Privacy Policy
This Privacy Policy applies to your use of the Sugar mobile application (the “Sugar App”) and website (including https://sugarnetwork.co/ ) (the “Sugar Website(s)”) operated by Super Hero Holdings Limited (“SuperHero”, “we”, “our”, and “us”) and the services we provide that are accessible via any of them (the “Services”). This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be stored and processed by us.
MINIMUM AGE REQUIREMENT
Please note that you must be aged 18 years or older to use the Services. Please do not use the Services or provide us with any personal information if you are under 18 years of age.
INFORMATION WE MAY COLLECT FROM YOU
From time to time, we may collect or ask you to provide personal information including (without limitation) the following: your name, mobile phone number, email address, password, identification credentials, your contacts, biographical details, photographs and/or payment information.
We also automatically collect, store and use information about your use of the Services, and about your computer, tablet, mobile or other device through which you access the Services. This includes the following information:
Technical Data: including the Internet protocol (IP) address, browser type, internet service provider, device identifiers, your login information, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location.
Usage Data: including the full Uniform Resource Locators (URL), clickstream to, through and from the Sugar Websites, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), date and time pages are accessed, website navigation and search terms used, and whether you have opened our marketing newsletters.
We may also automatically record the purchases you have made through the Sugar App or Sugar Websites using Sugarcoin (“Transaction Data”) to obtain an understanding of your preferences so that we can provide you with more tailored marketing where appropriate.
As part of the Services, we may provide functionality allowing you to search for friends by using your Facebook credentials and, when you elect to do this, you will be asked to allow the Sugar App to access certain information associated with your Facebook account such as your name, profile picture, gender and list of friends. Provided you consent to this, such information will be processed by us in order to identify your Facebook friends who are users of Sugar App and to allow you to invite those Facebook friends to install the Sugar App.
Please note that, with your consent, we will collect information about your location and physical movements in order for the Sugar App to function properly and monitor and verify forms of eligible movement. You may turn location monitoring on and off from time to time using the settings of your operating system of your mobile device but, if you disable this functionality, we will not be able to collect information relating to your step-count and GPS/Cell-ID location which will prevent tracking and/or conversion of your movement into Sugarcoins.
We work with third parties from time to time (including, for example, Apple HealthKit, Google Health, Near Foundation, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers and search information providers who may provide us information about you. This may include your purchase history from business partners who supply you with rewards made available via the Sugar App.
USES MADE OF YOUR PERSONAL DATA
As a data controller, we will only use your personal data if we have a legal basis for doing so. The table at Annex 1 sets out the purposes for which we use your personal data as well as the relevant legal bases on which we do so.
WHO WE SHARE YOUR PERSONAL DATA WITH
We may share your personal data with the following recipients as necessary to achieve the purposes set out in Annex 1 or as otherwise described below:
Other users. Certain information of your personal data may be shared with other users of the Sugar App as part of the normal operation of the Services (for example your uploaded profile picture and biographical information will be accessible to all users, and we may publish your total verified steps, or other movement, during a particular period to other users from time to time).
Service providers. We may share your personal data with third party service providers that perform services for us or on our behalf, which may include providing data hosting, customer relationship management, payment processing and analytics services.
Business partners. We may share your personal data with our trusted business partners in order that they can contact you from time to time with offers that may interest you and/or inform you of other products or services, provided you have given your consent for us to do so.
Law enforcement, regulators, governmental authorities and other parties for legal reasons. We may share your personal data with third parties if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or our safety, or the safety of our users, a third party, or the public.
Purchasers and third parties in connection with a business transaction. If we are involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale or other transaction, we may disclose your personal data as part of that transaction.
In addition, we may share your personal data with other third parties if you have provided your consent for us to do so.
INTERNATIONAL TRANSFERS
We may transfer your personal data outside of the country where you are located.
If you are located in the UK or EEA, your personal data may be transferred to countries which do not provide the same level of protection for personal data as that provided for under UK and EEA law.
