Privacy Policy

Firstly, we are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason and we also have to explain to you your rights in relation to that information.

You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it. 

We will outline your rights in this privacy policy. But we are doing this because like you we believe in people right to privacy. We will never use your data in anyway that we would not want our own personal data to be used. We want you to be confident that we will keep it secure and use it both lawfully and ethically, respecting your privacy. 

But whatever we do with your information, we need a legal basis for doing it. We generally rely on one of three grounds (reasons) for our business processing. 

1. You have created an account, ordered or have a service from us, therefore we are entitled to process your information so that we can provide that service to the highest quality and customer service to you and and take patient for this service.

2. We may want to collect and use your information for other purposes, we may need to ask for your consent (permission) and, if we do, that permission must always be indicated by a positive action from you (such as ticking a box) and be informed. You are also free to withdraw your permission at any time. 

3. In our  ‘legitimate interests’  we will use the information in a particular way without your permission (for example, to protect our network against cyber-attacks). But when we do this, we must tell you as you may have a right to object.

What Personal Information We Store and How We Use It

We’ll use your personal information to provide you with products and services. This applies when you register for an account or buy a product or service from us. Or if you register for an online account with us or download and register on one of our apps.

Depending on how you use MedalMad, we may collect:

  • Your name, email address and account details.
  • Profile information, including your profile photo and biography (if provided).
  • Challenge purchases, challenge progress and completion history.
  • Activity information entered manually or imported from connected fitness services.
  • Device information such as operating system, app version, device model and crash reports.
  • Technical information including IP address, browser type, language settings and application usage.
  • Customer support communications.
  • User-generated content including posts, comments, likes, reports and other interactions within the MedalMad community.

If you choose to enable Location Services, MedalMad may collect GPS location data while recording an activity or when importing activities from an authorised third-party fitness provider such as Strava. This information is used solely to support activity tracking, route mapping, challenge progress and other fitness-related features.

MedalMad does not collect continuous background location data for advertising or marketing purposes.

If you enable push notifications, we store a secure device notification token to send service-related notifications such as:

  • Challenge updates
  • Activity synchronisation status
  • Medal and reward notifications
  • Order updates
  • Important account and security messages

Our website may also use cookies and similar technologies to:

  • Remember your preferences
  • Improve website performance
  • Analyse usage
  • Maintain security
  • Provide essential website functionality

Where required by law, you will be given the opportunity to manage your cookie preferences.

We’ll use your personal information to send you account information, direct marketing and to help better identify products and services that interest you. We do that if you’re one of our customers or if you’ve been in touch with us another way (such as entering a prize promotion or competition).

This means we’ll:

  • Tell you about other products and services you might be interested in
  • Tell you  about updates to the website or app
  • Tell you about deadlines and changes to policy and guidance
  • Try to identify products and services you’re interested in; and show you more relevant online advertising and work with other well-known brands to make theirs more suitable too
  • We use the following for marketing and to identify the products and services you’re interested in;
  1. Your contact details. This includes your name, gender, address, phone number, date of birth and email address
  2. Information from other organisations such Facebook, Google, Twitter based upon their data control policies.
  3. Information from cookies and tags placed on our websites and social media channels
  4. Your payment and financial information

We’ll send you information (about the products and services we provide) by phone, post, email, text message or online banner advertising. We also use the information we have about you to personalise these messages wherever we can as we believe it is important to make them relevant to you.  We do this because we have a legitimate business interest in keeping you up to date with our products and services, making them relevant to you and making sure you manage your spending with us.  We also check that you are happy for us to send you marketing messages by text or email before we do so. In each message we send, you also have the option to opt out.

Sharing Your Information

We do not share your information with any other party outside of the Active Connections Group Ltd without additional and recorded permission. We do not share the data of our users, unless there is a legal responsibility to do so.

How Do We Protect Your Personal Information.

We have strict security measures to protect your personal information. We store your information on GDPR complaint platforms only. We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures, such as encryption, to protect your information.

How Long Do We Keep Your Personal Information

We store your information for 36 months after you have purchased a product or service, or accessed the website. This is then removed from our database. You have the right at anytime to ask us to remove all your data. 

