SweatCo Ltd is a company incorporated in England (registration number 9242159) whose registered office is c/o OHS Secretaries Limited, 9th Floor, 107 Cheapside, London, EC2V 6DN (hereafter referred to as “SweatCo”, “we” or “us” as the context may require). SweatCo is registered as a Data Controller with the UK’s Information Commissioner’s Office (registration number ZA182331).
MINIMUM AGE REQUIREMENT
Please note that you must be aged 13 years or older to use the Services. Please do not use the Services or provide us with any personal information if you are under 13 years of age.
INFORMATION WE MAY COLLECT FROM YOU
From time to time, we may collect or ask you to provide personal information including (without limitation) the following: your name, mobile phone number, email address, password, identification credentials, your contacts, biographical details, photographs and/or payment information.
We also automatically collect, store and use information about your use of the Services, and about your computer, tablet, mobile or other device through which you access the Services. This includes the following information:
- Technical Data: including the Internet protocol (IP) address, browser type, internet service provider, device identifiers, your login information, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location; and
- Usage Data: including the full Uniform Resource Locators (URL), clickstream to, through and from the SweatCo Websites, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), date and time pages are accessed, website navigation and search terms used, and whether you have opened our marketing newsletters.
We may also automatically record the purchases you have made through the Sweatcoin App or SweatCo Websites using Sweatcoin (“Transaction Data”) to obtain an understanding of your preferences so that we can provide you with more tailored marketing where appropriate.
As part of the Services, we may provide functionality allowing you to search for friends by using your Facebook credentials and, when you elect to do this, you will be asked to allow the Sweatcoin App to access certain information associated with your Facebook account such as your name, profile picture, gender and list of friends. Provided you consent to this, such information will be processed by us in order to identify your Facebook friends who are users of Sweatcoin App and to allow you to invite those Facebook friends to install the Sweatcoin App.
Please note that, with your consent, we will collect information about your location and physical movements in order for the Sweatcoin App to function properly and monitor and verify forms of eligible movement. You may turn location monitoring on and off from time to time using the settings of your operating system of your mobile device but, if you disable this functionality, we will not be able to collect information relating to your step-count and GPS/Cell-ID location which will prevent tracking and/or conversion of your movement into Sweatcoins.
We work with third parties from time to time (including, for example, Apple HealthKit, Near Foundation, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers and search information providers who may provide to us information about you. This may include your purchase history from business partners who supply you with rewards made available via the Sweatcoin App.
USES MADE OF YOUR PERSONAL DATA
As a data controller, we will only use your personal data if we have a legal basis for doing so. The table at Annex 1 sets out the purposes for which we use your personal data as well as the relevant legal bases on which we do so.
WHO WE SHARE YOUR PERSONAL DATA WITH
We may share your personal data with the following recipients as necessary to achieve the purposes set out in Annex 1 or as otherwise described below:
- Other users. Certain information of your personal data may be shared with other users of the Sweatcoin App as part of the normal operation of the Services (for example your uploaded profile picture and biographical information will be accessible to all users, and we may publish your total verified steps, or other movement, during a particular period to other users from time to time).
- Service providers. We may share your personal data with third party service providers that perform services for us or on our behalf, which may include providing data hosting, customer relationship management, payment processing and analytics services.
- Business partners. We may share your personal data with our trusted business partners in order that they can contact you from time to time with offers that may interest you and/or inform you of other products or services, provided you have given your consent for us to do so.
- Law enforcement, regulators, governmental authorities and other parties for legal reasons. We may share your personal data with third parties if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or our safety, or the safety of our users, a third party, or the public.
- Purchasers and third parties in connection with a business transaction. If we are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, we may disclose your personal data as part of that transaction.
In addition, we may share your personal data with other third parties if you have provided your consent for us to do so.
We may transfer your personal data outside of the country where you are located.
If you are located in the UK or EEA, your personal data may be transferred to countries which do not provide the same level of protection for personal data as that provided for under UK and EEA law.
