Privacy Notice

About this Privacy Notice

Last updated: September 2020

SEN Professional Software LTD, a limited company registered in England and Wales under registration number 12693245 ("us", "we" or "SENPRO") takes the privacy of your information very seriously. This notice is designed to tell you about our practices regarding the collection, use and disclosure of personal data which may be collected in person from you, obtained via our Website (https://senprofessional.com/), app or collected through other means such as by an online form, email, or telephone communication. 

This notice applies to personal data held and processed by us, as a data controller, relating to our users (whether they are simply browsing the Website, registering an account with us, whether for our subscription services or as a client to one of our subscribers), where applicable their staff and any third party suppliers whose data we process, but does not apply to information we hold in relation to our staff and contractors. In this notice “you” refers to any individual whose personal data we hold or process. This privacy notice is governed by the EU General Data Protection Regulation (the “GDPR”), the Data Protection Act 2018 and any other applicable data or privacy legislation.

In general, SENPRO’s software services provide Sport and Exercise Nutritionist subscribers with an all-in-one performance nutrition management software, allowing them to manage clients, deliver nutrition education programmes, advertise and accept payments for their nutrition services (“Software Service”). For more information on the Software Service, please refer to our information page https://senprofessional.com/. Please note if you are a Sport and Exercise nutritionist with a subscription to our Software Service and are using our services to upload content (which includes personal data) to our platform, please note, as subscriber, you will be “controller” and we are the “processor” of such personal data. We cannot control and we are not responsible for the use made of that personal data by the relevant user or account holder. In these circumstances where we are acting as processor, our standard Data Processing Agreement (“DPA”) will govern the terms under which we collect and process the relevant personal data and is incorporated into each contract between us and you.

This notice and our procedures for handling personal data will be reviewed as necessary and accordingly may be updated from time to time. You should therefore check this page regularly for any updates. Changes to this notice are effective when they are posted on this page.

Personal data we collect and how we process this data

We will generally collect information from you directly, such as upon registering your account, or when entering information related to your dietary requirements and allergens. We may also collect information from a third party (for instance an introducer) or from you indirectly as a result of your interaction with our software, such as through the use of cookies. Other methods may include, but are not limited to phone calls or email exchanges; emails and newsletters containing surveys or polls, face to face meetings.

If we do obtain your personal data from a third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.

Below we have set out the categories of data we collect, the legal basis we rely on to process the data and how we process the data:

Legal Basis we rely on to process personal data

Personal data we hold about you will be processed either because:

·      You have explicitly consented to the processing for the specific purposes described in this notice (e.g. we will always seek your consent before we process any Sensitive Information);

·      The processing is necessary in order for us to comply with our obligations under a contract between you and us (e.g. if you have subscribed to our Software Service, we would need to process your credit/debit card details for payment);

·      The processing is necessary in pursuit of our “legitimate interests”. A legitimate interest in this context means a valid interest we have or a third party has in processing your personal data which is not overridden by your interests in data privacy and security; or

·      The processing is necessary for compliance with a legal obligation to which we are subject.

Personal data we collect

We may collect and process the following categories of personal data:

·      Account, log-in details and other related information you provide when setting up an account with us (for example your name, email address, password) (“Account Information”). If you wish to create a Sport and Exercise Nutritionist account, you may be required to provide a profile photo, as well as information on your education qualifications, organisation affiliations and other accreditations;

·      Contact information we collect from you (for example your name, address, telephone number, email address) (“Contact Information”);

·      Information about yourself or other information that you enter or input while signed in to your account with us. This may include your date of birth, height, weight, perceived activity levels, your body mass index (BMI), health and lifestyle factors such as allergens or special diet requirements (“Self-Reported Information”);

·      Health information collected from you, including certain Self-Reported Information and other data such as your medical history, past or current conditions, race or ethnic origin and data related to your body composition or shape (“Sensitive Information”);

·      Information provided to us relating to payment including credit or debit card details (“Payment Information”);

·      A record and details of any correspondence or communication between you and us or relating to any complaint submitted to us (“Communication Information”);

·      Details of your visits to the Website, the resources and pages that you access and any searches you make (“Technical Information”). For more information on this, please refer to the Cookies section below;

·      Information about our suppliers such as contact information (“Supplier Information”);

·      Information relating to user generated content which may contain personal data and which are generated or transmitted, whether publicly or privately, to or through SEN Professional Software LTD, such as you posting to one of our services, comments or reviews or responding to surveys and/or promotions (“User Generated Information”); and/or

·      Information we may hold about you for marketing purposes such as your name, email address, telephone number and address (“Marketing Information”).