Where we transfer your personal data to a country which is not recognised by the UK government or EU Commission (as applicable) as ensuring an adequate level or protection for personal data, we will ensure that relevant safeguards are in place to ensure the adequate protection for your personal data (for example, by entering into standard contractual clauses with the recipients of your personal data).
Further details regarding the relevant safeguards we implement can be obtained from us on request at [email protected] with the subject ‘international transfers’.
DATA RETENTION
Your personal data will be kept only for as long as is necessary to fulfill the purposes set out in this policy, for as long as we are required to do so by law or any regulatory obligation.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
DATA SECURITY
We take reasonable industry-standard care in keeping all our data secure and in preventing any unauthorized access or unlawful use of it.
COOKIES
We use cookies and similar technologies on the Sugar App and Sugar Websites for various purposes, including analytics and advertising. For more information regarding our use of cookies, please refer to Annex 2.
YOUR RIGHTS
Depending upon where you are located, you may have the following rights in respect of your personal data under applicable data protection law:
To ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing (i.e. “opt out”) by clicking ‘unsubscribe’ at the bottom of our marketing emails or by emailing [email protected], with the subject ‘unsubscribe’.
To change your personal information we hold about you. You can exercise your right by accessing your Account information in our app (Open Sugar App -> Your Account Screen -> Edit (on Android) or Pencil icon (on iPhone) -> Change your details -> Save).
To ask us about the personal information we hold about you and to request a copy of your personal information. You can exercise your right to access this information by emailing [email protected], with the subject ‘data access request’.
To delete your account and any personal information we hold on you. You can exercise your right to delete your Sugarcoin account and the personal information attached to it yourself, by triggering an account deletion via the Help section within the Sugar App (Open Sugar App -> Your Account Screen -> Settings -> Help -> Contact us -> Choose your problem = Delete Account).
To object to any use of your personal data that we carry out on the basis of our legitimate interests (as set out in Annex 1), subject to certain conditions.
To receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person, in each case subject to certain conditions.
To withdraw consent to our processing of your personal data if this is based on your consent (as set out in Annex 1).
To require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the data is contested by you.
Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
If you wish to exercise one of these rights, please follow the steps set out above or contact us using the details set out below.
COMPLAINTS
If you wish to lodge a complaint about how we process your personal data, please contact us using the details set out below. We will endeavor to respond to your complaint as soon as possible.
You also have the right to lodge a complaint to your national data protection authority. The relevant data protection regulator in the UK is the Information Commissioner's Office (https://ico.org.uk/concerns).
If you are resident in the EEA, you can find details regarding your local data protection regulator here.
LINKS
The Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such websites or services and is subject to those operators’ policies governing privacy and security, even if accessed via the Sugar App or Sugar Websites. We are not responsible for the content or privacy and security practices and policies of third-parties to which links or access are provided through the Sugar App or Sugar Websites. We encourage you to learn about third parties’ privacy and security policies before providing them with your personal data.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to change this Privacy Policy at any time. Any such changes we may make to this Privacy Policy will be posted on the Sugar App and Website(s), and may be emailed to you. Please check the Privacy Policy available on the Sugar App and Website(s) from time to time.
CONTACT
Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to [email protected] with subject line “enquiry”.
ANNEX 1 – PURPOSES OF COLLECTING PERSONAL INFORMATION
The Sugar App’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
We use the following categories of personal data in the manner specified below, and rely on the following legal basis for processing:
Contact Details (phone number): We use this data to verify your identity as part of our account set up procedure. Our legal basis for processing this data is because it is in our and your legitimate interests to ensure that you have used the correct phone number when signing up for the Services.
Contact Details (email address, phone number etc.), profile information (username, profile photo, bio etc.), movement data (motion data, HealthKit data, Google Health data): We use this data to provide the Services. Our legal basis for processing this data is based on performance of a contract (our terms and conditions).
