WeGLOW App Limited, a registered company in England and Wales (Company Registration Number: 11085444), operates the WeGLOW platform. Our registered office is located at 2nd Floor National House, 60-66 Wardour Street, London, England, W1F 0TA. We comply with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) for services provided within the European Economic Area (EEA).
OUR WEBSITE AND MOBILE APPLICATION
OUR COLLECTION AND UTILIZATION OF YOUR PERSONAL DATA
We gather personal information about you in various ways, including when you access our Site or utilize our App, reach out to us, and provide us with feedback.
This personal information can be obtained directly, such as when you reach out to us, or indirectly, through your browsing activity on our Site or App (please refer to the ‘Cookies’ section for more details).
The specific types of personal information we collect are contingent on the activities you engage in on our Site or App. This information encompasses the following categories:
Identity Data: This includes your first name, maiden name, last name, username or a similar identifier, marital status, title, date of birth, gender, as well as photographs and videos that may be used to identify you.
Contact Data: We collect your billing address, delivery address, email address, and telephone numbers.
Financial Data: This category includes information such as your bank account and payment card details, details of your membership package, associated fees, and any other financial data related to your membership or payments to us.
Transaction Data: These details encompass information about payments to and from you, as well as specific details regarding products and services you have purchased from us.
Technical Data: This includes your internet protocol (IP) address, login data, browser type and version, time zone settings and location, browser plug-in types and versions, traffic data, location data, operating system and platform information, and other technological data related to the devices you use to access our Site or App.
Profile Data: Your username and password, records of purchases or orders made by you, your personal interests, preferences, feedback and responses to surveys, information about your professional or personal interests, and your profile picture.
Usage Data: This category pertains to information about how you use our Site or App, our applications, products, and services.
Marketing and Communications Data: This includes your preferences for receiving marketing communications from us and third parties, as well as your communication preferences.
In addition to the above, we may also collect, employ, and share Aggregated Data, which refers to statistical or demographic data that can be used for various purposes. It’s important to note that Aggregated Data doesn’t directly or indirectly reveal your identity. For instance, we may aggregate Usage Data to determine the percentage of users accessing a particular feature on our website. However, if we combine Aggregated Data with your personal information in a way that enables your direct or indirect identification, we treat the merged data as personal data, and it is handled in accordance with this privacy notice.
Furthermore, we may use, store, and transmit Special Category Data about you. This includes details related to your race or ethnicity, information about your health, and biometric data. We may collect this information to provide our services to you, particularly concerning your health during exercise, or to comply with health and safety regulations. It’s worth noting that we do not collect any information about criminal convictions or offenses. Special Category Data may include, but is not limited to, information such as: height, weight, age, and data from third-party apps like Apple Watch and Apple Health, including metrics like daily calorie burn, the number of steps taken, and the duration of active minutes.
While we generally don’t collect Special Category Data unless you volunteer it, we do specifically collect health-related data when it’s necessary to assess your suitability for physical exercise. By providing us with Special Category Data, you are consenting to our use of this data in line with the terms outlined in this Policy.
In cases where we are legally required to collect personal data or where it’s necessary for the performance of a contract between you and us, failure to provide the requested data could impede our ability to fulfill our obligations. For example, it might prevent us from providing you with products or services. In such cases, we would notify you of this in a timely manner.
We employ the personal information we gather for the following purposes:
- Verification of your identity
- Establishment and management of your account with us
- Processing and delivery of your orders, including managing payments
- Keeping you informed about news and information relevant to you
- Customizing our Site or App and their content based on your preferences
- Informing you of any modifications to our Site or App or to our services that could impact you
- Enhancing and improving our services
It’s essential to understand that our Site and App are not intended for use by children, and we do not knowingly collect or use personal information related to children.
THE LEGAL FOUNDATION FOR PROCESSING YOUR PERSONAL INFORMATION
- When we utilize your personal information, it is essential that we have a valid legal basis to do so. Several legal bases may apply, depending on the nature of the personal information we process and the purpose behind it. The legal bases we might rely upon consist of the following:
- Consent: This legal basis applies when you have explicitly granted us permission to process your personal information for a particular purpose.
