The T-Cup platform accessible from our website at www.tcup.co.uk (the “Service”) is a health platform that encourages healthy lifestyle choices and changes. The Service is operated by T-Cup Limited (“T-Cup”, “us”, “we”, or “our”) and is available to individuals but in some cases, it is paid for by your employer as a benefit for you. In order to provide the Service to you and to promote our business, we will need to collect and process certain personal information about you.
The Data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified (“Personal Data”). It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data: your first name, last name, gender, year of birth, age and location;
- Contact Data: the email address you use to sign-in to your account and the area of the business that you work in (if you are registering as an employee);
- Profile Data: your username and password, your interests, preferences, feedback, survey responses and research responses, information about your participation and performance in challenges and the rewards you may be able to earn through the Service; the comments and contributions you may make on the Service; additional information you may provide as you submit queries and requests to us; personal information that you record via the free text boxes in the journal function of our Service (please see further information on this below);
- Usage Data: information about how you use our Service;
- Marketing and Communications Data: includes your preferences in receiving marketing from us and your communication preferences;
- Special Categories of Personal Data: basic information about your health/wellness and information about your general fitness;
- Technical Information: including type of mobile device you use, a unique device identifier, mobile network information, your login information, browser type and version you use, browser plug-in types and versions, operating system and platform; and
- Information about your visit to our Service: including the full uniform resource locators (URL) clickstream to, through and from our Service (including date and time); pages you viewed or information you searched for; page response times, download errors or length of visits to certain pages.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose (“Aggregated Data”). Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature of our Service or how many users have high success scores or low success scores. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Free Text Boxes-Journal
The extent of the personal data you may be able to share with us will depend on the Service design and the features made available to you, as well as your level of participation in the Service. You are under no obligation to provide any personal data to us at any time. However, if you choose to withhold some personal data, we may be unable to provide you with the Service.
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your personal data by filling in forms, answering questions or by corresponding with us by email or otherwise. This includes personal data and may include special categories of personal data you provide when you:
- apply for our Service or apply to find out more information about our Service;
- create an account to use our Service;
- subscribe to our Service;
- answer our wellness questions;
- earn T-Bucks;
- request marketing to be sent to you;
- enter a competition, promotion or survey;
- take part in our research;
- subscribe for our newsletter;
- give us some feedback.
- Automated technologies or interactions. As you interact with our Service, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookies policy for further details.
Third parties or publicly available sources. We may receive personal data about you from various third parties such as Technical Data from analytics providers such as Google based outside the EU.
How is your personal data collected?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where we need to perform the contract we are about to enter into or have entered into with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- where we need to comply with a legal or regulatory obligation;
- to identify you and manage your account in connection with the Service;
- to process your T-Buck transactions;
- liaise with your employer;
- to improve the Service;
- to provide you with support in using our Service;
- promote our business and market our services;
- manage our business, including for accounting and auditing purposes;
- to use data analytics to improve the Service, marketing, customer relationships and experiences;
- maintain our IT systems and manage hosting of our data;
- deal with legal disputes involving you; and
- to prevent fraud.
Some of the above grounds and purposes for processing will overlap and there may be several grounds which justify our use of your personal information.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We do not use or analyse any personal information that you record in the free text boxes in our journal function.
How we use Special Categories of personal data?
Special Categories of Personal Data includes information about your health. Some fitness and wellness information that we collect from you via your responses to the wellness questions may be considered personal health data under Data Protection Laws and if recorded over a period of time.
The security of and appropriate use and disclosure of information about your health is of paramount importance to T-Cup. T-Cup will only collect, process and use sufficient health information to enable us to deliver the Services.
If we collect your personal health data, we will use this data for the following purposes:
- to manage and administer your account with us;
- to monitor your basic health and fitness activity to enable you to record your performance and progress;
- to enable us to provide you with benefits relevant to your T-Cup performance and status;
- for research purposes, with your consent; and
- to carry out data modelling, profiling, demographics or statistical analysis using aggregated, anonymous data.
We do not use or analyse any special categories of personal data that you record in the free text boxes in our journal function.
Lawful bases for processing under GDPR
- Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract we have with the individual, or because they have asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if to a public authority processing data to perform your official tasks.)
