Privacy Policy

This data is submitted by users into our devices, kiosk terminals, mobile/tablet applications and online website. The data listed below is explicitly requested from the user (unless otherwise stated):

• User name
• Email address
• Date of birth
• Weight - Measured automatically on kiosk terminals and some devices.
• Height
• Gender
• Organisation/Group
• Avatar
• Password
• Language and locale preferences
• Account preferences
• Related meta data

This data is measured by our devices, applications or kiosk terminals (e.g. during a fitness assessment) or input manually by the user:

• Weight - Measured automatically on kiosk terminals and some devices
• Force platform raw data
• Body composition (BIA/BIS measurements)
• Heart rate and ECG signal
• FQ scores
• Force bar measurements
• Body temperatures
• Acceleration forces
• Atmospheric conditions
• Other sensors connected our devices
• Related meta data

Non-personal data relating to usage and measurements, comprising:

• Date/time of the test measurement(s)
• The user to whom this measurement belongs
• Device/terminal identity
• Version information
• Channel information

Your explicit consent is requested before gathering this type information. Location data comes in three main forms:

Locate once (to service a location based request)

Occasionally we ask your location to help service a specific request you initiated (e.g. find my nearest FQ terminal).

Your location is not stored nor associated with your account in any way. We only use the information temporarily to facilitate your request. You are always prompted for consent before your location is obtained (specifically, you are requested to enter the information manually - e.g. a town or postcode - or requested to grant temporary access to the GPS in your mobile device). This prompt or submission provides us with your location only once. Further prompts will be made each subsequent request.

Location tracking (only when manually activated by you)

You can choose to enable location tracking in some of our applications (e.g. track my run around the park).

When enabled, this type of location tracking uses your GPS to track your precise location and movements. You will be prompted for your explicit consent before such tracking is enabled, though you may disable subsequent prompts if you wish. You are free to disable tracking at any time (e.g. after finishing your run), but, as a failsafe, tracking will terminate automatically after 24 hours if you have not interacted with our application during this time. Whilst tracking is active, a visual indicator will be shown clearly in the application and in the on-going notification bar (where supported by your device). This type of location data is stored and associated with your account (so we can render a map of your run, for example).

Unintended location gathering

Occasionally we ask your location to help service a specific request you initiated (e.g. find my nearest FQ terminal).

We store information about the device/terminal used to perform each measurement to identify usage trends and detect problems or faults. We also know the geographical location of each of our terminals. We store user usage information for each terminal in case we need to contact them in relation to a problem with the terminal or in case they contact us reporting an issue. Potentially therefore, there is the ability to track an individual's location each time they sign-in to one of our terminals. Although the potential exists, we would like to make it clear we make no such attempt to track individuals in this manner. Our interest extends only to monitoring how busy each terminal is at any given time (to determine if we need more terminals at that location, for example) and identifying users who may have experienced problems with specific terminals (e.g. several users encountered problems measuring their heart rate on terminal 5).

All errors are captured in an effort to determine common problems and offer continuous product improvement.

The error report may contain a limited anonymised extract of test measurement data relating to the failure, to help diagnose the cause. We do not include any information that could identify you (i.e. user profile data) in our error captures. However, in rare cases, error reports may capture personal data inadvertently. Any such information is not used in any way and is discarded securely at the first opportunity.

Error reporting from our website and kiosk terminals is automatic and runs in the background without any opportunity to opt out. You may avoid signing in if this is of concern. Error reporting from our mobile applications always prompt for user consent before sending. In all cases, error reports are fully encrypted prior to transmission and stored fully encrypted.

Data captured:

• Date/time of the error
• Error category and severity
• Error description
• Events leading up to the error
• Anonymised extract of test measurement data
• Device/terminal identity
• Version information

Data relating to any communication you have with us (electronic, verbal or written).

Communication sent via email, fax or general contact submission forms is not secure. Therefore, sensitive data should not be included in such mediums. We have a dedicated secure messaging facility if necessary.

