Privacy Policy

What we do at Wellbeing +

At Wellbeing+ (a Reward Gateway UK Ltd service ), our mission is to make fitness fun and accessible for individuals of all activity levels. We aim to empower people to lead a healthier life and provide a community that supports them along their fitness journey.

Under data protection legislation Reward Gateway UK Ltd is the data controller of this service and we are registered with the Information Commissioner the UK regulator.

We aim to comply with the following principles found in Data Protection Law:

Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner.

Purpose Limitation – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Data minimisation – Personal Data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed.

Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate Personal Data should be corrected or deleted.

Retention – Personal data should be kept in an identifiable format for no longer than is necessary.

Integrity and confidentiality – Personal data should be kept secure.

Accountability – Under the GDPR and the Data Protection Act 2018, we must not only comply with the above six general principles but we must be able to demonstrate that we comply by documenting and keeping records of all decisions.

To provide this Service to you, we collect some information about you. We appreciate that you share this information with us. We work hard to make sure your information is secure and private. We also want be transparent with you on what we collect, how we use it and what you can do to control your information.

Our lawful basis for collecting or using personal information for Wellbeing + for the purpose of providing a fitness service are legitimate interest, performance of a contract and consent where applicable.

How we gather information

Information you provide us.

Account Information

You provide us with information when you create an account such as your name, email, username, and password. This information is required for account creation. You may also share a profile photo and your activity preferences.

Additional Information

When you use our Service and interact with certain features, you may choose to provide us with additional information such as chats, messages on group threads or discussion boards, comments, likes, and logs for things like your mood, food, or other specified habits.

If you contact us or participate in a survey, contest, or promotion, we gather the information you provide such as name, contact info, organization or company name, and message.

Payment and card information

If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.

Information from using our services.

Device and Activity Information

Your fitness tracking device or mobile smartphone collects data to estimate a variety of metrics like your steps, distance travelled, and active minutes moved. Not every device tracks every one of these metrics. The data collected varies depending on the device you use. When your device syncs with our applications and software, data recorded on your device is transferred from your device or device app to our service.

When you pair your device to your account, you grant us access to your exercise or activity data from that device service. You can use your account settings and tools to withdraw this consent at any time by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.

Location Information

We collect your time zone. This is either gathered from your mobile device, your connected fitness device or is manually set by you. We use time zone to allow challenges to start and end locally at the same time for everyone participating in the challenge. You can change your time zone at any time in your profile settings.

Usage information

When you access or use our Services, we retain certain usage data. This includes information about your interaction with our Services such as how long you’re in our app or what you’re viewing in our app.

We also collect data about the devices and computers you use to access our Services, including IP addresses, browser type, language, operating system, fitness device type or mobile device information, the referring web page and pages visited.

We do not collect or process special category data as part of this service.

How we use information

Provide and maintain our services.

We use things like your activity information, username, and location to run things like challenges, groups and other core services listed in our Terms & Services. This includes things like scoring your activity in a challenge, populating your dashboard and personal trends, enabling our community features, and providing you with support.

Develop and improve our services.

By using our product, you’re constantly helping us to improve! We take a look at what is resonating with most of our users to ensure we can continue to create useful features that you love. We’re always looking to make our existing features better and how you interact with our product helps us decide what improvements should be made.

Communicate with you.

We use your information to communicate important service, account or support updates. This allows us to provide relevant information about our product and to respond to you when you contact us. You can always turn off your marketing preferences by unsubscribing at the bottom of emails and by adjusting your app notifications in your profile settings.

Keep our services safe and secure.

It’s important that you’re always safe and secure when using our services. We use some of your information to ensure we are only allowing secure usage by authenticating your account details, protecting against fraud and abuse and enforcing our terms and policies.

How we share information

When you agree or ask us to share

If you choose to participate in a challenge, information like your profile photo, posted messages, total steps in the challenge, personal statistics, and achievements will be visible to all other challenge participants.

