PRIVACY AND COOKIES POLICY
GROW FITNESS LIMITED (THE “COMPANY”, “WE”, “US” OR “OUR”)
Last updated: 24 May 2018
1.1. The Company respects your privacy and is committed to treating any information that we obtain about you with as much care as possible and in a manner that is compliant with all applicable data protection legislation including the EU General Data Protection Regulation 2016/679 (“GDPR“) and any applicable national implementing laws in relation to the same (collectively, “Data Protection Legislation“).
1.2. This document (the “policy“) explains:
1.2.1. what personal data we may collect about you in connection with: (i) providing you with our goods and services; (ii) your online interaction with us (including via our website(s), email or social media channels); (iii) our in-person interactions with you; and (iv) any other channels related or ancillary to the foregoing (collectively, the “Channels“);
1.2.2. how we collect, store, disclose, transfer, protect and otherwise process that information and for what purposes; and
1.2.3. other important information, such as the lawful bases by which we process your personal data, how long we might retain your personal data, the rights you have in relation to personal data we hold about you, and how we use “cookies” and other technologies on our website.
1.4. This policy is intended to be communicated to you in a concise, transparent, intelligible and easily accessible manner, but we appreciate that you may have queries or want to seek clarification as to its terms. If so, please contact us using the details available on our website.
1.5. The Company reserves the right to make changes to this policy in order to reflect any changes in Data Protection Legislation and best practice from time to time. The Company will endeavour to notify you of such changes but you are advised to check for an updated version of this policy each time you interact with us through the Channels.
2. Information collected
2.1. During the course of providing you with access to our website and other services, we sometimes need to collect information about you and your use of our website and other services.
2.2. Information you give to us
2.2.1.When you use our website and services we may ask if you would like to receive marketing and promotional emails from us or we may invite you to take part in a competition or to share content via email or social networks. To benefit from these services you may be required to provide us with personal information such as your name, e-mail address, telephone number or date of birth.
2.2.2. When you register for goods or services from us we may ask for other information such as information about your health goals and workout activity. Some of this data may be regarded as “special categories of personal data” under the GDPR and so we only do so when we have your express consent.
2.2.3. We may from time to time need payment information from you in order to obtain payment for our services. We do not retain that payment information and use it only for the purposes of obtaining payment for our services. We may from time to time engage third party payment processors and where we do we will ensure that they abide by our same high standards of data privacy and use industry standard encryption methods.
2.2.4. We do not process any information about criminal convictions and offences or any information relating to children under the age of 13, and you should not provide us with any such information through any of the Channels.
2.3. Information gathered from your use of our website
2.4. When you use our website and related services we may collect certain information automatically, such as the type of device you are using, the device ID, IP address, MAC address, IMEI number (a number unique to your device) and information about your use of our website. Where possible, unique identifiers are anonymised and at no time do we attempt to identify you as an individual. Where any such data can identify you, we process that data in accordance with the privacy terms set out in this policy.
2.5. Our website does not collect precise real-time location information about your device.
3. How we will use your information
3.1. Any personally identifiable information that you give to us will only be used for the purpose(s) for which it was supplied. In addition to any other purposes we tell you about from time to time, we may use the personal data described above to:
3.1.1. Personalise content on the Channels;
3.1.2. Send you promotional and marketing materials, notifications, updates and news;
3.1.3. Provide you with access to our products and services;
3.1.4. Our own internal uses (such as administration and training);
3.1.5. Responding to any correspondence from you – including enquiries, comments and complaints;
3.1.6. Administering any polls, services, questionnaires, contests or special events which you express an interest in from time to time;
3.1.7. Recording your purchase and workout history and generally administering your account with us;
3.1.8. Market research; and
3.2. Automatically gathered information is used to enable us to provide you with a better service by helping us to understand how our website is used and by reporting any technical problems to us (anonymously).
4. Usage reporting (analytics)
4.1. To better understand how our website and services are used, we may use the services of another company to provide us with anonymous statistical information about your use of our website. Anonymous information is not covered by the Data Protection Legislation.
Analytics services we may use & how to opt-out:
5. THE LAWFUL BASES BY WHICH WE PROCESS YOUR PERSONAL DATA
5.1. Your consent
5.1.1. By accepting the terms of this policy, you give the Company your express, freely given consent to process any of your personal data in accordance with the terms of this policy. Without prejudice to the foregoing, you also give the Company your express, freely given consent to process any special categories of personal data (in particular relating to your health and fitness) which we obtain and process in accordance with this policy. Your consent referred to in this paragraph includes your consent to transfer your data to third parties, some of whom may be outside the EEA, in accordance with paragraphs 7 and 8.
5.1.2. You may withdraw your consent given under this paragraph (in whole or in part) at any time by contacting us at the details shown on our website. You can also unsubscribe from different types of emails by following the unsubscribe link displayed at the bottom of each email (if and as applicable). The withdrawal of your consent shall not affect the lawfulness of processing based on consent before withdrawal or the lawfulness of processing based on other lawful grounds as set out below.
5.2 Other lawful grounds
Without prejudice to the consent given by you under paragraph 5.1 above, the Company may process your personal data in any circumstances where such processing is necessary:
5.2.2. to comply with any applicable law or regulation; or
5.2.3 for the purposes of the legitimate interests pursued by us or third parties. These legitimate interests include the purposes outlined in this policy but also include other general commercial interests and internal administrative purposes.