Where we transfer your personal data to a country which is not recognised by the UK government or EU Commission (as applicable) as ensuring an adequate level or protection for personal data, we will ensure that relevant safeguards are in place to ensure the adequate protection for your personal data (for example, by entering into standard contractual clauses with the recipients of your personal data).
Further details regarding the relevant safeguards we implement can be obtained from us on request at [email protected]
with the subject ‘international transfers’.
Your personal data will be kept only for as long as is necessary to fulfil the purposes set out in this policy, for as long as we are required to do so by law or any regulatory obligation.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We take reasonable industry-standard care in keeping all our data secure and in preventing any unauthorised access or unlawful use of it.
Depending upon where you are located, you may have the following rights in respect of your personal data under applicable data protection law:
To ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing (i.e. “opt out”) by clicking ‘unsubscribe’ at the bottom of our marketing emails or by emailing [email protected], with the subject ‘unsubscribe’.
- To change your personal information we hold about you. You can exercise your right by accessing your Account information in our app (Open Sweatcoin app -> Your Account Screen -> Edit (on Android) or Pencil icon (on iPhone) -> Change your details -> Save).
- To ask us about the personal information we hold about you and to request a copy of your personal information. You can exercise your right to access this information by emailing [email protected], with the subject ‘data access request’.
- To delete your account and any personal information we hold on you. You can exercise your right to delete your Sweatcoin account and the personal information attached to it yourself, by triggering an account deletion via the Help section within the Sweatcoin app (Open Sweatcoin app -> Your Account Screen -> Settings -> Help -> Contact us -> Choose your problem = Delete Account).
- To object to any use of your personal data that we carry out on the basis of our legitimate interests (as set out in Annex 1), subject to certain conditions.
- To receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person, in each case subject to certain conditions.
- To withdraw consent to our processing of your personal data if this is based on your consent (as set out in Annex 1).
- To require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the data is contested by you.
Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
If you wish to exercise one of these rights, please follow the steps set out above or contract us using the details set out below.
If you wish to lodge a complaint about how we process your personal data, please contact us using the details set out below. We will endeavour to respond to your complaint as soon as possible.
You also have the right to lodge a complaint to your national data protection authority. The relevant data protection regulator in the UK is the Information Commissioners Office (https://ico.org.uk/concerns
If you are resident in the EEA, you can find details regarding your local data protection regulator here
The Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such websites or services and is subject to those operators’ policies governing privacy and security, even if accessed via the Sweatcoin App or SweatCo Websites. We are not responsible for the content or privacy and security practices and policies of third-parties to which links or access are provided through the Sweatcoin App or SweatCo Websites. We encourage you to learn about third parties’ privacy and security policies before providing them with your personal data.
with subject line “enquiry”.
ANNEX 1 – PURPOSES OF COLLECTING PERSONAL INFORMATION
The Sweatcoin App’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy
, including the Limited Use requirements.
We use the following categories of personal data in the manner specified below, and rely on the following legal basis for processing:
Contact Details (phone number): We use this data to verify your identity as part of our account set up procedure. Our legal basis for processing this data is because it is in our and your legitimate interests to ensure that you have used the correct phone number when signing up for the Services.
Contact Details (email address, phone number etc.), profile information (username, profile photo, bio etc.), movement data (motion data, HealthKit data): We use this data to provide the Services, including operating the Sweatcoin Marketplace (using our own systems and those of appropriate third party service providers). Our legal basis for processing this data is based on performance of a contract (our terms and conditions).
Location Data (iOS only): We use this data to verify your physical movement and location and issue Sweatcoins on the basis of this verified data. Our legal basis for processing this data is based on consent (where we are processing location data) and performance of a contract.
Movement data (Healthkit / Google Fit steps data): We use this data to verify your physical movement and issue Sweatcoins on the basis of this verified data. Our legal basis for processing this data is based on consent and performance of a contract.
