1. What information do we collect & how do we use it?
This Privacy Notice will apply to you if:
● you visit and browse our Site or App.
● you contact or engage with us.
● you sign up for marketing from Holly Health.
● you use our Services (with or without an account).
We must have a relevant legal reason
, called a 'lawful basis' for each way that we use your personal information. We say what our legal reasons are in each section below, and we explain what each one means under 'What do each of these legal reasons mean?'
If you visit our Platform:
If you visit any of our Services, whether you're just browsing or you have an account, we will automatically collect information from you each time you use our Platforms. This includes:
● technical information,
● information about your visit and
● (if you opt-in) location data.
Technical information may include: phone number, Internet Protocol (IP) address, login information, browser type and version, browser plug-in types and versions, device IDs, social log-in ID/email address, time zone setting, operating system and platform, hardware version, device settings (e.g. language and time zone), file & software names and types (associated with your device and/or the Services), battery & signal strength, information relating to your mobile operator or Internet Service Provider (ISP).
Information about your visit
Information about your visit may include the full Uniform Resource Locators (URL), clickstream to, through and from our Site (including date and time), pages and services you viewed or searched for, demographic information (including age and gender), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), traceable campaign links (e.g. in emails, or via tracking URLs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team and our social media accounts.
We only collect location data if you give us permission (via our website cookie banner, or via your app settings).
Location data includes country location (based on your full or partial IP address and/or Google Analytics information) which we use to provide location services (if you ask or permit us to), so that we can deliver content, advertising or other services that are dependent on knowing where you are, like checking for fraudulent transactions.
Location data may be collected in combination with device ID, so we can recognise your mobile browser or device when you return to the Service.
Delivery of location services will involve us checking any of the following:
o the coordinates (latitude/longitude) of your location,
o your current country or region, by referencing your current IP address against public sources, and/or
o your Identifier for Advertisers (IFA) or
ID for Vendors (IDFV)
code for your Apple device, or the Android ID for your Android device, or a similar device identifier.
You can opt-in and out of location sharing by changing your device settings.
What do each of this include?
● understand how individuals use our Platform, and how we can improve it.
● ensure content from our site is presented in the most effective manner for you and for your computer.
● provide you with the information, products and services that you request from us or we think you may be interested in.
● if you visit our website and opt-in to cookies, or download our app and opt-in to letting us use your personal data for tracking, we may display Holly Health ads to you on other websites, or send you push notifications – for example, to encourage you to get started using Holly Health. You can always change what we have access to in your device settings.
Our legal reason for this is:
We do this in our legitimate interests, where we have considered these are not overridden by your rights or with your consent if required (e.g. to non-strictly necessary cookies).
What do these legal reasons mean?
If you contact or engage with us:
If you contact or engage with us, we will collect your contact information, and the other communications information you provide.
Contact information includes basic contact information you provide, for example:
● email address,
● first and last name,
● phone number(s),
● social media handle (for example, if you engage with us on social media)
● address (we may sometimes ask for this to send you Holly goodies, this is optional).
Communications information includes your correspondence with us, for example if you get in touch with us to ask about a subscription or to report a problem with our Site. This includes:
● texts, in-app messaging & other digital messaging,
● any in-person conversations you have with us.
● Contact you if you have asked us to do, including to respond to your queries, troubleshoot problems, and help with any issues you may have with our Services.
● Provide you with information you might request about our Services.
● Provide you with technical and other service updates (for example, if we update our Terms of Service).
Our legal reason for this is:
We do this in our legitimate interests.
We may also do this to take steps to enter into any contract with you or to fulfil our obligations under any contract with you (including our Terms of Service).
Where required, we may do this with your consent.
If you sign up for updates, offer or other marketing from Holly Health:
We may collect contact information
(as explained above
), like your name and email address.
We may also collect
, which are our records of what information you would or would not like to receive from us, and if you have opted out of any direct marketing.
● send you offers, updates, promotions, newsletter(s), insights and other marketing material.
● send you personalised marketing, for example about new features we think you may be interested in or habits you've set.
● send you surveys, competitions, promotional campaigns, offers or other occasional activities.
● ask you for feedback, including through surveys and other marketing research.
We may send these via push notifications, emails or texts, depending on your preferences.
Our legal reason for this is:
We do this with your consent, where required.
In certain circumstances (for example, if you agree to marketing when you begin a paid subscription), we may do this in our legitimate interests (where we have considered these are not overridden by your rights).
You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our promotional updates.
What do these legal reasons mean?
If you use or sign up for our Services:
You must create an account to use Holly Health.
● You may have access to a limited preview with just a first name.
