PRIVACY POLICY

1. Who are we?

1.1 At Healthy Ambitions Limited trading as Heliix ("we", "us", "our") we are committed to protecting and respecting your privacy, whilst striving to provide the very best user experience. We work very hard to keep your information safe and we want our in-gym purchase services to be safe and enjoyable for everyone. We also recognise that it is important for you to understand how we use your personal information.

1.2 This privacy policy (and any other documents referred to in it) describes the way we will process and use any personal information about the users of the Heliix app ("App"). Please read this privacy policy carefully to understand our practices regarding your personal information and how we will treat it. Please also ensure that you read our MOBILE TERMS OF USE which apply to your use of this App.

1.3 We have a legal duty to protect personal information that we collect under the Data Protection Act 2018 (the “DPA”) and the General Data Protection Regulation (EU) 2016/679, (the “GDPR”). For the purpose of the DPA and GDPR, we (Healthy Ambitions Limited) are the data controller (in other words, the organisation that determines how your personal information is used) and are located at 5th Floor, 167-169 Great Portland Street, London, W1W 5PF. Our contact details are set out in part 9 below.

2. Personal information we collect, how we use it and our lawful basis for processing

2.1 We may collect and use various types of personal information about you when you use our App. Details of this information, together with an overview of the way that we use it and our lawful bases for the processing in each case are set out below:

When you create an account on our App

a) In order to use our App, you will be required to create an account and we will ask you to provide certain details as part of your account setup. This will include your name and contact details and require you to register a debit or credit card to make purchases. If you login to the App via Facebook, we will process the personal data that you choose to share with us. 

• We collect this information so we can fulfil our contract with you and ensure that you are able to make purchases using our App when you need to. 

When you upload a profile photo to the App

b) You have the option to upload a profile photo to your account. Your profile photo is used in store to verify your identity. However, you must have a profile photo if you wish to use the App to collect your purchases in-store.

• We collect this information so we can fulfil our contract with you and ensure that you are able to make purchases using our App when you need to. 

When you make a purchase via our App

c) The App captures your geographic location when you attempt to “check in” to one of our cafes. We do this to identify which cafe you are in or near to allow you to pay using the Heliix App, and to provide an enhanced visitor experience (for example, through digital loyalty cards). We will only capture this location information with your consent and you can withdraw your consent at any time by disabling location data in your 'My Account' area on the App or by turning location services off on your device. When you make a purchase, we will process your transaction data and your payment details. 

• We process this information based on your consent (for the use of your location data) where you have given us permission to do so and for the purposes of fulfilling our contract with you. 

Using the App

d) We will collect and use information about you when you use our App. This may include device data, usage data, IP address and location data. We use this data to Improve the functionality and performance of the Heliix App. This data also helps us understand how people use the Heliix App and how many people use the different functions within the Heliix App.

• We have a legitimate interest to collect and use this information either directly, or through our App solution provider in order to enhance your Heliix experience. Where we rely on our legitimate interests, we'll always ensure that your rights are protected.

Marketing communications, promotions, surveys and social media

e) We shall use the personal data that you have provided to us to contact you with certain marketing messages (e.g. marketing e-mails) where you have told us you are happy to receive them. We may also use data we collect from you (either directly or via our websites or advertising) to help us to measure the effectiveness of our advertising and to establish what interests you and what doesn't.

• We rely on your consent or our legitimate interests to contact you directly with marketing communications. In other scenarios in carrying out efficient and appropriate marketing and advertising for our services, we will rely on our legitimate interests, whilst always ensuring that your rights are protected. You can withdraw your consent or opt out of our direct marketing at any time through the 'unsubscribe' option in any marketing email and in the 'My Account' section of the App. 

f) We may collect your contact details (and any other information you provide us) when you enter into competitions or promotions, or complete surveys.

• We will rely on your consent or on our legitimate interests (depending on whether we are marketing or carrying out market research), whilst always ensuring that your rights are protected.

g) We may collect details about you, such as your user name, when you engage with us on social media (by mentioning or tagging us in a post or contacting us directly) this is so that we can respond to any comments and queries you have.

• We rely on our legitimate interests to do this as we want to ensure our customers have the best possible experience, whilst always ensuring your rights are protected.

Administrative or other business purposes

h) We may collect certain other information that you give us, for example, when you contact us for a particular reason other than those set out above such as to report problems with our App.