Location Data (iOS only): We use this data to verify your physical movement and location and issue Sugarcoins on the basis of this verified data. Our legal basis for processing this data is based on consent (where we are processing location data) and performance of a contract.
Movement data (Healthkit / Google Fit steps data): We use this data to verify your physical movement and issue Sugarcoins on the basis of this verified data. Our legal basis for processing this data is based on consent and performance of a contract.
Contact Details (email address, phone number etc.), payment details (card number, CVC etc.), profile information (username): We use this data to process your transactions with us. Our legal basis for processing this data is based on performance of a contract.
Profile Information (username, profile photo etc.), movement data (motion data, HealthKit data, Google Fit data, Google Health data): We use this data to create daily leader boards of users, comprising all users or users meeting particular criteria as ranked by the number of steps completed or using other criteria. Our legal basis for processing this data is because it is in our legitimate interests to make our services social and competitive and allow you to see how you rank against other users and encourage you to walk more.
Contact Details (phone number): We use this data to connect you with other users and allow you to invite contacts to use the Services. Our legal basis for processing this data is because it is in our legitimate interests to make our services social and allow you to interact with friends when using the Services.
Contact Details (phone number, email address etc.), communications data (personal data composed in your requests, survey responses, complaints etc.): We use this data to respond to queries and complaints and provide you with information and materials that you request from us. We also use this data to communicate with you, including to inform you of updates to the Sugar App, Sugar Website(s), our Terms of Use and/or this Privacy Policy. We also use this data to perform market and customer research. Our legal basis for processing this data is because it is in our legitimate interests to respond to your queries and provide any information and materials requested in order to maintain good customer relations; it is in our legitimate interests to ensure that any changes to our policies, terms and other such technical updates are communicated to you; and because it is in our legitimate interests to carry out market and customer research so that we can improve our Services.
Transaction Data and Order History: We use this data to obtain an understanding of your preferences and to maintain accounts and records. Our legal basis for processing this data is because it is in our legitimate interests to understand our users’ preferences so we can improve the Services and the offers we display on the Sugar App; and because it is in compliance with a legal obligation.
Contact Details (phone number, email address, social media accounts), marketing preferences (records of consents): We use this data for Marketing and advertising (including sending you marketing emails, carrying out online behavioral advertising and measuring the effectiveness of our marketing). We also use this data to share your contact details with trusted business partners for marketing purposes. Our legal basis for processing this data is consent (if required under applicable law). Where consent is not required under applicable law, such processing is necessary in our legitimate interests, namely to develop and grow our business.
Profile Information (username, profile photo, bio etc.), usage data, transaction Data, movement data (motion data, HealthKit data, Google Fit data): We use this data to investigate and/or prevent suspected fraud or other criminal activities, to investigate disputes between users, and for Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures. Our legal basis for processing this data is because it is in our legitimate interests to resolve and protect ourself and users of the Services, the Sugar App and the Sugar Websites against harmful activities; it is in our legitimate interests to ensure that disputes between users are resolved and appropriate action is taken against users breaching the rules; and because it is in our legitimate interests to be as efficient as we can so we can deliver the best services to you.
Profile Information (username, profile photo, bio etc.), usage data, technical data): We use this data to correct errors and problems with the Services, and to protect the security of systems and data. Our legal basis for processing this data is because it is in our legitimate interests to monitor the Services to ensure that it functions properly and is secure; to comply with our legal and regulatory obligations; and because it is also in our legitimate interests to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.
Technical Data and Usage Data: We use this data to analyze the usage of the Services, including for the purposes of improving the Services and to ensure that content is presented in the most effective manner for you. Our legal basis for processing this data is based on consent.
Contact Details (email address, phone number etc.), profile information (username, profile photo, bio etc.): We use this data to enforce legal rights or defend or undertake legal proceedings. Our legal basis for processing this data is because it is in our legitimate interests or those of a third party, i.e. to protect our business, interests and rights or those of others.
