onePT Ltd (“onePT” or “We” or “Us”) is committed to protecting and respecting your privacy in line with current legislation. This privacy statement is relevant to anyone who is a member of onePT Ltd or interacts with us with legitimate interest in our service. It tells you what personal data is collected and what we do with that personal data.
As a member of onePT we will also use your Health data (a combination of Personal Data and Sensitive Personal Data) collected manually from you and from any personal health tracking devices or mobile applications that you may already use or is available for you to use via onePT to support your membership and the service we provide.
For each technology / system a member is able to create and update their own login details (User ID and password). We have liaised with these parties / suppliers to ensure that the password security is as secure as possible; e.g. length and complexity of password required, frequency of change – however onePT will not accept any responsibility or liability if an unauthorised person obtains and users your User ID and password. You must inform us or the appropriate Partner / Supplier should you believe your data / security has been compromised in any way.
ABOUT onePT Ltd.
onePT Ltd (“onePT” or “Us” or “We”) is a registered company in the United Kingdom (Company No.; Registered Office Address 21 Hare Hill Road, Littleborough Lancashire, OL15 9AD)
Service relates to the onePT membership and the products and services provided in being a onePT member
In the provision of the services offered by onePT, both Personal Data and Sensitive Personal Data will be collected and used.
Personal Data means data which relates to a living individual who can be identified from the data or from the data and any other information which is in the possession of, or likely to come into the possession of, the data controller.
Sensitive Personal Data means personal data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
We will also refer to the Data Controller.
The Data Controller means an organisation or person who determines the purposes for which and the manner in which any personal data are or are to be processed.
The Data Processor means any organisation or person who processes the data on behalf of the Data Controller
WHAT DATA WE USE
Data Category Purpose of Data Type of Data
Personal* Data We collect Personal Data at the point of contacting us via email, subscribing to any of our email lists, submitting a ‘contact’ form or purchasing the service. Name, Age, Phone Number, Home Address, Email.
Records of your communications with us, such as emails, survey responses, complaints regarding our products or service, made in any form including complaints made orally, by email, letter and / or by online contact form or submissions.
Information relating to contests or any promotions entered
Marketing communication, such as your response to marketing through us or through our third parties.
Sensitive Personal Data We collect Sensitive Personal Data after you have purchased the product as part of fulfilling the product/service. Ethnicity; Physical/mental health information; Biometric information
Cookies Cookies (small text files placed on your computer while using our site) may be used to assist with improving your site experience and to safeguard your privacy whilst browsing our site. For more information visit www.allaboutcookies.org Strictly necessary cookies; Performance cookies; Functionality cookies; Targeting/Advertising cookies
Browser Event Data Browser event data is collected during your visit to our website. This information is collected and processed to provide insights into user behaviour in order for us to continually improve our service. Device IP address; Device screen resolution; Device type; Country location; Preferred language; Mouse events; Keypresses; Log data
Web Beacons Webpages and HTML emails may also contain a small snippet of code called a web beacon. In their simplest form, web beacons allow a website to transfer or collect information through a graphic image request. onePT may use web beacons as part of the site, but only for fraud detection.
*As a member of onePT we will also you to provide Emergency Contact details. If you give us information on behalf of someone else, you confirm that the other person has agreed that you can give consent on his/ her behalf to the processing of his/ her personal data
WHO WE SHARE YOUR DATA WITH AND WHY
The onePT service is run by us with a number of third party service providers to provide the overall service. These companies will, as necessary, process your data in order for us to interact with you and / or fulfill the service you purchase from us.
The following parties are Data Controllers:
|onePT Ltd||Provides the overall service; Coordinates with and provides policy to Third Party Suppliers / Partners to fulfil the service.|
The following Third Party Partners / Suppliers are Data Processors and this table reflects their requirements to fulfill our service and the data we share / is collected by them in order to do so:
|Supplier||Purpose||What data we share / is required|
|MindBody||Membership Management System||Personal details such as title, full name
Contact details such as email address, contact number,
Date of birth,
Home address, including house name/ number, street name, town and county, post code
|PaySafe||Act as our card merchant and host your payment details for the purpose of any transactions you make to us||Full name, Address, Email, Phone Number, Credit / Debit card details|
|Infusionsoft||CRM system – to enable us to communicate with you via MindBody and also to interact with you via any marketing campaign||Personal details including name, contact number and email address|
|LiveSmart||Manage blood assessment service||Personal and sensitive personal data|
|Kinduct||Database & dashboard for all health and training data collected||Personal and sensitive personal data|
|Nudge||Health tracking App||Personal and sensitive personal data|
|Archon||Performance Platform||Personal and sensitive personal data|
|FirstBeat||They provide the kit and data collection tool to record stress and Heart Rate Variability||Personal and sensitive personal data|
|Shield Safety Group||Compliance Centre||Personal and sensitive personal data including accident records|
WHERE IS YOUR DATA STORED
During the service provided to a onePT member some personal and sensitive personal data will be retained as a hard copy.
Any data stored in this format will be kept in a locked file, in a locked room accessible by authorised staff only
For any data stored electronically either in the UK or overseas (e.g. US), onePT regularly checks that the Third Party / Partner has the appropriate security measures in place to ensure the database is secure.
Appropriate measures and checks are in place to ensure PCI Compliance (for Financial Data / Merchant Transactions) at all times.