We will try to categorise your communication and respond accordingly (e.g. if you request support we will offer technical help, not a sales call!). Our aim is to reply whenever possible and ensure our response is relevant.

For sales queries: we will address your questions and may send you related product/data sheets. We may follow up on sales leads once or twice to see if we can be of any further assistance. However, please note, we will never sign you up to a mailing list.

For support queries: we will raise a support ticket and attempt to resolve your issue. This may need further communication for additional information. You may be notified of progress on a support ticket (e.g. if a fix is later made available), but you can opt out of any such notifications at any time. We may follow up after the completion of a ticket to determine if the issue was resolved to your satisfaction.

For feedback or suggestions: we may contact you to thank you for your thoughts and ideas or to request clarification on points. Your feedback may be shared with relevant stakeholders and project teams. Feedback can also be submitted anonymously if you prefer (via our dedicated feedback page). We welcome community feedback (good or bad) - it really does help shape our product offerings.

Community forums: Information submitted to our community forums is deemed to be in the public domain (unless indicated otherwise). We may use third party tools (such as UserVoice) to manage forums on our behalf.

The types of correspondence we store are as follows:

• Date/time of the communication
• User name
• Email address
• Contact telephone number(s)/fax number
• Postal address
• Response preference
• Your message
• Nature
• Language
• Timezone
• Channel information

Your email address is used to identify your account and contact you.

We may send new users a welcome email to verify their new account and confirm their password and username. We will not send you unsolicited email information, commercial offers or advertisements. We will not sell, rent, or loan your email address to third parties.

Our automated emails are opt-in and sent only if you sign up to receive them (e.g. by signing up for online fitness programme or product updates). An example of an automated mail we might send after you sign up is a copy of your fitness report after performing a fitness measurement. We may also send very occasional mailings about product developments (e.g. new related products or improvements). These will be very infrequent, one or two per year at most. End-users of software products can also sign up to receive notifications about updated releases (these may be more frequent as we provide frequent update releases). We use a third-party mailing provider (such as MailChimp or SendGrid) to send mailings on our behalf. You can opt in or out of mailings like these at any time (an unsubscribe link is included in each email sent).

We may send occasional feedback requests or surveys - particularly if the device is being used as part of a trial or beta programme. Your feedback is greatly appreciated and may be shared with stakeholders (anonymously or otherwise, as indicated in the survey). To conduct the survey independently, we may need to disclose your name and email address to a third party (such as Survey Monkey or Super Simple Survey for example).

When working with third party mailing/survey companies we will link to their privacy policy here (or in the mailing) and only use third parties whose privacy policy is materially consistent with our own (i.e. ensuring they will not send you further unrelated mailings or pass your details on to other third parties). Again you may choose to opt out of such mailings if you prefer.

Unsubscribe requests are actioned immediately and no further mailings will be sent to users who have opted out.

There are some mailings which are mandatory (i.e. from which you cannot opt out). Such mailings are rare and related strictly to account servicing (i.e. are not promotional in nature). For example, we might send a security notification if we suspect your account has been compromised or authentication requests to validate sensitive requests/actions (such as a change of password). We may also notify you about important changes to our terms and conditions or policy documents. Users can only opt out of these mailings by deleting their account.

Data relating to financial transactions with us.
We use third party merchants (such as Nayax, Stripe, PayPal and Google Wallet) to process payments on our behalf. Please refer to the respective merchant for their privacy policies. We never store your credit/debit card details but do keep other information related to the transaction:

• Date/time of the transaction
• User name
• Email address
• Contact telephone number(s)/fax number
• Address
• Goods/services purchased/refunded
• Transaction details

IP Address

We log the IP address of all requests to our webservers to help maintain our security, diagnose server problems and to administer our website. For example, we use your IP to aid in the detection of malevolent actions or denial of service attacks. For certain types of request (e.g. sign-in), we also map the IP to individual accounts, particularly for failed access attempts. Such logging helps detect abnormal usage patterns and distributed brute force attacks. Occasionally, we may block access to our servers from your IP if we detect malevolent or suspicious activity. Such blocks maybe temporary or permanent.

