Privacy policy

Thanks for visiting Zym! Zym provides a location-based platform on mobile, connecting individuals to a network of participating fitness providers (our “Associates”), and offering a pay-as-you-go model of service purchase. Zym collects personally identifiable information about you (“Personal Information”) when you use our mobile application, websites, and other online products and services (collectively, “Services”). Personal Information does not include data where the identity has been removed i.e. anonymous data. We understand and value the importance of keeping your Personal Information confidential and secure and are committed to safeguarding the Personal Information of all users of our Services.

We will use the information that we collect about you in accordance with:

  • The Data Protection Act 1998
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003
  • The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’) May 2018

If you have any questions, please contact the Data Controller at Zym using the contact details at the end of this policy.

In this policy, we explain how we process Personal Information:

Last updated: April 2018

1. INTRODUCTION

A big warm welcome to Zym. Zym is operated by Zym Ventures Limited (trading as Zym), with company registration number 10270373 and its registered address is 71-75 Shelton Street, Covent Garden, WC2H 9JQ, United Kingdom, hereinafter referred to as “Zym”, “we”, “us”, or “our”.

By registering as a user of our Services, or by accessing and using the Services, you agree to be bound by this Privacy Policy. Please also read our Terms of Use carefully, found here. If you do not agree to this Privacy Policy or our Terms of Use, you may not access or use the Services.

We may amend this Privacy Policy from time to time in our sole discretion. If we make changes to this Privacy Policy, we will provide you notice through the Services or by some other means, such as email. The latest Privacy Policy will be published on to the Services, and you are responsible for regularly reviewing this Privacy Policy so that you are aware of any changes to it.

2. GROUPS OF PERSONAL INFORMATION

Zym collects Personal Information from you when you register for the Services. The Personal Information you provide to us at registration should be accurate, complete and relate to you and not any other person. We use your Personal Information to provide dynamic, bespoke and secure Services (further described in section 5 below).

We use different kinds of Personal Information, and group them together like this:

Types of Personal Information Description
Identity Includes first name, maiden name, last name, date of birth and gender
Contact Includes postal address, email address and mobile numbers, as well as emergency contact details due to the nature of our Services
Financial Includes your credit / debit card information including card number, type, expiry date, billing address and delivery details
Transactional Includes details related to your use of our Services, including the type of fitness service purchased, location, date, time, duration of fitness service, amount charged, and other transaction-related details. Additionally, if someone uses your promotion / referral code, we may associate your name with that person
Technical We may collect information about your mobile device, including, for example, hardware model, operating system and version, software and file names and versions, preferred language, unique device identifier, advertising identifiers, serial number, device motion information, and mobile network information When you interact with the Services, we collect server logs, which may include information like device IP address, access dates and times, app features or pages viewed, app crashes and other system activity, type of browser, and the third-party site or service you were using before interacting with our Services
Locational Data we get about where you are, such as may come from your mobile phone, the address where you connect a computer to the Internet. Before you use our Services to determine which Associates are near your location, you need to permit the Services to access location services through the permission system used by your mobile operating system
Profile Includes your email address and password
Usage Includes information about how you and site visitors interact with the Services, preferences expressed, and settings chosen. In some cases, we do this through the use of cookies, pixel tags, and similar technologies that create and maintain unique identifiers. For more information, please see the commentary on cookies below
Communications Includes what we learn about you from letters, customer surveys emails and conversations between us, and if you include it when you submit reviews or comments whilst using the Services
Special types of data The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so:
  • Genetic and bio-metric data
  • Health data
Consent Any permissions, consents, or preferences that you give us. This includes things like how you want us to contact you

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal information but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific mobile app feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

3. COLLECTION OF PERSONAL INFORMATION

We collect information about you in a number of ways:

  • Information that you give us – When you create an account on our website or mobile app, complete your profile before using our Services, request marketing materials, give us feedback, communicate with us via letter, email or with our customer service agents, customer surveys and if you take part in competitions or promotions.
  • Information we collect when you use our services – this includes payment and transaction data, profile and usage data, and may include other data about how you use the Services. We may also automatically collect Technical Data about your equipment, browsing actions and patterns. This personal data is collected by using cookies and other similar technologies.
  • Third-party source information – We occasionally receive information about you from third parties e.g. analytics providers like Google, search information providers like Google Adwords and advertising networks like Facebook. You may create an account using your Facebook profile when you login with Facebook credentials. In this instance, we collect the Personal Information you have made publicly available on Facebook, such as your name, profile picture and use that information to register with the Service. The information Zym obtains in this instance may depend on your Facebook privacy settings.

4. STORAGE AND SECURITY OF INFORMATION

We take appropriate technical and organizational measures against unauthorised or unlawful processing of your personal information and against accidental loss or destruction of, or damage, to personal information. Such measures include use of encryption to store passwords. The technology that we use and the security policies which we have implemented are intended to safeguard your information from unauthorised access and improper use. However, no system can be completely secure. Therefore, although we take steps to secure your personal information, we do not promise that your Personal Information, or other interactions with the Services, Associates, other users or us will always remain secure.

The Zym website and app use and rely on the services of Amazon Web Services a third-party hosting service provider, to store your Personal Information. It has been represented to us by Amazon Web Services that the data protection and privacy practices followed by them are in compliance with various relevant statutory norms. Details of the same can be accessed at http://aws.amazon.com/security. The policies and practices described in this Privacy Policy do not apply to Amazon Web Services and we make no warranty or claim regarding the privacy, confidentiality, integrity and security of any information and data stored/retained thereof by Amazon Web Services.

When you provide us with your payment information, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). Your card details are also stored safely in compliance with PCI-DSS and in a way where none of our staff members can see your full card number. We never store your 3 or 4-digit security code. You can find more information about this standard at https://www.pcisecuritystandards.org/pci_security/. At time of Service purchase, we transmit your payment information via an encrypted connection to our payment processor, Stripe. Details of how Stripe uses and processes your payment information can be accessed at https://stripe.com/gb/privacy/. We don’t store your payment information, other than your post code and country, which we require for billing and to comply with tax and other government regulations. The policies and practices described in this Privacy Policy do not apply to Stripe and we make no warranty or claim regarding the privacy, confidentiality, integrity and security of any information and data stored/retained thereof by Stripe. We will share information with Stripe only to the extent necessary for the purposes of processing payments you make, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You are responsible for keeping the password you use to access Zym Services confidential; we will not ask you for your password, except when you log in to your account.

5. USE OF INFORMATION

Data Protection law says that we are allowed to use Personal Information only if we have a proper reason to do so. The law says we must have one of more of these reasons:

  • To fulfil a contract we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you.

We have set out below, in a table format, a description of all the ways we plan to use your Personal Information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

What we use your Personal Information for Our reasons Our legitimate interests
To register you as a new customer Fulfilling contracts
To manage our relationship with you or your business
To develop new ways to meet our customers’ needs and grow our business
To develop and carry out marketing activities.
To study how our customers use our Services
To provide advice or guidance about our Services
Your consent
Fulfilling contracts
Our legitimate interests
Our legal duty
Keeping our records up to date, working out which of our Services may interest you and telling you about them.
Promotions, news and events which may interest you
Processing contest or other promotion entries and fulfil related awards
Developing Services, and what we charge for them.
Defining types of customers for new or existing Services.
Seeking your consent when we need it to contact you.
Being efficient about how we fulfil our legal duties.
To develop and manage our brand and Services.
To test new Services.
To manage how we work with Associates and other companies that provide services to us and our customers.
To conduct data analysis, testing and research, and to monitor and analyse usage and activity trends
Fulfilling contracts.
Our legitimate interests.
Our legal duty
Study how customers use our Services, to develop them and what we charge for them, and grow our business
Defining types of customers for new or existing Services.
Being efficient about how we fulfil our legal and contractual duties
To deliver our Services.
To provide emergency contact information and your medical history to our Associates should any emergency arise.
To process the transaction information via our payment processor.
To process the Service transaction with your purchase information.
To manage fees, charges and interest due on customer accounts.
To collect and recover money that is owed to us.
Fulfilling contracts.
Our legitimate interests.
Our legal duty
Being efficient about how we fulfil our legal and contractual duties.
Complying with regulations that apply to us
To detect, investigate, report, and seek to prevent fraud.
To troubleshoot software bugs and operational problems.
To obey laws and regulations that apply to us.
To respond to complaints or queries raised via any communication channel and seek to resolve them, for example, problems with registration, navigation of the mobile application or accessing your Account
Fulfilling contracts.
Our legitimate interests.
Our legal duty
Developing and improving how we deal with fraud, as well as doing our legal duties in this respect.
Complying with regulations that apply to us.
Being efficient about how we fulfil our legal and contractual duties
To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit Our legitimate interests.
Our legal duty
Complying with regulations that apply to us.
Being efficient about how we fulfil our legal and contractual duties
To exercise our rights set out in agreements or contracts Fulfilling contracts

