Privacy Policy

Hero Wellbeing Ltd (TA Zeno Health Group)

1. Controller Information: Hero Wellbeing Ltd is committed to complying with the UK’s data protection law and the EU General Data Protection Regulation (GDPR) for the protection of personal data, as well as the principles of data security in the configuration of our services. We can be contacted at our registered office: Gresham House, 5-7 St Paul’s Street, Leeds, LS1 2JG.

2. Contact Information: For questions about this Privacy Notice or how we use your personal data, please contact us at support@zenohealthgroup.com.

3. Purpose of Processing: The purpose of processing your personal information is to allow us to administer your account with us and to provide the products and services you have requested from us. To enter into an agreement with Hero Wellbeing Ltd, we will collect, store, and use elements of your personal data. The lawful basis for processing this personal data is contractual necessity, which is required by Hero Wellbeing Ltd to administer your account and provide the requested products and services.

4. Communication Monitoring: We will monitor, record, store, and use any telephone call, email, or other electronic communications with you for training purposes, to check any instructions given to us, and to improve the quality of our customer service.

5. Data Usage and Marketing: Your name and total active minutes will be available on the leaderboard on the platform. Additionally, your department and location will be available to your employer for the purposes of determining the winning participant(s). We will also process your details through our internal systems to send you relevant communications. The lawful basis for processing this information internally is Legitimate Interests. Any email communications we send will comply with the Privacy and E-communications Regulation (PECR). If you choose to opt-in to our direct marketing communications, we will use your information to inform you about products and services available from us that may interest you. We may also use your information to inform you about products and services from our approved partners. You have the right to opt-out of our direct marketing communications at any time by following the unsubscribe instructions at the bottom of the communication or by emailing support@zenohealthgroup.com.

6. Data Retention: Where possible, Hero Wellbeing Ltd will take steps to erase any personal data that is no longer necessary for the purposes for which it was collected or otherwise processed, or if you have withdrawn consent for its processing and retention. For the purposes of this event, we will hold the data for 60 days after the event ends. Generally, if you currently have a contract or intend to enter into a contract with Hero Wellbeing Ltd, we will store the data for six years after the contract ends, to comply with our general legal obligations and for the exercise or defence of any legal claims.

7. User Rights – Data Deletion: Under GDPR, you have the right to request the deletion or removal of personal data to prevent further processing, also known as the ‘right to be forgotten’. Specific circumstances in which you can request deletion or removal of personal data include:
   • Where the personal data is no longer necessary for the purposes for which it was collected or otherwise processed
   • Where you withdraw consent
   • When you object to the processing and there is no overriding legitimate interest for continuing the processing
   • Where the personal data was unlawfully processed (i.e., otherwise in breach of the GDPR)
   • Where the personal data has to be erased to comply with a legal obligation
   • In cases where deletion is not possible due to legal, statutory, or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data will be blocked instead of deleted.

8. Access to Personal Data: You also have the right to see what personal information we are processing. This can be requested by emailing our Data Protection Officer at support@zenohealthgroup.com. There will be no charge for this service. However, if you log multiple requests, there may be a nominal charge to cover the administration of these requests. You may also request a copy of the personal data processed through automated means. This will be provided in a structured, commonly used, and machine-readable format (where technically feasible) which you may then transmit to another controller. You have the right to request us to send this to another controller on your behalf, but only if this is technically feasible for us to do so.

9. Consent Withdrawal: You have the right to withdraw your consent for us to collect, process, and store your data at any time. If you wish to withdraw your consent, please confirm this in writing to our Data Protection Officer.

10. Complaints: If you have a complaint about any aspect of data protection or if you feel your privacy has been breached by us, we would like to hear from you. To help us investigate and resolve your concerns as quickly as possible, please contact our Data Protection Officer. If you are unhappy with the final response you have received from Hero Wellbeing Ltd, you have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO), within three months of your last meaningful contact with us. You can call the ICO on 0303 123 1113 or by visiting their website: https://ico.org.uk/.

11. Data Provision Requirement: You will be required to provide personal data, and this is a requirement to enter into a contract. You are obliged to provide this data. Failure to provide this personal data may mean we will be unable to execute the contract and could result in the termination of our services. If at any time we intend to further process your personal data for a reason not originally communicated, we shall provide you, prior to that processing taking place, with all relevant information on the additional processing as per paragraph 2 above.

12. Health Data Tracking: In addition to the personal information outlined above, our app can collect the following health-related data with permission from the user:
    1. Active Calories Burned Record: Trackable as a personal goal in the app and can be set up as a peer-to-peer challenge.
    2. Distance Record: Trackable as a personal goal in the app and can be set up as a peer-to-peer challenge.
    3. Elevation Gained Record: Trackable as a personal goal in the app.
    4. Exercise Session Record: Can be opted in to share with the user’s coach.
    5. Floors Climbed Record: Trackable as a personal goal in the app and can be set up as a peer-to-peer challenge.
    6. Heart Rate Record: Trackable as a personal goal in the app.
    7. Hydration Record: Trackable as a personal goal in the app and can be set up as a peer-to-peer challenge.
    8. Nutrition Record: Trackable as a personal goal in the app, can be set up as a peer-to-peer challenge, or opted in to share with a coach. This feature is mostly used by our professional sports teams clients to track nutrition with their in-house nutritionists.
    9. Resting Heart Rate Record: Trackable as a personal goal in the app.
    10. Sleep Session Record: Trackable as a personal goal in the app and can be set up as a peer-to-peer challenge.
    11. Steps Record: Trackable as a personal goal in the app and can be set up as a peer-to-peer challenge.
    12. Total Calories Burned Record: Trackable as a personal goal in the app and can be set up as a peer-to-peer challenge.
    13. Exercise Session Record: Can be opted in to share with the user’s coach.
13. User Consent: User consent is obtained through explicit opt-in mechanisms within the app. Users will be prompted to grant permission for the collection of health-related data. Users can withdraw consent at any time through the app settings.

14. Data Security: Your data is not shared with any third-party providers. We implement robust security measures to protect your health data, including encryption of data at rest and in transit, regular security audits, and restricted access to sensitive data.