IE Privacy Policy | Weight Watchers UK | WW UK

WHO WE ARE?

The controller of your Personal Data collected in connection with the WW business in the Republic of Ireland is Denross Limited at 70 Sir John Rogerson’s Quay, Dublin 2, Ireland.

The controller of your Personal Data collected in connection with the WW business in Northern Ireland is CheckWeight Limited at 50 Bedford Street, Belfast, BT2 7FW, Northern Ireland.

HOW IS MY PERSONAL DATA USED?

Personal Data is information that identifies you or can be used to identify or contact you (“Personal Data”). Such Personal Data may include your name, address, email address, telephone number, birth date (primarily for eligibility purposes) and billing and credit card information. Personal Data may also include health related data, such as your weight history.

We only process Personal Data that you have provided directly to us or which we have automatically collected from you as specified in this Privacy Policy. Unless defined in this Privacy Policy or unless you give us permission to do so, we will not use or share your Personal Data other than as specified in this Privacy Policy.

How We Use Your Personal Data and How Long We Retain It

We process your Personal Data in order to maintain records of your WW membership for the purposes of satisfying any legal, accounting, or reporting requirements. The legal basis for such processing is Art. 6(1)(c) GDPR as we may be required to process your information in order to comply with certain legal obligations. To the extent health data are processed, such processing is based on Art. 9(2)(a), your consent.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will retain your data for the period of your membership + 7 years after closure date or as long as necessary to fulfil the purposes we collected it for.

HOW WE SHARE AND DISCLOSE PERSONAL DATA

We will not share, sell, transfer or otherwise disseminate your Personal Data to third parties, unless required by law according to Art. 6(1)(c) GDPR, unless required for the purpose of your contract according to Art. 6(1)(b) GDPR, unless the third-party acts as a data processor on our behalf according to Art. 28 GDPR, as a Joint Controller according to Art 26 GDPR or you have given us express consent to do so according to Art. 6(1)(a) GDPR.

Your data will be stored by WW GBR Limited in the UK, which is the subject of a decision by the European Commission that it provides an adequate level of protection for personal data.

DATA TRANSFERS

Some of the companies we share your Personal Data with as described above are located outside of Ireland. In order to grant sufficient protection of your Personal Data in this context, all data transfers above are covered under an appropriate legal transfer mechanism according to the GDPR.

Any sharing of your Personal Data with other WW entities or service providers will be made in accordance with applicable data protection laws and will be limited to the extent necessary. We have carefully selected these companies and continuously monitor their compliance with our instructions. These companies are contractually prohibited from using your Personal Data for any other purposes than those described in this Privacy Policy.

We may also be required to disclose your Personal Data to government or law enforcement officials in response to a lawful request by a public authority or if we have to do so to comply with a legal obligation, including to meet national security or law enforcement requirements according to Art. 6(1)(c) GDPR. We can also disclose your information in order to pursue our legitimate interest in applying or enforcing our terms and conditions or in responding to any claims, in protecting our rights or the rights of a third party, in protecting the safety of any person or in preventing any illegal activity (including for the purposes of fraud protection and credit risk reduction) according to Art. 6(1)(f) GDPR.

If required under applicable data protection laws, we will collect your prior consent before sharing your Personal Data with other companies. In such cases, the legal basis is Art. 6(1)(a) GDPR.

AUTOMATED INDIVIDUAL DECISION-MAKING

We do not use your Personal Data to make decisions with legal or similar effects for you based solely on the automated processing of your Personal Data.

WHAT RIGHTS DO I HAVE?

You have the following rights:

● Right of access (Art. 15 GDPR):

You have the right to request confirmation as to whether we process your Personal Data and where that is the case, to request access to and a copy of the Personal Data we hold about you.

● Right to rectification (Art. 16 GDPR):

You have the right to request the correction of inaccurate Personal Data.

● Right to erasure (Art. 17 GDPR):

You have the right to request erasure of Personal Data without undue delay under certain circumstances, e.g., if your Personal Data is no longer necessary for the purposes for which it was collected or if you withdraw consent on which our processing is based according to Art. 6(1)(a) GDPR and where there is no other legal ground for processing.

● Right to restriction of processing (Art. 18 GDPR):

You have the right to request us to restrict the processing of your Personal Data under certain circumstances, e.g., if you think that the Personal Data we process about you is incorrect or unlawful.

● Right to data portability (Art. 20 GDPR):

Under certain circumstances, you have the right to receive your Personal Data you have provided us with, in a structured, commonly used and machine-readable format and you have the right to transmit that information to another controller without hindrance or ask us to do so.

● Right to object (Art. 21 GDPR):

You have the right to object to the processing of your Personal Data under certain circum-stances, in particular if we process your Personal Data on the legal basis of legitimate interests (Art. 6(1)(f) GDPR) or if we use your Personal Data for marketing purposes.

You can exercise your abovementioned rights by contacting us at the contact details mentioned below.

WHO DO I CONTACT IF I HAVE ANY PRIVACY QUESTIONS?

If you have any questions about our Privacy Policy, your privacy rights or feel that we are not abiding by the terms of our posted Privacy Policy or the applicable data protection laws, please contact our data protection team at privacyuk@ww.com.

RIGHT TO LODGE A COMPLAINT BEFORE THE DATA PROTECTION AUTHORITY

If you believe that the processing of your personal data infringes applicable data protection laws and you are a resident of Northern Ireland, you have the right to lodge a complaint with the Information Commissioner.

If you believe that the processing of your personal data infringes applicable data protection laws and you are a resident of the Republic of Ireland you have the right to lodge a complaint with the Data Protection Commission by using the form available at https://forms.dataprotection.ie/contact.

CHANGES TO THIS PRIVACY POLICY

We may amend this Privacy Policy from time to time. We will post any changes to this Privacy Policy here. Please refer back to this Privacy Policy on a regular basis.