Privacy Policy

This privacy policy will explain how Strove Technologies Ltd uses the personal data we collect from you by virtue of your use of our Services, your use of our mobile application (“Old Multual Wellness” available on Google PlayStore and/or Apple AppStore), our website www.strove.ai and/or any of its related blogs, websites, applications or platforms (collectively, “the Website” / “the Application”), or by providing us with your personal information in any other way.

Topics:

• What data do we collect?
• How do we collect your data?
• How will we use your data?
• How do we store your data?
• Marketing
• What are your data protection rights?
• What are cookies?
• How do we use cookies?
• What types of cookies do we use?
• How to manage your cookies
• Privacy policies of other websites
• Changes to our privacy policy
• How to contact us
• How to contact the appropriate authorities

What data do we collect?

Personal data, or personal identifiable information, means any information about an individual, both natural and juristic entities (i.e., people and companies), from which that entity can be identified. It does not include data where the identity has been removed (anonymous data).

Strove reserves the right to create anonymous, aggregated data records from your Personal Data by excluding information (such as your name or email address) that makes the data personally identifiable to you. Once anonymised, this data is no longer considered Personal Data under applicable law. You acknowledge and agree that Strove may use, share, and publish this anonymised data for any purpose, including academic research, public health analysis, and statistical reporting, without further notice to or consent from you.

We may collect, use, store, and transfer (“process”) different kinds of personal data about you which we have grouped together as follows:

• Identity Data: including first name, maiden name, last name, country of residence, username or similar identifier, title, date of birth and gender, or the information about your company such as company registration details, company address and name;
• Contact Data: including email address;
• Reward Redemption Data: including the reward status of a user, how they earned the Reward, and their redemptions thereof;
• Financial Data: including client VAT information;
• Physical Activity Data: including your applicable exercise activity type, duration, distance, calories, heart rate, elevation and pace;
• Account Data: including your Application preferences, Account username, access requirements, and bespoke Application functionality choices;
• Social Media Data: including all information accessible on your publicly available profile such as images, photos, photo tags, likes, followers, comments, posts, and stories;
• Transaction Data: including details about payments to and from you, service or performance contracts, contractual terms, contract fees, signups, invoices, and other details of services you have obtained from us, or provide to us;
• Technical Data: including your device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data;
• Usage Data: including information about how you use our company, Website, surveys, events, and Services; and
• Marketing and Communications Data: including your preferences in receiving notices and marketing from us and our third parties and your communication preferences.

How do we collect your data?

We use different methods to collect data from and about you, including through:

• Direct interactions: You may/will give us your Identity, Physical Activity, Contact, Profile, Social Media, Technical, Reward Redemption, Usage, Transaction, and Financial Data by filling in various Strove forms, Application/Website forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
• use our Services;
• use our Application/Website;
• contract with us (as a client or otherwise);
• consult with us;
• complete forms;
• sign-up for newsletters;
• interact with us via webinar or social platform group, such as a Facebook™ group;
• provide any services to us as a service provider or independent contractor on contract with us;
• request information to be sent to you;
• attend any Strove event whether online or in-person; or
• give us some feedback.
• connect third-party apps.
• Automated technologies or interactions: As you interact with our Website, we may automatically collect Technical Data, Profile, and Usage Data about your equipment, browsing actions, and patterns. We may collect this personal data by using cookies, server logs, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources as set out below:
• Technical Data and Social Data from the following parties:
• analytics providers Google Analytics based in the United States of America;
• social networks Facebook, Instagram, Twitter, LinkedIn, Medium, Tribe.so based in the United States of America;
• survey data providers Google Forms, Paperform, Tally, and Typeform based in the United States of America and Spain respectively;
• marketing platforms Mailchimp and Sendgrid based in the United States of America; and
• search information provider Google based in the United States of America.

Limited Use Disclosure

The use of information received from Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements.

How will we use your data?

We will use your personal data in the following circumstances:

• where we have your express consent to do so;
• where we need to consult with you or perform on the Services contract we are about to enter into or have entered into with you;
• where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
• where we need to comply with a legal or regulatory obligation.

Purposes for which we will use your personal data:

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate, and which exact External Third Parties your personal data is handed to for the same reasons.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out below.