6. DISCLOSURE OF INFORMATION

We may share your Personal Information:

  • With our Associates to enable them to provide the Services you request. For example, we share your full name, profile picture (if you provide one), emergency contact information and medical history as soon as you check into the Associate for them to facilitate the check out and billing process and respond to any medical emergencies appropriately. We may also provide your name and email address if and when you decide to take up services from that particular Associate. Associates are separate businesses from Zym, and Zym is not responsible for the privacy practices of its Associates;
  • With the general public if you submit content in a public forum, such as blog comments, social media posts, or other features of our Services that are viewable by the general public;
  • With vendors, consultants, marketing partners, and other service providers who need access to such information to carry out work on our behalf, provided that we shall request that such service providers use your Personal Information only to carry out such work on our behalf;
  • With third parties to provide you a service you requested through a partnership or promotional offering made by us. For example, we may share your credit card and billing information to third-party service providers that perform credit card transactions.
  • Various pages on our website and mobile application may contain links to third party websites (or ads for that matter). Once you have exited our website via such a link, any further data you provide will be collected by or on behalf of the third party responsible for that website and therefore subject to the privacy policy and practices of that third party rather than to this Privacy Policy. We cannot be responsible for any third party’s use of your Personal Information and you should check the specific terms on the relevant third party’s websites relating to the use and disclosure of your Personal Information. The Services may also integrate with social sharing features and other related tools which let you share actions you take on our Services with other apps, sites, or media, or vice versa. Please refer to the privacy policies of those social sharing services for more information about how they handle the data you provide to or share through them;
  • To the extent we are required to by law;
  • In connection with any ongoing or prospective legal proceedings;
  • In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  • To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
  • In connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or into another company;
  • If we otherwise notify you and you consent to the sharing; and
  • In an aggregated and/or anonymised form which cannot reasonably be used to identify you.

7. INFORMATION RETENTION

We generally retain your personal information for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your information to provide the Services to you, you can request that we erase your Personal Information and close your Zym account. For more on requesting the erasure of your Personal Information, please see section 9.

8. COOKIES, AUTOMATIC DATA COLLECTION, THIRD PARTY TRACKING DEVICES AND RELATED TECHNOLOGIES

Zym collects and stores information that is generated automatically as you use our Services. This information includes anonymous usage statistics. To collect this information, Zym may use log files, web beacons, cookies, and other similar technologies.

"Cookies" are bits of information that are stored by your browser or app on your computer or mobile device. This technology allows for the storage of user preferences, user ID, and password. When you visit our website, we will assign a permanent cookie on the hard drive of your computer. You can view these by looking in the cookies directory of your browser installation. As the name implies, permanent cookies last for a long time and each time you visit our website you send us a copy of them allowing us to identify you from visit to visit. Cookies do not contain any Personal Information for example, your name, address, email address, or telephone number, but simply a unique identification number that identifies your computer to us.