ANNEX 2 – COOKIES
What are cookies
We use cookies to distinguish you from other users of the Sugar App and Sugar Website(s) and obtain certain information about your usage and behavior. A cookie is a small file of letters and numbers that we put on your computer when you use the Sugar App or Sugar Website(s). This helps us to provide you with a better experience when you use the Sugar App or browse the Sugar Website(s) and also allows us to improve the Services. We will use both persistent cookies, which could remain on your device until their expiration (which, in some cases, is up to 10 years), and session cookies, which are temporary files removed from your device once your browser is closed.
Cookies we use
The types of cookies we may use include:
Strictly Necessary Cookies, which are required for the operation of the Sugar App and Sugar Websites. They include, for example, cookies that enable you to log into secure areas of our websites;
Analytical/Tracking Cookies, which allow us to recognise and count the number of visitors and analyze use of the Services, as well as to verify transactions; and
Advertising and Retargeting Cookies, which allow us to generate appropriate advertising directed to you on the Sugar Website(s) as well as on the Sugar App and other third party websites.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. You may block cookies by activating the appropriate setting on your browser but, if you do so, you may not be able to use all functionalities of the Services.
We use a number of industry-standard data analytics tools, such as Google Analytics and Facebook Analytics. These collect certain information about you, such as your device’s IP address and browsing and usage behavior, and are used to allow us to track and monitor the traffic visiting the Sugar App and Sugar Website(s).
Consent to use cookies
We will ask for your permission (consent) to place cookies on your device when using the Sugar Websites, except where these are essential for us to provide you with a service that you have requested.
There is a notice on our home page which describes how we use cookies and requests your consent before we place any non-essential cookies on your device.
How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of our websites.
To find out more about cookies, including how to see which cookies have been set and how to manage and delete them, you can visit the third party website: www.allaboutcookies.org
ANNEX 3 – NOTICE TO UNITED STATES RESIDENTS
This Annex 3 is incorporated into the Privacy Policy and includes additional information for residents of the United States regarding the collection and use of their Personal Data. The term “Personal Data,” as used in this Annex 3, includes “personal information” as defined in the California Privacy Rights Act (“CPRA”).
PERSONAL DATA
The following subsections detail the categories of Personal Data that we collect and have collected over the past twelve (12) months. For each category of Personal Data, these subsections also set out the source of that Personal Data, our commercial or business purpose for collecting that Personal Data. More information regarding those sources and categories are set forth below.
Categories of Personal Data We Collect
Profile or Contact Data
Examples of Personal Data Collected:
First and last name
Phone number
Unique identifiers such as username and password
Profile photo
User bio
Source:
You
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Advertising Partners
Analytics Partners
Business Partners
Parties You Authorize, Access or Authenticate, including Other Users
Commercial Data
Examples of Personal Data Collected:
Purchase history (i.e. “Transaction Data”)
Source:
You
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Parties You Authorize, Access or Authenticate, including Other Users
Device/IP Data
Examples of Personal Data Collected:
IP address
Device ID
Domain server
Type of device/operating system/browser used to access the Services
Browser plug-in types and versions
Internet service provider
Source:
You
Third parties, including Analytics Partners
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Advertising Partners
Analytics Partners
Web Analytics
Examples of Personal Data Collected:
Web page interactions
Referring webpage/source through which you accessed the Services
Referral source/exit pages
Statistics associated with the interaction between device or browser and the Services
Source:
You
Third parties, including Analytics Partners
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Advertising Partners
Analytics Partners
Social Network Data
Examples of Personal Data Collected:
Phone number
User name
IP address
Device ID
Name
Profile picture
List of friends
Source:
You
Third parties, including Social Networks
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Advertising Partners
Analytics Partners
Business Partners
Parties You Authorize, Access or Authenticate, including Other Users
Consumer Demographic Data
Examples of Personal Data Collected:
Age/date of birth
Zip code
Gender
