Privacy Policy

We ask that you read this website privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

These terms and conditions of use (Terms) explain how you may use this website (www.toneandsculpt.app) (SiteA) or our mobile application (App) and any of its content. These Terms apply between Tone & Sculpt Limited trading as Tone and Sculpt (we, us or our) and you, the person accessing or using the Site or our App (you or your).You should read these Terms carefully before using the Site or App. By using the Site or App or otherwise indicating your consent, you agree to be bound by these Terms. If you do not agree with any of these Terms, you should stop using the Site or App immediately.

About Us

We are Tone & Sculpt Limited, a company registered in England and Wales under company registration number 10591766. Our registered office is at Langley House, Park Road, London, N2 8EY. Our VAT registration number is GB266057591.

We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR). We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and services we offer to individuals and our wider operations in the European Economic Area (EEA).

Our Website and Mobile Application

This privacy policy relates to your use of our website, toneandsculpt.app and mobile application.

Our Site and App may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site or App, we encourage you to read the privacy notice of every website you visit.

Our Collection and Use of your Personal Information

We collect personal information about you when you access our Site or use our App, contact us, and send us feedback.

We collect this personal information from you either directly, such as when you contact us or indirectly, such as your browsing activity while on our Site or App (see ‘Cookies’ below).

The personal information we collect about you depends on the particular activities carried out through our Site or App. This information includes:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, and photographs and videos that may identify you.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details or other types of electronic payment, details of your membership package and fees and others linked to your membership and the payments you make to us.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, traffic data, location data operating system and platform and other technology on the devices you use to access our Site or App.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses, personal or professional interests and your profile picture.  
  • Usage Data includes information about how you use our Site or App, application, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We may also use, store and transfer Special Category Data about you (this includes details about your race or ethnicity, information about your health and biometric data) in order to deliver our services to you with care, to ensure your health when performing exercises or to comply with our obligations under health and safety law. We do not collect any information about criminal convictions and offences. Special Category Data includes, but is not limited to:

  • Height
  • Weight
  • Age
  • Data collected from 3rd party apps such as Apple Watch and Apple Health, including but not limited to calories burned per day, number of steps and number of active minutes

Whilst we do not generally collect Special Category Data unless it is volunteered by you, we do specifically collect health data to the extent that it is required to assess your readiness for physical exercise. By providing the Special Category Data to us, you are consenting to our using it in the manner set out in this Policy.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

We use this personal information to:

  • Verify your identity
  • Create and manage your account with us
  • Process and deliver your order(s) including the management of payment(s)
  • Keep you updated with news and information we consider relevant to you
  • Customise our Site or App and its content to your particular preferences
  • Notify you of any changes to our Site or App or to our services that may affect you
  • Improve our services

This Site and our App are not intended for use by children, and we do not knowingly collect or use personal information relating to children.

Our Legal Basis for Processing your Personal Information

When we use your personal information, we are required to have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why.The legal bases we may rely on include:

  • Consent: where you have given us clear consent for us to process your personal information for a specific purpose
  • Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
  • Legitimate interests: A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.

Use of Information

The table below explains what we use (process) your personal information for and our reasons for doing so:

What we use your personal information for: To provide services to you and fulfil your order such as using payment card details to collect payment for goods and services, carry out contractual obligations, facilitate bookings of classes and appointments
Our reason:
For the performance of our contract with you or to take steps at your request before entering into a contract.To address queries and to contact you with marketing and/or promotional materials and any information that may be relevant to you.

What we use your personal information for: To prevent and detect fraud against you
Our reason:
For our legitimate interests or those of a third party, i.e., to minimise fraud that could be damaging for us and for you

What we use your personal information for: Ensuring business policies are adhered to, e.g., policies covering security and internet use
Our reason:
For our legitimate interests or those of a third party, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you

What we use your personal information for: Operational reasons, such as improving efficiency, training, troubleshooting, data analysis, testing and quality control
Our reason:
For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price

What we use your personal information for: Ensuring the confidentiality of commercially sensitive information
Our reason:
For our legitimate interests or those of a third party, i.e., to protect trade secrets and other commercially valuable informationTo comply with our legal and regulatory obligations

What we use your personal information for: Statistical analysis to help us manage our business, e.g., in relation to our financial performance, customer base, service range or other efficiency measures
Our reason:
For our legitimate interests or those of a third party, i.e., to be as efficient as we can so we can deliver the best service for you at the best price

What we use your personal information for: Updating and enhancing customer records, and responding to enquiries
Our reason:
For the performance of our contract with you or to take steps at your request before entering into a contract. To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our customers about existing orders and new products