● If you sign up for an account with us, you can sign in using your account with Apple, Facebook or Google, or with your email. You'll create a password. You can disconnect this later if you change your mind. If you disconnect an account login, without creating an account using your email address, you will no longer be able to access your account.
● We'll record which subscription and payment option you choose. We won't see your
Holly Bird chats
We'll record your chats with the Holly Bird, which includes which chat options you choose or what you type into the chat. This can include information about your sleep, nutrition, exercise and mental health – for example, if you feel stressed or worried, or other information about your habits and goals.
Habits, goals and wellbeing
We'll collect your:
● height and weight (for BMI calculation and building progress diagrams).
● city location or post code (for precise activity and discovery recommendations).
● goals (like improved sleep).
● information you share about specific habits:
o sleep (e.g. bedtime, average sleep length)
o nutrition (e.g. eating more vegetables)
o exercise (e.g. yoga completed, or number of squats done)
o mental health (e.g. mindful breathing, evening reading completed, or information about how you feel).
● information you share about all your habits:
o habit timing (e.g. length, repetition, day of the week, time of day (like before breakfast or after work) and calendar information)
o progress (like weight or psychological markers).
● information we create and track about your habits, for example:
o your progress charts showing percentage changes, or how you've rated your mood
o personalised information, where we combine information you give us or that we record about you so that we can improve our services and offer you better recommendations.
● any requests or suggestions you submit to us.
In the future, you may have the option to share information from other apps with Holly Health. We won't do this without asking you, we'll provide more information at the time.
● provide our Services to you, including:
o Holly Bird chat functionality
o Providing personalised information and recommendations (e.g. articles, videos, activity challenges) for you across sleep, nutrition, exercise and mental health. Enabling you to set goals and track your habits
o Understanding user experience, so that we can improve future designs
Our legal reason for this is:
We do this to comply with our contract with you (e.g. our Terms of Service). We may also do this in our legitimate interests.
2. What do each of these legal reasons mean?
We must have a relevant legal justification, called a 'lawful basis' for each way in which we use your personal information.
Lawful bases include
, a contract
with you (as a data subject), compliance with our legal obligations
and our specified legitimate interests
We'll use your personal information to send you promotional or marketing content (for example, updates or newsletters) if you have consented (where required by law).
We may also send direct marketing based on our legitimate interests (see below).
You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our promotional updates and marketing to you.
We also rely on consent for some of the cookies we use (see our
Cookie Notice for more detail).
We use your personal information if it is necessary to perform a contract you have with us (for example, our
Terms of Service), or if you have asked us to take specific steps before entering that contract. We may send you service updates based on your contract with us (for example, about your subscription payments).
We may us your personal information if it is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. Our legitimate interests include:
o Administering, improving and expanding our Platform and services
− Getting your feedback and reviews
− Providing our Platform, and ensuring technical bugs are identified and resolved
− Gathering information and developing insights about how use Holly Health, including aggregating individuals' data
− Developing and improving Holly Health
− Customising Holly Health for our users
− Implementing and improving our security measures
− Growing our business and informing our marketing strategy.
o Marketing & advertising
− Marketing and promoting Holly Health to an organisation you work for or provide services to.
− Measuring or understanding the effectiveness of advertising we serve to you and others and delivering relevant advertising to you (including when you visit other websites).
o Fulfilling agreements with other organisation
− Complying with any agreement we may have with an organisation you work for or provide services to.
− Enforcing or applying our terms or other agreements with you or with an organisation you work for or provide services to.
In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests. If you would like further information about how we assess our legitimate interests, please contact us at email@example.com.
We may need to process your personal information to comply with our legal obligations, including under applicable UK law, and/or any court orders. This may include compliance with know-your-client and anti-money laundering rules.
We also use different types of cookies on our Platform – we explain this in the
3. Who do we share your information with?
We may share your personal information with:
● our service providers, organisations who support the services we offer through the Platform and only process your personal information on our behalf, following our instructions and data protection law
o Service providers help us with things like website and data hosting, distributing communications, supporting or updating marketing lists, customer service, facilitating feedback on our services, digital invoicing and payment processing providers, and IT support services.
o These organisations (which may be third party suppliers, agents, sub-contractors and/or other companies in our group) will only use your information to the extent necessary to perform their support functions.
● we may provide aggregated and anonymised data to academic institutions or research bodies. If we wish to provide any personal information which is not anonymised, we will provide more detailed privacy information at the time (including opt-ins where applicable).
● if we run surveys, competitions, promotional campaigns, offers or other occasional activities and you opt-in with a partner (for example, if you chose to enter a prize draw we manage with a partner organisation). We will provide more detailed privacy information at the time.
● our auditors, legal advisers and other professional advisers.
