URUNN MOBILE APPLICATION AND WEBSITE PRIVACY NOTICE

URUNN LIMITED (we) is committed to protecting your data and respecting your privacy. We understand App users are concerned about what happens to their data. We have invested a significant amount of time and money to ensure that the amount of personal data we collect and store is limited to that which we need to enable the App and the Services to operate properly.  Additional functionality is available in the event that a user provides additional information, such as that derived from a heart rate monitor or smart watch, but that is a decision for the user.

INTRODUCTION

This notice (together with our end-user licence agreement as set out at EULA LINK (EULA) and any additional terms of use incorporated by reference into the EULA, together, our “Terms of Use”) applies to your use of URUNN mobile application software (App) hosted on either the Google Play Store or the Apple App Store (each an App Store), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (Device).

This notice also applies when you contact us directly, via our website, through links on other websites, or on social media. 

This notice sets out the basis on which we will process any personal data we collect from you or that you provide. The App is not intended for children under the age of 17. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

IMPORTANT INFORMATION AND WHO WE ARE

URUNN LIMITED is the controller responsible for your personal data (collectively referred to as ‘URUNN’, ‘we, ‘us or ‘our’ in this notice).

Our Data Privacy Manager is available to address any privacy-related concerns. If you have any questions about this privacy notice, please contact them using the details below.

Contact details

  • Full name of legal entity: URUNN Limited
  • Email address: dpo@URUNN.com
  • Postal address: URUNN LIMITED, The Carriage House, Mill Street, Maidstone, ME15 6YE
  • Website address: https://URUNN.com (Website)

YOUR RIGHT TO MAKE A COMPLAINT 

You have the right to file a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, or with the relevant authority in an EU member state if the App is downloaded outside the UK. For further information, please visit https://ico.org.uk/make-a-complaint/.

PRIVACY POLICY UPDATES & YOUR RESPONSIBILITY 

We regularly review and update our privacy notice. 

The latest version was updated on 10 April 2025. If any changes are made, we will post the updated notice on this page and, where appropriate, notify you the next time you open the App. We may also notify you via email. In some cases, the new notice may be displayed on-screen, requiring you to read and accept it before continuing to use the App.

To ensure the best experience, the personal data we hold about you must be accurate and up to date. If your information changes during your relationship with us, please let us know. The App may not function properly if incorrect information is provided.

THIRD-PARTY LINKS

Our website may occasionally include links to and from the sites of our partners, advertisers, and affiliates. Please be aware that these websites and their services have their own privacy policies, and we do not accept responsibility or liability for them. This includes any data collected through these third-party sites, such as Contact and Location Data. Before submitting personal data or using these services, we encourage you to review their privacy policies. 

THE DATA WE COLLECT ABOUT YOU

When you download the App and agree to our Terms of Use, your mobile device is assigned a unique identification code (‘Unique Code’), which we use to manage user accounts. All interactions you (or any other user of the App on your device) have with the App are linked to this Unique Code. Depending on how you download the App and the type of device you are using, we may also have access to a device-specific unique identifier, such as IDFA, IDFV, AAID, IP address, or Android ID (collectively referred to as the ‘IDFA’).

To use the App, you must create an account, which requires providing an email address (‘Login Data’). We will link your email address to your Unique Code, associating your account activity with you. This means that if you switch devices or access the App across multiple devices, your usage history and preferences will carry over. If you log in via an existing social media account, we will obtain your information indirectly from the relevant platform.

If you access the App through a download link provided by a partner company or your employer, we may require additional personal data (see ‘Contact Data’ below).

When you use the App, your URUNN account serves as your primary identifier, though additional personal information may be associated with your account. We collect and store all interactions with the App on your device as Usage Data. Your device may also cache Usage Data, along with your preferences, to enhance your user experience. Additionally, we store and analyse this data on our systems to improve App functionality. If your Unique Code is linked to personal data, all associated Usage Data is considered personal data.

To enhance your experience, you may choose to provide additional profile information (‘Profile Data’), such as demographic details (e.g., age and gender) and personal data (e.g., weight, fitness level, location). You also have the option to share health-related data (‘Health Data’), such as heart rate, by connecting third-party devices (e.g., a heart rate monitor, or a smartwatch). While this data allows the App to deliver more personalised insights and feedback, the App functions fully even if you choose not to provide it.

