We use cookies 🍪 to provide the best experience. By continuing to use our website, you agree to our cookies policy

Privacy Policy

This Privacy Policy was last updated on 2 March 2023
 
SweatCo Ltd is a company incorporated in England (registration number 9242159) whose registered office is c/o OHS Secretaries Limited, 9th Floor, 107 Cheapside, London, EC2V 6DN (hereafter referred to as “SweatCo”, “we” or “us” as the context may require).  SweatCo is registered as a Data Controller with the UK’s Information Commissioner’s Office (registration number ZA182331). 
 
This Privacy Policy applies to your use of the Sweatcoin mobile application (the “Sweatcoin App”) which hosts the Sweatcoin Marketplace (“Marketplace”) and uses the sweatcoin reward point (“Sweatcoin(s)”), any website operated by SweatCo (including http://sweatco.in) (the “SweatCo Website(s)”) and the services we provide that are accessible via any of them (the “Services”).  This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be stored and processed by us. 
 
MINIMUM AGE REQUIREMENT
 
Please note that you must be aged 13 years or older to use the Services. Please do not use the Services or provide us with any personal information if you are under 13 years of age. 
  
INFORMATION WE MAY COLLECT FROM YOU
 
From time to time, we may collect or ask you to provide personal information including (without limitation) the following: your name, mobile phone number, email address, password, identification credentials, your contacts, biographical details, photographs and/or payment information.  
 
We also automatically collect, store and use information about your use of the Services, and about your computer, tablet, mobile or other device through which you access the Services. This includes the following information:
 
  • Technical Data: including the Internet protocol (IP) address, browser type, internet service provider, device identifiers, your login information, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location; and
 
  • Usage Data: including the full Uniform Resource Locators (URL), clickstream to, through and from the SweatCo Websites, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), date and time pages are accessed, website navigation and search terms used, and whether you have opened our marketing newsletters.
 
We may also automatically record the purchases you have made through the Sweatcoin App or SweatCo Websites using Sweatcoin (“Transaction Data”) to obtain an understanding of your preferences so that we can provide you with more tailored marketing where appropriate. 
 
As part of the Services, we may provide functionality allowing you to search for friends by using your Facebook credentials and, when you elect to do this, you will be asked to allow the Sweatcoin App to access certain information associated with your Facebook account such as your name, profile picture, gender and list of friends.  Provided you consent to this, such information will be processed by us in order to identify your Facebook friends who are users of Sweatcoin App and to allow you to invite those Facebook friends to install the Sweatcoin App. 
 
Please note that, with your consent, we will collect information about your location and physical movements in order for the Sweatcoin App to function properly and monitor and verify forms of eligible movement.  You may turn location monitoring on and off from time to time using the settings of your operating system of your mobile device but, if you disable this functionality, we will not be able to collect information relating to your step-count and GPS/Cell-ID location which will prevent tracking and/or conversion of your movement into Sweatcoins.
 
We work with third parties from time to time (including, for example, Apple HealthKit, Near Foundation, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers and search information providers  who may provide to us information about you. This may include your purchase history from business partners who supply you with rewards made available via the Sweatcoin App.
 
USES MADE OF YOUR PERSONAL DATA
 
As a data controller, we will only use your personal data if we have a legal basis for doing so. The table at Annex 1 sets out the purposes for which we use your personal data as well as the relevant legal bases on which we do so.
 
WHO WE SHARE YOUR PERSONAL DATA WITH
 
We may share your personal data with the following recipients as necessary to achieve the purposes set out in Annex 1 or as otherwise described below:
 
  • Other users. Certain information of your personal data may be shared with other users of the Sweatcoin App as part of the normal operation of the Services (for example your uploaded profile picture and biographical information will be accessible to all users, and we may publish your total verified steps, or other movement, during a particular period to other users from time to time).  
  • Service providers. We may share your personal data with third party service providers that perform services for us or on our behalf, which may include providing data hosting, customer relationship management, payment processing and analytics services. 
  • Business partners. We may share your personal data with our trusted business partners in order that they can contact you from time to time with offers that may interest you and/or inform you of other products or services, provided you have given your consent for us to do so.
  • Law enforcement, regulators, governmental authorities and other parties for legal reasons. We may share your personal data with third parties if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or our safety, or the safety of our users, a third party, or the public.
  • Purchasers and third parties in connection with a business transaction. If we are involved in a merger, acquisition, bankruptcy, reorganisation, partnership, asset sale or other transaction, we may disclose your personal data as part of that transaction. 
 
