1.  Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

2. Definitions

For the purposes of this Privacy Policy:

Application means the software services provided by the Company downloaded by you on any electronic device

Application Store means the digital distribution service operated and developed by Apple Inc. (Apple App Store) or Google Inc. (Google Play Store) in which the Application has been downloaded.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority

Account means a unique account created for you to access our Service or parts of our Service.

Country refers to: United Kingdom

Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to UP Fitness Limited, 3rd Floor, Acresfield, 8-10 Exchange Street, Manchester, M2 7HA, United Kingdom.

Content refers to content such as text, images, or other information that can be posted, uploaded, linked to or otherwise made available by you, regardless of the form of that content.

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Feedback means feedback, innovations or suggestions sent by you regarding the attributes, performance or features of our Service.

“Personal Data” means information that can be used to identify you, directly or indirectly, alone or together with other information. This includes your full name, email address, phone number, device IDs, certain cookie and network identifiers, and “Fitness and Wellness Data.”

Service(s) refers to the Application.

Third-party Social Media Service means any services or content (including data, information, products, or services) provided by a third-party that may be displayed, included or made available by the Service.

3. Introduction

We take your privacy very seriously. This Privacy Policy details what Personal Data we collect and how we shall use it.

Ultimate Performance (UP Fitness Ltd) is a data controller of the Personal Data it collects and holds about you. We are registered with the Information Commissioner’s Office under the registration number ZA215042.

If you require any further information, or wish to contact us about how we collect and store your Personal Data, our contact details are:

Address: 3rd Floor Acresfields, 8 – 10 Exchange Street, Manchester, England, M2 7HA

Email: [email protected]

4. Who this Privacy Policy applies to

This Privacy Policy explains how we will use the Personal Data of anyone who:

  • Contacts us to enquire about our products and services
  • Subscribes to our newsletters or to receive information about our promotions or offers
  • Downloads, and uses services via the Application
  • Undertakes a personal training programme with a UP Fitness trainer
  • Makes purchases through our application and website (e.g. supplements, EatUP)

5. Information about your Personal Data

This Privacy Policy relates to data about you, your devices, and your interaction with our Services.

The Company collects, uses, discloses and processes Personal Data as outlined in this Privacy Policy, including to operate and improve the Services and our business; for advertising and marketing; and to provide you with innovative fitness and wellness services, as further described in this Privacy Policy.

We may create de-identified or anonymous data from Personal Data by excluding data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you, through obfuscation, or through other means. Our use of anonymized and de-identified data is not subject to this Privacy Policy.

6. How we obtain your Personal Data

We collect and process your Personal Data when you:

  • Complete a contact us form on our website or application
  • Subscribe to our newsletters or to receive information about our promotions or offers
  • Complete PARQ and UPQ questionnaires
  • Sign up to use online or digital Application services
  • Provide ongoing measurements to track progress and performance (e.g. weight, body fat, progress pictures, dietary tracking)
  • Provide information on training progress (e.g. volume, frequency)
  • Integrate information collected by third party applications, such as FitBit or HealthKit
  • Directly message your trainer through our application
  • Purchase products or services through our application or website
  • Provide comparison photographs or video testimonials
  • Complete surveys or questionnaires

7. The type of Personal Data we process

You as an individual · Full name and title

· Email address, home address and telephone numbers

· Gender

· Date of birth

· Nationality

· Country of residence

· UPF gym location

· Occupation

· Progress photographs

· Video testimonials

· Written testimonials

· Religious information

· Emergency contact details

· Ethnicity

Your health / fitness information · Height

· Weight

· Body fat

· Lean body mass

· Calliper measurements

· Girth measurements

· Body prophet priorities

· Blood pressure

· Heart rate

· Sleep quality

· Mental health concerns or issues

· Diet

· Mood

· Allergies

· Injuries

Training data · Volume

· Frequency

· Intensity

Your financial details (if applicable) · Credit card details
Your preferences · Whether you with to receive marketing from us and which types of marketing material you would like to receive
Your correspondence · Information contained in any correspondence or communications sent by you (e.g. contact us form, direct messages to trainers on the Application)
Your mobile device ·  Automatically logged events – basic interactions in the app (e.g. app installs, app launches) and system events (e.g. SDK loading, SDK performance) that are collected automatically. Developers can disable automatic logging and log explicit events manually instead (instructions here for iOS and Android).

 

·  Facebook app ID – a unique identifier provided by Facebook to reference the advertiser’s website and mobile app.

·  Mobile advertiser ID – the iOS IDFA or Android Advertising ID.