• It is in our legitimate interests as a business to use your data in this way, for example, we have a clear interest in ensuring that our App works properly and in ensuring that we operate our business efficiently. We will always ensure that your rights are protected.

We also use the information that we process about you to analyse and find out more about our general customer base as a whole (and not to find out more about you as an individual) to ensure that the promotions, products and services that we offer are most likely to interest our customers.

• We have a legitimate interest to use your information in this way to make sure that we are providing you with the information that we think is most relevant to you. Where we rely on our legitimate interests, we'll always ensure that your rights are protected.

3. How we share personal information

3.1 In order to make sure that we run our business efficiently, and to make sure that you get the service that you expect, we will need to share your personal information, from time to time, as necessary, with the following third parties:

a) Selected trusted third-party business partners and service providers (such as the operators of our stores and our payment providers) to perform services related to the contracts we enter into with you, or where we have a legitimate interest to do so.

b) Prospective buyers of our business or assets, which may include your personal information.

c) Any other third parties if necessary to comply with legal obligations or enforce agreements, such as with law enforcement agencies, regulatory bodies or public authorities in order to prevent or detect crime. We will only ever disclose your personal data to these third parties to the extent we are required to do so by law. 

d) Any other third parties if this is necessary to protect our or your rights, property, or safety and/or those of others.

Your personal information is safe with us and will never be released to third party companies for marketing purposes, unless you have consented to us doing so.

4. Where we transfer and store personal information

4.1 From time to time we may process (or ask or permit a third party to process) your personal information outside of the UK and the European Economic Area (EEA) where local laws may not provide legal protection for your information in the same way as is applicable in the UK or the EEA.

4.2 Whenever we send (or permit a third party to send) your personal data outside of the UK and the EEA, we will make sure that we take steps necessary to protect your data as required by applicable laws. For example, we may require the overseas recipient to enter into particular contract terms, or we will make sure that the information that we give to them will be limited to what is needed to perform our contract with you.

4.3 If you wish to learn more about the safeguards in place to protect your personal information when we transfer it outside of the UK and the EEA, please contact us using the details in part 9 below.

5. Security of your personal information

We take the security of your information very seriously and have put physical, technical, operational and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. Your data is stored in an encrypted database and transferred over a secure network connection and we shall always ensure that our payment provider is a certified PCI-DSS Service Provider

We will always keep these under review to make sure that the measures we have implemented remain appropriate.

6. Retention of personal information

We will keep your personal information for limited and appropriate periods of time only and the applicable retention periods will always be linked to our purposes for processing your personal information. This means that the retention periods will vary according to the type of personal information. 

If your user account is entirely inactive for a period of 12 months or more, we will delete your account. If you ask us to, or if you delete your account, we will delete the information linked to your account which can identify you personally, including your profile photo and personal details.

If you need more information on this, please contact: info@heliix.co.uk

7. Your rights in your personal information

7.1 You have certain rights in respect of the personal information that we hold about you. Details of these rights are set out below. To exercise any of these rights, please contact us (see the “Contact and Complaints” section of this privacy policy below).

7.2 You have the right:

• to ask us not to use your personal data for direct marketing purposes;

• to ask to see what personal data we hold about you and to find out about the way that we process the data (and in some circumstances, you can ask us to provide a copy to a third party); 

• to ask us to correct or update any personal data which is inaccurate; 

• to ask for personal data to be deleted in some (but not all) circumstances where there is no good reason for us to continue to use it;

• to ask us to temporarily stop using your data if you don't believe that we have a right to use it, or to stop us from using your personal data where there is no good reason for us to continue to use it; and

• not to be subject to decisions made solely on the basis of 'automated processing' (i.e. the right not to be subject to decisions made solely by algorithms or computers without input from a human) in certain circumstances.  

8. Changes to our policy

We reserve the right to modify this privacy policy from time to time – for example, if we need to reflect changes to the way that we use your personal information. Any changes we make in the future will be posted in the legal section of our App and, where appropriate, notified to you by e-mail. You should check back frequently to see any updates or changes to our privacy policy.

9. Contact and complaints

9.1 We are very keen to hear from you, including if you have any questions, concerns, comments, requests or complaints regarding this privacy policy, our websites and/or our use of your personal information. Please contact info@heliix.co.uk

9.2 If you have any complaints regarding this privacy policy or the way that we use your personal information, you may also contact the UK Information Commissioner at telephone number 0303 123 1113 or https://ico.org.uk/.