Privacy Policy

Privacy Policy

December 2024

1. Introduction

a. This Privacy Policy gives you information about how Pavelka Limited (Pavelka/We/Our) collects and uses your Personal Data through your use of our website(s) or The Pavelka Application, including any data you may provide when you register for an account on The Pavelka Application with us or anything you sign up to receiving via our website(s).

b. If you disagree with the terms of this Privacy Policy or how we collect and use Personal Data, you must cease using the website or The Pavelka Application.

c. If you do not accept The Pavelka Application’s User Terms and Conditions and this Privacy Policy, you will not be able to use The Pavelka Application at all. Any information (including Personal Data) that may have been entered into The Pavelka Application will be immediately deleted.

d. Please see the “Contact Us” section of this Privacy Policy to learn how to talk to us about your Personal Data.

2. What do the terms mean?

a. Applicable Law: Pavelka is incorporated under the laws of England and Wales, but it operates internationally, with offices in the UK, USA and Singapore. Our privacy compliance processes have been designed to comply with European and UK data protection laws, which We believe are the most comprehensive. The legal terms used in this Privacy Policy are based on these laws.

b. Personal Data and Special Category Personal Data: Personal Data is any information that can identify an individual (for example, email addresses or usernames), and Special Category Personal Data is Personal Data which requires additional protection and includes, for example, ethnic origin, religious preference and medical data. Pavelka collects and processes both Personal Data and Special Category Personal Data on an as-needed basis, and You will always be notified before its collection.

c. Controller and Processor: A Controller is an entity that collects and/or decides how and for which purposes to use Personal Data. A Processor is an entity that takes instructions from a Controller. Pavelka is a Controller for all personal data collected on our websites and The Pavelka Application.

3. What Personal Data and Special Category Personal Data does Pavelka collect?

We may collect, use, store and transfer different kinds of Personal Data and Special Category Personal Data, which includes the following categories:

a. Identity Data includes a person’s first and last name, username or similar identifier, t itle, date of birth, employer, gender and sex.

b. Contact Data includes billing address, delivery address, email address and telephone numbers.

c. Financial Data includes bank account and payment card details.

d. Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

e. Technical Data includes your internet protocol (IP) address.

f. Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

g. Health and Wellbeing Data includes step counts, active minutes, mindful minutes, sleep minutes and other data that you choose to enter or sync with The Pavelka Application to help track and measure your wellbeing.

4. How do we collect your Personal Data?

a. Direct interactions: We may collect Personal Data when you interact with us online, when you meet us at an event we are attending or hosting or when you correspond with us by post, phone, email or otherwise. This includes Personal Data you provide when you:

• apply for our products or services;
• create an account on The Pavelka Application;
• subscribe to our service
• subscribe to our publications;
• request marketing to be sent to you;
• enter a competition, promotion;
• complete a survey or poll, or
• give us some feedback.

b. Automated technologies or interactions: As you interact with The Pavelka Application, we may automatically collect data about your use patterns and behaviours via server logs and health and wellbeing data via integrations with thirdparty health, fitness and wellbeing applications.

c. Cookies: Please see our Cookie Policy for further details.

5. How do we use your Personal Data?

a. To register you as a new customer

b. To register you as a new user of The Pavelka Application

c. To add your details to our marketing database

d. To process and deliver your order including:

• Manage payments, fees and charges
• Collect and recover money owed to us

e. Notifying you about changes to this Privacy Policy

f. Asking you to leave a review or take a survey

g. To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as online or app-based messaging services (for example, Slack) and mobile application’s push notifications regarding updates or informative communications related to the product functionalities, or contracted services, including security updates, when necessary or reasonable for their implementation.

6. What lawful basis are We relying on to use your Personal Data?

a. When you register an account or register your interest to receive updates on a Pavelka website, we will have obtained your consent to add your Personal Data to our marketing database and to send you information or invitations to participate in events or promotions.

b. We rely on our legitimate interest to use your Personal Data, which we obtain lawfully, in our direct marketing activities. You can opt out of these at any time by using a link in the applicable communication or by contacting us using one of the contact methods listed in the Contact Us section of this Privacy Policy.

c. If you are a client of Ours, the contract for our services will include all relevant data protection and privacy terms.

d. If you are an employee of a client of Ours, the contract for our services will include all relevant data protection and privacy terms for collecting, storing and using your Personal Data.

e. If we ever share your Personal Data with a third party, it will almost always be to provide a service to you or use a third-party supplier to provide a service for us (for example, marketing or payment services). The third-party suppliers We currently use are listed in Appendix 1, and We will always have a contract in place with each of these third parties to ensure that they do not use your Personal Data in an unauthorised manner.

f. From time to time, business decisions may be made that require your Personal Data to be shared with (or transferred to) a third party. For example, if We are acquired by another business or appoint professional advisors to work for Us, as above, there will always be a contract in place to ensure that they do not use your Personal Data in an unauthorised manner.

7. How long do we keep your Personal Data?

a. As a guiding principle, We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

b. To determine the appropriate retention period for each processing activity, We consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

c. By law, we must keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease to be customers for tax purposes. This does not include Personal Data of our customers’ employees.

d. In some circumstances, you can ask us to delete your data. You can do this by contacting us, using one of the methods listed in the Contact Us section of this Privacy Policy.

e. In some circumstances we may anonymise your Personal Data (so that it can no longer be associated with you) for research, statistical or reporting purposes in which case we may use this information indefinitely without further notice to you.

8. What do we NEVER do with your Personal Data?

a. We will never sell your Personal Data, for financial or any other consideration.

b. We will never change the purpose for which we use your Personal Data without informing you and then giving you the choice to decline.

9. Your Rights as a Data Subject

a. Under UK and European data protection law, you have a comprehensive set of rights as a Data Subject. We will extend those to any users of our website(s) or The Pavelka Application, wherever you are based. These include the following:

• Request access to your Personal Data.
• Request correction of your Personal Data.
• Request the erasure of your Personal Data.
• Object to the processing of your Personal Data.
• Request the restriction of processing your Personal Data.
• Request the transfer of your Personal Data.
• Right to withdraw consent.

b. Please see the “Contact Us” section to see how you can submit your request.

10. Contact Us

You can contact Us in the following ways:

a. E-mail: privacy@pavelka.global

b. Post: i. Pavelka Privacy Policy V 1.0 United Kingdom Pavelka Ltd Unit 146 Maple Leaf Business Park Manston Ramsgate Kent CT12 5GD.