• To engage with you after you have contacted us requesting an engagement via the Website/Application or otherwise:
• Type of Data: Identity, Contact, Marketing and Communications
• Lawful Basis for Processing: Express consent, Performance of a contract with you, Necessary for our legitimate interests (to keep our records updated and to study how engagees use our services, as well as to develop our services and grow our organisation)
• Specific External Third Party: Webflow, based in the USA; Google (Gsuite) based in the USA; Mailchimp and Sendgrid, based in the USA
• To provide you with our Services as contracted (as a corporate client):
• Type of Data: Identity, Contact, Financial, Transaction, Marketing & Communications
• Lawful Basis for Processing: Performance of a contract with you, Express consent, Necessary to comply with a legal obligation, Necessary for our legitimate interests (to provide you with the Services you contracted to acquire from us, and to keep our records updated and to study how engagees use our Services)
• Specific External Third Party: Xero, based in New Zealand; Signnow, based in the USA; Mailchimp, based in the USA; Sendgrid, based in the USA; Tableau, based in the USA; Retool, based in the USA; Google (Sheets, Gsuite, Gmail, Docs) based in the USA; Amazon Web Services based in USA; Strava based in UK; Garmin based in USA; Hubspot, based in USA; Sentry based in USA; Slack, based in USA; Notion, based in USA
• To provide you with our Services as contracted (as an Application user):
• Type of Data: Identity, Contact, Transaction, Marketing & Communications, Physical Activity, Account, Social Media, Reward Redemption
• Lawful Basis for Processing: Performance of a contract with you, Express consent
• Specific External Third Party: Strava, based in the UK; Garmin based in USA; Apple, based in the USA; Retool, based in the USA; Google Analytics, based in the USA; Google Sheets, based in the USA; Tableau, based in the USA; Amazon Web Services, based in USA; SendGird, based in USA; Mailchimp, based in USA; Google Fit, based in USA
• To manage your Account (to manage your registration as a user of the Application Services):
• Type of Data: Identity, Contact, Account, Usage, Technical, Reward Redemption
• Lawful Basis for Processing: Performance of a contract with you, Express consent
• Specific External Third Party: Retool, based in the USA; Google Analytics, based in the USA; Google Sheets, based in the USA; Tableau, based in the USA; Amazon Web Services, based in USA; SendGird, based in USA; Mailchimp, based in USA; ClickUp, based in USA
• To contract with you as a service provider to Strove:
• Type of Data: Identity, Contact, Financial, Transaction, Marketing & Communications
• Lawful Basis for Processing: Performance of a contract with you, Express consent, Necessary to comply with a legal obligation, Necessary for our legitimate interests (to allow you to provide us with your services, and to keep our records updated and to study how we may use third-party services)
• Specific External Third Party: Apple, based in the USA; Strava, based in the UK; Garmin based in USA; Google, based in USA
• To process and service your payment for any services rendered by Strove or its service providers, to manage payments, fees and charges:
• Type of Data: Identity, Contact, Financial, Transaction, Account
• Lawful Basis for Processing: Performance of a contract with you, Necessary for our legitimate interests (to make or receive necessary organisation payments), Express consent
• Specific External Third Party: Xero, based in New Zealand
• To manage our relationship with you which may include notifying you about changes to our terms or Privacy Policy or Services:
• Type of Data: Identity, Contact, Marketing and Communications, Account
• Lawful Basis for Processing: Performance of a contract with you, Necessary to comply with a legal obligation, Necessary for our legitimate interests (to keep our records updated and to study how engagees use our Services), Express consent
• Specific External Third Party: Sendgrid, based in the USA; Mailchimp, based in the USA
• To administer and protect our organisation and our Website/Application (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data):
• Type of Data: Identity, Contact, Technical, Usage
• Lawful Basis for Processing: Necessary for our legitimate interests (for running our organisation, provision of administration and IT services, network security, to prevent fraud and in the context of an organisation restructuring exercise), Necessary to comply with a legal obligation, Express consent
• Specific External Third Party: Webflow, based in the USA; Amazon Web Services, based in the USA; Sentry based in the USA; Google Analytics, based in USA; Firebase, based in the USA
• To deliver relevant Website/Application content and services to you and measure or understand the effectiveness of the information we serve to you:
• Type of Data: Identity, Contact, Usage, Marketing and Communications, Technical
• Lawful Basis for Processing: Necessary for our legitimate interests (to study how engagees use our services, to develop them, to grow our organisation and to inform our marketing strategy), Express consent
• Specific External Third Party: Sendgrid, based in the USA; Mailchimp, based in the USA; Google Analytics, based in the USA; Firebase, based in the USA
• To use data analytics to improve our Website/Application, Services, engagee relationships and experiences:
• Type of Data: Technical, Usage, Identity
• Lawful Basis for Processing: Necessary for our legitimate interests (to define types of engagees for our services, to keep our Website/Application updated and relevant, to develop our organisation and to inform our marketing strategy), Express consent
• Specific External Third Party: Google Analytics, based in the USA; Firebase, based in the USA
• To provide you with direct and user-specific marketing, make suggestions and recommendations to you about events or services that may be of interest to you:
• Type of Data: Identity, Contact, Technical, Usage
• Lawful Basis for Processing: Necessary for our legitimate interests (to develop our services and grow our organisation), Express consent
• Specific External Third Party: Mailchimp, based in the USA; Sendgrid, based in the USA
• To conduct scientific research, academic studies, and statistical analysis regarding health, fitness, and wellness trends:
• Type of Data: Physical Activity, Health Data, Usage, Identity (specifically Age, Gender, and location data for demographic segmentation only).
• Lawful Basis for Processing: Express consent (via Terms and Conditions); Necessary for our legitimate interests (contributing to public health knowledge, conducting efficacy research, and academic publication).
• Specific External Third Party: Accredited academic institutions, research partners, and ethics committees (strictly in an aggregated and anonymised format).