- Contract: We rely on this legal basis when the use of your personal information is necessary to fulfill a contract we have with you or when you have requested us to undertake specific actions before entering into a contract.
- Legal Obligation: This legal basis is invoked when the utilization of your personal information is essential for us to comply with legal requirements, excluding those stemming from contractual obligations.
- Legitimate Interests: We consider our interests as legitimate when there is a business or commercial rationale for using your information, provided that such use does not infringe upon your individual rights and interests. When relying on legitimate interests, we conduct an evaluation to weigh our interests against your own.
UTILIZATION OF YOUR INFORMATION
The following table elucidates how we employ (process) your personal information and the rationale behind each usage:
Purpose: To provide services, fulfill orders, including processing payments for goods and services, executing contractual obligations, and facilitating class and appointment bookings.
Basis: Performance of our contract with you or taking pre-contractual steps at your request. Addressing queries and contacting you for marketing, promotional materials, and relevant information.
Purpose: To prevent and detect fraud against you.
Basis: Our legitimate interests or those of a third party in reducing the risk of fraud that could harm both us and you.
Purpose: Ensuring adherence to business policies, such as security and internet usage.
Basis: Our legitimate interests or those of a third party in maintaining internal procedures to deliver optimal service to you.
Purpose: Operational reasons, including enhancing efficiency, training, troubleshooting, data analysis, testing, and quality control.
Basis: Our legitimate interests or those of a third party in providing the best service to you efficiently and cost-effectively.
Purpose: Ensuring the confidentiality of commercially sensitive information and compliance with legal and regulatory obligations.
Basis: Our legitimate interests or those of a third party in safeguarding trade secrets and adhering to legal and regulatory mandates.
Purpose: Statistical analysis to manage business aspects like financial performance, customer base, service range, and efficiency measures.
Basis: Our legitimate interests or those of a third party in delivering an efficient, cost-effective service to you.
Purpose: Updating and enhancing customer records and responding to inquiries.
Basis: Performance of our contract with you, taking pre-contractual steps at your request, compliance with legal and regulatory obligations, and our legitimate interests in maintaining customer communication.
Purpose: Statutory returns.
Basis: Compliance with legal and regulatory obligations.
Purpose: Ensuring safe working practices, staff administration, and assessments.
Basis: Compliance with legal and regulatory obligations and our legitimate interests in effective internal procedures for optimal service.
Purpose: Conducting marketing campaigns, including delivering advertisements, newsletters, promotions, recommending services, measuring advertising effectiveness, improving our Site, services, and conducting market research and surveys.
Basis: Consent for marketing campaigns, and our legitimate interests in promoting our business to existing and former customers.
Purpose: Credit reference checks through external credit reference agencies.
Basis: Our legitimate interests or those of a third party in ensuring our customers can meet payment obligations.
Purpose: External audits and quality checks, such as ISO or Investors in People accreditation and account audits.
Basis: Our legitimate interests or those of a third party in upholding our accreditations and compliance with legal and regulatory obligations.
Purpose: Managing your account, including creating and managing your account, communicating about fees and membership terms, informing you of relevant products and services, and enabling participation in interactive features.
Basis: Performance of our contract with you, taking pre-contractual steps at your request, and our legitimate interests in maintaining customer relations and product updates.
We may utilize your personal data to transmit updates (via email, text message, telephone, or post) regarding our services, encompassing exclusive offers, promotions, and new services.
Our legitimate interest underpins the use of your personal data for marketing purposes (as detailed in the ‘Use of Information’ section above). This implies that, in most cases, we do not require your consent to forward marketing information. Nevertheless, should consent be necessary, we will request it explicitly and independently.
You have the prerogative to opt out of receiving marketing communications at any time, and you can do so by reaching out to us at firstname.lastname@example.org.
We might seek to verify or amend your marketing preferences if you solicit further services from us in the future, or in response to alterations in laws, regulations, or the configuration of our business.
Rest assured, your personal data will always be handled with the utmost respect, and we will never distribute it to other organizations for marketing objectives.