6. What if you refuse to provide us with any personal data?
6.1. Where we need to collect personal data by law, or under the terms of an agreement we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
6.2. Whilst we may be able to provide you with certain products and services notwithstanding your refusal to submit personal data, this may limit your ability to participate in some activities or features or your use of certain services.
6.3. We may lawfully obtain information from third parties or public sources and we may process that information where it is an essential component of the products and services we offer you.
7. Information we may share
7.1. We may share personal data with our group companies and partnered companies (if any) from time to time (together, “Affiliates“) in order to provide our goods and services to you and for the other purposes outlined in this policy.
7.2. From time to time, we will also need to share personal data with the following types of third party service providers who we engage to provide services which facilitate our business and who may need to process your personal data to the extent necessary to provide those services:
7.2.1. email service providers such as Mailchimp;
7.2.2. workout, training and health service providers such as Zingfit;
7.2.3. scheduling and appointment system providers such as Acuity Scheduling;
7.2.4. payment processors such as Stripe;
7.2.5. other third parties approved by you, such as social media sites which you link to your account (if and when we offer that feature) or share content via or third parties who administer any competitions or surveys on our behalf which you voluntarily partake in; and
7.2.6. any similar or replacement third parties from time to time.
7.3. We seek to ensure that any third party engaged by us who processes your personal data has policies and procedures in place to ensure compliance with the Data Protection Legislation. For any third parties that are based, or process data, overseas, we only engage such third parties in accordance with paragraph 8. Unless otherwise disclosed to you from time to time, we will remain the data controller in respect of your personal data notwithstanding that third parties may be engaged as data processors.
7.4. We may share your personal information with third parties where we are required to do so by law or regulation (such as in connection with an investigation of fraud or other legal enquiry) or in connection with other legal proceedings (including where we believe that your actions violate applicable laws, our terms of business or any usage guidelines for specific products or services, or threaten the rights, property, or safety of our Company, our users, or others.
8. International transfers of personal data
8.1. In some circumstances, it may be necessary to transfer your information internationally. In particular your information may be transferred to and/or stored on the servers of our Affiliates or other third parties identified in paragraph 7 which are based outside of the EEA.
8.2. However, we will not transfer your personal data outside of the EEA unless:
8.2.1. such transfer is to a country or jurisdiction which the EU Commission has approved as having an adequate level of protection (including to the USA where Privacy Shield compliant);
8.2.2. appropriate safeguards are in place as set out in Article 46 GDPR or equivalent provisions of subsequent Data Protection Legislation; or
8.2.3. the transfer is otherwise allowed by applicable Data Protection Legislation (such as in the form of a derogation under Article 49 GDPR).
9. Information shared by you
9.1. When you use our website and related services we may invite you to share content via email or via a social network. If you choose to share content then please be aware that the privacy and cookies policies of such third party sites govern the information you submit to them and we encourage you to read them.
10. How long we will store your information
10.1. We will hold your personal information on our systems for as long as it is necessary to provide you with the service you have requested. You may unsubscribe from a service whenever you choose; for example, if you registered to receive newsletters then you may unsubscribe by following the link provided in our emails.
10.2. For as long as we do store your data, the Company follows generally accepted industry standards and maintains reasonable safeguards (in each case which are proportionate to the size and nature of our business) to attempt to ensure the security, integrity, and privacy of the information you have provided. The Company has security measures in place designed to protect against the loss, misuse, and alteration of the information under our control.
10.3. Notwithstanding our efforts to keep your personal data secure, no system can be 100% reliable. To the fullest extent permitted by law, we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide through the Channels. In addition, you are responsible for maintaining the strength and confidentiality of your login credentials.
10.4. We will notify you as soon as reasonably practicable if we have reason to believe that there has been a personal data breach by us (or your personal data held by us) which could adversely affect your rights and freedoms.
11. Your rights as a data subject
Subject to any conditions or requirements set out in the relevant Data Protection Legislation, you may have some or all of the following rights in relation to the personal data we hold about you:
11.1. the right to request a copy of your personal data held by us;
11.2. the right to correct any inaccurate or incomplete personal data held by us;
11.3. the right to request that we erase the personal data we hold about you;
11.4. the right to request that we restrict the processing of your data;
11.5. the right to have your personal data transferred to another organisation;
11.6. the right to object to certain types of processing of your personal data by us; and
11.7. the right to complain (please see paragraph 12 of this policy).
These rights are not absolute and may be subject to limitations, conditions or other provisos set out in applicable law. Please contact us using the links on our website if you would like more information on exercising any of these rights.
12.1. A cookie is a small file of letters and numbers stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
12.3. Our websites use some or all of the following cookies:
12.3.1. Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
12.3.2. Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
12.3.4. Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
12.3.4 Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
12.5. Your browser may give you the ability to block all or some cookies by activating a setting in your browser’s options. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
12.6. Except for essential cookies, all cookies will remain unless the cookie cache is cleared (unless otherwise indicated in the table above).
13. Questions and complaints
13.1. For all questions or complaints about this policy, we would appreciate the chance to deal with your concerns before you approach the relevant data protection authority. Please contact us in the first instance using the contact details on our website. If you are not located in the European Union, please indicate that in your communication.
13.2. You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues, which in the UK is the Information Commissioner’s Office (ICO) (www.ico.org.uk).