Last Update: 6 August 2021
BuddyUp cares about privacy and protecting the Personal Data handled by us. All Personal Data is Processed in
accordance with Applicable Law. In this Policy we describe how and the purposes for which we use your
personal information as well as what lawful basis we use and what measures we take to protect Personal data.
We also provide information on how you exercise the rights you have linked to our Processing of Personal data.
WHY AND WHO?
BuddyUp Reg. No. (12625621) (“BuddyUp“, “we“, “us“, “our“) is the Controller of all Personal Data listed in this
Processed, we will also provide a list of all our data Processors. This Policy provides information on how we
handle Personal Data when you communicate with us, use the Services or visit our website www.buddyup.uk
(together the “Functions“).
THE INTENDED RECIPIENT OF THE INFORMATION PROVIDED IN THIS POLICY IS:
● Potential customers
● Visitors of our website
“Applicable Law” refers to the legislation applicable to the processing of Personal Data, including the GDPR,
supplementary national legislation, as well as practices, guidelines and recommendations issued by a national or
EU supervisory authority.
“Controller” is the company/organisation that decides for what purposes and in what way personal data is to be
processed and is responsible for the Processing of Personal Data in accordance with Applicable Law.
“Data Subject” is the living, natural person whose Personal Data is being processed.
“Personal Data” is all information relating, directly or indirectly, to an identifiable natural person.
“Processing” means any operation or set of operations which is performed on Personal data, e.g. storage,
modification, reading, handover and similar.
“Processor” is the company/organisation that processes personal data on behalf of the Controller and can
therefore only process the Personal Data according to the instructions of the Controller and the Applicable Law.
“The Services” Matchmaking running app.
“Special Category of Personal Data” or “Sensitive Personal Data” means any information that reveals ethnic
origin, political views, religious or philosophical beliefs, trade union membership, genetic data, biometric data to
uniquely identify a natural person, health information or information about a physical person’s sexual life or
The definitions above shall apply in the Policy regardless if they are capitalised or not.
BUDDYUP’S ROLE AS A CONTROLLER
The information in this Policy covers Personal Data Processing for which BuddyUp is the Controller. As a
Controller we are responsible for the Processing for which we decide the purpose of (“the why”) and the means
for the Processing (what methods, what personal data and for how long it is stored). The Policy does not
describe how we Process Personal Data in the role of a Processor – i.e. when we process Personal Data on
behalf of our customers.
We’re a matchmaking running app that captures data points from our users to then use for our algorithm to help
our users find their ideal running partners.
BUDDYUP’S PROCESSING OF PERSONAL DATA
We have a responsibility to describe and demonstrate how we fulfill the requirements that are imposed on us
when we Process your Personal Data. This section aims to describe:
● That Processing of Personal Data is necessary is for the purpose
● That we have identified the lawful basis for the Processing
Legitimate interest – BuddyUp may process Personal Data if we have assessed that a legitimate interest
overrides the interest of fundamental rights and freedoms of the Data Subject, and if the processing is necessary
for the purpose in question.
FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?
We will keep your personal data as long as it is necessary for the purpose for which it was collected. Depending
on the lawful basis on which we support the Processing, this may a) be regulated in a contract, b) be dependent
on valid consent, c) be stated in legislation or d) follow by an internal assessment based on a legitimate interest
assessment (LIA). In the list below, we indicate, where possible, the period during which the Personal Data will
be stored and the criteria used to determine the storage period.
- Processing and purpose of Processing: Register user account to enable the customer to log in. Verify user
credentials to increase security and prevent abuse. Identify through a third party, if login takes place via
Facebook and Instagram. Use inputted data from users for our algorithm to use for matchmaking
- Personal Data: Name, Age, Gender, Email, Fitness Goals and Levels, Education, Occupation, IP Address, Location
- Source: Users Input the data
- Lawful basis: The legitimate interest of our matchmaking algorithm
- Storage period: As long as we have an active customer relationship
- Condition for Processing Special Category of
Personal Data: The processing relates to personal data which are manifestly made public by the data subject (art 9.2.e
You are the one in control of your Personal data and we always strive to ensure that you can exercise your rights
as efficiently and smoothly as possible.
