Version: HWPO - Privacy Policy V1
Publish date: 03-11-2022
Effective date: 07-04-2024
Welcome to the HWPO Training privacy policy.
HWPO Training respects Your privacy and is committed to protecting Your personal data. This privacy policy will inform You as to how We look after Your personal data when You visit Our Site (www.hwpotraining.com, shop.hwpotraining.com, app.hwpotraining.com and gym.hwpotraining.com) regardless of where You visit it from and tell You about Your privacy rights and how the law protects You.
The aim of Our Privacy Policy is to clearly outline to You:
We are the controller and We are responsible for Your personal data.
Our Site is not intended for under 16 and We do not knowingly collect data relating to anyone under 16 years of age.
Inside this Privacy Policy We identify which information is optional to provide to use Our service, and which information is critical.
To use the HWPO Training service We have made it easy for You to view which information We will store, and You can change Your preferences at any time at within Your account settings.
It is important that the personal data We hold about You is accurate and current. Please keep Us informed if Your personal data changes during Your relationship with Us.
You can delete Your account at any time and You can unsubscribe from email communication via the ‘unsubscribe’ link at the bottom of each email, and SMS communication via the ‘STOP’ link in each message.
We use industry standard efforts to safeguard the confidentiality of Your personal identifiable information, such as firewalls and Secure Socket Layers where appropriate.
If You have any questions about this Privacy Policy, including any requests to exercise Your legal rights, please contact Us at contact@hwpotraining.com.
Third-party links
Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about You. We do not control these third-party websites and are not responsible for their privacy statements. When You leave Our Site, We encourage You to read the privacy policy of every website You visit.
We have separated the remainder of the Policy into the following sections:
HWPO Training is an online health and fitness training tool where individuals can follow HWPO Training fitness tracks.. The full feature set for both parties can be seen on our site.
We require certain information from You in order to run the HWPO Training service. The following information in the table below is deemed as critical to Our business, depending on how much You interact with Us (for example: We need more information from You if You purchase from Us, compared to if You simply sign up for an account). For avoidance of doubt, this information does not include instances where HWPO Training may need to use Your data to comply with legal and/or regulatory purposes
We will only use Your personal data when the law allows Us to. Most commonly, We will use Your personal data in the following circumstances:
Generally, We do not rely on consent as a legal basis for processing Your personal data although We will get Your consent before sending third party direct marketing communications to You. You have the right to withdraw consent to marketing at any time by contacting Us.
For more information please see the Glossary below.
Information We Use
How & Why We may use the data provided
When does this become critical?
Lawful basis for processing including basis of legitimate interest
To be able to log in.
To contact You if there if there are notifications on Your account, for example if You have a new client
Customer service may use this to verify Your identity and assist You.
Fraud detection and prevention against You or Us.
Account verification purposes.
To manage Our relationship with You which will include:(a) Notifying You about changes to Our terms or privacy policy(b) Asking You to leave a review or take part in a survey
When You sign up to the service.
Ongoing management of Our relationship with You
Performance of Our contract with You
Your Full Name
To allow You to be found by other users on the platform, for example to find You for messaging purposes.
Customer service may use this to verify Your identity and assist You.
Fraud detection and prevention against You or Us.
When You sign up to the service.
Performance of Our contract with You
Your Date of Birth
To ensure You are of legal age to use HWPO Training (16+).
Fraud detection and prevention against You or Us.
When You sign up to the service.
Performance of Our contract with You
Necessary to comply with a legal obligation
Gender (optional)
To help Us identify product deals more relevant to You, and filter training performances.
When You sign up to the service.
Necessary for Our legitimate interests (to study how customers use Our products/services, to develop them, to grow Our business and to inform Our marketing strategy)
Product purchase details and history
To help customer service to verify Your identity and to help with support issues.
Fraud detection and prevention against You or Us.
When You sign up to the service.
Performance of Our contract with You
Necessary for Our legitimate interests (to study how users use Our service, to develop them and grow Our business)
Credit card information
(This information is actually collected by Our payment service provider)
We do not keep a record of Your credit card information, We use a secure 3rd-party service (currently Stripe) to process payments.