Connected Fitness Services (Strava, Google Health and Apple Health)

MedalMad allows you to connect certain third-party fitness platforms to automatically synchronise your activities and update your challenge progress.

Currently, MedalMad supports Strava and is developing support for Google Health and Apple Health. Additional fitness services may be added in the future.

Connecting a fitness provider is entirely optional.

When you choose to connect a provider, you authorise MedalMad to access only the information necessary to deliver the features you have requested. Depending on the provider, this may include:

  • Activity history
  • Distance travelled
  • Duration
  • Pace
  • Speed
  • Elevation
  • Calories burned (where available)
  • Activity type
  • GPS route information (where available)
  • Activity date and time

MedalMad does not request or access information that is unnecessary for providing challenge tracking and activity synchronisation.

To securely connect your account, MedalMad uses the provider’s official OAuth authentication process. Your login credentials for third-party services are never shared with MedalMad.

Where required, secure access tokens and refresh tokens are stored in encrypted form to allow authorised synchronisation of your activities. These tokens are used only for the purposes you have authorised and may be revoked at any time by disconnecting your fitness provider within the MedalMad application or by revoking access directly through the third-party provider.

MedalMad does not sell or share your fitness data with advertisers or unrelated third parties.

If you disconnect a fitness provider, MedalMad will stop synchronising new activities. Previously synchronised activities may remain within your challenge history where necessary to preserve completed challenges, achievements and account records.

Each connected fitness provider processes your information under its own Privacy Policy and Terms of Service. We encourage you to review those policies before connecting your account.

Payments

Payments are processed by trusted third-party payment providers. MedalMad does not intentionally store full payment card details on its own systems.

Security

We use encryption, secure authentication, least-privilege access controls, logging and industry-standard safeguards to protect personal information. No online system can be guaranteed 100% secure.

Location Services and GPS Permissions

Some MedalMad features rely on your device’s location services to record or import activities.

Location permissions are always optional and are requested only when required for a feature that you have chosen to use.

Depending on the functionality you enable, MedalMad may use location information to:

  • Record walking, running or cycling activities.
  • Display activity routes.
  • Calculate distance travelled.
  • Verify challenge progress.
  • Import GPS-enabled activities from connected fitness providers.
  • Improve the accuracy of challenge tracking.

MedalMad does not use your location for advertising, behavioural profiling or the sale of location information.

Location information is processed only to provide the services you have requested.

Background Location

At the time of publication, MedalMad does not continuously collect background location data.

If future versions introduce optional background activity tracking, we will:

  • Clearly explain why background location is required.
  • Request your explicit permission through your device’s operating system.
  • Allow you to disable background location at any time through your device settings.

You may disable location permissions at any time through your device settings, although some activity tracking features may no longer function correctly.

Push Notifications

MedalMad may send notifications to keep you informed about important activity within your account.

Notifications may include:

  • Challenge progress updates
  • Activity synchronisation results
  • Medal and achievement awards
  • Order updates
  • Account security notifications
  • Community interactions
  • Important service announcements
  • Optional marketing communications (where you have provided consent)

To provide notifications, MedalMad stores a secure device notification token issued by Apple or Google. This token is used solely for delivering notifications to your device and is not used to identify you outside the MedalMad platform.

You may choose whether to receive notifications when you first install the application. Notification preferences can also be changed at any time within your device settings or, where available, within the MedalMad application.

Service-related notifications that are necessary for the operation and security of your account may still be sent where permitted by applicable law.

Marketing notifications will only be sent where required consent has been obtained, and you may opt out at any time without affecting your ability to use the MedalMad platform.

MedalMad does not share device notification tokens with advertisers or unrelated third parties.

Location Data

MedalMad may collect, process and store location information when you choose to use features that require GPS or location services.

Location data is collected only when you have granted permission through your device and chosen to use features such as:

  • Recording walking, running or cycling activities.
  • Importing GPS-enabled activities from connected fitness providers such as Strava.
  • Displaying activity routes on maps.
  • Calculating distance travelled and challenge progress.
  • Verifying completion of location-based challenges where applicable.

Location permissions are entirely optional. If you do not grant location permission, you can still use most areas of the MedalMad platform, although some activity tracking features may not function correctly.

MedalMad does not collect location information for advertising, marketing or behavioural profiling.