In addition, we may share your personal data with other third parties if you have provided your consent for us to do so.
 
INTERNATIONAL TRANSFERS
 
We may transfer your personal data outside of the country where you are located.
 
If you are located in the UK or EEA, your personal data may be transferred to countries which do not provide the same level of protection for personal data as that provided for under UK and EEA law.
 
Where we transfer your personal data to a country which is not recognised by the UK government or EU Commission (as applicable) as ensuring an adequate level or protection for personal data, we will ensure that relevant safeguards are in place to ensure the adequate protection for your personal data (for example, by entering into standard contractual clauses with the recipients of your personal data).
 
Further details regarding the relevant safeguards we implement can be obtained from us on request at [email protected] with the subject ‘international transfers’. 
 
DATA RETENTION
 
Your personal data will be kept only for as long as is necessary to fulfil the purposes set out in this policy, for as long as we are required to do so by law or any regulatory obligation.
 
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
 
DATA SECURITY
 
We take reasonable industry-standard care in keeping all our data secure and in preventing any unauthorised access or unlawful use of it. 
 
COOKIES
 
We use cookies and similar technologies on the Sweatcoin App and SweatCo Websites for various purposes, including analytics and advertising. For more information regarding our use of cookies, please refer to Annex 2. 
 
YOUR RIGHTS
 
Depending upon where you are located, you may have the following rights in respect of your personal data under applicable data protection law:

  1. To ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing (i.e. “opt out”) by clicking ‘unsubscribe’ at the bottom of our marketing emails or by emailing [email protected], with the subject ‘unsubscribe’. 
  2. To change your personal information we hold about you. You can exercise your right by accessing your Account information in our app (Open Sweatcoin app -> Your Account Screen -> Edit (on Android) or Pencil icon (on iPhone) -> Change your details -> Save).
  3. To ask us about the personal information we hold about you and to request a copy of your personal information. You can exercise your right to access this information by emailing [email protected], with the subject ‘data access request’. 
  4. To delete your account and any personal information we hold on you. You can exercise your right to delete your Sweatcoin account and the personal information attached to it yourself, by triggering an account deletion via the Help section within the Sweatcoin app (Open Sweatcoin app -> Your Account Screen -> Settings -> Help -> Contact us -> Choose your problem = Delete Account).
  5. To object to any use of your personal data that we carry out on the basis of our legitimate interests (as set out in Annex 1), subject to certain conditions.
  6. To receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person, in each case subject to certain conditions.
  7. To withdraw consent to our processing of your personal data if this is based on your consent (as set out in Annex 1).
  8. To require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the data is contested by you.

Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
 
If you wish to exercise one of these rights, please follow the steps set out above or contract us using the details set out below.  
 
COMPLAINTS
 
If you wish to lodge a complaint about how we process your personal data, please contact us using the details set out below. We will endeavour to respond to your complaint as soon as possible.
You also have the right to lodge a complaint to your national data protection authority. The relevant data protection regulator in the UK is the Information Commissioners Office (https://ico.org.uk/concerns). 
 
If you are resident in the EEA, you can find details regarding your local data protection regulator here.
 
LINKS
 
The Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such websites or services and is subject to those operators’ policies governing privacy and security, even if accessed via the Sweatcoin App or SweatCo Websites. We are not responsible for the content or privacy and security practices and policies of third-parties to which links or access are provided through the Sweatcoin App or SweatCo Websites. We encourage you to learn about third parties’ privacy and security policies before providing them with your personal data.
 
CHANGES TO THIS PRIVACY POLICY
 
We reserve the right to change this Privacy Policy at any time.  Any such changes we may make to this Privacy Policy will be posted on the SweatCo App and SweatCo Website(s), and may be emailed to you. Please check the Privacy Policy available on the SweatCo App and SweatCo Website(s) from time to time. 
  
CONTACT
 
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to [email protected] with subject line “enquiry”.
 


ANNEX 1 – PURPOSES OF COLLECTING PERSONAL INFORMATION
 
The Sweatcoin App’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.  

We use the following categories of personal data in the manner specified below, and rely on the following legal basis for processing:
 
Contact Details (phone number): We use this data to verify your identity as part of our account set up procedure. Our legal basis for processing this data is because it is in our and your legitimate interests to ensure that you have used the correct phone number when signing up for the Services.
 
Contact Details (email address, phone number etc.), profile information (username, profile photo, bio etc.), movement data (motion data, HealthKit data): We use this data to provide the Services, including operating the Sweatcoin Marketplace (using our own systems and those of appropriate third party service providers). Our legal basis for processing this data is based on performance of a contract (our terms and conditions). 