The Zym service also automatically collects other system information, such as your web request, Internet Protocol (IP) address, browser type, browser language, domain names, referring and exit pages and URLs, platform type, number of clicks, landing pages, pages viewed and the order of these page views, the amount of time spent on particular pages, the date and time of your request, and the unique identity of your browser. This information is used to analyse trends, administer the Zym Service, improve the design of the Zym Service, track user movement, and otherwise enhance the Zym Service.

By using Zym Services, you are authorising us to gather, analyse and retain data to the provision of the Service.

We may also carry advertising relating to third parties on our website. This advertising is served either directly by third party advertisers or on their behalf by advertising network companies. These advertisers or advertising networks may place cookies, action tags or other tracking devices on your hard drive to assess the effectiveness of their ads. They may aggregate information about your visits to our website and other websites retrieved via such cookies with other information that you may have provided directly to the relevant advertiser or ad network. This Privacy Policy does not cover the use of cookies and other tracking devices by third parties. Please refer to that third party’s privacy policies which in most cases will be found on that company’s website.

9. YOUR RIGHTS

REQUEST ACCESS TO YOUR PERSONAL INFORMATION

You have a right to request a copy of the personal information that we hold about you. Please email privacy@zym.rocks if you would like to exercise this right, or any of the rights listed below.

REQUEST CORRECTION OF YOUR PERSONAL INFORMATION

You have the right to request that we correct the personal information we hold about you, although we may need to verify the accuracy of the new information you provide to us.

You may correct your account information, including Personal Information, at any time by logging into your online or in-app account.

REQUEST ERASURE OF YOUR PERSONAL INFORMATION

You have the right to request that we delete or remove Personal Information where there is no good reason for us continuing to process it. If you wish to cancel your account, please email us at hello@zym.rocks. Please note that in some cases we may retain certain information about you as required by law, or for legitimate business purposes to the extent permitted by law. For instance, if you have a standing credit or debt on your account, or if we believe you have committed fraud or violated our Terms of Use, we may seek to resolve the issue before deleting your Personal Information. If these do apply, we will notify you at the time of your request. We may also keep it for research or statistical purposes. If we do, we will make sure that your privacy is protected and only use it for those purposes.

OBJECT TO PROCESSING OF YOUR PERSONAL INFORMATION

You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

REQUEST RESTRICTION OF PROCESSING YOUR PERSONAL INFORMATION

You have the right to request that we suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

REQUEST TRANSFER OF YOUR PERSONAL INFORMATION

You have the right to request that the personal information we hold about you is transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

RIGHT TO WITHDRAW CONSENT

In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

LOCATION INFORMATION

We request permission for our app’s collection of precise location from your device per the permission system used by your mobile operating system. If you initially permit the collection of this information, you can later disable it by changing the location settings on your mobile device. However, this will limit your ability to use certain features of our Services.

PROMOTIONAL COMMUNICATIONS

We will ask you to configure your communication preferences when you first register your account either through our website or mobile application. You may change your communication preferences directly in your account settings or opt out of receiving promotional messages from us by following the instructions in those messages. If you opt out, we may still send you non-promotional communications, such as those about your account, about Services you have requested, or our ongoing business relations.

COOKIES

You can turn off the “cookie” function in most standard Internet browsers; however, the majority of the features of the Zym Service may not function properly without them. How you do this will depend upon the Internet browser you use. Refer to the relevant Internet browser manufacturer's website where you should be able to receive all the information you need.

COMPLAINTS

Please let us know if you are unhappy with how we have used your personal information. You can contact us at privacy@zym.rocks. You also have the right to complain to the Information Commissioner’s Office. Find out on their website how to report a concern at https://ico.org.uk/concerns.

LAST NOTES

  • No fee required - You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
  • What we may need from you - We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
  • Time limit to respond - We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. OUR DETAILS

If you have any questions about the Privacy Policy, please contact us at privacy@zym.rocks. Alternatively, write us at Zym Ventures Limited, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ

71-75 Shelton Street,
Covent Garden, London,
WC2H 9JQ