We take our responsibility to our users very seriously and we understand the sensitive nature of some of the data that we process, and as such are treating the data that we hold on you as special category medical data under the terms of the GDPR.
As such we treat the data under the strictest confidence and will share this data with third parties only where we have absolute confidence that they share our commitment to the security of your data, and only where we have your explicit consent to do so.
Who we are
We are Project MVP Ltd. a company based in Croydon in the UK with registered number 10841787
We will act as the controller of the data that you give us when you create your account, as well as for any of the data that is generated at one of our events
Our registered address is:
Office 153 Interchange House 81-85 Station Road, Croydon, London, City Of, United Kingdom, CR0 2RD
If you have any questions or comments for the team, please feel free to contact us by email at firstname.lastname@example.org
Our Data Protection Officer can be contacted using the email address email@example.com
The legal basis on which we process your data
We process personal data in accordance with this policy on one of the following basis':
• Where necessary for the performance of a contract with you or to take steps to enter into a contract, such as the administration of your account and/or to provide services to you.
• Where we have sought your consent and you have provided consent, based on that consent; or
• Where we have not sought your consent, based on our legitimate interests (and we have assessed that these are not overridden by your interests)
• These legitimate interests are as follows:
• To provide you with products and services
• To administer our business
Where your details have been provided by a third party as part of our arrangements with that third party (for example a sports club) (“Third Party Controller”) then we are processing your personal data on behalf of the Third-Party Controller in order to provide services to them and to you. In this case, the Third-Party Controller is the Controller and we act on their instructions as their Processor for these purposes. In these circumstances, the Third-Party Controller will decide how your data is processed and you should also refer to their privacy policies for further information. If the Third-Party Controller policies are different to this policy then the Third-Party Controller’s policy will prevail. Where you have also consented for us to use your personal data for the other purposes set out in this policy then we will be the Controller of your data for these purposes.
The reasons that we process your data
We collect data from you for the following purposes:
• To help us with the administration of your account
• In order to provide the Project MVP service to you
• To help us to communicate with you
What data we collect and why
When you sign up for the Project MVP service at the event, we take from you your name and your email address in order to identify you to our systems and allow you to log on to your account via either the MVP website.
We also need this data in order to help to identify you if ever you need to get in touch with our support staff, and for other reasons relating to the administration of your account with us.
We also require your date of birth, in order to identify you and provide data analytics that require age as a metric.
We keep logs of the results of your tests that are completed by you at any events you attend. This data will include details of the time and date that you attended the event and the facility that you attended.
When you complete an event a set of results will be generated which includes performance-related data. This data we treat as special category medical data under the GDPR legislation, and we will ask for specific permission from you to process this data at the event. Please note, however, that if we do not have consent from you to process this data, we will not be able to proceed with any results from the day as processing this data is integral to what we do and essential for us to be able to provide the full Project MVP service
We keep a record of when you check into events via our apps and the website which include the time and the date of the login, what it was that you logged into and which IP address the request came from.
Technical data about your use of our site
IP addresses are collected when you log on to the MVP service, as are certain items that come across as metadata when your browser communicates with the MVP servers, including browser and OS types and versions, time zone settings, browser plug-in types and platform details.
We also collect information regarding your visit to the MVP website including full URL clickstream to, through and from our site (including date and time); MVP products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Data from your interactions with MVP staff
If you contact MVP staff at all then we will collect information on the means that you use to communicate with such as the email address that you contact us with and maintain records of all communication between us.
What we do with your data
We hold your special category data in order to allow you to access your data and track the progress of your fitness journey via the MVP dashboards, MVP website. We may provide reports using completely anonymised data to selected third parties such as UK sport and the NHS.
This data has had any identifying features removed from it and is only ever reported on in either an aggregated or anonymised form. In cases where we have binding processor agreements and enough guarantees that your data will be treated with the same care with which we treat it ourselves we will share your data with selected partners. We also keep data on your communication with us for compliance purposes and to ensure the quality of staff training, and to inform our decisions with regards to policies and internal procedures.
How you can view your data
If you would like to receive a file including all fields of data please contact us on the details above and we will get that to you within 30 days of receiving the request.
How we store your data
Your data is stored in our Microsoft Azure SQL LITE Database servers. The Microsoft datacentres operate appropriate security measures including firewalls and strong encryption methods, and we use all appropriate measures in order to ensure the security of your data.
We will store your data for as long as you are an active user of the MVP data. We will periodically check by automated means your engagement the website and will remove personally identifying details from accounts that have not seen user engagement for a period longer than 6 months.
We will keep the results data for archival, statistical, and scientific research purposes but the data will no longer be able to be associated to you as an identifiable person.
Accounts that have been anonymised in this fashion will no longer be recoverable as we will have no way of identifying you and linking you to the data that remains. We will communicate with you before this removal process begins using the email address that we have for you on your profile.
If we do not have a way of communicating with you then your account will simply be closed automatically after the period has elapsed.
Your rights as an MVP account holder
• You have the right to access any data that we have on you
Contact us using the details above in order to obtain a full list of the data which we hold on you
• You have the right to restrict the processing of your data
You have the right to ask us to restrict the processing of your data in accordance with data protection legislation.
• You have the right at any time to correct any personal data that we hold about you.
Any of the personal details on your profile can be corrected by contacting us using the contact details at the beginning of this document.
Unfortunately, due to the technologies that we employ in order to provide you with your performance data, it is not possible to retrospectively alter the results of an event. Those event details will need to be deleted via the process below.
• You have the right to have any data that we hold on you deleted
If you wish to have any of the records that we have on you deleted, then please contact us using the details at the beginning of this document and we’ll be pleased to assist.
• You have the right to withdraw your consent at any time
In the case of your consent on any of the issues for which we seek it, you are entitled at any time to withdraw consent on any individual point at any time.
While this will not mean we are not allowed to use the data that we have processed with your consent, it will mean that we are no longer allowed to process the data in the ways in which you have withdrawn your consent.
Withdrawing consent for any aspect of our data processing will not affect your rights to continue using the service, though if we do not have your consent to process data of yours, we will need to delete your readings from your account.
In order to withdraw consent, please contact us on the details at the beginning of this document.
• You have the right to object to us using your personal information for marketing purposes
In order to remove yourself from any marketing lists that we may have, please contact us on the details above. Retrospectively you can also unsubscribe from our informational emails at any point using the GDPR compliant link in the email
• You have the right to object to the way in which we process data
If you are concerned about the way in which we process the data that we hold on you then please don’t hesitate to get in touch with us via email using the contact details at the beginning of this document.
Supervisory Authority Details
If, for whatever reason, you have a complaint about the way that we handle your data, or want to find out more about the legislation and how it affects you then please contact the Information Commissioner’s Office via the site -