Contact Details (email address, phone number etc.), payment details (card number, CVC etc.), profile information (username): We use this data to process your transactions with us. Our legal basis for processing this data is based on performance of a contract.
Profile Information (username, profile photo etc.), movement data (motion data, HealthKit data, Google Fit data): We use this data to create daily leader boards of users, comprising all users or users meeting particular criteria as ranked by the number of steps completed or using other criteria. Our legal basis for processing this data is because it is in our legitimate interests to make our services social and competitive and allow you to see how you rank against other users and encourage you to walk more.
Contact Details (phone number): We use this data to connect you with other users and allow you to invite contacts to use the Services. Our legal basis for processing this data is because it is in our legitimate interests to make our services social and allow you to interact with friends when using the Services.
Transaction Data and Order History: We use this data to obtain an understanding of your preferences and to maintain accounts and records. Our legal basis for processing this data is because it is in our legitimate interests to understand our users’ preferences so we can improve the Services and the offers we display on the Sweatcoin App; and because it is in compliance with a legal obligation.
Contact Details (phone number, email address, social media accounts), marketing preferences (records of consents): We use this data for Marketing and advertising (including sending you marketing emails, carrying out online behavioural advertising and measuring the effectiveness of our marketing). We also use this data to share your contact details with trusted business partners for marketing purposes. Our legal basis for processing this data is consent (if required under applicable law). Where consent is not required under applicable law, such processing is necessary in our legitimate interests, namely to develop and grow our business.
Profile Information (username, profile photo, bio etc.), usage data, transaction Data, movement data (motion data, HealthKit data, Google Fit data): We use this data to investigate and/or prevent suspected fraud or other criminal activities, to investigate disputes between users, and for Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures. Our legal basis for processing this data is because it is in our legitimate interests to resolve and protect ourself and users of the Services, the Sweatcoin App and the SweatCo Websites against harmful activities; it is in our legitimate interests to ensure that disputes between users are resolved and appropriate action is taken against users breaching the rules; and because it is in our legitimate interests to be as efficient as we can so we can deliver the best services to you.
Profile Information (username, profile photo, bio etc.), usage data, technical data): We use this data to correct errors and problems with the Services, and to protect the security of systems and data. Our legal basis for processing this data is because it is in our legitimate interests to monitor the Services to ensure that it functions properly and is secure; to comply with our legal and regulatory obligations; and because it is also in our legitimate interests to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.
Technical Data and Usage Data: We use this data to analyse the usage of the Services, including for the purposes of improving the Services and to ensure that content is presented in the most effective manner for you. Our legal basis for processing this data is based on consent.
Contact Details (email address, phone number etc.), profile information (username, profile photo, bio etc.): We use this data to enforce legal rights or defend or undertake legal proceedings. Our legal basis for processing this data is because it is in our legitimate interests or those of a third party, i.e. to protect our business, interests and rights or those of others.
ANNEX 2 – COOKIES
What are cookies
Cookies we use
The types of cookies we may use include:
Strictly Necessary Cookies, which are required for the operation of the Sweatcoin App and SweatCo Websites. They include, for example, cookies that enable you to log into secure areas of our websites;
- Analytical/Tracking Cookies, which allow us to recognise and count the number of visitors and analyse use of the Services, as well as to verify transactions; and
- Advertising and Retargeting Cookies, which allow us to generate appropriate advertising directed to you on the SweatCo Website(s) as well as on the Sweatcoin App and other third party websites.
We use a number of industry-standard data analytics tools, such as Google Analytics and Facebook Analytics. These collect certain information about you, such as your device’s IP address and browsing and usage behaviour, and are used to allow us to track and monitor the traffic visiting the Sweatcoin App and SweatCo Website(s).
We will ask for your permission (consent) to place cookies on your device when using the SweatCo Websites, except where these are essential for us to provide you with a service that you have requested.
How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of our websites.
To find out more about cookies, including how to see which cookies have been set and how to manage and delete them, you can visit the third party website: www.allaboutcookies.org