When you register for an account or interact with our Service, such processing is necessary for the performance of our Services. (Art. 6(1)(b) GDPR).
Where we process your location data without consent, for example in order to provide our Services, such processing is necessary for the performance of our Services (Art. 6(1)(b) GDPR).
When you communicate with us or sign up for promotional materials, we process such data on the basis of our legitimate interest (Art. 6(1)(f) GDPR), and our legitimate interest is to provide you with our promotional messages. Where we are required under applicable local law to obtain your consent for sending you marketing information, the legal basis is your consent (Art. 6(1)(a) GDPR).
For all other personal data such processing is necessary for the performance of our Services (Art. 6(1)(b) GDPR or on the basis or our legitimate interests and our legitimate interest is to enhance our services (Art. 6(1)(f) GDPR).
For the health/wellness information (special categories of personal data) we process such data on the basis of: (i) the performance of our Services (Art. 6(1)(b) GDPR; or (ii) on the basis or our legitimate interests and our legitimate interest is to enhance our Service (Art. 6(1)(f) GDPR), and your explicit consent (Art. 9(2)(a) GDPR).
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
You will receive marketing communications from us if you have requested information from us or used our Service or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
You can ask us to stop sending you marketing messages at any time by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of using our Service.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data with the parties set out below:
- service providers acting as processors based in the UK who provide IT, hosting and system administration services;
- professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services; and/or
- third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share aggregated demographic and statistical information with your employer, where relevant. This is not linked to any personal information that can identify any individual person. We may also use such aggregated information and statistics for monitoring usage of the Service in order to help us develop the Service.
These parties are not allowed to use any personally identifiable information except for the purpose of providing the Service.
• Auto-renewable subscription
• £12.99 per month
• Your subscription will be charged to your iTunes account at confirmation of purchase and will automatically renew (at the duration selected) unless auto-renew is turned off at least 24 hours before the end of the current period.
• Current subscription may not be cancelled during the active subscription period; however, you can manage your subscription and/or turn off auto-renewal by visiting your iTunes Account Settings after purchase
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
We may occasionally send out newsletters, offers or alerts to our users. We may also wish to provide you with information about special features of our Service or any other service or products we think may be of interest to you.
Where required by Data Protection Laws (for example, if you have provided your email address in the opt-in for our newsletter option) we will send you such information only if you have specifically elected to receive it. You can opt-out from receiving such communications at any time – please see the “Your legal rights” section below.
From time to time the Service may request information from you via surveys and research questionnaires. Participation in these surveys or research is completely voluntary and you, therefore, have a choice whether or not to disclose this information. Information requested may include contact information (such as name and e-mail address), demographic information (such as postcode or age level), health/wellness information (such as how did you sleep or how was your diet today).
Survey information will be used for purposes of monitoring or improving the use of and satisfaction with the Service. Research information will be used for improving our wellness questionnaire.
We do not transfer your personal data outside the European Economic Area (“EEA”).
Keeping your data secure
We will only retain your personal information in accordance with the retention periods set out in the table below:
|When a user signs up to our Service they are required to confirm their account.||
|If a confirmed user has been inactive on our Service for 60 days, their account will be deleted.||
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Once you are no longer a user of our Service, we will securely destroy your personal information in accordance with applicable laws and regulations.
Your legal rights and your duty to inform us about changes
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a confirmation from us as to whether we process any of your personal information or not, and if this is the case, to receive a copy of such personal information and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information (often referred to as “the right to be forgotten”). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it, or if we no longer need your data for our legitimate interests but we need to hold some of it for the purpose of legal proceedings.
- Request the transfer of your personal information to another party.
- a. Email us at: firstname.lastname@example.org; provide us with proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill). This is to allow us to verify your identity and prevent disclosure to unauthorised third parties; and
- b. let us know the details of your request, for example by specifying the personal data you want to access, the information that is incorrect and the information with which it should be replaced.
Contact Us or the ICO
If you have any concerns or complaints about our privacy activities, you can contact us on email@example.com.
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
For more details about your rights under the Data Protection Laws, the rules we have to adhere to in collecting and storing your information, and how you can check your data records, please visit https://www.gov.uk/data-protection/the-data-protection-act.