If you contact us via the App, our website, or email, you may choose to share contact details (‘Communication Data’), such as your name and email address. You might also provide contact details of others – for example, if purchasing the App as a gift. However, we cannot link this information to your Unique Code unless you provide it. We will use these details solely for communication purposes, including coordinating with gift recipients and resolving any App-related issues. 

Additionally, we collect Device Data to identify the type of device you are using. This information is linked to your Unique Code and helps us optimise the App’s performance

We may collect, use, and share Aggregated Data, such as statistical or demographic information, for various purposes. Aggregated Data is derived from your personal data but is not classified as personal data under the law, as it does not directly or indirectly identify you. For example, we might aggregate your Usage Data to determine the percentage of users accessing a specific feature of the App.

However, if we combine or link Aggregated Data with your personal data in a way that enables direct or indirect identification, we will treat this combined data as personal data and use it in accordance with this privacy notice.

By using the App, you consent to our anonymisation of your data and the use of the anonymised data for our purposes (such as improving, and developing the App and the Services, and developing statistics and insights into how people use the App, and the results from it).

HOW IS YOUR PERSONAL DATA COLLECTED?

We will collect and process the following data about you:

  • Information You Provide Directly: This includes the information you consent to share with us when you correspond with us via email, chat, or our helpdesk, as well as when you fill out your contact details on a web-based form to receive a link to the App. It also encompasses information you share on our social media pages and any issues you report regarding the App.
  • Information You Provide Through the App: This encompasses details about yourself, including your fitness level and personal characteristics, which help enhance your experience with the App.
  • Health Data: This refers to information you provide by linking a third-party device to the App, such as a heart rate monitor.
  • Device Data: Your device possesses an electronic signature that informs us of its characteristics. This may include device-specific advertising identifiers (such as IDFA, IDFV, AAID, IP, and Android ID).
  • Usage Data: We will collect, store, and process all interactions that occur with the App on your device and our servers. This includes data collected through your use of the App and any Health Data obtained from linked third-party devices.
  • Survey and Feedback Data: If you choose to participate in surveys or provide feedback within the App, we will collect, store, and process any information you submit.

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law permits us to do so. The most common circumstances in which we use your personal data include:

  • Consent: When you have given us your explicit consent before we process your data.
  • Contractual Necessity: When we need to fulfil a contract that we are about to enter into or have already entered into with you.
  • Legitimate Interests: When it is necessary for our legitimate interests (or those of a third party), provided that your interests and fundamental rights do not override those interests.
  • Legal Compliance: When we need to comply with a legal or regulatory obligation.

WAYS YOUR DATA WILL BE USED 

Purpose/ Activity | Type of data | Lawful basis for processing 

To create an account with us via a login | You will provide us with your name and an email address | Your consent

To send you a link to download the App | You may have to supply us with your name and email address on a web-based form | Your consent

To send you a link to download the App where your access to it is a benefit provided by your employer | Your employer may provide us with your name and work email address | Fulfilment of a contract with your employer.

To install the App, manage payments and register you as a new App user | This process is managed by the App Store operator. We do not have visibility into or access to any of your personal data processed during this stage. However, if you later use a login to access the App, we will be able to link your app and any Usage Data to you through your Login Data | Your consent 

To track your app installation source | We may access your IDFA and other relevant data, which could help us associate certain attributes with your membership | Your consent

To track your use of the App and provide feedback on your usage | Profile Data, Usage Data, Health Data | To perform a contract we have with you; Your consent

To manage our relationship with you. This includes notifying you of changes to the App, new features, features you may not have used or been aware of, usage data and statistics, and updates to our Terms of Use | If you have a login or we have your email address, we will contact you via email. In certain circumstances, we may also send information to the device you are logged into. If you do not have a login, we will send this information to your device based on your Unique Code | We will do this to fulfil our contract with you. In some cases, it will be necessary for our legitimate interests, such as keeping records updated and analysing how customers use our products and services. In other cases, it will be necessary to comply with legal obligations, such as informing you of any changes to our terms and conditions.

To remind you about your subscription status. We may notify you when your subscription is nearing its end or prompt you to renew or upgrade it. This includes cases where your subscription has expired or if you are no longer associated with the partner organisation or employer through which you originally obtained it | If you have a login or we have your email address, we will contact you via email. In some cases, we may also send notifications to the device you are logged into. If you do not have a login, we will send this information to your device based on your Unique Code | Our legitimate interests (to market goods and services similar to those already supplied to you).