Location Data (iOS only): We use this data to verify your physical movement and location and issue Sweatcoins on the basis of this verified data. Our legal basis for processing this data is based on consent (where we are processing location data) and performance of a contract.

Movement data (Healthkit / Google Fit steps data): We use this data to verify your physical movement and issue Sweatcoins on the basis of this verified data. Our legal basis for processing this data is based on consent and performance of a contract.

Contact Details (email address, phone number etc.), payment details (card number, CVC etc.), profile information (username): We use this data to process your transactions with us. Our legal basis for processing this data is based on performance of a contract.

Profile Information (username, profile photo etc.), movement data (motion data, HealthKit data, Google Fit data): We use this data to create daily leader boards of users, comprising all users or users meeting particular criteria as ranked by the number of steps completed or using other criteria. Our legal basis for processing this data is because it is in our legitimate interests to make our services social and competitive and allow you to see how you rank against other users and encourage you to walk more.

Contact Details (phone number): We use this data to connect you with other users and allow you to invite contacts to use the Services. Our legal basis for processing this data is because it is in our legitimate interests to make our services social and allow you to interact with friends when using the Services.

Contact Details (phone number, email address etc.), communications data (personal data comprised in your requests, survey responses, complaints etc.): We use this data to respond to queries and complaints and provide you with information and materials that you request from us. We also use this data to communicate with you, including to inform you of updates to the Sweatcoin App, SweatCo Website(s), our Terms of Use and/or this Privacy Policy. We also use this data to perform market and customer research. Our legal basis for processing this data is because it is in our legitimate interests to respond to your queries and provide any information and materials requested in order to maintain good customer relations; it is in our legitimate interests to ensure that any changes to our policies, terms and other such technical updates are communicated to you; and because it is in our legitimate interests to carry out market and customer research so that we can improve our Services.

Transaction Data and Order History:  We use this data to obtain an understanding of your preferences and to maintain accounts and records. Our legal basis for processing this data is because it is in our legitimate interests to understand our users’ preferences so we can improve the Services and the offers we display on the Sweatcoin App; and because it is in compliance with a legal obligation.

Contact Details (phone number, email address, social media accounts), marketing preferences (records of consents): We use this data for Marketing and advertising (including sending you marketing emails, carrying out online behavioural advertising and measuring the effectiveness of our marketing). We also use this data to share your contact details with trusted business partners for marketing purposes. Our legal basis for processing this data is consent (if required under applicable law). Where consent is not required under applicable law, such processing is necessary in our legitimate interests, namely to develop and grow our business.

Profile Information (username, profile photo, bio etc.), usage data, transaction Data, movement data (motion data, HealthKit data, Google Fit data): We use this data to investigate and/or prevent suspected fraud or other criminal activities, to investigate disputes between users, and for Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures. Our legal basis for processing this data is because it is in our legitimate interests to resolve and protect ourself and users of the Services, the Sweatcoin App and the SweatCo Websites against harmful activities; it is in our legitimate interests to ensure that disputes between users are resolved and appropriate action is taken against users breaching the rules; and because it is in our legitimate interests to be as efficient as we can so we can deliver the best services to you.

Profile Information (username, profile photo, bio etc.), usage data, technical data): We use this data to correct errors and problems with the Services, and to protect the security of systems and data. Our legal basis for processing this data is because it is in our legitimate interests to monitor the Services to ensure that it functions properly and is secure; to comply with our legal and regulatory obligations; and because it is also in our legitimate interests to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.

Technical Data and Usage Data: We use this data to analyse the usage of the Services, including for the purposes of improving the Services and to ensure that content is presented in the most effective manner for you. Our legal basis for processing this data is based on consent. 

Contact Details (email address, phone number etc.), profile information (username, profile photo, bio etc.): We use this data to enforce legal rights or defend or undertake legal proceedings. Our legal basis for processing this data is because it is in our legitimate interests or those of a third party, i.e. to protect our business, interests and rights or those of others.

 


ANNEX 2 – COOKIES

What are cookies
 
We use cookies to distinguish you from other users of the Sweatcoin App and SweatCo Website(s) and obtain certain information about your usage and behaviour. A cookie is a small file of letters and numbers that we put on your computer when you use the Sweatcoin App or SweatCo Website(s). This helps us to provide you with a better experience when you use the Sweatcoin App or browse the SweatCo Website(s) and also allows us to improve the Services. We will use both persistent cookies, which could remain on your device until their expiration (which, in some cases, is up to 10 years), and session cookies, which are temporary files removed from your device once your browser is closed.
 
