Last updated: 6th February 2019
Global Fitness Holdings Ltd (trading as Sudor) (“us”, “our”, “we” or “Sudor”) is the controller of your personal data collected through the App. Sudor is committed to protecting and respecting your privacy.
The App is not intended for children and we do not knowingly collect personal data relating to children.
What information can we collect?
The personal data we collect from you may include:
- Identity Data which includes your name, date of birth and gender.
- Contact Data which includes your e-mail address, billing address and delivery address.
- Content Data which includes information stored on your device.
- Device Data which includes details about the mobile device you use and your mobile operating system.
- Financial Data which includes your bank account and payment card details.
- Transaction Data which includes details about payments to and from you and other details or services you have purchased from us.
- Technical Data which includes your IP address (or other online identifier), your login data and browser type and version.
- Profile Data which includes your username and password, your interests, preferences, feedback and survey responses.
- Usage Data which includes information about how you use the App and the services. For example, how long a fan takes to complete a workout or how many fans viewed a PTP’s workout.
- Marketing and Communications Data which includes your preferences in receiving marketing from us and our third parties.
- Location Data which includes your current location disclosed by GPS technology.
How is your personal information collected?
Information you give to us
When you use the App to register your account with us, complete a form, request marketing be sent to you, participate in social media functions, contact us by email or by post, take part in an online survey, post a comment, enter into competitions, report a problem or offer information to us directly via the App, we may collect, store and use the personal data that you disclose to us.
It is important that the personal data we hold about you is accurate and current. If you want to update the information you have previously given to us, please contact us at email@example.com.
Automated technologies or interactions
Each time you use our App, we will automatically collect personal data including Device, Content and Usage Data. We collect this data using technologies such as cookies or other similar tracking technologies.
We use this data for several different reasons. Firstly, we use it to ensure that the App works properly and that you are able to receive the full benefit of it. Second, we use the data to monitor online traffic and audience participation across the App. We undertake both of these activities because we have a legitimate interest in doing so.
Please refer to our Cookies Policy for further details.
We also use GPS technology to determine your current location. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.
Third parties or publicly available sources
We may also receive personal data about you from our third-party partners such as: analytics providers, advertising networks, social media providers and search information providers. In particular, if you choose to login to the App via your social media accounts, the social media business may provide us with certain information about you, such as your name and profile picture.
How and why do we use/share your personal data?
Lawful basis for processing your information
We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:
- Where you have asked us to do so, or consented to us doing so;
- Where we need to do so in order to perform a contract we have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation.
Here are some examples about how we may use the information we collect about you and the lawful basis we rely on to do so.
|Activity||Examples of the types of personal data we may collect||Lawful basis for processing|
|To install the App and register you as a new App user.||Identity, contact, profile, usage, marketing and communications and technical information.||Your consent|
|To process in-App purchases including managing payments and collecting money owed to us||Identity, contact, financial, transaction and device information.||Performance of a contract with you
Necessary for our legitimate interest (to recover debts due to us)
|To manage our relationship with your and notify you of changes to the App.||Identity, contact, profile and marketing communications information.||Your consent
Performance of a contract with you
Necessary for our legitimate interests (to keep records updated and to analyse how customers use our services)
Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions)
|To administer and protect our business and this App (including troubleshooting, data analysis and system testing.)||Identity, contact, technical and device information.||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security)|
|To deliver relevant content and advertisements to you.||Identity, contact, technical, profile, usage, device, content marketing and communications, location and technical information.||Your consent
Necessary for our legitimate interests (to develop our products/Services and grow our business)
We may use your personal data to contact you about our latest news, our products or our services (we call this marketing).
You will receive marketing communications from us if you have:
- subscribed to receive marketing communications from us; or
- purchased our products or services, and you have not opted out of receiving that marketing when we you provide us with your email address.
To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email, or you can also contact us.
We will get your express opt-in consent before we transfer your personal data to any third party for its own marketing purposes.
Sharing your personal data
Depending on how and why you provide us with your personal data we may share it in the following ways:
- we may share your personal data with any member of our company group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
- with selected third parties who we sub-contract to provide various services and/or aspects of the App’s functionality (see “Service Providers” below); and
- with analytics and search engine providers that assist us in the improvement and optimisation of this App as described above.
We may also disclose your personal data to third parties in the following events:
- if we were to sell or buy any business or assets, in which case we might disclose your personal data to the prospective seller or buyer of such business or assets as part of that sale;
- if Sudor or substantially all of its assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or if we are asked to provide your details to a lawful authority in order to aid in the investigation of crime or disorder; and/or
If you are a fan, we will share your Usage Data with PTPs you are subscribed to. We share this personal data because it provides PTPs with valuable insight in to their workouts and how they can be improved or optimised. It is therefore in our legitimate interest to share this personal data with PTPs as it develops our commercial relationships with PTPs and also helps grow our business and App.
Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfil the services we request, and we stipulate that they protect this data and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject. The following is a list of our trusted service providers we use:
- Application Developers
- Analytics Provers
- Payment Processors
- Client Relationship Management System Providers
Links to third party sites
For how long do we keep your personal data?
We will hold your personal information on our systems only for as long as required to provide you with the services you have requested, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Sudor takes the protection of your information very seriously. Where we have given you a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
International Data Transfers
Whenever we do transfer your personal data outside of the European Economic Area (“EEA”), we ensure that a similar degree of protection is afforded to it by ensuring that in most cases at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- we will only transfer data to the US, where the business we are transferring your personal data to is part of the Privacy Shield (which requires them to provide similar protection to personal data shared between Europe and the US); and
- where you we use certain service providers, we will use specific contracts approved by the European Commission which gives personal data the same protection it has in Europe.
By submitting your personal data, you agree to the terms of such transfers. If you would like more information about how the mechanism via which your personal data is transferred, please contact us.
Right of Access
You may, at any time, request access to the personal data we hold about you (you may have heard of this right being described as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Your Right to Rectification
You may request that we correct personal data that we hold about you which you believe is incorrect or inaccurate, though we may need to verify the accuracy of the new data you provide to us.
Your Right to Erasure
You may ask us to erase personal data if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”). If for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you what that reason is at the time we respond to your request.
Your Right to Object to Processing
You may object to processing of your personal data where we rely on legitimate interest for processing that personal data. You also have the right to object where we are processing your personal data for direct marketing purposes.We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.
Your Right to Restrict Processing
This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful, but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Your Right to Portability
We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Your Right to object to automated decision making and profiling
You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.
Your right to withdraw consent at any time
You may withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you, including the delivery of the App. We will advise you if this is the case at the time you withdraw your consent.
Exercising your rights
When you write to us making a request to exercise your rights, we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity.
You may also lodge a complaint with our lead supervisory authority, the Information Commissioner, or your local supervisory authority about any aspect of our handling or processing of your personal data. We would, however, appreciate the chance to address your concerns before you approach any supervisory authority, so please contact us in the first instance.