● potential investors, or if we sell or buy any business or assets then a potential seller or buyer.
● any person to whom disclosure is necessary for us to protect our rights, property, or safety, our clients, or other third parties, and to enforce our rights under this Notice or under any agreement (for example, our Terms of Service) with you. This includes exchanging information with other companies and organisations for the purposes of detecting and preventing fraud and cyber-crime.
● if required to do so by court order or if we are under a duty to disclose your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation. This includes exchanging information with law enforcement agencies, regulators, or other similar government bodies.
4. Where do we store your information?
Holly Health is based in the United Kingdom. We may transfer your personal information outside the UK (or, if you are in the EEA, outside of the EEA):
● to store it.
● so we can to provide our Platform and Services to you.
● to support the operation of our business, where this is in our legitimate interests
and we have concluded these are not overridden by your rights.
● where we are legally required to do so.
We will put legal protections in place to safeguard personal data transfers in compliance with data protection laws.
We may transfer your personal information outside the UK / EEA, including to the key organisations listed below:
We update our partners and service providers as we grow, and will update this Notice regularly. For more information about how we currently transfer and protect data, please contact firstname.lastname@example.org
5. How do we protect your information?
All information you provide to us is stored on our servers. Our website uses secure end-to-end encryption to protect your information. All connections into our platform are secured using industry standard security and encryption.
All data we capture is stored in secured databases and data storage systems with strict access limitations. All data access requests are logged and monitored in accordance with any threat detection policies.
Unfortunately, the transmission of information via the internet is not completely secure. We do our best to protect your personal information, but we cannot guarantee the security of your data transmitted to us, any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
Payments made on our App and for our Services are made through the Apple App Store or Google Play store subscription functions.
You will be providing credit or debit card information directly to Apple or Google (which will use a secure server to process payment details, encrypting your credit/debit card information and authorising payment).
7. Other websites
We may sometimes link to other websites (including other apps). The websites will have their own privacy information, which you should read before using or sharing personal information with the site.
We are not responsible or liable for these websites, any content on them, or their policies and notices. A link does not mean we endorse the views of the linked website. We have no control over the availability of any of these websites.
8. How long do we keep your information for?
If you freeze your account, we will retain your personal information while it is frozen.
We will usually keep personal information:
● for as long as necessary for the original reasons we collected it (for example, for as long as you have an account with us), and
● for up to six years after that to identify any issues and resolve any legal proceedings.
We may keep your personal information for a longer period:
● in the event of a complaint,
● if we reasonably believe there is a prospect of legal proceedings,
● if we are aware of pending or ongoing legal proceedings, or
● in some circumstances, if applicable law says we must.
If you have opted into receiving marketing from us but later decide to opt out (or object to any other use of your personal information), we may keep a record of your opt-out or objection so we can respect your preferences.
9. Anonymised data
We may anonymise your personal data to create anonymised data (like aggregated statistics). You cannot be identified from anonymised data, and it cannot be reverse engineered to re-identify individuals. This kind of data is no longer personal data.
We may keep and use this anonymised data to help us provide, develop and improve our Platform and services, including to:
● better understand how people use Holly Health,
● develop useful insights and improvements to Holly Health.
10. What rights do you have over your personal information?
In certain circumstances, you have the following rights:
● to be provided with a copy of your personal information,
● to ask us to
correct or delete your personal information,
● to request us to
restrict how we use your personal information (for example, while we investigate your concerns about the accuracy of data, or lawfulness of a certain use),
object to the further use of your personal information, including the right to object to marketing from us,
● to request that your provided personal data be
moved to a third party, and
● where you have consented, to
If you would like to exercise any of these rights in relation to the personal information we hold about you, you can contact us at email@example.com
. If you have any concerns, you have the right to lodge a complaint with a data protection supervisory authority.
● The Information Commissioner's Office (ICO) is the supervisory authority in the UK and can provide further information about our rights, an organisation's obligation in relation to your personal information, as well as deal with any complaints that you may have. You can visit their website at www.ico.org.uk
● If you are outside the UK, you can find your local data protection authority
11. Updating this Privacy Notice
This Notice was last updated 20/07/2021
We may update this Notice from time to time, and will post any changes on this page.
If we make any substantive changes, we will notify you through email or website pop-ups within our Platform.
12. How can you contact us?
We would love to hear from you. If you have any questions or feedback, please get in touch at firstname.lastname@example.org
Peaberry Software Inc. d/b/a Customer.io
Branch Metrics, Inc. (Branch.io)
The Rocket Science Group, LLC (Mailchimp)
Google LLC (Google Cloud, Google Ads / Analytics)
Amazon Web Services, Inc.