Cookies we use
 
The types of cookies we may use include: 

  • Strictly Necessary Cookies, which are required for the operation of the Sweatcoin App and SweatCo Websites. They include, for example, cookies that enable you to log into secure areas of our websites;
  • Analytical/Tracking Cookies, which allow us to recognise and count the number of visitors and analyse use of the Services, as well as to verify transactions; and
  • Advertising and Retargeting Cookies, which allow us to generate appropriate advertising directed to you on the SweatCo Website(s) as well as on the Sweatcoin App and other third party websites.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.  You may block cookies by activating the appropriate setting on your browser but, if you do so, you may not be able to use all functionalities of the Services.
 
We use a number of industry-standard data analytics tools, such as Google Analytics and Facebook Analytics. These collect certain information about you, such as your device’s IP address and browsing and usage behaviour, and are used to allow us to track and monitor the traffic visiting the Sweatcoin App and SweatCo Website(s).
 
Consent to use cookies
 
We will ask for your permission (consent) to place cookies on your device when using the SweatCo Websites, except where these are essential for us to provide you with a service that you have requested. 
 
There is a notice on our home page which describes how we use cookies and requests your consent before we place any non-essential cookies on your device.
 
How to turn off cookies
 
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of our websites.
 
To find out more about cookies, including how to see which cookies have been set and how to manage and delete them, you can visit the third party website: www.allaboutcookies.org



ANNEX 3 – NOTICE TO UNITED STATES RESIDENTS

This Annex 3 is incorporated into the Privacy Policy and includes additional information for residents of the United States regarding the collection and use of their Personal Data. The term “Personal Data,” as used in this Annex 3, includes “personal information” as defined in the California Privacy Rights Act (“CPRA”). 

PERSONAL DATA

The following subsections detail the categories of Personal Data that we collect and have collected over the past twelve (12) months. For each category of Personal Data, these subsections also set out the source of that Personal Data, our commercial or business purpose for collecting that Personal Data. More information regarding those sources and categories are set forth below.  

Categories of Personal Data We Collect

  • Profile or Contact Data
    • Examples of Personal Data Collected:
      • First and last name
      • Email
      • Phone number
      • Unique identifiers such as username and password
      • Profile photo
      • User bio
    • Source:
      • You
  • Categories of Third Parties with Whom We Share this Personal Data:
    • Service Providers
    • Advertising Partners
    • Analytics Partners
    • Business Partners/Marketplace Providers
    • Parties You Authorize, Access or Authenticate, including Other Users
  • Commercial Data
    • Examples of Personal Data Collected:
      • Purchase history (i.e. “Transaction Data”)
    • Source:
      • You
    • Categories of Third Parties with Whom We Share this Personal Data:
      • Service Providers
      • Parties You Authorize, Access or Authenticate, including Other Users
  • Device/IP Data
    • Examples of Personal Data Collected:
      • IP address
      • Device ID
      • Domain server
      • Type of device/operating system/browser used to access the Services
      • Browser plug-in types and versions
      • Internet service provider
    • Source:
      • You
      • Third parties, including Analytics Partners
    • Categories of Third Parties with Whom We Share this Personal Data:
      • Service Providers
      • Advertising Partners
      • Analytics Partners
  • Web Analytics
    • Examples of Personal Data Collected:
      • Web page interactions
      • Referring webpage/source through which you accessed the Services
      • Referral source/exit pages
      • Statistics associated with the interaction between device or browser and the Services
    • Source:
      • You
      • Third parties, including Analytics Partners
    • Categories of Third Parties with Whom We Share this Personal Data:
      • Service Providers
      • Advertising Partners
      • Analytics Partners
  • Social Network Data
    • Examples of Personal Data Collected:
      • Email
      • Phone number
      • User name
      • IP address
      • Device ID
      • Name
      • Profile picture
      • List of friends
    • Source:
      • You
      • Third parties, including Social Networks
    • Categories of Third Parties with Whom We Share this Personal Data:
      • Service Providers
      • Advertising Partners
      • Analytics Partners
      • Business Partners/Marketplace Providers
      • Parties You Authorize, Access or Authenticate, including Other Users
  • Consumer Demographic Data
    • Examples of Personal Data Collected:
      • Age/date of birth
      • Zip code
      • Gender
    • Source:
      • You
      • Categories of Third Parties with Whom We Share this Personal Data:
      • Service Providers
      • Advertising Partners
      • Analytics Partners
      • Business Partners/Marketplace Providers
      • Parties You Authorize, Access or Authenticate, including Other Users
  • Geolocation Data
    • Examples of Personal Data Collected:
      • IP-address-based location information
      • GPS data
      • Time zone setting
    • Source:
      • You
      • Categories of Third Parties with Whom we Share this Personal Data:
      • Service Providers
      • Advertising Partners
      • Analytics Partners
      • Business Partners/Marketplace Providers
      • Parties You Authorized, Access or Authenticate, including Other Users
  • Health Data
    • Examples of Personal Data Collected:
      • Health or exercise activity monitoring
      • Apple HealthKit data
    • Source:
      • You
    • Categories of Third Parties with Whom we Share this Personal Data:
      • Service Providers
      • Business Partners/Marketplace Providers
      • Parties You Authorize, Access or Authenticate, including Other Users
  • Categories of Data Considered “Sensitive” Under the CPRA
    • Examples of Personal Data Collected:
      • Personal data concerning a consumer’s health
      • Precise geolocation data
    • Source:
      • You
    • Categories of Third Parties with Whom We Share this Personal Data:
      • Service Providers
      • Advertising Partners
      • Analytics Partners
      • Business Partners/Marketplace Providers
      • Parties You Authorize, Access or Authenticate, including Other Users
  • Other Identifying Information that You Voluntarily Choose to Provide
    • Examples of Personal Data Collected:
      • Identifying information in emails, letters, or texts you send us or in your survey responses
    • Source:
      • You
    • Categories of Third Parties with Whom We Share this Personal Data:
      • Service Providers
      • Parties You Authorize, Access or Authenticate, including Other Users
  • Other
    • Examples of Personal Data Collected:
      • Your contacts
      • Any Personal Data or other identifying information that you include in your user bio
    • Source:
      • You
      • Third parties, including Social Networks
      • Categories of Third Parties with Whom We Share this Personal Data:
      • Service Providers
      • Advertising Partners
      • Analytics Partners
      • Business Partners/Marketplace Providers
      • Parties You Authorized, Access or Authenticate, including Other Users