Recipients of Your Personal Information
As part of our operations, we regularly disseminate personal information to:
- Third parties who assist in delivering our products and services, such as payment service providers, suppliers, and business associates.
- Other third parties who support the functioning of our business, including marketing agencies, mailing service providers, system providers, accounts payable, website hosts, our financial institutions, and courier services.
- Third parties authorized by you, like social media platforms you choose to connect your account with or third-party payment providers.
- Credit reference agencies, HM Revenue & Customs, regulators, and other authorities that may act as processors requiring reporting of processing activities in certain circumstances.
We will only allow our service providers to handle your personal data if we are convinced that they have adopted appropriate measures to safeguard it.
Additionally, we impose contractual obligations on service providers to ensure that they can solely utilize your personal data to furnish services to us and to you. We may also disclose personal information to external auditors.
Should the need arise, we may divulge and exchange information with law enforcement agencies and regulatory bodies to fulfill our legal and regulatory obligations.
Furthermore, we might be required to share certain personal information with other parties, particularly potential buyers of portions or the entirety of our business or in the context of a business reorganization. Typically, the data shared will be anonymized, although this may not always be feasible. The recipient of this information will be bound by strict confidentiality commitments.
STORAGE OF YOUR PERSONAL INFORMATION
Information may be retained at our offices and at the locations of our third-party agencies, service providers, representatives, and agents, as elaborated upon previously (refer to ‘Who we share your personal information with’ above).
DURATION OF PERSONAL INFORMATION RETENTION
Your personal information will be retained for as long as you maintain an account with us or while we continue to provide products and services to you. Following this period, your personal information will be kept for the necessary duration:
- To address any inquiries, complaints, or claims made by you or on your behalf.
- To demonstrate that we have treated you fairly.
- To maintain records required by law.
TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE UK
On occasion, it is essential for us to share your personal data outside the UK to offer services to you. This primarily pertains to individuals located outside the UK. When transferring your personal data to a country or international organization outside the UK, we must adhere to data protection laws. This process is subject to certain conditions, which are delineated below:
We may transfer your personal data to specific countries based on an adequacy decision. These countries include:
- All European Union countries, along with Iceland, Liechtenstein, and Norway (collectively known as the ‘EEA’).
- Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay.
The list of countries with adequacy decisions may change periodically. We will always endeavor to rely on an adequacy decision when one is applicable.
For other countries we may transfer personal data to, in the absence of an adequacy decision, it does not necessarily indicate inadequate data protection. In such cases, we must explore alternative grounds for the transfer, which include ensuring appropriate safeguards are in place or relying on specific exceptions, as further detailed below.
TRANSFERS WITH APPROPRIATE SAFEGUARDS
In cases where no adequacy decision is in place, we can transfer your personal data to another country if we are confident that the transfer complies with data protection regulations. To achieve this, we must have appropriate safeguards in position and provide enforceable rights and effective legal remedies for data subjects.
Typically, these safeguards entail using legally approved standard data protection contract clauses. If you require a copy of these standard data protection contract clauses or more information regarding relevant safeguards, please don’t hesitate to contact us (refer to ‘How to contact us’ below).
TRANSFERS UNDER AN EXCEPTION
In situations where no adequacy decision or appropriate safeguards are available, we may transfer personal data to a third country or international organization when an exception is applicable under relevant data protection laws. Such exceptions include:
- Your explicit consent to the proposed transfer, following adequate information regarding the potential risks.
- Necessity of the transfer for executing a contract between us or initiating pre-contract measures upon your request.
- Necessity of the transfer for a contract in your interests, involving us and another party.
- Necessity of the transfer to establish, exercise, or defend legal claims.
Additionally, we may transfer information for the purpose of our compelling legitimate interests, provided such interests are not overridden by your interests, rights, and freedoms. Specific conditions apply to such transfers, and we will supply pertinent information when and if we seek to transfer your personal data on this basis.
EUROPEAN COMMISSION ADEQUACY DECISION
The European Commission has the authority to assess whether a country or international organization affords an adequate level of personal information protection. If such a determination is made, it results in an ‘adequacy decision,’ meaning personal information can flow from the UK to that country without the need for additional safeguards.