To enable you to complete a survey | If you have a login, we may contact you via your email address or device. If you do not have a login, we will interact with your device based on your Unique Code | Your consent; Performance of a contract with you; Necessary for our legitimate interests (to analyse how customers use our products/services and to develop them and grow our business)

To respond to enquiries and other communications, including through our website | We will process communication data to address your requests and provide relevant support | Your consent 

To identify, diagnose and fix any problems you may have with using the App | In most cases, we can do this using your Unique Code. However, if you provide additional information or if your Unique Code is linked to Login Data or Contact Data, we will process that information as well | To perform a contract with you (to resolve technical issues); Your consent (for processing additional communications data)

To administer and protect our business and the App, including troubleshooting, data analysis, and system testing | In most cases, personal data is not required for these activities | Necessary for our legitimate interests (to operate our business, provide administration and IT services, and ensure network security).

To provide partner businesses, employers, and designated third parties with insights into their campaigns, promotions, or how their associated users engage with the App | Anonymised Usage Data | Performance of a contract

To provide partner businesses or employers with information about your subscription to the App, which is based on your relationship with them | Contact Data | To enable them to fulfil their legal obligations in relation to employment and tax; Our legitimate interests (to ensure we can invoice them appropriately).

To manage and, if necessary, terminate your account when it is associated with your employment or a partner organisation | Your work email address, or your Partner ID | To fulfil a contract with your employer or a partner organisation.

To depersonalise any data, allowing us to continue using it for our internal business operations, as well as for marketing and fundraising purposes | Usage Data, Profile Data, Health Data | Your consent (to the depersonalisation); Our legitimate interests (to continue using the depersonalised data for analysing and refining our products and services, as well as for marketing and fundraising purposes).

COOKIES

We use cookies and other tracking technologies to differentiate you from other users of the App and to remember your preferences, progress, and past usage. This helps us provide you with a better experience while using the App and enables us to make improvements. Your device will store Usage Data, Profile Data, and Social Profile Data as part of its core functionality.

DISCLOSURES OF YOUR PERSONAL DATA

When you consent to provide us with your personal data, we will also seek your consent to share this information with the third parties listed below for the specified purposes:

  • Third parties to whom we have outsourced certain aspects of the App and its associated services, including helpdesk support, App hosting, data warehousing, and marketing activities. For more details about our providers, please contact us at dpo@URUNN.com.
  • Third parties to whom we may sell, transfer, or merge parts of our business or assets. In such cases, the new owners may use your personal data as outlined in this privacy notice.
  • Subject to your specific consent, the partner business or employer through which you obtained your subscription to the App, for purposes such as: (a) ensuring compliance with their tax and regulatory obligations; (b) ensuring you are appropriately rewarded for your use of the App; and (c) any other purposes identified in the consent request.

After placing an order on our website, you will need to make a payment for the goods or services you have ordered. To process your payment, we use Stripe, a third-party payment processor.

In most cases, the payment process will be managed by the relevant app store subscription service. If you access the app through a portal, your payment will be processed by Stripe, which will collect, use, and process your information, including payment details, in accordance with their privacy policies. You can review their privacy notice here: Stripe Privacy Policy.

Stripe’s services in Europe are provided by a Stripe affiliate, Stripe Payments Europe Limited (‘Stripe Payments Europe’), which is based in Ireland. When providing these services, Stripe Payments Europe transfers personal data to Stripe, Inc. in the U.S.

For more information about the safeguards in place when your data is transferred outside the European Economic Area, please see the section on International Transfers below.

Please note that URUNN does not have access to payment information; therefore, we do not collect or store any payment details.

INTERNATIONAL TRANSFERS

Some of our external third parties are located outside the UK, which means that processing your personal data may involve transferring it outside the UK.

Whenever we transfer your personal data, we ensure that a similar level of protection is maintained by implementing at least one of the following safeguards:

  • We will only transfer your personal data to countries that the European Commission has deemed to provide an adequate level of protection for personal data. For more details, see the European Commission's page on the adequacy of personal data protection in non-EU countries.
  • When using certain service providers, we may employ specific contracts approved by the European Commission that offer the same level of protection for personal data as it has in Europe. For more information, see the European Commission's page on model contracts for transferring personal data to third countries.
  • If we work with providers based in the U.S., we may transfer data to them if they are part of the Data Privacy Framework, which requires them to provide similar protection for personal data shared between Europe and the U.S. For further details, visit EU-U.S. Data Transfers.