HOW DO WE PROVIDE THE onePT SERVICE WITH OTHERS
This section explains the purposes to which we put your Personal Data and Sensitive Personal Data and explains the legal basis and legitimate interests we rely upon when we do so.
‘Legitimate Interests’ refers to our interests in conducting and managing our business. The particular interest which we are relying on in each case is explained in more detail below. When we use your data in our legitimate interests, we make sure to balance any potential impact on you and your rights under data protection laws. Our interests do not automatically override your interests.
We will never share the Personal Data or Sensitive Personal Data with any other parties except for the purposes of fulfilling our service and aggregated data or research, in which case all data we use would not be identifiable.
- To provide the onePT Service
What Data we use: Name, Email, Date of Birth, Address, Telephone Number, GP Information, Medical history, Medication information, Biometric Data, Dietary and exercise data
How We will use Data: We will use your Personal Data and Sensitive Personal Data to provide the service, including to manage our relationship with you, to verify your identity and eligibility to use our service and/or to contact you to provide and administer our service. Without this information, we cannot provide the onePT Service.
- To improve the service we offer to onePT members and / or guests or anyone who interacts with us.
What Data we use: Name, Email, Date of Birth, Address, Telephone Number
How we will use Data: We may use contact you for your feedback or use your information to improve the onePT service by creating pseudonymised reports and by contacting you to receive feedback. We can use your data in this way because we have a legitimate interest in improving and tailoring our service and keeping our customers happy.
- To conduct research and aggregated reports
What Data we use: Pseudonymised Personal Data and Sensitive Personal Data
How We will use Data: We may use this data to conduct research on the efficacy of our products and to identify where we can improve our product, or to provide aggregated anonymised reports to analyse the usage, uptake and efficacy of the products and services.
- To do what we are required to do by law
What Data we use: Name, Email, Date of Birth, Address, Telephone Number
How We will use Data: We may be required to retain or use your data if we have a legal duty or obligation to do so. This may be in the context of an employer and retaining certain employee data for a certain period of time, or it may be in the context of providing law enforcement agencies with data to aid with legal proceedings.
- To assist you where you may be at risk
What Data we use: Name, Email, Address, Telephone Number, GP Information
How We will use Data: We may use your Data to assist where your health or life is in danger. We can use your data in this way because it protects your vital interests.
HOW LONG CAN WE KEEP YOUR PERSONAL DATA FOR
We may only keep your personal data for as long as it is required for one of the reasons detailed in the above section.
We have policies about how we keep/store your personal data. The periods differ depending on the period and the purpose for which we are using your personal data and the nature of the personal data.
How long we keep the data is determined by the period we need to keep it for in line with fulfilling the service and our legal obligations.
We typically retain personal data for approximately 7 years from the point the data is no longer used however in some cases, such as legal requirements, we may be required to keep it longer.
When data is no longer required for its purpose, we ensure data is securely and irrevocably deleted from our system.
WHEN CAN YOU ASK US TO STOP USING YOUR DATA
We rely on consent and lawful basis for processing in order to fulfill the products and services we offer and also so we can contact you directly about the status of your product/service.
You can ask us to stop using your Data at any time, however in doing so we will be unable to continue providing the service.
In order to request that we stop using your data, you can send us an email to firstname.lastname@example.org stating that you wish for us to stop using your data immediately.
WHAT HAPPENS IF YOU DON’T GIVE US SOME OF YOUR DATA
It is entirely optional to provide consent for us to collect and process your data, however where you do not provide the Data we need in order to provide the requested onePT service or to fulfill a legal requirement, we will not be able to fulfill the service requested.
HOW TO CONTACT US ABOUT THIS PRIVACY STATEMENT
You may contact us at any time via email or post to query anything that may have come up from reading this statement.
Address: 21 Hare Hill Road, Littleborough Lancashire, OL15 9AD
We can be contacted at the addresses above for one or more of the following reasons:
- To ask Us to fix Personal Data about You that is wrong or incomplete, or delete Personal Data about You.
- To tell Us that You no longer consent to Us using Personal Data about You and to ask Us to stop. This would not invalidate Our use of the Personal Data prior to the withdrawal of consent.
- To tell Us to stop using Your Personal Data for direct marketing purposes.
- To ask Us to send You the Personal Data We have about You. This is sometimes called a "subject access request".
On or after 25 May 2018, We can also be contacted at the address above for the following reasons:
- To ask Us to provide You with the Personal Data You have provided to Us. We will provide the Personal Data in a CSV formatted document so that another organisation's software can understand that Personal Data. This is sometimes called a "data portability" right.
- To ask Us not to use Personal Data about You in a way that allows Our computer systems to make decisions about You.
- To request that We restrict use of Your Personal Data or to object to its use (including objecting to data used in Our "legitimate interests").
Sometimes We will not be able to stop using Your Personal Data when You ask Us to (e.g. where We need to use it because the law requires Us to do so).
You have the right to complain about how We treat Your Personal Data to the Information Commissioner's Office (the "ICO"). The ICO can be contacted at:
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Telephone: 0303 123 1113 (local rate) or 01625 545 745
- Email: https://ico.org.uk/global/contact-us/email/
CHANGES TO THIS PRIVACY STATEMENT
We may update this Privacy Statement from time to time. We will notify You of the changes where required by law to do so.
Last modified on 23/05/2018