Access – You always have the right to receive information about the Processing of data that concerns you. We
only provide information if we have been able to verify that it is you that are requesting the information.
Rectification – If you find that the Personal Data we process about you is incorrect, let us know and we will fix it!
Erasure – Do you want us to completely forget about you? You have the right to be forgotten and request
deletion of your Personal Data when the Processing is no longer necessary for the purpose for which it was
collected. If we are required to retain your information under applicable law or a contract that we have entered
with you, we will ensure that it is processed only for the specific purpose set forth in such applicable law or
contract. We will thereafter erase the information as soon as possible.
Objections – Do you disagree with our assessment that a legitimate interest for Processing your Personal Data
overrides your interest in protecting your privacy? Don’t worry – in such case, we will review our legitimate interest
assessment. Of course, we add your objection to the balance and make a new assessment to see if we can still
justify our Processing of your Personal Data. If you object to direct marketing, we will immediately delete your
personal information without making an assessment.
Restriction – You can also ask us to restrict our Processing of your Personal Data
- Whilst we are Processing a request from you for any of your other rights;
- If, instead of requesting erasure, you want us to limit the Processing of Personal Data for a specific purpose.
For example, if you do not want us to send advertising to you in the future, we still need to save your name in
order to know that we should not contact you; or
- In cases where we no longer need the information in relation to the purpose for which it was collected,
provided that you do not have an interest in retaining it to make a legal claim
Data portability – We may provide you with the data that you have submitted to us or that we have received from
you in connection with a contract that we have entered with you. You will receive your information in a commonly
used and machine-readable format that you can transfer to another personal data manager.
Withdraw consent – If you have given consent to one or several specific processing(s) of your Personal Data,
you have the right to withdraw your consent at any time and thus ask us to terminate the Processing immediately.
Please note that you can only withdraw your consent for future processing of Personal Data and not for
Processing that has already taken place.
HOW YOU USE YOUR RIGHTS
Contact us at email@example.com and we will help you. Send a request regarding your rights, get information
about what you have agreed to and delete your personal data.
TRANSFER OF PERSONAL DATA
In order to run our business, we may need help from others who will process Personal Data on our behalf, so-
In cases where our Processors transfer Personal Data outside the UK, we have ensured that the level of
protection is adequate, and in compliance with Applicable Law, by controlling that either of the following
requirements are fulfilled:
- the level of protection is adequate in the third country where the data is processed;
- the Processor use specific contracts approved for use in the UK which give Personal Data the same
protection it has in the UK.
- the Processor has taken other appropriate safeguards prior to the transfer and that such safeguards comply
with Applicable law.
We have entered into Data Processing Agreements (DPA) with all our Processors. The DPA sets out, among
other things, how the Processor may process the Personal Data and what security measures are required for the
We may also need to disclose your personal information to certain designated authorities in order to fulfill
obligations under applicable law or legally binding judgements.
Personal data being processed: User data
Instructions: Serve as our cloud storage service
BuddyUp has taken technical and organisational measures to ensure that your Personal Data is processed
securely and protected from loss, abuse and unauthorised access.
OUR SECURITY MEASURES
Organisational security measures are measures that are implemented in work methods and routines within the
- Internal governance documents (policies/instructions)
- Login and password management
- Information security policy
Technical security measures are measures implemented through technical solutions
- Access log
- Secure network
- Regular security inspection
IF WE DON’T KEEP OUR PROMISE
If you think that we are not Processing your Personal Data correctly, even after you have notified us of this, you
are always entitled to submit your complaint to the Information Commissioner’s Office (ICO), the UK supervisory
regulator for data protection issues.
More information about our obligations and your rights can be found at https://ico.org.uk//.
CHANGES TO THIS POLICY
We reserve the rights to make changes to this Policy. In the event that the change affects our obligations or your
rights, we will inform you about the changes in advance so that you are given the opportunity to take a position
on the updated policy.
Please contact us if you have questions about your rights or if you have any other questions about how we
process your personal information:
LAST UPDATE: 5 NOVEMBER 2021
WHY AND WHO?