If you would like more information about the specific mechanisms we use when transferring your personal data out of the EEA, please contact us.

DATA SECURITY

All information you provide to us is stored on our secure servers. Once we receive your information, we implement strict procedures and security features to prevent your personal data from being accidentally lost, misused, or accessed without authorisation.

We collect and store personal data on your device using application data caches and other technologies.

Additionally, we have established procedures to address any suspected personal data breaches. We will notify you and any applicable regulators when we are legally required to do so.

DATA RETENTION

If we hold any of your personal data, including Login Data, we will retain it for up to three years after you stop using the App or your login. However, for Contact Data, we will retain it only as long as you remain on the partner or employer system or as long as you are a URUNN user.

Usage Data that is not linked to any personal data (and is therefore anonymous) will remain in our systems, and we will continue to use it to develop our App and understand how subscribers use it. You agree that we have the right to depersonalise any data for these purposes. In certain circumstances, you may request the deletion of your data; see ‘Your Legal Rights’ below for more information.

We may also anonymise your personal data so that it can no longer be associated with you for research or statistical purposes. In such cases, we may use this information indefinitely without further notice to you.

If you do not use the App for three years, we will consider your account expired, and your personal data may be deleted.

YOUR LEGAL RIGHTS

Under certain circumstances, you have the following rights regarding your personal data under data protection laws. 

You can exercise any of these rights at any time by contacting us at dpo@URUNN.com

GLOSSARY

Consent refers to the processing of your personal data based on your clear agreement, either through a statement or an explicit opt-in for a specific purpose. Consent is only valid if it is freely given, specific, informed, and unambiguous. You can withdraw your consent at any time by contacting us.

Legitimate Interest pertains to our business's interest in conducting and managing operations to provide you with the best products and services and to ensure a secure experience. We carefully consider and balance any potential impact on you – both positive and negative – before processing your personal data for our legitimate interests. We do not use your personal data for activities where our interests are outweighed by the impact on you unless we have your consent or are otherwise required or permitted to do so by law. For more information on how we assess our legitimate interests against potential impacts on you for specific activities, please contact us.

Performance of Contract means processing your data when it is necessary for fulfilling a contract to which you are a party or for taking steps at your request before entering into such a contract.

Compliance with a Legal Obligation involves processing your personal data when it is necessary to comply with a legal obligation that we are subject to.

YOUR LEGAL RIGHTS

You have the right to:

  • Request access to your personal data (commonly known as a ‘data subject access request’). This allows you to receive a copy of the personal data we hold about you and check that we are processing it lawfully.
  • Request correction of your personal data. This enables you to correct any incomplete or inaccurate information we have about you. Please note that we may need to verify the accuracy of the new data you provide.
  • Request the erasure of your personal data. You can ask us to delete or remove your personal data when there is no valid reason for us to continue processing it. You also have the right to request deletion if you have successfully objected to the processing (see below), we have processed your information unlawfully, or we are required to erase your personal data to comply with local law. However, there may be specific legal reasons why we cannot comply with your request, and we will inform you of these reasons if applicable.
  • Object to the processing of your personal data. You can object to our processing if we are relying on a legitimate interest (or those of a third party) and you believe that your particular situation justifies this objection, especially if it impacts your fundamental rights and freedoms. You also have the right to object if we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to continue processing your information that overrides your rights and freedoms.
  • Request restriction of processing your personal data. This allows you to ask us to suspend processing in the following situations:
    • (a) if you want us to verify the accuracy of the data;
    • (b) if our use of the data is unlawful, but you do not want us to erase it;
    • (c) if you need us to retain the data even if we no longer require it, as you need it to establish, exercise, or defend legal claims; or
    • (d) if you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to continue using it.
  • Request the transfer of your personal data to yourself or a third party. We will provide your personal data in a structured, commonly used, machine-readable format. Please note that this right applies only to automated information that you initially consented to us using or that we used to fulfil a contract with you.
  • Withdraw consent at any time if we are relying on your consent to process your personal data. However, withdrawing your consent will not affect the legality of any processing we conducted before your withdrawal. Please be aware that if you withdraw your consent, we may not be able to provide certain products or services to you. We will inform you if this is the case when you withdraw your consent.

If you believe that our processing of your personal information violates data protection laws, you have the legal right to lodge a complaint with a supervisory authority responsible for data protection. For more information about these rights, please visit ICO - For the Public.