Outgrow Data Protection Policy

Introduction

At Outgrow, your privacy is our priority. We are committed to protecting your Personal Data and being transparent about how we use it. This Privacy Policy explains what data we collect, how we process it, and your rights in relation to our services, including our app and website.

Please read this Privacy Policy carefully to understand how we handle your data. By using our services or providing your Personal Data, you agree to the terms outlined in this policy.

Who We Are

Outgrow is a fitness guidance platform owned by Olie Socials Ltd. For the purposes of data protection laws, Outgrow acts as the Data Controller for all Personal Data collected via our app and website.

We are registered on the Information Commissioners’ Office (ICO) Data Protection Register under registration number ZB713513 and at Companies House (England & Wales) Company number  14730175.  Our registered address is:

2nd Floor, National House
60-66 Wardour Street
London
W1F 0TA

Contact Details:

GDPR Lead: Steven Hadley  

Telephone: 0044 7525 195481 

Email: data@outgrowapp.com

Address: 2nd Floor, National House, 60-66 Wardour Street, London, England, W1F 0TA.

For questions or concerns about this Privacy Policy, contact:

Data Protection Officer (DPO)(TBN)
Email: dpo@outgrowapp.com

1. Policy Statement

Outgrow is committed to safeguarding the privacy of all individuals whose Personal Data it processes. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and other relevant data protection laws where Outgrow operates globally.

This policy outlines the principles governing the collection, use, and protection of Personal Data to ensure transparency, accountability, and trust.

Outgrow requires all employees, contractors, and third-party providers to adhere to this policy when processing Personal Data on its behalf. Non-compliance may lead to disciplinary action or termination of contracts.

2. About This Policy

This policy governs Outgrow’s processing of Personal Data, including data collected from users, employees, and partners worldwide. It defines roles, responsibilities, and the legal framework within which we operate.

This policy is approved by the Board of Directors of Olie Socials Ltd (Outgrow’s parent company). It supports our global compliance efforts and ensures users’ rights are upheld regardless of their location.

Outgrow acts as the Data Controller, determining the purposes and means of processing Personal Data. For queries about this policy, please contact the Data Protection Officer [TBN](DPO) at dpo@outgrowapp.com.

3. Definitions

Personal Data: Information that identifies or relates to an individual, such as name, email address, payment details, and fitness metrics.

• Special Category Data: Sensitive data, including health information, processed with explicit user consent.

• Data Subject: Any individual whose Personal Data is processed by Outgrow.

• Processing: Any operation performed on Personal Data, including collection, storage, analysis, and deletion.

• Data Controller: The entity responsible for determining how and why Personal Data is processed.

• Data Protection Officer (DPO): An appointed expert responsible for ensuring Outgrow's compliance with data protection laws, advising on legal obligations, and serving as the primary contact for data subjects and regulatory authorities.

4. Data Protection Principles

• Outgrow ensures all Personal Data is processed according to these principles:

• Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently.

• Purpose Limitation: Data is collected for specified, legitimate purposes.

• Data Minimisation: Only data necessary for the intended purpose is processed.

• Accuracy: Data is accurate and kept up to date.

• Storage Limitation: Data is retained only as long as necessary.

• Integrity and Confidentiality: Appropriate security measures protect Personal Data.

5. Global Compliance and Local Jurisdictions

Outgrow operates globally and complies with local data protection laws, including:

• General Data Protection Regulation (EU GDPR) for users in the European Union.

• California Consumer Privacy Act (CCPA) for users in California, USA.

• Other relevant regulations, including, but not limited to, Australia’s Privacy Act and Canada’s PIPEDA.

Where local laws impose stricter requirements than UK GDPR, Outgrow ensures compliance with those standards.

6. Lawful Basis for Processing

Outgrow processes Personal Data under the following lawful bases:

• Consent: For processing Special Category Data (e.g., fitness metrics) and marketing communications.

• Contract: To deliver subscriptions and fitness services as agreed with users.

• Legal Obligations: To fulfil statutory requirements, such as reporting employer contributions to HMRC or responding to investigations conducted by authorised regulatory bodies.

• Legitimate Interests: For analytics, app improvements, and customer support.

7. Fair Processing Notices

Outgrow ensures transparency in data processing by providing Fair Processing Notices (also known as Privacy Notices) at the point of data collection. These notices clearly outline the purpose of data collection, the lawful basis for processing, and users' rights under the applicable data protection laws.

