MEMBR PRIVACY NOTICE FOR END USERS
Last updated: May 2018
Who we are and why we have this notice
This Privacy Notice (the “Notice”) sets out how we Fit Cloud Technology Limited (trading under the Membr brand) (“Fit Cloud”, “us” or “we”) process personal information about you (the “User” or “you”) when you sign up to our fitness platform through membership of your gym. We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers and staff comply with data protection laws in relation to the information we handle.
You can find out more about Fit Cloud’s responsibilities and about how and why we collect and use your personal information by reading this Notice. However, if anything is unclear or if you have any questions about this Notice, please contact us at [email protected]
What information do we collect from you?
Personal data, or personal information, means any information about a person from which they can be identified. We may collect, store, and use some or all of the following categories of personal information about you:
- personal contact details such as name, title, gender, addresses, telephone numbers, and personal email addresses
- date of birth and place of birth
- next of kin and emergency contact information
- start date
- physical measurements, training statistics and dietary information
- information about your use of our information and communications systems (such as messages to personal trainers, goals and notes)
Subject to your explicit consent, we may also collect, store and use your health data. This is considered a special category of more sensitive data. Where we process health data, it will be treated confidentially and will never be used for direct marketing purposes.
When you log on to our fitness platform through our website or an app, we automatically collect information about your use of the platform including details of your visits such as pages viewed and the resources that you access. This information will include traffic data, location data, IP address, browser, operating system, referral source, length of visit and other communication data.
How is this information collected?
We collect Identity Information provided voluntarily by you. For example, when you register with or use our fitness platform (by entering training plan details, goals or making a booking).
We also collect Identity Information when you fill out a web form or questionnaire or contact us (by email or telephone) to ask a question or request information.
We also collect Identity Information through your gym when they add information about you into our fitness platform. For example, a personal trainer may add information when they use the Connected Trainer feature to communicate with you.
As mentioned above, we collect System Information when you interact with our fitness platform, through the website or an app.
What do we use it for?
Providing our services
As part of the provision of our services, we use the personal information that we collect from you to:
- register you as a user of our fitness platform
- provide the following benefits to you: health monitoring, live group fitness streaming, virtual fitness streaming and workout recordings
- process your bookings and notify you of activities, cancellations or payment details
- manage our relationship with you (for example by notifying you about changes to our terms or asking you to complete a survey)
Monitoring, administering and improving
We use your personal information to help us to monitor our performance, administer and improve our fitness platform by:
- tracking and analysing activity to identify patterns and help us improve our website and apps
- troubleshooting, conducting data analysis, testing, system maintenance, support, reporting and hosting of data
- using data analytics to improve customer relationships and experiences
- analysing information so that we can prioritise features that are relevant and popular
- educating, training and developing our staff’s performance
- ensuring network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
- preventing fraud
- other business administration such as management and planning, including accounting and auditing
Where you have indicated you are happy to receive direct marketing, we use your information to provide details of our products or services that may be of interest to you.
This is likely to happen where you have given us your consent in advance. It may also happen where the message only contains information that we think will be of interest to you because it relates to services that you have already purchased from us and you have not opted out despite having the opportunity to do so (at the point we collected your information and in every follow-up message we send).
If you wish us to stop using your information for these purposes at any time, please use the appropriate opt-out link in our messages to you or contact us at [email protected]
What gives us the right to use your information?
Data protection law says we only have the right to use your personal information where we can identify a lawful basis for doing so. Your consent to the processing as specified in this Notice is our primary lawful basis. In some circumstance we may also rely on another lawful basis. Most commonly, these will be:
- where we need to use the information to perform the contract we have entered into with you
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- where we need to comply with a legal or regulatory obligation
When do we Share your information?
We will share your personal information with your gym. They have on-going access to your information through a dedicated channel on our fitness platform.
There are other circumstances when we want to or are compelled to share your personal information, including:
- with third party service providers or suppliers to enable us to provide our services (for example payment processors, webhosts, ID verification partners etc). Where we share data with service providers, we require them to sign a contract that obliges them amongst other things to have stringent security measures in place, comply with our instructions and help us to comply with data protection law
- to another legal entity on a temporary or permanent basis, in connection with a business deal, such as a merger, financing, acquisition, or sale of our business
- where we are required to do so by law
- where you have provided your consent
Transferring information outside the EU
We may transfer the personal information we collect about you outside the EU in order to perform our contract with you. Where this occurs we will ensure that your personal information receives an adequate level of protection and we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with EU and UK laws on data protection. If you require further information about these protective measures, you can request it by contacting us at [email protected]
Security and retention
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also have procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your information, the purposes for which we process it and whether we can achieve those purposes through other means, and the applicable legal requirements.
Rights of access, correction, erasure, and restriction
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
- Request the transfer of your personal information to another party
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Respective responsibilities of fit cloud and your gym
As mentioned in Section 1, both Fit Cloud and your gym will act as data controller in relation to personal information processed through the fitness platform.
This means that we both have responsibilities in relation to that personal information. You can find out more and you can exercise the rights set out above by contacting either Fit Cloud or your gym. In order to ensure that any such enquiry is dealt with promptly and efficiently, we recommend in the first instance contacting your gym.
If you have any questions about this Notice or how we handle your personal information, please contact us at [email protected] You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Changes to this privacy notice
We reserve the right to update this Notice at any time, and we will provide you with a new Notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.