How we process your Personal data 

Please see the table below, which sets out the manner in which we will process the different types of personal data we hold:

Activity (how we use it)

Type of data

Lawful basis for processing

When you register an account with us on our Website/app, or chose to update or amend any information as set out in your account

Account Information

Contact Information

Self–Reported Information

Sensitive Information

Consent;

Necessary for our legitimate interests (to obtain necessary information in order to provide our services, such as authenticating your access to the services); or

Performance of a contract with you

To manage our relationship with you which will include:

(a) Sending you emails including updates and confirmations

(b) Notifying you about changes to our terms or privacy notice

(c) Asking you to leave a review or take a survey

 (e) Providing customer service and support

Contact Information

Payment Information

Communication  Information

Technical Information

User Generated Information

Performance of a contract with you; or

Necessary for our legitimate interests (for running our business, to keep our records updated and to study how customers use the services we provide, provide you with customer support)

To administer and protect our business, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data

Contact Information

Account Information

Technical Information

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation)

To use data analytics to improve the Website/app, services, marketing, customer relationships and experiences

Technical Information

User Generated Information

Consent (e.g. in the case of cookies); or

Necessary for our legitimate interests (for running our business, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy)

To send marketing communications to you about our services.

Marketing Information

Contact Information

User Generated Information

Consent; or

Necessary for our legitimate interests in sending marketing communications for services which are similar to those previously used/purchased by you.

To manage our relation with our suppliers in relation to the services (e.g. third party payment processors)

Supplier Information

Performance of a contract with you so we can successfully deliver and perform the services; or

Necessary for our legitimate interests (for running our business and to provide you the requested services)

In addition to the lawful bases of processing set out above, processing may also be necessary for the compliance of a legal obligation to which SENPRO is subject.

Notwithstanding the rest of this privacy notice, we may carry out research or data analysis to gain insight into the use or improvement of our services and we may share the results of this research with third parties. We will only share aggregated, de-identified or anonymised results (i.e. which have been stripped of and no longer contain your personal data). You can choose whether to consent or refuse to your data being used in this way when you register your account with us. You are under no obligation to consent to this and we will still be able to provide you with our services if you choose not to however you acknowledge that it may not be possible to remove the data once you have consented to it being used for these research or data analysis purposes as it would have already been de-identified and anonymised by us. Accordingly and before consenting to your data being used for research or data analysis purposes, you should consider this carefully.

Data Retention

Our current data retention policy is to delete or destroy (to the extent we are able to) personal data after the following periods:

Category of personal data

Length of retention

Account Information and Self-Reported Information

Until such time as your account remains open with us or 30 days following the date your account is terminated

Sensitive Information

Until such time as your account remains open with us or 30 days following the date your account is terminated

Personal data processed in relation to a contract between you and us

7 years from either the end of our contract or the date you last used our services or placed an order with us

Marketing Information

3 years from the last date on which you have interacted with us.

For any category of personal data not specifically defined in this section or notice, and unless otherwise specified by applicable law, the required retention period for any personal data will be deemed to be 7 years from the date of receipt by us of that data. The retention periods stated in this notice can be prolonged or shortened as may be required (for example, in the event that legal proceedings apply to the data or if there is an on-going investigation into the data).

We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or securely delete this data as may be required.

If you wish to request that data we hold about you is amended or deleted, please see below for your privacy rights.

We may also for future research, analytical and/or statistical purposes use certain data, and this data may be held by us indefinitely however such data will not constitute your personal data (and therefore the provisions of this notice will not apply to it) as it will have been de-identified and anonymised, such that you cannot be identified as an individual.