Our Commercial or Business Purposes for Collecting or Disclosing Personal Data

  • Providing, Customizing and Improving the Services
    • Creating and managing your account or other user profiles
    • Processing orders or other transactions; billing.
    • Providing you with the products, services or information you request.
    • Meeting or fulfilling the reason you provided the information to us.
    • Providing support and assistance for the Services.
    • Improving the Services, including testing, research, internal analytics and product development.
    • Personalizing the Services, website content and communications based on your preferences.
    • Doing fraud protection, security and debugging.
    • Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the CPRA
  • Marketing the Services
    • Marketing and selling the Services.
    • Showing you advertisements, including interest-based or online behavioural advertising.
  • Corresponding with You
    • Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about SweatCo or the Services.
    • Sending emails and other communications according to your preferences or that display content that we think will interest you.
  • Meeting Legal Requirements and Enforcing Legal Terms
    • Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
    • Protecting the rights, property or safety of you, SweatCo or another party.
    • Enforcing any agreements with you.
    • Responding to claims that any posting or other content violates third-party rights.
    • Resolving disputes.

Personal Data Sales

In this section, we use the term ‘sell’ as it is defined in the CPRA. We sell your Personal Data, subject to your right to opt-out of these sales.

As described in Annex 2, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third party Cookies for online advertising may be considered a “sale” of information. You can opt out of these sales by following the instructions in this section. Otherwise, we do not sell your Personal Data to third parties. 



Personal Data Sharing

Under the CPRA, California residents have certain rights when a business “shares” Personal Data with third parties for purposes of cross-contextual behavioral advertising. We have shared the following categories of Personal Data for the purposes of cross-contextual behavioral advertising:

  • Profile or Contact Data
  • Device/IP Data
  • Web Analytics
  • Social Network Data
  • Consumer Demographic Data
  • Geolocation Data
  • Categories of Data Considered “Sensitive” Under the CPRA
  • Other

As described in Annex 2, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third party Cookies for online advertising may be considered a “sale” of information. You can opt-out of data selling and/or sharing by following the instructions in this section.

We share Personal Data with the following categories of third parties:

  • Marketing providers (including for cross-contextual behavioral advertising purposes)
  • Service providers
  • Other users (where certain information, such as profile data, is visible to all users)
  • Business partners
  • Third parties in connection with a business transaction, such as merger or sale
  • Law enforcement, regulators, governmental authorities and other parties for legal reasons