When You make an order, so Stripe can take payment and make actions in the future.
When Stripe take or receive payments on Your behalf.
Performance of Our contract with You
Necessary for Our legitimate interests (to recover debts due to Us)
Anonymous Aggregate data
To create internal reports, test Our IT systems, research, data analysis, improving Our Site, building & developing Our Website or developing new products or services.
We only use and share this information with third parties when it is anonymous i.e. without identifying information
We use anonymous aggregated data at all times on Our service.
Necessary for Our legitimate interests (to study how customers use Our products/services, to develop them, to grow Our business and to inform Our marketing strategy)
We will only use Your personal data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If You wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact Us.
If We need to use Your personal data for an unrelated purpose, We will notify You and We will explain the legal basis which allows Us to do so.
Please note that We may process Your personal data without Your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Technical information, including the Internet protocol (IP) address used to connect Your computer to the Internet, Your login information, browser type and version, time zone setting, GPS location, device, browser plug-in types and versions, operating system and platform.
Information about Your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from Our site (including date and time); products You viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Marketing and Communications Data including Your preferences in receiving marketing from Us and Our third parties and Your communication preferences.
We may combine this information with information You give to Us and information We collect about You. We may Use this information and the combined information for the purposes set out above (depending on the types of information We receive).
We do not collect any Special Categories of Personal Data about You (this includes details about Your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about Your health, and genetic and biometric data). Nor do We collect any information about criminal convictions and offences.
We do not sell or intend to share any of Your personal details to or with third parties, excluding instances and purposes listed in this section.
We share some data with the following third parties in order for Us to carry out business, deliver a great customer service experience to You and improve Our business. As the service evolves We may add services to this list.
Further information about 3rd parties that may store data about You (either anonymous or identifiable) about You can be found in Our Cookie Policy.
3rd Party
URL
Why we use this service
Coaches
We may share your email address with any Coach that you engage with using our service. You may at any time ask us not to share your email address with your Coach using the option available in your Account.
Google Analytics
We use Google Analytics to track anonymous data about Our Site and service usage. Google collects data via a cookie on Our Site
Stripe
Stripe is a payment processor who stores and manages Our online transactions. We will send them all information relating to payment and order details You provide.
Facebook
Instagram
Twitter
LinkedIn
We use Our social channels to feed organic information about HWPO Training and also, where permission is granted (see section 3) for multiple format targeting and re-targeting campaigns. Facebook targets its own users, We also send cookie data for the remarketing and basket abandonment where permission is granted.
Intercom
We use Intercom for Our live chat services and to send ad-hoc in-platform and email messages to Our users.
Circle
Circle.so is a community management platform that allows creators to build their own paid (or free) online communities from scratch.
We may provide further data to third parties not listed above, but before We do so We ensure that all data is anonymous meaning it cannot be identified as You.
There are three reasons where We may share Your data with 3rd parties that We have not listed here:
We require all third parties to respect the security of Your personal data and to treat it in accordance with the law. We do not allow Our third-party service providers to use Your personal data for their own purposes and only permit them to process Your personal data for specified purposes and in accordance with Our instructions.
Part of the role of the HWPO Training team is to market Our products and services to enable more people to register with Our service. To do so We use a number of different 3rd parties to help Us with these initiatives. Those 3rd parties are listed in Section 2, and unless stated otherwise, anonymised information about Your interactions with HWPO Training is sent to these services. We see these anonymised transfers of data as critical to the running and future success of Our business and You cannot opt-out of them if You use HWPO Training.
In addition to the anonymised data We send to 3rd parties, We may ask permission from You to use extended data to help give You a better service. A better service may include (but is not limited to) the ability for Us to personalise Our email communication to You based on identifiable information (e.g. name, DOB).
For this We will ask You to opt-out of Our marketing initiatives; You will automatically be opted-in to these services when You join HWPO Training. If at any stage You would like to opt-in or opt-out You can do so in Your account settings.
The additional data We will request permission to use to send to 3rd parties is as follows:
Data provided by You
Use
Email address
To identify You on 3rd party services and internally.
Phone number
To identify You on 3rd party services and internally.