Sharing your information

We may disclose personal data to third parties in the following circumstances:

·      If you are a registered Sport and Exercise Nutritionist account holder and wish to feature on our public database of nutritionists, we may share your profile information and, if applicable, your qualifications and accreditations as a nutritionist. This is to allow other registered account holders the opportunity to view your profile on the public database of nutritionists, which may or may not result in a new client. For other account holders, we may be required to share your personal data that includes your first name and surname, as well as your profile photo, with a registered nutritionist whose services you have requested to subscribe to.

·      We may work with other professionals and providers in providing and delivering our services to you in an efficient and secure manner. This may include a payment processor, customer relationship management provider, marketing software provider, technical support provider, credit agency or professional advisor such as a lawyer or accountant.

·      We may host personal data with third party hosting partners or other service and technology providers.

·      Where we carry out research or data analysis to gain insight into the use or improvement of our services, we may share the results of this research with third parties. We will only share aggregated, de-identified or anonymised results (i.e. which no longer contain your personal data). This may be shared with business partners, trusted affiliates and advertisers for purposes such as promoting the business, collaborative purposes or research purposes.

·      If we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime).

·      In order to enforce any terms and conditions or agreements for our services that may apply.

·      We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected.

·      To protect our rights, property and safety, or the rights, property and safety of our users or any other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

·      If we are sub-contracting services to a third party we may provide information to that third party in order to provide the relevant services.

·      Where applicable, we may disclose your personal data to our group companies for our legitimate business purposes.

Other than as set out above, we shall not disclose any of your personal data unless you give us permission to do so. If we do supply your personal data to a third party we will take steps to ensure that your privacy rights are protected and that the third party complies with the terms of this notice.

Cookies

A cookie is a piece of data stored locally on your computer or mobile device and contains information about your activities on the internet. The information in a cookie does not contain any personally identifiable information you submit yourself to our Website. A cookie helps you get the best out of the Website and helps us to provide you with a more customised service.

On our Website, as well as strictly necessary cookies, we use two other main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date. These enable us to track users' progress, details of your visits to the Website, resources that you access and any searches you make, allowing us to make various improvements based on usage data. If you log in to one of our online services, they also enable you to remain logged in to that service.

We are required to obtain your consent to use cookies and will obtain this consent with a toolbar which appears when you first visit the Website. If you continue to use the Website, having seen this notice, then we assume you are happy for us to use cookies.

If you choose not to accept the cookies, this will not affect your access to the majority of information available on our Website. However, you will not be able to make full use of our online services, such as subscribing to our Software Service.

You have the ability to accept or decline cookies. Most browsers allow you to refuse to accept cookies.

We may also use other technologies such as Google Analytics in order to collect data on page information such as what pages you view, browser information such as the browser name, the size of the browser you are viewing our webpage/software from, as well as user information such as your IP address. We may use your IP address to diagnose problems with our server, report aggregate information, and determine the fastest route for your computer to use in connecting to our Website, and to administer and improve the Website.

Security

We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and to protect it against unlawful access and accidental loss or damage. These measures may include (as necessary):

·      Protecting our servers by software firewalls;

·      Locating our data processing storage facilities in secure locations;

·      Encrypting all data stored on our server with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered. All data in transit is encrypted (SSL/SSH);

·      When necessary, disposing of or deleting your data in a secure manner;

·      Regularly backing up and encrypting all data we hold;

·      De-identification/ pseudonymisation measures where appropriate;

·      Ensuring devices are password protected. In addition, screens are locked if inactive for greater than 5 minutes or when away from the computer;

·      Minimising unnecessary duplication of data.

In addition to the above and if you have registered an account with us, it is important that you, as a user or our services, also take appropriate steps to safeguard your information by for example by ensuring you protect your computer or other device from unauthorised access, by maintaining strong password and ensuring you log out of your account with us when you are not using the services. You are also responsible for keeping your personal data accurate, complete and current. You can update or amend your personal data, via your personal profile settings in your account. Alternatively, please email senpro@theiopn.com to request us to manually update your personal data.

We will ensure that our employees and staff are aware of their privacy and data security obligations. We will take reasonable steps to ensure that the employees and staff of third parties working on our behalf are aware of their privacy and data security obligations.

Unfortunately and notwithstanding the above, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website. Accordingly, any such transmission is at your own risk. Once we have received your information, we will use the strict procedures and security features referred to in this clause to try and prevent any unauthorised access.