Source:
You
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Advertising Partners
Analytics Partners
Business Partners
Parties You Authorize, Access or Authenticate, including Other Users
Geolocation Data
Examples of Personal Data Collected:
IP-address-based location information
GPS data
Time zone setting
Source:
You
Categories of Third Parties with Whom we Share this Personal Data:
Service Providers
Advertising Partners
Analytics Partners
Business Partners
Parties You Authorized, Access or Authenticate, including Other Users
Health Data
Examples of Personal Data Collected:
Health or exercise activity monitoring
Apple HealthKit data
Google Health data
Source:
You
Categories of Third Parties with Whom we Share this Personal Data:
Service Providers
Business Partners
Parties You Authorize, Access or Authenticate, including Other Users
Categories of Data Considered “Sensitive” Under the CPRA
Examples of Personal Data Collected:
Personal data concerning a consumer’s health
Precise geolocation data
Source:
You
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Advertising Partners
Analytics Partners
Business Partners
Parties You Authorize, Access or Authenticate, including Other Users
Other Identifying Information that You Voluntarily Choose to Provide
Examples of Personal Data Collected:
Identifying information in emails, letters, or texts you send us or in your survey responses
Source:
You
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Parties You Authorize, Access or Authenticate, including Other Users
Other
Examples of Personal Data Collected:
Your contacts
Any Personal Data or other identifying information that you include in your user bio
Source:
You
Third parties, including Social Networks
Categories of Third Parties with Whom We Share this Personal Data:
Service Providers
Advertising Partners
Analytics Partners
Business Partners
Parties You Authorized, Access or Authenticate, including Other Users
Our Commercial or Business Purposes for Collecting or Disclosing Personal Data
Providing, Customizing and Improving the Services
Creating and managing your account or other user profiles
Processing orders or other transactions; billing.
Providing you with the products, services or information you request.
Meeting or fulfilling the reason you provided the information to us.
Providing support and assistance for the Services.
Improving the Services, including testing, research, internal analytics and product development.
Personalizing the Services, website content and communications based on your preferences.
Doing fraud protection, security and debugging.
Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the CPRA
Marketing the Services
Marketing and selling the Services.
Showing you advertisements, including interest-based or online behavioral advertising.
Corresponding with You
Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about SuperHero or the Services.
Sending emails and other communications according to your preferences or that display content that we think will interest you.
Meeting Legal Requirements and Enforcing Legal Terms
Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
Protecting the rights, property or safety of you, SuperHero or another party.
Enforcing any agreements with you.
Responding to claims that any posting or other content violates third-party rights.
Resolving disputes.
Personal Data Sales
In this section, we use the term ‘sell’ as it is defined in the CPRA. We sell your Personal Data, subject to your right to opt-out of these sales.
As described in Annex 2, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third party Cookies for online advertising may be considered a “sale” of information. You can opt out of these sales by following the instructions in this section. Otherwise, we do not sell your Personal Data to third parties.
Personal Data Sharing
Under the CPRA, California residents have certain rights when a business “shares” Personal Data with third parties for purposes of cross-contextual behavioral advertising. We have shared the following categories of Personal Data for the purposes of cross-contextual behavioral advertising:
Profile or Contact Data
Device/IP Data
Web Analytics
Social Network Data
Consumer Demographic Data
Geolocation Data
Categories of Data Considered “Sensitive” Under the CPRA
Other
As described in Annex 2, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third party Cookies for online advertising may be considered a “sale” of information. You can opt-out of data selling and/or sharing by following the instructions in this section.
We share Personal Data with the following categories of third parties:
Marketing providers (including for cross-contextual behavioral advertising purposes)
Service providers
Other users (where certain information, such as profile data, is visible to all users)
Business partners
Third parties in connection with a business transaction, such as merger or sale
Law enforcement, regulators, governmental authorities and other parties for legal reasons
These Terms of Use were last updated on 15 November 2023.