Name
To improve user experience with email and advertising personalisation and re-targeting
Date of birth
Helps Us identify product deals more relevant to You based on purchases of other people in Your age demographic
Gender (optional)
Helps Us identify product deals more relevant to You, and improve service based on learnings of others similar to You.
We keep Your information for as long as it is seen necessary to uphold Our obligations to: deliver Your training plan order, keep Your historic training data, fulfil Our obligations to You in connection with Our service, meet government regulations (for example: relating to accountancy) improve Our service to You, prevent fraud and for law enforcement purposes.
We keep back-ups of Our Site for 30 days.
If reasonably necessary or required to meet legal or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce Our terms and conditions, We may also keep hold of some of Your information as required, even after You have closed Your account, or it is no longer needed to provide the services to You.
To give You a better understanding, We usually keep financial records (including information about orders & transactions) for 7 years. We will keep top-level information (for example relating to the total quantity of sales transacted in any year) for as long as We as a business deem it useful.
You have the following rights when it comes to Your personal information
If You want to exercise Your rights, or have any questions or concerns please contact Us at contact@hwpotraining.com.
Right To Be Forgotten
Users also have the legal right to request deletion of any personally identifiable information. We will adhere to this request where the deletion of information does not impact Our commitment to uphold any financial or legal requirements We must undertake to operate.
We may be required to keep anonymous training plan details, such as the schedule of all a coach’s plans that have been purchased by other users. We do so, so those users that have purchased this information do not lose access to their historic data when You close Your account. Your name, DOB and email will not be linked to this stored data.
What We may need from You
We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Your personal data (or to exercise any of Your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact You to ask You for further information in relation to Your request to speed up Our response.
Time Limit To Respond
We try to respond to all legitimate requests within one month. Occasionally it could take Us longer than a month if Your request is particularly complex or You have made a number of requests. In this case, We will notify You and keep You updated.
No Fee Usually Required
We do not anticipate that You will have to pay a fee to access Your personal data (or to exercise any of the other rights). However, We may charge a reasonable fee if Your request is clearly unfounded, repetitive or excessive. Alternatively, We may refuse to comply with Your request in these circumstances.
We may need further data from You
We may need to request specific information from You to help Us confirm Your identity and ensure Your right to access Your personal data (or to exercise any of Your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
All information You provide to Us is stored on Our hosting provider’s secure servers (currently OVH). Where We have given You (or where You have chosen) a password which enables You to access certain parts of Our site, You are responsible for keeping this password confidential. We ask You not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do Our best to protect Your personal data, We cannot guarantee the security of Your data transmitted to Our site; any transmission is at Your own risk. Once We have received Your information, We will use strict procedures and security features to try to prevent unauthorised access.
Many of Our external third parties are based outside the United States of America so their processing of Your personal data will involve a transfer of data outside the United States of America.
Whenever We transfer Your personal data out of the United States of America, We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact Us if You want further information on the specific mechanism used by Us when transferring Your personal data out of the United States of America.
We have put in place appropriate security measures to prevent Your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, We limit access to Your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your personal data on Our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify You and any applicable regulator of a breach where We are legally required to do so.
We keep Our privacy policy under regular review. This version was last updated on 03/11/2022.
We will make changes to Our Privacy Policy from time to time. We suggest You always take time to read any changes before continuing to use Our service.
We have a separate Cookie policy, this can be found here.
Legitimate Interest means the interest of Our business in conducting and managing Our business to enable Us to give You the best service/product and the best and most secure experience. We make sure We consider and balance any potential impact on You (both positive and negative) and Your rights before We process Your personal data for Our legitimate interests. We do not use Your personal data for activities where Our interests are overridden by the impact on You (unless We have Your consent or are otherwise required or permitted to by law). You can obtain further information about how We assess Our legitimate interests against any potential impact on You in respect of specific activities by contacting Us.
Performance of Contract means processing Your data where it is necessary for the performance of a contract to which You are a party or to take steps at Your request before entering into such a contract.
Comply with a legal obligation means processing Your personal data where it is necessary for compliance with a legal obligation that We are subject to.