Third party links

Our Website may contain links to other sites that are not operated by us. This notice applies to our services only so if you click on a third-party link, we strongly advise you to review that site’s privacy policy.

We have no control over and are not responsible or liable for the content, privacy policies or practices of any third-party sites or services.

Your privacy rights

With respect to your personal data, you have:

The right to be informed

You have a right to know about our personal data protection and processing activities, details of which are contained in this notice.

The right to withdraw consent

If we are relying on your consent as the basis on which we are processing your personal data, you have the right to withdraw your consent at any time.  This will not affect the lawfulness of processing based on consent before your withdrawal.

The right of access

If you have registered an account with us, you can access certain information of yours by logging into your account. You can also make what is known as a Data Subject Access Request (“DSAR”) to request information about the personal data we hold about you (free of charge, except that we may charge you a reasonable fee in the event of a repeat or complex request). If you wish to make a DSAR please contact us using the details below.

The right to rectification

If you have registered an account with us, you can rectify certain personal data provided to us by logging into your account.

Otherwise, please inform us if information we hold about you is incomplete or inaccurate in any way and we will update our records as soon as possible, but in any event within one month.

We will take reasonable steps to communicate the change to any third parties to whom we have passed the same information.

The right to erasure (the ‘right to be forgotten’)

If you have registered an account with us, you have the right to delete your account at any time.

Please notify us if you no longer wish for us to hold personal data about you (although in practice, it is unlikely we can provide our services to you without holding your personal data). Unless we have reasonable grounds to refuse the request for erasure, on receipt of such a request we will securely delete the personal data in question within one month. The data may continue to exist in certain backup systems, but we will take steps to ensure that it will not be accessible.

We will communicate the erasure to any third parties to whom we have passed your information.

The right to restrict processing

You can request that we no longer process your personal data in certain ways, although this may affect our ability to provide our services to you.

The right to data portability

You have right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know a format which suits you). You may also request that we transfer your personal data directly to third party (where technically possible).

The right to object

Unless we have overriding legitimate grounds for such processing, you may object to us using your personal data if you feel your fundamental rights and freedoms are impacted.

You may also object if we use your personal data for direct marketing purposes (including profiling) or for research or statistical purposes.

Please notify your objection to us and we will gladly cease such processing, unless we have overriding legitimate grounds or it is otherwise permitted under applicable law.

Rights with respect to automated decision-making and profiling

You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, when it is permitted by law, or if you have given your explicit consent.

All SARs and other requests or notifications in respect of your above rights must be sent to us in writing at senpro@theiopn.com or by post to SEN Professional Software LTD, 85 Great Portland Street, First Floor, London, W1W 7LT.

We will endeavour to comply with such requests as soon as possible but in any event within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).

Data breaches

If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to our data protection officer and/or the Information Commissioner’s Office (ICO) as necessary.

If a breach is likely to result in a high risk to your data rights and freedoms, we will notify you as soon as possible.

Transferring your information outside the UK or EEA

We will not transfer your personal data in a systematic way outside of the UK or European Economic Area (“EEA”) but there may be circumstances in which certain personal data is transferred outside of the UK or EEA, in particular:

·      From time to time, some of our data processors (including server providers), may be based outside of the UK or EEA. In that case, we will ensure we have an agreement in place with such processors to provide adequate safeguards and a copy of such safeguards will be available on request.

·      If you use our services while you are outside the UK or EEA, your information may be transferred outside the UK or EEA in order to provide you with our services or communicate with you;

·      We may communicate with individuals or organisations outside of the UK or EEA in providing our services. Those communications may include personal data (such as contact information) for example you may be outside of the UK or EEA when we communicate with you;

·      From time to time your information may be stored in devices which are used by our staff outside of the UK or EEA (but staff will be subject to our cyber-security policies).

If we transfer your information outside of the EEA, and the third country or international organisation in question has not been deemed by the EU Commission to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.

Contact us

Our goal is to ensure that our privacy notice is clear, allowing our users the ability to understand it and make informed decisions as a result of reading it. If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal data or how it is handled, you can contact our data protection officer via senpro@theiopn.com or by post at SEN Professional Software LTD, 85 Great Portland Street, First Floor, London, W1W 7LT.

If we are unable to resolve any issues you may have or you would like to make a complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.