What we use your personal information for: Statutory returns
Our reason:
To comply with our legal and regulatory obligations

What we use your personal information for: Ensuring safe working practices, staff administration and assessments
Our reason:
To comply with our legal and regulatory obligationsFor our legitimate interests or those of a third party, e.g., to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you

What we use your personal information for: When conducting our marketing campaigns:

  • to deliver relevant advertisements, newsletters and promotions
  • to you to recommend services and offers that may be of interest to you
  • to measure the effectiveness of the advertising provided
  • to improve our Site and App, services, marketing, customer experiences
  • for market research and survey purposes

Our reason: We rely on your consent to use your personal data when conducting our marketing campaigns. For our legitimate interests or those of a third party, i.e., to promote our business to existing and former customers

What we use your personal information for: Credit reference checks via external credit reference agencies
Our reason:
For our legitimate interests or those of a third party, i.e., to ensure our customers are likely to be able to satisfy invoices for our services.

What we use your personal information for: External audits and quality checks, e.g., for ISO or Investors in People accreditation and the audit of our accounts
Our reason:
For our legitimate interests or a those of a third party, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards. To comply with our legal and regulatory obligations

What we use your personal information for: Managing your account with us: To create and manage your account with us and to communicate with you about your account, fees, and membership terms, inform you of products and services that may be of interest to you and to allow you to participate in interactive features of our services.
Our reason:
For the performance of our contract with you or to take steps at your request before entering into a contract. For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our customers about existing orders and new products

Marketing

We may use your personal data to send you updates (by email, text message, telephone, or post) about our services, including exclusive offers, promotions, or new services.

We have a legitimate interest in using your personal data for marketing purposes (see above ‘Use of Information’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by contacting us at community@toneandsculpt.app

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell it with other organisations for marketing purposes.

Who we Share your Personal Information with

We routinely share personal information with:

  • Third parties we use to help deliver our products and services to you, e.g., payment service providers, suppliers, and business partners
  • Other third parties we use to help us run our business, e.g., marketing agencies, mailing houses, systems providers, accounts payable, website hosts, our banks and couriers
  • Third parties approved by you, e.g., social media sites you choose to link your account to or third party payment providers; and
  • Credit reference agencies, HM Revenue & Customs, regulators and other authorities who may act as processors who require reporting of processing activities in certain circumstances

We will share personal information with law enforcement or other authorities if required by applicable law. We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information.

We also impose contractual obligations on service providers ensuring they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal information with other parties, such as potential buyers of some or all of our business or during a restructuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

Where your Personal Information is Held

Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).

How Long your Personal Information will be Kept

We will keep your personal information while you have an account with us, or we are providing products and services to you. Thereafter, we will keep your personal information for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly;
  • to keep records required by law.

Transferring your Personal Data out of the UK

To deliver services to you, it is sometimes necessary for us to share your personal data outside the UK, e.g.:

    if you are based outside the UK;

Under data protection law, we can only transfer your personal data to a country or international organisation outside the UK where:

  • the UK government or, where the EU GDPR applies, the European Commission has decided the particular country or international organisation ensures an adequate level of protection of personal data (known as an ‘adequacy decision’);
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law

These are explained below.

Adequacy Decision

We may transfer your personal data to certain countries, on the basis of an adequacy decision. These include:

  • all European Union countries, plus Iceland, Liechtenstein and Norway (collectively known as the ‘EEA’);
  • Gibraltar; and
  • Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.

The list of countries that benefit from adequacy decisions will change from time to time. We will always seek to rely on an adequacy decision, where one exists.

Other countries we are likely to transfer personal data to do not have the benefit of an adequacy decision. This does not necessarily mean they provide poor protection for personal data, but we must look at alternative grounds for transferring the personal data, such as ensuring appropriate safeguards are in place or relying on an exception, as explained below.

Transfers with Appropriate Safeguards

Where there is no adequacy decision, we may transfer your personal data to another country if we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using legally-approved standard data protection contract clauses.

To obtain a copy of the standard data protection contract clauses and further information about relevant safeguards, please contact us (see ‘How to contact us’ below).

Transfers Under and Exception

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal data to a third country or international organisation where an exception applies under relevant data protection law, e.g.:

  • you have explicitly consented to the proposed transfer after having been informed of the possible risks;
  • the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
  • the transfer is necessary for a contract in your interests, between us and another person; or
  • the transfer is necessary to establish, exercise or defend legal claims

We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights, and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal data on this ground.

