These terms and conditions of use (Terms) explain how you may use this website (www.toneandsculpt.app) (SiteA) or our mobile application (App) and any of its content. These Terms apply between Tone & Sculpt Limited trading as Tone and Sculpt (we, us or our) and you, the person accessing or using the Site or our App (you or your).You should read these Terms carefully before using the Site or App. By using the Site or App or otherwise indicating your consent, you agree to be bound by these Terms. If you do not agree with any of these Terms, you should stop using the Site or App immediately.
We are Tone & Sculpt Limited, a company registered in England and Wales under company registration number 10591766. Our registered office is at Langley House, Park Road, London, N2 8EY. Our VAT registration number is GB266057591.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the European Economic Area (EEA).
Our Website and Mobile Application
Our Site and App may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site or App, we encourage you to read the privacy notice of every website you visit.
Our Collection and Use of your Personal Information
We collect personal information about you when you access our Site or use our App, contact us, and send us feedback.
We collect this personal information from you either directly, such as when you contact us or indirectly, such as your browsing activity while on our Site or App (see ‘Cookies’ below).
The personal information we collect about you depends on the particular activities carried out through our Site or App. This information includes:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, and photographs and videos that may identify you.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Financial Data includes bank account and payment card details or other types of electronic payment, details of your membership package and fees and others linked to your membership and the payments you make to us.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, traffic data, location data operating system and platform and other technology on the devices you use to access our Site or App.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, personal or professional interests and your profile picture.
- Usage Data includes information about how you use our Site or App, application, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We may also use, store and transfer Special Category Data about you (this includes details about your race or ethnicity, information about your health and biometric data) in order to deliver our services to you with care, to ensure your health when performing exercises or to comply with our obligations under health and safety law. We do not collect any information about criminal convictions and offences. Special Category Data includes, but is not limited to:
- Data collected from 3rd party apps such as Apple Watch and Apple Health, including but not limited to calories burned per day, number of steps and number of active minutes
Whilst we do not generally collect Special Category Data unless it is volunteered by you, we do specifically collect health data to the extent that it is required to assess your readiness for physical exercise. By providing the Special Category Data to us, you are consenting to our using it in the manner set out in this Policy.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We use this personal information to:
- Verify your identity
- Create and manage your account with us
- Process and deliver your order(s) including the management of payment(s)
- Keep you updated with news and information we consider relevant to you
- Customise our Site or App and its content to your particular preferences
- Notify you of any changes to our Site or App or to our services that may affect you
- Improve our services
This Site and our App are not intended for use by children, and we do not knowingly collect or use personal information relating to children.
Our Legal Basis for Processing your Personal Information
When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.The legal bases we may rely on include:
- Consent: where you have given us clear consent for us to process your personal information for a specific purpose
- Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- Legitimate interests: A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
Use of Information
The table below explains what we use (process) your personal information for and our reasons for doing so:
|What we use your personal information for||Our reasons|
|To provide services to you and fulfil your order such as using payment card details to collect payment for goods and services, carry out contractual obligations, facilitate bookings of classes and appointments||For the performance of our contract with you or to take steps at your request before entering into a contract.To address queries and to contact you with marketing and/or promotional materials and any information that may be relevant to you.|
|To prevent and detect fraud against you||For our legitimate interests or those of a third party, i.e., to minimise fraud that could be damaging for us and for you|
|Ensuring business policies are adhered to, e.g., policies covering security and internet use||For our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you|
|Operational reasons, such as improving efficiency, training, troubleshooting, data analysis, testing and quality control||For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price|
|Ensuring the confidentiality of commercially sensitive information||For our legitimate interests or those of a third party, i.e., to protect trade secrets and other commercially valuable informationTo comply with our legal and regulatory obligations|
|Statistical analysis to help us manage our business, e.g., in relation to our financial performance, customer base, service range or other efficiency measures||For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price|
|Preventing unauthorised access and modifications to systems||For our legitimate interests or those of a third party, i.e., to prevent and detect criminal activity that could be damaging for us and for youTo comply with our legal and regulatory obligations|
|Updating and enhancing customer records, and responding to enquiries||For the performance of our contract with you or to take steps at your request before entering into a contract. To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our customers about existing orders and new products|
|Statutory returns||To comply with our legal and regulatory obligations|
|Ensuring safe working practices, staff administration and assessments||To comply with our legal and regulatory obligationsFor our legitimate interests or those of a third party, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you|
|When conducting our marketing campaigns:|
- to deliver relevant advertisements, newsletters and promotions
- to you to recommend services and offers that may be of interest to you
- to measure the effectiveness of the advertising provided
- to improve our Site and App, services, marketing, customer experiences
- for market research and survey purposes
|We rely on your consent to use your personal data when conducting our marketing campaigns.|
For our legitimate interests or those of a third party, i.e., to promote our business to existing and former customers
|Credit reference checks via external credit reference agencies||For our legitimate interests or those of a third party, i.e., to ensure our customers are likely to be able to satisfy invoices for our services.|
|External audits and quality checks, e.g., for ISO or Investors in People accreditation and the audit of our accounts||For our legitimate interests or a those of a third party, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards. To comply with our legal and regulatory obligations|
|Managing your account with us:|
To create and manage your account with us and to communicate with you about your account, fees, and membership terms, inform you of products and services that may be of interest to you and to allow you to participate in interactive features of our services.
|For the performance of our contract with you or to take steps at your request before entering into a contract. For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our customers about existing orders and new products|
We may use your personal data to send you updates (by email, text message, telephone, or post) about our services, including exclusive offers, promotions, or new services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘Use of Information’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by contacting us at firstname.lastname@example.org
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell it with other organisations for marketing purposes.