At the time of publication, MedalMad only accesses location information while you are actively using location-enabled features or when synchronising activities that you have authorised through connected fitness providers.

If future versions introduce optional background location tracking, we will clearly explain why background location is required and request your explicit permission.

You can withdraw location permission at any time through your device settings.

Data Retention

MedalMad retains personal information only for as long as necessary to provide our services, comply with legal obligations, resolve disputes, prevent fraud and enforce our agreements.

Different categories of information are retained for different periods depending on their purpose.

Account Information

Your account details, including your name, email address, profile information and authentication records, are retained while your account remains active.

If you request deletion of your account, this information will normally be removed or anonymised unless we are legally required to retain it.

Challenge Information

Challenge purchases, entitlements, medals earned and completion history may be retained after a challenge has been completed in order to maintain your achievement history and provide customer support.

Activity Information

Activity history, imported fitness activities and challenge progress are retained while your account remains active.

Where an account is deleted, activity information will normally be deleted or anonymised unless retention is required for legal, fraud prevention or accounting purposes.

Social Content

Posts, comments, likes and other community interactions remain available until deleted by you or removed by MedalMad in accordance with our Community Guidelines.

Content associated with deleted accounts may be anonymised where appropriate.

Payment Records

Transaction information is retained for the period required by applicable accounting, taxation and financial regulations.

Payment card details are never stored by MedalMad.

Customer Support

Support requests and correspondence may be retained for as long as reasonably necessary to resolve enquiries, improve our services and comply with legal obligations.

Connected Fitness Providers

Connection information and secure authentication tokens are retained only while a provider remains connected.

If you disconnect a provider, authentication tokens are revoked or deleted where appropriate. Historical activities previously synchronised may remain as part of your challenge history.

Apple App Store Privacy

The MedalMad mobile application requests only the permissions necessary to provide its features.

Depending on the functionality you choose to use, these permissions may include:

  • Location Services
  • Health and Fitness Data
  • Notifications
  • Camera (where applicable)
  • Photo Library (where applicable)

Permissions are requested only when required by a feature you actively choose to use.

You may disable permissions at any time through your device settings. Some application features may not function correctly if required permissions are disabled.

MedalMad does not use personal information collected through these permissions for third-party advertising.

Data collected through the application is used only to:

  • Provide challenge tracking
  • Synchronise fitness activities
  • Maintain your account
  • Improve application performance
  • Provide customer support
  • Meet legal obligations

The information disclosed within Apple’s App Privacy section reflects the categories of information described in this Privacy Policy.

Google Play Data Safety

MedalMad is committed to transparency regarding how information is collected, used and protected.

Information collected by MedalMad may include:

  • Personal information
  • Account information
  • Activity history
  • Health and fitness information
  • Location information (when enabled)
  • User-generated content
  • Device identifiers
  • Application diagnostics

This information is used to:

  • Operate the MedalMad platform
  • Deliver purchased services
  • Synchronise fitness activities
  • Calculate challenge progress
  • Improve application reliability
  • Detect fraud and abuse
  • Provide customer support

MedalMad does not sell personal information.

Personal information is shared only with trusted service providers where necessary to provide our services or comply with legal obligations.

Where supported by the platform, users may request deletion of their account and associated personal information.

The information declared within the Google Play Data Safety section is intended to remain consistent with this Privacy Policy.

Complaints and Supervisory Authorities

We are committed to resolving any concerns you may have regarding your personal information.

If you believe we have not handled your personal information appropriately, please contact us first so that we can investigate and resolve your concern.

Privacy Contact

Active Connections Group Ltd

Email: [email protected]

We aim to respond to privacy enquiries as quickly as possible and within the timescales required by applicable law.

If you remain dissatisfied with our response, you may have the right to lodge a complaint with your local data protection authority.

United Kingdom

The supervisory authority for data protection matters in the United Kingdom is the:

Information Commissioner’s Office (ICO)

Website:

https://ico.org.uk

European Union

If you are located within the European Economic Area, you may also lodge a complaint with the data protection authority in your country of residence, place of work or where the alleged infringement occurred.

Lodging a complaint with a supervisory authority does not affect any other legal rights or remedies that may be available to you.