Issuing an adequacy decision can take several years, and only a limited number of countries currently benefit from this status.
For additional details regarding data transferred outside the UK, we invite you to reach out to us (please see the ‘How to contact us’ section below).
You possess the following rights, which you can exercise without incurring any charges:
- Access: The right to obtain a copy of your personal information (the right of access).
- Rectification: The right to request corrections to your personal information.
- To be forgotten: The right to obtain a copy of your personal information and to request its deletion in certain situations.
- Restriction of processing: The right to obtain a copy of your personal information and to request the restriction of its processing in certain circumstances (e.g., if data accuracy is contested).
- Data portability: The right to obtain a copy of your personal information and request it in a structured, commonly used, and machine-readable format, or to transmit it to a third party in certain situations.
- To object: The right to object to your personal information being processed for direct marketing or other situations, including processing based on our legitimate interests.
- Not to be subject to automated individual decision making: The right not to be subject to decisions based solely on automated processing that significantly affect you or have legal effects.
For more information about these rights and when they apply, please don’t hesitate to get in touch with us or refer to the guidance provided by the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you intend to exercise any of these rights:
- Email us (details are provided in the ‘How to contact us’ section below).
- Provide enough information for us to identify you.
- Supply proof of your identity and address (e.g., a copy of your driver’s license or passport and a recent utility or credit card bill).
- Clearly specify the right you wish to exercise and the related information.
KEEPING YOUR PERSONAL INFORMATION SECURE
We have put appropriate security measures in place to prevent unauthorized access, use, or loss of personal information. Access to your personal information is restricted to individuals who genuinely require it for legitimate business purposes. Those processing your information are subject to confidentiality obligations.
Additionally, we have established procedures to address any suspected data security breaches. If required by law, we will notify you and the relevant regulatory authority in the event of a suspected data security breach.
For comprehensive information on protecting your data, computers, and devices against online threats, including fraud, identity theft, and viruses, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and prominent businesses.
UNITED STATES OF AMERICA – CALIFORNIA
HOW TO COMPLAIN
If you have any concerns or questions regarding your information’s use, we hope to address them satisfactorily. However, if necessary, the General Data Protection Regulation grants you the right to file a complaint with a supervisory authority. In the European Union or European Economic Area, this would be the state where you work, reside, or where the alleged data protection violation occurred. In the UK, the Information Commissioner’s Office (ICO) serves as the supervisory authority and can be contacted at https://ico.org.uk/concerns or by telephone at 0303 123 1113.
HOW TO CONTACT US
Should you wish to reach out to us, please send an email to email@example.com.
A cookie refers to a file that holds an identifier (comprising letters and numbers) transmitted by a web server to a web browser and retained by the browser. This identifier is subsequently sent back to the server whenever the browser requests a page from that server.
Cookies come in two primary types: “persistent” cookies and “session” cookies. A persistent cookie is preserved by a web browser and remains valid until its predefined expiration date unless the user removes it earlier. Conversely, a session cookie expires at the end of the user’s session, typically when the web browser is closed. It’s important to note that cookies generally do not contain information that directly identifies a user. However, personal data that we have about you may be linked to the information stored in and derived from cookies.
Furthermore, our service providers employ cookies that may be saved on your computer during your visits to our website.
Most web browsers provide options to decline or remove cookies. These methods may differ from one browser to another and across different versions.
WHAT ARE YOUR CHOICES REGARDING COOKIES?
Should you wish to delete cookies or instruct your web browser to erase or reject them, please get in touch with us.
However, it’s worth noting that deleting cookies or refusing to accept them may result in an inability to use all the features we provide, hinder your ability to save your preferences, and potentially affect the proper display of some of our web pages.
WHERE CAN YOU FIND MORE INFORMATION ABOUT COOKIES?
To acquire additional knowledge about cookies, you can visit the following third-party websites:
- AllAboutCookies: http://www.allaboutcookies.org/
Network Advertising Initiative: http://www.networkadvertising.org/