If you sign up for our service through an employer or organization, remember that their use of your information will be governed by their privacy policies and terms. You can revoke your consent to share with organizational or employee wellness programs by deleting your personal account or asking your administrator to remove you from the organization account.

Wellbeing+ does not control the way our organizational clients or admins use our tool. They control the configuration of groups, challenges, content, and communications associated with hosting a wellness program.

As of the date of this Privacy Policy, we share your personal data with the following trusted third parties for the purposes of managing our business and providing the information and services you request from us:

1.        Member of the Edenred SE group of companies including RG Engagement Group Ltd, Reward Gateway (Australia) Pty Ltd, Reward Gateway (USA) Inc, International Benefits Holdings Ltd., Asperity Employee Benefits Group Ltd, our group companies;

2.        Google Analytics, our web analytics provider;

3.        CrazyEgg, an analytics service provider;

4.        Hubsoft, our lead generation provider;

5.        Drift, our chat provider;

6.        Bizzabo, our event management platform provider;

7.        WorkCast, our webinar software; and

8.        Salesforce, our customer and prospect record management system provider.

When we do share your data with these third parties, we only provide the information they need to perform the service. We have written contracts in place with them to ensure they only use your data for the purpose we specify to them and that your privacy is secure and respected.

How long we keep your data for

Personal data is generally retained for 24 months or 6 years if it is required for financial reporting purposes.

Sharing information outside of the UK/EEA

Where necessary, we may transfer staff information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. Please contact us for more information.

Where necessary, our data processor(s) may transfer staff information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. Please contact us for more information.

Your Data protection rights.

Under data protection law, you have rights including:

Your right of access - You have the right to ask us for copies of your personal data.

Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.

Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details here dpo.uk@edenred.com

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us at dpo.uk@edenred.com.

Our full address is;

Reward Gateway (UK) Ltd, 265 Tottenham Court Road, London, W1T 7RQ.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:          

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Corporate Events

If Reward Gateway (UK) Ltd (or our assets) are acquired by another company, whether by merger , acquisition, bankruptcy or otherwise, that company would receive all information gathered by Wellbeing+. If this does occur, you will be notified of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.

Compelled Disclosure

We reserve the right to use or disclose your personal information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

We never sell personal information

We will not sell, rent, transfer, or disclose your personal information to advertisers or other third parties.

Cookies and similar technologies

We use cookies or similar technologies (such as web beacons) to analyze trends, administer our services, track users’ movements around the website and app, and to gather demographic information about our user base as a whole. View our full list of cookie technologies below.

Google Analytics        Provides visitor behaviours and actions which allows us to understand how these visitors are interacting with the site, which allows us to communicate appropriately with them, both online and offline.

Branch        Allows us to provide universal links to our website and mobile applications.

CloudFlare        To serve static content securely from Cloudflare’s global CDN network

Intercom        Tool used for us to provide customer support to our users on the mobile app and website

TrackJS        Allow us to track errors across the mobile and web application

Embedly        Tool that allows us to extract information such as images and text from links on the mobile app and website

Heap        Tracks platform usage, including user behavior and actions, to improve product usability

pin        Used to direct internet traffic into our system for load balancing

How you control your information

Our goal is to make control over your information simple. You can easily edit your information in your profile:

Update your name, email, username, and timezone.

Choose to set your profile to private.

Completely delete your account at any time. Wellbeing+ will delete all your information within 30 days.

For client challenges, your challenge admin has access to the same information you share with Wellbeing+. You can opt out of this information being shared at any time by asking to be removed from their group.

If you’re participating as part of an organizational client who chooses to end their service with us, we will delete your data within 30 days of the client service termination.

Changes to our Privacy Policy

If we decide to change our Privacy Policy we will post the changes here and, where appropriate, notify you by email. Please check back frequently to see any updates or changes to our Privacy Policy.

June 14th 2024