We do not use your IP address to track any personally identifiable information.

Web Tracking and Analytics

We use website tracking and analytic tools (like Google Analytics) to determine which areas of our site users visit the most (based on traffic to those pages) and provide technology insights (like browser versions being used and device capabilities like screen resolution). We do not track what individual users read, but rather aggregated totals and statistics about user engagement (e.g. how often each page is visited, how long spent reading, etc). This helps us improve the content on our website.

Cookies

We make limited use of website cookies to help improve your website experience (e.g. to remember you on each computer if you so you chose), to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners.

Some of the third party tools we use (such as Google Analytics, Facebook Pixel, or financial merchants, for example) may also create their own cookies in accordance with their own respective privacy policies.

You can edit your cookie privacy settings to control which cookies you permit.

We are working continuously to improve the algorithms and comparison scores in our product. To this end, fully anonymised extracts (i.e. without personally identifiable user profile information) are taken from test measurement data - including raw data, resulting scores and limited meta data). The anonymous data is used to compile aggregated totals, averages, statistics and trends for various gender and age groups. We may share this anonymous compiled data with third parties and stakeholders (in some cases for financial reward).

We also analyse anonymous data from each device/terminal to identify anonymised usage trends and detect problems or faults. Again this may be shared with third parties and stakeholders.

We sometimes need to share your results and trends with third-parties, for example with your personal trainer, organisation or medic. We might share insights about your results to help deliver relevant content (e.g. training material based around your focus areas, engagement level and whether your scores are improving or declining for example). Research facilities undertaking specific research may also require access to your full results, for example data analysts. Their use of such data is governed by non-disclosure agreements.

You can also choose to share your results publicly or with your friends if you wish (e.g. on social media), such actions are instigated manually by you.

We provide public leader boards displaying the best results (of the day or week for example). These are shown on large screens at the site or on the web - the aim being to encourage competition and engagement amongst FitQuest users. Only minimal information about you is published on the leader board (your first name, surname initial, avatar picture, city/event and your result). You can opt-out from the leader boards at any time.

We provide integrations with third party account systems to simplify the sign on process for our users. For example, we offer integrations with gym's membership systems to allow members to sign using their existing membership cards. We also integrate with online authentication platforms or Single Sign On (SSO) providers - such as Google Sign In, Microsoft Live ID, Facebook Login, OpenID, for example. This process involves the exchange of limited membership data or unique tokens - both of which identify individual users.

Third party providers may track sign on and access requests. Please consult the provider's individual privacy policy for more information.

We provide Software Development Kits (SDKs) and Application Programmable Interfaces (APIs) for our platform. These allow approved third party developers to integrate their systems with our own and vice-versa. For example, a third party chest belt may supply information about your heart rate to us. Another example might be to combine disparate pieces of information together (combining your FitQuest results with your daily activity and diet, for example).

Clearly for such integrations to happen data must be shared between the systems - including sensitive personal data. For this reason, the use of all APIs require your explicit consent. You must authorise each application wishing to integrate with your account and you are free to revoke approval at any time (preventing subsequent further access).

We also provide components (web widgets) and APIs which allow FitQuest data to be embedded in other systems. For example, your gym might display your FitQuest results in their own membership member area - alongside your gym attendance and class bookings for example. These type of integrations are approved by MIE at an organisation wide level on your behalf (e.g for all FitQuest users at that gym).

To enable handling of support queries from end users and develop product improvements, approved staff have access to limited meta data about users and their tests, together with access to anonymised and aggregated data as discussed above. This limited access facilitates support and product development roles without compromising an individual's privacy.

Our staff are also able to access various account administration functions to assist users (for example to unblock an account).

However, our staff do not have routine access to an individual's sensitive personal user data, their test measurement results or security credentials (such as password or date of birth for example). Our data security systems prevent access to sensitive data unless access is explicitly granted by the individual concerned.

We will disclose all of your data (securely) to third parties when under a legal obligation to do so. For example, to law enforcement agencies upon receipt of a valid court order.