How do we store your data?

Strove stores your data using the following services, with the respective security measures in place:

• Google Analytics, based in the USA: Access control. Data collected from cookies. See section 9.
• Google Sheets, based in the USA: Access control, Two-factor authentication. Aggregate and anonymised user data.
• Amazon Web Services, based in the USA: Access control. Identity data such as name, surname, email, gender, employer, etc. Exercise data without geo data (heart rate, calories, duration of exercise, daily steps, etc.).
• Firebase, based in the USA: Access control. Data collected from cookies. See section 9.
• Sendgrid, based in the USA: Access control, Two-factor authentication. Marketing and communications. Identity.
• ClickUp, based in the USA: Access control.
• Slack, based in the USA: Access control.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. To manifest your rights attached to any marketing sent to you as an existing customer, please use the in-built prompts provided on those communications, or contact us.

You will receive marketing communications from us if you have requested information from us, have participated in any Strove service or event, or if you provided us with your details when registering for a promotion or event and, in each case, you have not opted out of receiving that marketing.

Third-Party Marketing:

Whilst we may use your personal data within our Strove organisation group, we will get your express opt-in consent before we share your personal data publicly with any entity outside the Strove group of organisations for public purposes.

Opting-Out:

You can ask us or authorised third parties to stop sending you marketing messages at any time by contacting us or the relevant third party at any time and requesting us to cease or change your marketing preferences.

Where you opt-out of receiving these marketing messages, this opt-out will not apply to other personal data of yours which we process for another lawful basis.

What are your data protection rights?

The rights of data subjects under GDPR are detailed in Chapter 3 - Articles 12 to 23. There are eight fundamental rights under GDPR:

• Right to Access Personal Data: Under GDPR, data subjects have the right to access the data collected on them by a data controller. The data controller must respond to that request within 30 days (Article 15);
• Right to Rectification: Data subjects have the right to request modification of their data, including the correction of errors and the updating of incomplete information (Article 16);
• Right to Erasure: Also referred to as the right to deletion or the right to be forgotten, allows a data subject to stop all processing of their data and request their personal data be erased. Note on Research Data: Please be aware that your right to erasure does not extend to data that has already been anonymised and aggregated into research datasets or published studies. Once data has been de-identified for research purposes, it can no longer be linked to you and therefore cannot be retrieved or deleted. (Article 17);
• Right to Restrict Data Processing: Data subjects, under certain circumstances, can request that all processing of their personal data be stopped (Article 18);
• Right to be Notified: Data subjects must be informed about the uses of their personal data in a clear manner and be told the actions that can be taken if they feel their rights are being impeded. Data subjects must also be informed of any rectification or erasure of their personal data under articles 16, 17, and 18 (Article 19);
• Right to Data Portability: A data subject can request that their personal data file be sent electronically to a third party. Data must be provided in a commonly used, machine-readable format, if doing so is technically feasible (Article 20);
• Right to Object: If a request to stop data processing is rejected by a data controller, the data subject has the right to object to their Article 18 right being denied (Article 21);
• Right to Reject Automated Individual Decision-Making: Data subjects have the right to refuse the automated processing of their personal data to make decisions about them if that significantly affects the data subject or produces legal effects – profiling for example (Article 22).

Data subjects have the right to access their personal data file, although not if that access adversely affects the rights and freedoms of others.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: info@strove.ai

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit https://www.allaboutcookies.org/.

How do we use cookies?

We use Cookies and similar tracking technologies to track the activity on our Application/Website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze the Services.

For more information about the cookies we use and your choices regarding cookies, please contact us.

What types of cookies do we use?

We use both session and persistent Cookies for the purposes set out below:

• Necessary / Essential Cookies
• Type: Session Cookies
• Administered by: Us
• Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
• Cookies Policy / Notice Acceptance Cookies
• Type: Persistent Cookies
• Administered by: Us
• Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
• Functionality Cookies
• Type: Persistent Cookies
• Administered by: Us
• Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

For more information about the cookies we use and your choices regarding cookies, please contact us.

How to manage cookies

You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser. Learn more about cookies: https://www.allaboutcookies.org/.

Privacy policies of other websites

The Our Company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy:

Our Company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 9 January 2019.

How to contact us

If you have any questions about Strove's privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us. Email us at: info@strove.ai

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that Strove has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner's Office (ICO).

ICO contact details:

• Email: icocasework@ico.org.uk
• Telephone: 0303 123 1113
• Textphone: 01625 545860
• Monday to Friday, 9am to 4:30pm

Information Commissioner’s Office

• Wycliffe House
• Water Lane
• Wilmslow
• Cheshire
• SK9 5AF