Who we Share your Personal Information with
We routinely share personal information with:
- Third parties we use to help deliver our products and services to you, e.g., payment service providers, suppliers, and business partners
- Other third parties we use to help us run our business, e.g., marketing agencies, mailing houses, systems providers, accounts payable, website hosts, our banks and couriers
- Third parties approved by you, e.g., social media sites you choose to link your account to or third party payment providers; and
- Credit reference agencies, HM Revenue & Customs, regulators and other authorities who may act as processors who require reporting of processing activities in certain circumstances
We will share personal information with law enforcement or other authorities if required by applicable law. We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information.
We also impose contractual obligations on service providers ensuring they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a restructuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Where your Personal Information is Held
Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).
How Long your Personal Information will be Kept
We will keep your personal information while you have an account with us, or we are providing products and services to you. Thereafter, we will keep your personal information for as long as is necessary:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law.
Transferring your Personal Data out of the UK
To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK, e.g.:
- if you are based outside the UK;
Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK where:
- the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
- a specific exception applies under data protection law
These are explained below.
We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:
- all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);
- Gibraltar; and
- Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.
The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.
Other countries we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.
Transfers with Appropriate Safeguards
Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.
The safeguards will usually include using legally-approved standard data protection contract clauses.
To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards, please contact us (see ‘How to contact us’ below).
Transfers Under and Exception
In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:
- you have explicitly consented to the proposed transfer after having been informed of the possible risks;
- the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
- the transfer is necessary for a contract in your interests, between us and another person; or
- the transfer is necessary to establish, exercise or defend legal claims
We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights, and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.
European Commission Adequacy Decision
The European Commission has the power to determine whether a country or international organisation provides an adequate level of protection for personal information and, if it does, to issue an ‘adequacy decision’. The effect of such a decision is that personal information can flow from the UK to that country without any further safeguards being necessary.
It can take several years for the European Commission to issue an adequacy decision and only a small number of countries currently benefit from one.
If you would like further information about data transferred outside the UK, please contact us (see ‘How to contact us’ below).
You have the following rights, which you can exercise free of charge:
|Access||The right to be provided with a copy of your personal information (the right of access)|
|Rectification||The right to require us to correct any mistakes in your personal information|
|To be forgotten||The right to require us to delete your personal information—in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal information—in certain circumstances, e.g., if you contest the accuracy of the data|
|Data portability||The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations|
|To object||The right to object:|
—at any time to your personal information being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal information, e.g., processing carried out for the purpose of our legitimate interests.
|Not to be subject to automated individual decision making||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, call or write to us —see below: ‘How to contact us’;
- let us have enough information to identify you;
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
Keeping your Personal Information Secure
We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
United States of America - California
The provisions in this paragraph of the Additional Terms are intended to fulfil the requirements of the California Consumer Privacy Act ("CCPA") and shall apply to Users who are resident in California.
For the purposes of the CCPA, correspond to the following categories of Personal Information listed in the CCPA:
a. identifiers and personal information categories referenced in applicable California law (first and last names, email address, home address, telephone number, where you have selected particular services or features on the Platform, social network information);
b. protected classification characteristics under California or US federal law (age, gender, country of residence, medical conditions or requirements);
c. commercial information (information about your purchases of products and services from us or our third party partners who may provide or promote their own products or services through the Platform);
d. biometric information (physical characteristics such as weight, height, and body measurements such as stride length and apparel size) to the extent you choose to enter these on the Platform;
e. geo-location data where:
i. the IP address of your computer or device is used to determine your geographic location so that we can customise your experience on the Platform (e.g. language settings); and
ii. you elect to use location-based features on the Platform (in particular, the Tone &. Sculpt App) and turn on the location services settings on your device or computer (e.g. GPS and/or Bluetooth) so that we can track your real-time geographic location to record your fitness activities (e.g. your running route);
f. inferences drawn from other Personal Data (dietary preferences, information you provide about yourself and any preferences in your User Account, communications with us or directed to us via letters, emails, chat services, calls, and social media, fitness activity data provided by you on the Platform or generated through your use of the Tone & Sculpt app, including activity data generated by the devices that you connect to the Tone & Sculpt app where you have selected particular services or features on the Platform, contacts and calendar information);
How to Complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
How to Contact Us
If you wish to contact us, please send an email to email@example.com
Cookies and Other Tracking Technologies