·  Metadata from the request – the mobile OS type and version, the SDK version, app name, app version, the device opt-out setting, the user agent string and the client IP address. It also collects the following device related metrics: time zone, device OS, device model, carrier, screen size, processor cores, total disk space, remaining disk space.

8. How we will use your Personal Data and the legal basis for using that Personal Data

Performance of our contract with you
To enter into and perform contracts, where we supply products/services to you We will use your Personal Data to:

Create a tailored training programme and monitor your progress to ensure the programme is effective

 

Track your bookings and visit history

 

Provide you with access to online content (e.g. LiveUP)

 

To process your orders and supply products to you (EatUP orders, eCommerce orders)

 

To manage payments, fees, charges and collect/recover money owed to us

Enable our business and pursue our legitimate interests
To administer the sales process We will process your Personal Data as part of the sales process to ensure the process is managed correctly
To monitor messages on the Company application between trainers and their clients We will use your Personal Data to ensure illegal activity is not taking place which may put our trainers at risk
To track the performance of clients and trainers We will use your Personal Data to ensure our training programmes have been created
To track ongoing performance measurements We will process your Personal Data to identify if the training programme is working effectively (e.g. decrease / increase in weight)
To take progress photographs We will take regular photographs of you in order to track your progress through our training programme
To undertake surveys We will use your Personal Data to send you surveys. You are not obliged to answer them
To market to individuals If you have purchased similar services or products from us previously, we may market similar products or services as a legitimate interest in developing our business.  You have the right to opt out from such marketing at any time. For more details see the ‘Marketing’ section below.
Consent
To market to individuals We will ask for your consent to process your Personal Data in order to send marketing material to you. You have the right to withdraw consent at any time (see section 6 – Marketing).
To use photographs or videos in promotional material We will ask for your consent to use your photographs or videos in promotional material. You have the right to withdraw consent at any time (see section 6 – Marketing).
Legal obligations
To ensure we comply with health and safety requirements We will process your Personal Data to highlight any health concerns before you begin a training programme with us
To defend, bring or establish legal claims We may be required to process your Personal Data in order to deal with queries, complaints, claims and/or legal disputes submitted by you
Measurement Services and targeted ads
To track effectiveness of marketing campaigns on click through rate and conversion of app downloads Third parties, including Facebook, may collect or receive information from your app and other apps and use that information to provide measurement services and targeted ads.

9. Marketing

We may ask you, when you provide us with your Personal Data, if you are happy for us to contact you by telephone, post, email or SMS about products or services offered by us which we think may be of interest to you.

We will always include an unsubscribe button in any marketing emails. If you do wish to unsubscribe, please just click the unsubscribe button and we will promptly action that request. Alternatively, you can update your marketing preferences by contacting us at any-time by email at [email protected].

10.    Who we share your Personal Data with

We value your Personal Data and do not sell your information to third parties in any circumstances. We share your Personal Data with trainers, contractors and employees in the Country where you train to administer your training programme, your account, and any products and services provided to you now or in the future. Where we share your information, we shall do so for the following reasons:

 

  • Where we have your or, where applicable, your parent’s or guardian’s consent to do so.
  • Where necessary to fulfil the services and/or products we are contracted to provide to you.
  • Where we have a legal obligation to do so.
  • Where we have legitimate interest to do so
  • For reporting, analytics and service improvement purposes across our trading styles and/or within any future group construct should we establish or become part of a group.
  • Where we believe it is necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises or websites.
  • Where required for a proposed sale; reorganisation; transfer; financial arrangement; asset disposal; or any other transaction relating to our business and/or assets held by our organisation.

 

We may outsource support functions of our organisation to trusted partners. The categories of these recipients include:

 

Categories of Recipient Who we use Privacy Notice
IT support & security providers Citation Cyber https://www.citation.co.uk/citation-limited-privacy-information/
Halo https://haloservicedesk.com/privacy-policy/

 

Cloud based services & software Microsoft 365 https://privacy.microsoft.com/en-gb/privacystatement

 

Microsoft Azure
PowerBI
Microsoft Dynamics
Adobe https://www.adobe.com/uk/privacy/policy.html
Airtable https://www.airtable.com/privacy

 

Amazon Web Services https://aws.amazon.com/privacy/?nc1=f_pr

 

Google App Sheet https://policies.google.com/privacy

 

Zapier https://zapier.com/privacy

 

Customer Service Platform & Software

Email Marketing Platform

BloomReach https://www.bloomreach.com/en/legal/privacy

 

 Sugar https://www.sugarcrm.com/legal/privacy-policy/

 