European Commission Adequacy Decision

The European Commission has the power to determine whether a country or international organisation provides an adequate level of protection for personal information and, if it does, to issue an ‘adequacy decision’. The effect of such a decision is that personal information can flow from the UK to that country without any further safeguards being necessary.

It can take several years for the European Commission to issue an adequacy decision and only a small number of countries currently benefit from one.

Further Information

If you would like further information about data transferred outside the UK, please contact us (see ‘How to contact us’ below).

Your Rights

You have the following rights, which you can exercise free of charge:

Access: Rectification
The right to be provided with a copy of your personal information (the right of access):
The right to require us to correct any mistakes in your personal information

Access: To be forgotten
The right to be provided with a copy of your personal information (the right of access):
The right to require us to delete your personal information—in certain situations

Access: Restriction of processing
The right to be provided with a copy of your personal information (the right of access):
The right to require us to restrict processing of your personal information—in certain circumstances, e.g., if you contest the accuracy of the data

Access: Data portability
The right to be provided with a copy of your personal information (the right of access):
The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

Access: To object
The right to be provided with a copy of your personal information (the right of access):
The right to object:

  • at any time to your personal information being processed for direct marketing (including profiling);
  • in certain other situations to our continued processing of your personal information, e.g., processing carried out for the purpose of our legitimate interests.

Access: Not to be subject to automated individual decision making
The right to be provided with a copy of your personal information (the right of access):
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email, call or write to us —see below: ‘How to contact us’;
  • let us have enough information to identify you;
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.

Keeping your Personal Information Secure

We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

United States of America - California

The provisions in this paragraph of the Additional Terms are intended to fulfil the requirements of the California Consumer Privacy Act ("CCPA") and shall apply to Users who are resident in California.

To the extent that any terms used in this Privacy Policy and of the Additional Terms are defined in the CCPA, such definitions shall apply. The term "Personal Data" as used in this Privacy Policy and Additional Terms shall include "Personal Information" as such term is defined in the CCPA.

For the purposes of the CCPA, correspond to the following categories of Personal Information listed in the CCPA:

a. identifiers and personal information categories referenced in applicable California law (first and last names, email address, home address, telephone number, where you have selected particular services or features on the Platform, social network information);

b. protected classification characteristics under California or US federal law (age, gender, country of residence, medical conditions or requirements);

c. commercial information (information about your purchases of products and services from us or our third party partners who may provide or promote their own products or services through the Platform);

d. biometric information (physical characteristics such as weight, height, and body measurements such as stride length and apparel size) to the extent you choose to enter these on the Platform;

e. geo-location data where:

i. the IP address of your computer or device is used to determine your geographic location so that we can customise your experience on the Platform (e.g. language settings); and

ii. you elect to use location-based features on the Platform (in particular, the Tone &. Sculpt App) and turn on the location services settings on your device or computer (e.g. GPS and/or Bluetooth) so that we can track your real-time geographic location to record your fitness activities (e.g. your running route);

f. inferences drawn from other Personal Data (dietary preferences, information you provide about yourself and any preferences in your User Account, communications with us or directed to us via letters, emails, chat services, calls, and social media, fitness activity data provided by you on the Platform or generated through your use of the Tone & Sculpt app, including activity data generated by the devices that you connect to the Tone & Sculpt app where you have selected particular services or features on the Platform, contacts and calendar information);

We will not process your Personal Data for purposes which are materially different, unrelated, or incompatible with the purposes set out in the Privacy Policy without providing you notice.

How to Complain

We hope that we can resolve any query or concern you may raise about our use of your information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

Changes to this Privacy Policy

This privacy notice was published on the 12th of December 2019 and last updated on September 2021We may change this policy from time to time, when we do we will inform you via email. Your continued use of Tone & Sculpt website or mobile application, after any modification to this Privacy Policy will constitute your acceptance of such modification.

How to Contact Us

If you wish to contact us, please send an email to community@toneandsculpt.app

Cookies and Other Tracking Technologies

A cookie is a small text file which is placed onto your device (e.g., computer, smartphone or other electronic device) when you use our website or mobile application. We use cookies, web beacons, tracking pixels and other tracking technologies on our website including other media channels, mobile websites, or mobile applications related or connected to our Site. This helps us recognise you and your device and store some information about your preferences or past actions.

For further information on cookies and web beacons, tracking pixels and other tracking technologies on our website, and our use of such tracking technology, when we will request your consent before placing them and how to disable them, please see our Cookie Policy: www.toneandsculpt.app/pages/cookie-policy.