8. Cookies and Tracking Technologies
Outgrow uses cookies and similar tracking technologies to enhance user experience, gather usage analytics, and improve the functionality of the app and website. These technologies allow us to:

• Understand how users interact with our services.

• Personalise user experience based on preferences and activity.

• Measure the effectiveness of marketing campaigns.

Types of Cookies Used:

• Strictly Necessary (Essential) Cookies: Necessary for the operation of our app and website.

• Analytical Cookies: Collect anonymous data on app/website usage for analytics.

• Functionality Cookies: Enable customisation of content and settings.

• Targeting/Marketing Cookies: Used for delivering relevant advertisements based on user activity.

9. Collection and Processing of Personal Data

Outgrow collects Personal Data via:

• User Interactions: Registration forms, fitness tracking inputs, and account management.

• Third-Party Integrations: Data from wearables and platforms like Apple Health or Google Fit.

• Analytics and Marketing: Behavioural data for service optimisation.

Special Category Data, such as health metrics, is processed only with explicit user consent and solely for purposes such as personalised fitness guidance.

10. Accountability and Governance

Outgrow maintains comprehensive records of its data processing activities as required under GDPR Article 30. These records include the types of data processed, processing purposes, categories of recipients, and retention schedules.

For high-risk processing activities, Outgrow conducts Data Protection Impact Assessments (DPIAs) to identify and mitigate potential risks to users' privacy. DPIAs are performed in compliance with the UK GDPR and where required by local regulations in other jurisdictions.

11. Rights of Data Subjects

Outgrow upholds the rights of users globally, including:

• Right to Be Informed: Transparency about data processing activities.

• Right of Access: Access to data we hold about you.

• Right to Rectification: Correction of inaccurate data.

• Right to Erasure: Deletion of data upon request, subject to legal or contractual obligations.

• Right to Restrict Processing: Limitations on data processing in specific scenarios.

• Right Not to be subject to a decision that is based solely on automated processing if the decision affects your legal rights.

• Right to Data Portability: Transfer of data in a machine-readable format.

• Right to Object: Refusal of processing for marketing or profiling purposes.

Requests can be made by contacting Data@outgrowapp.com.

12. Data Security

• Outgrow implements comprehensive security measures:

• Encryption: Protects data during storage and transmission.

• Access Control: Limits data access to authorised personnel.

• Data Anonymisation: De-identifies data when appropriate.

• Secure Disposal: Safely destroys obsolete data.

13. Training and Awareness

All Outgrow employees, contractors, and third-party service providers are required to complete data protection training tailored to their roles. Regular training ensures awareness of GDPR requirements, data protection principles, and the importance of safeguarding user data.

Failure to comply with training requirements or this policy may result in disciplinary action or termination of contracts.

14. Data Breach Management

Outgrow’s breach response protocol includes:

• Immediate notification of affected users and the ICO (if applicable).

• Containment and investigation of the breach.

• Implementation of corrective measures to prevent recurrence.

All suspected breaches must be reported to the DPO at dpo@outgrowapp.com.

15. International Data Transfers

Outgrow ensures lawful data transfers outside the UK/EU by:

• Relying on adequacy decisions for compliant jurisdictions.

• Implementing Standard Contractual Clauses (SCCs) for non-compliant jurisdictions.

• Seeking explicit consent for transfers, where required.

Data may be processed by staff or third-party providers in other countries, subject to strict contractual safeguards.

16. Third-Party Sharing

Outgrow shares data only with trusted partners, including:

• Payment processors (e.g., Apple and Google).

• Analytics platforms (e.g., Google Analytics, Firebase).

• Marketing services with user consent.

Outgrow does not sell Personal Data to third parties.

17. Data Retention Policy

Data is retained as follows:

• User Accounts: Deleted after 24 months of inactivity.

• Payment Data: Retained for six years in compliance with financial regulations.

• Fitness Metrics: Deleted upon account closure, unless anonymised for analytics.

18. Policy Updates

This policy is reviewed annually or when significant operational changes occur. Updates will be communicated via app notifications or email.

19. Contact Information

For data protection queries or concerns, contact:
[TBN] Data Protection Officer (DPO)
Email: data@outgrowapp.com
Address: Olie Socials Ltd, 2nd Floor, National House, 60-66 Wardour Street, London, England, W1F 0TA.

 

AMENDMENT RECORD

Any amendment to this policy should be recorded here, with the version and date in the footer updated accordingly.