Mind Body https://company.mindbodyonline.com/legal/privacy-policy

 

Zendesk https://www.zendesk.co.uk/company/agreements-and-terms/privacy-notice/

 

Active Campaign https://www.activecampaign.com/legal/privacy-policy

 

outsourced telephone and web-based communications Aircall https://aircall.io/privacy/

 

Payment service providers Stripe  https://stripe.com/gb/privacy

 

Azzure IT https://www.azzure-it.com/about-us/privacy/privacy-policy/

 

Retail Shopify https://www.shopify.com/legal/privacy

 

Data Protection & Cyber Security Compliance Consultant CSS Assure  https://cssassure.com/privacy-policy/

 

Reporting & Web analytics service providers Google Analytics https://policies.google.com/technologies/partnersites?hl=en-US
Ruler Analytics https://www.ruleranalytics.com/privacy-policy/
Metabase https://www.metabase.com/privacy
Social Media Provider LinkedIn https://www.linkedin.com/legal/privacy-policy
Facebook https://en-gb.facebook.com/privacy/explanation
Twitter https://twitter.com/en/privacy
Instagram https://help.instagram.com/519522125107875

11.    How long we will hold onto your Personal Data

We will hold your Personal Data for as long as we need it for the purpose for which we collected it. We keep your contact and identification details, usage and attendance details and information about your personal circumstances during your time with us and for seven years after it ends so we can respond in the event of any query about your training programme. We may keep certain information for longer than this if we have a compelling reason for keeping it (e.g. defence of a legal claim).

Where we no longer need to process your Personal Data for the purposes set out in this Privacy Policy, we will delete your Personal Data from our systems.

Should you require further information regarding retention periods, please contact us by using the details in the 3. Introduction section of this Privacy Policy.

12.    Your data protection rights

You have a number of rights over how your Personal Data is processed. These include the right to:

  • ask us for copies of your Personal Data.
  • ask us to rectify information you think is inaccurate or to ask us to complete information you think is incomplete.
  • ask us to erase your Personal Data in certain circumstances.
  • ask us to restrict the processing of your information in certain circumstances.
  • to object to processing in certain circumstances.
  • ask that we transfer the information you gave us from one organisation to another, or give it to you, in certain circumstances.
  • Where we process your Personal Data under the consent lawful basis you have the right to withdraw consent.

The extent of these rights is limited by law and we may not act on part or all of your request(s) where the right(s) are not applicable. If we do not act on your request, we will explain our reasons why. If you make a request, we have one month to respond to you.

Automated decision-making, including profiling

  • We may use solely automated decision-making, including profiling in the processing of your personal data for the provision of marketing.

If you wish to exercise any of your individual rights, please contact us by using the details in the 3. Introduction section of this Privacy Policy.

More information can be found on the Information Commissioner’s Office website.

13.    International Personal Data Transfer – Countries & Organisations

We may transfer Personal Data to countries outside of the UK.

If data is transferred outside of the UK, we will only transfer data to a country deemed adequate by the UK Government or will put in place appropriate safeguards as set out in the UK GDPR, including the use of International Data Transfer Agreements.

We currently transfer data to:

Australia – International Data Transfer Agreement (IDTA); or International Data Transfer Addendum (Addendum),

Dubai – International Data Transfer Agreement (IDTA); or International Data Transfer Addendum (Addendum),

Hong Kong – International Data Transfer Agreement (IDTA); or International Data Transfer Addendum (Addendum),

India – International Data Transfer Agreement (IDTA); or International Data Transfer Addendum (Addendum),

Singapore – International Data Transfer Agreement (IDTA); or International Data Transfer Addendum (Addendum),

The Netherlands – The UK government has stated that transfers of data from the UK to the EEA are permitted.

The United States – UK – US Data Bridge

14.    Security

We implement technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.

15.    Children

We do not knowingly collect Personal Data online from individuals under 16. If you become aware that a child has provided us with Personal Data without parental consent, please contact us through our email [email protected]

If we become aware that an individual under 16 has provided us with Personal Data without parental consent, we will take steps to remove the data and cancel that individual’s account.

16.    How to complain

We work to high standards when it comes to processing your Personal Data. If you have queries or concerns, please contact us at [email protected] and we’ll respond.

If you remain dissatisfied, you can make a complaint about the way we process your Personal Data to the Information Commissioner’s Office.

17.    Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we change this Privacy Policy in a material way, we will update the version number at the bottom of this Privacy Policy. For significant changes to this Privacy Policy we will try to give you reasonable Privacy Policy unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your Personal Data.