Matchmefit Ltd Reg. No. 12625621 (“BuddyUp“, “we“, “us“, “our“) is using cookies and other tracking technologies (“Cookies“) in order to improve your user experience.
WHAT ARE COOKIES
A Cookie is a text file that is sent from the Webpage and stored on your computer, cell phone or any other device that you use to visit the Webpage.
Cookies allow us to, amongst other functions, recognise the device you use next time you visit the Webpage, provide certain essential functions and to monitor user behavior on the Webpage.
HOW LONG IS THE COOKIE STORED?
There are two types of Cookies; Session cookies and Permanent cookies.
Session cookies are deleted when you close the browser (e.g. Internet explorer, Safari or Google Chrome).
Permanent cookies remains on your device after you have closed the browser. The Cookie will be stored for as long as it is indicated in the Cookie or until you remove it.
BUDDYUP’S USAGE OF COOKIES
We use the following types of Cookies:
These Cookies remembers your choices on the Webpage (e.g. username, language etc.) and tells us how you have interacted with the Webpage so that we can personalise our service.
These Cookies analyse how you use the Webpage and monitors the Webpage’s performance. This helps us identify and manage eventual problems. A performance cookie can keep track of the traffic on different pages as well as the performance of the Webpage and give us information on how long it takes for a page to load.
Operation and optimisation
These Cookies help us ensure that the Webpage is working as it should. It also gives us information which allows us to test new ideas and improve the Webpage.
These Cookies help us increase security by preventing, detecting and managing harmful activities on the Webpage.
By collecting information on how you interact with the Webpage, these Cookies help us be more relevant in our communication with you and improve your experience.
These Cookies are often placed by a third party with the intent to handle performance for ads, show ads and / or build user profiles in order to display ads elsewhere.
Other tracking technologies
These techniques will help us understand how you use the Webpage. This can, for example, be a small, transparent picture that is embedded in a Webpage or in an e-mail and it collects data such as your IP-addres, information about your device, your location etc.
First party Cookies
First party cookies are set by the Webpage on your device and can therefore only be read by you or us.
Name: 1P Cookie
Purpose: Tracks how users interact with BuddyUp
Duration: 90 days
Third party cookies
The Cookie(s) below is/are set by another party other than us when you visit the Webpage.
BuddyUp only uses reliable third parties. Third-party cookies can, amongst other functions, help us understand the needs of our users and give us information on how effective our marketing is. Third-party cookies may in some cases be used on websites other than the Webpage. Information collected by these third parties cannot identify your name, contact information or other personal information unless you choose to provide it. Since we cannot provide detailed information we refer to their respective policies.
We use these service providers:
Provider: Facebook Pixel
What is it doing? It allows us to see information about the activities of visitors to our site and users of our service, including page views, source and time. The information is anonymised and displayed as numbers, which means it can not be traced back to individuals. This helps us to understand the users needs so we can improve our product. It also gives us information about how effective our ads are. When you sign up with BuddyUp, we receive anonymised data on whether you have found us through an ad.
More info: https://developers.facebook.com/docs/facebook-pixel/implementation/gdpr
Provider: Google Analytics
What is it doing? Google Analytics allows us to see information about the activities of visitors to our site and users of our service, including page views, source and time. The information is anonymised and displayed as numbers, which means it can not be traced back to individuals. This helps to protect your privacy. This helps us meet the needs of users so that we can improve our product.
More info: https://analytics.google.com/analytics/web/
When you visit the Webpage for the first time we ask for your consent to use non-necessary cookies. You can withdraw your consent at any time. If you no longer wish to store the Cookies you have accepted, you can go to your web-browser settings and accept, deny or remove cookies (usually under “Help”, “Settings” or “Edit”). Note that you will likely not be able to use all services on the Webpage if you choose to deny Cookies.
CHANGES TO THIS POLICY
We reserve the right to make changes in this Policy. If a change affects our obligations or your rights, we will inform you about the changes in advance in order to give you the possibility to accept the updated policy.
We have assigned a data protection officer who will be able to answer your questions regarding Cookies and how we process your personal data.
Contact information to BuddyUp’s data protection officer:
firstname.lastname@example.org, 4 Sisters Avenue, Basement Flat, SW11 5SG