services include Intercom, SendGrid.
· We use remarketing and conversion tracking tools provided by Google AdWords, Facebook Pixel, please see our cookies policy for more information about these.
· Our database of personal data may be hosted by, but not accessible to, third parties on our behalf.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations and we have taken contractual and operational steps to protect any personal data shared for these purposes with third parties.
4. WHERE IN THE WORLD IS THE INFORMATION SENT?
We are based in the United Kingdom, and will normally access and use your information from here. However, we also have operations in Turkey and personal data may be accessed from there too. In both cases, the use of the information in those locations is protected by European data protection standards.
In providing the Service to you, we may transfer your personal data outside of the EU. By using the Service you consent to our doing so. When we do so we ensure that we have adequate contractual and procedural measures in place to protect any such transfers of personal data outside the EU.
5. FOR HOW LONG IS THE INFORMATION RETAINED?
We will normally retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. You can request us to delete it any time as explained in your legal rights.
FITWELL – HOW YOUR ONLINE AND LOGIN DATA IS HANDLED
We maintain our servers in a highly secure server environment with 24 X 7 monitoring, surveillance and support to prevent unauthorized access and data security. Advanced security measures including firewalls, security guards and surveillance are taken to ensure the continued service and protection of our services from natural disaster, intruders and disruptive events.
2. PASSWORDS AND LOGIN CREDENTIALS
Your passwords and other login credentials may pass through Fitwell servers or those of its service provider partners, in particular our server provider which is Microsoft Azure. When you enter this confidential information, it goes straight to the secure website.
Neither Fitwell’s employees nor any of its contractors or service provider partners can obtain or access your passwords or other login credentials entered by you. We will also never ask you for your passwords or other login credentials via mail, email or telephone or in any other unsolicited manner and you should not give them out to someone claiming to be from Fitwell who is asking for them.
3. INFORMATION WE COLLECT
Our Service collects, encrypts and securely transfers confidential, personal information. By accessing the Service and entering information required from time to time to complete a form on our website or in our Service customers consent to Fitwell providing this service to service provider partners, such as Microsoft Azure.
We collect and log aggregate user statistics and website traffic. Such information includes traffic statistics, date and time of visits, device and browser type used to access the service, frequency of visits, etc. We use this information to improve the services delivered to our customers, to track and diagnose software performance problems and to administer our website. We may disclose such aggregated user statistics in order to describe our services to prospective partners, investors, affiliates and other third parties for lawful purposes.
If you have any further questions about our Privacy Policies, email us at firstname.lastname@example.org.
1. WHAT ARE COOKIES?
A cookie is a small file of letters and numbers that we put on your device when you browse our website.
We use “analytical” cookies. They allow us to recognise and count the number of visitors to our website and to see how visitors move around the website as well as customise content and monitor conversion. This helps us to provide visitors with a better experience and improve the way our websites work, for example by ensuring that visitors are finding what they are looking for easily.
Our cookies are not used to collect information which (by itself) allows us to identify who you are.
3. HOW TO CONTROL COOKIES
Most web browsers allow some control of most cookies through the browser settings. For more information on this, and more information about cookies in general, you may wish to visit www.aboutcookies.org. For information about how to delete cookies from your mobile device you may need to refer to your handset manual.
Please be aware that restricting cookies is likely to affect your ability to use our websites effectively and may make areas of our websites inaccessible or inoperable.
You can find more information about cookies here: www.allaboutcookies.org.
Last Updated, May 24 2018