top of page

Privacy Policy

Last Updated: 29 December 2025

 

Planet Once Holding Ltd ("we," "us," or "our") values your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, and protect your information when you use our mobile application, Planet Once - Employee Wellbeing (the "App"), which is available on the Android and Apple application stores. This policy applies to employees (users of the App) whose employers have entered into an agreement with us to license the App. By using the App, you agree to the terms of this Privacy Policy.

Google API Services User Data Policy Compliance

We adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. This means that we limit our use of Google user data to providing and improving user-facing features that are prominent in our App's user interface. We do not use Google data for any purposes not explicitly disclosed in this Privacy Policy.

1. About Us

Planet Once Holding Ltd is a company registered in England and Wales, responsible for the management and operation of the App. We are registered with the Information Commissioner's Office (ICO) and process personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

 

If you have any questions about this Privacy Policy, you can contact us at:

2. Information We Collect

When you use the App, our App Administration Portal, Support Portal or Website, we may collect and process the following categories of personal data:

 

a. Personal Information

  • Name

  • Email address and Telephone Number

  • Employer name

  • Job Title, Department and Organizational information

  • Profile picture (if uploaded by you or shared by your employer)

  • Age

  • Gender

  • Habit information such as smoker / non-smoker

 

b. Health and Fitness Information

We collect health and fitness data to support your wellbeing journey and enable participation in workplace wellness challenges and gamification activities. This data helps us provide personalized wellbeing content, track your progress towards health goals, facilitate friendly competition through company challenges, and generate insights that help your employer create a healthier workplace culture.

 

The health and fitness data we collect includes:

  • Mood tracking: Your self-reported mood and emotional wellbeing data entered through the App to help you monitor your mental health over time and receive appropriate wellbeing recommendations.

  • Fitness activity data: Including step counts, distance walked/run, calories burned, active minutes, and exercise sessions. This data is used to track your physical activity progress, award achievement badges, and enable participation in step challenges and fitness competitions with colleagues.

  • Movement and activity patterns: Your daily activity levels and movement data to provide insights into your activity trends and help you maintain consistent healthy habits.

  • Sleep data: Including sleep duration and sleep quality metrics, used to help you understand your sleep patterns and receive recommendations for improving sleep hygiene as part of your overall wellbeing.

  • Water intake tracking: Your daily water consumption logged in the App to help you maintain proper hydration and develop healthy hydration habits.

  • Engagement feedback: Your interaction with wellbeing content, challenges, and App features to help us improve the user experience and provide more relevant content.

 

Purpose of health data collection: All health and fitness data is collected solely to power the employee wellbeing features within our App. Specifically, this data enables: (1) personalized health insights and recommendations, (2) progress tracking towards your individual wellness goals, (3) participation in workplace wellness challenges and competitions, (4) achievement badges and gamification rewards to motivate healthy behaviors, (5) aggregated company-wide wellbeing analytics (anonymized) to help employers understand overall workforce health trends, and (6) tailored wellbeing content based on your activity patterns and preferences.

 

c. Google Calendar Access

Limited calendar access for workout scheduling only: We request access to your Google Calendar exclusively for creating and managing workout-related calendar events.

 

What we do with calendar access:

  • Create calendar events when you schedule workouts or wellness activities through the App

  • Set reminders for upcoming scheduled workouts or wellness sessions

  • Update or delete workout events you've created through our App

 

What we do NOT do with calendar access:

  • We do NOT read, access, or view your existing calendar events, appointments, or personal meetings

  • We do NOT access information about your meeting attendees, locations, or event details from other calendar events

  • We do NOT modify, delete, or interact with any calendar events that were not created by our App

  • We do NOT share your calendar data with your employer or any third parties

  • We do NOT use calendar information for advertising, analytics, or any purpose other than creating workout events you explicitly request

 

Calendar permissions are requested only when you choose to use the workout scheduling feature. You can revoke calendar access at any time through your Google account settings without affecting other App functionality.

 

d. Technical Information

  • Device information (e.g., IP address, operating system, device type, and device identifiers)

  • Usage data (e.g., how you interact with the App, features accessed, session duration)

  • Log data and diagnostic information for troubleshooting and App performance optimization

3. How We Use Your Information

We use your personal data to:

  • Deliver and improve the services provided by the App, including personalized wellbeing features and gamification elements.

  • Provide tailored wellbeing content, health insights, and recommendations based on your activity patterns and goals.

  • Enable participation in workplace wellness challenges, competitions, and achievement systems.

  • Monitor and enhance user experience, engagement, and App performance.

  • Create workout-related calendar events when you use the scheduling feature (with your explicit permission).

  • Facilitate participation in company challenges and track progress towards wellness goals.

  • Communicate with you about App updates, new features, and wellness content.

 

Aggregated Data

We may provide your employer with aggregated and anonymised data about their employee group's wellbeing trends and engagement with the App. This data does not identify any individual user and is presented only at a group level to help organizations understand workforce wellbeing patterns.

 

Company Challenges

If you participate in a company challenge or competition, we will share the results, including the finished challenge ranking with named individuals, with your employer. This allows for recognition of achievements and maintains the competitive and motivational aspects of workplace wellness programs. No other personal health information will be shared with your employer outside of these challenge results.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

  • Consent: When you provide explicit consent for specific uses of your data, including health data processing and optional features like Google Calendar integration.

  • Performance of a Contract: To fulfil our obligations under the agreement with your employer and provide you with the App services you have access to.

  • Legitimate Interests: To provide and improve the App's functionality, user experience, and to develop new features that benefit users, while ensuring these interests do not override your fundamental rights and freedoms.

5. Sharing Your Information

We do not share your personal data with third parties except as described below:

 

a. Data Processors and Service Providers

We use carefully selected third-party service providers to host and process your data. These providers act as data processors under our instruction and are bound by strict contractual obligations to protect your privacy:

 

  • Amazon Web Services (AWS): We use AWS as our primary cloud infrastructure provider for hosting the App and related services. AWS provides secure, scalable cloud computing resources in compliance with industry-leading security standards.

  • MongoDB: We use MongoDB as our database service provider to securely store and manage your personal data, health information, and App usage data. MongoDB operates under strict data processing agreements and implements robust security measures to protect your information.

 

All data processing activities by AWS and MongoDB are governed by comprehensive data processing agreements that ensure compliance with UK GDPR, including appropriate technical and organizational security measures, confidentiality obligations, and restrictions on data use.

 

b. Your Employer

Your employer will only receive aggregated and anonymised data about the employee group's wellbeing trends, which cannot be used to identify individual employees. The only exception is when you participate in a company challenge, in which case your employer will receive the challenge results, including the finished challenge ranking with named participants. Your individual health data, fitness metrics, mood tracking, and other personal information are never shared with your employer.

 

c. Google API Services

When you grant permission for Google Calendar integration, we interact with Google APIs solely to create workout-related calendar events on your behalf. We do not share your Google account data with any third parties, including your employer. All interactions with Google services are governed by Google's privacy policies and our compliance with the Google API Services User Data Policy, including Limited Use requirements.

 

d. Legal Requirements

We may disclose your personal data if required by law, court order, or governmental regulation, or if necessary to protect our legal rights, prevent fraud, or ensure the safety of our users.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, including compliance with legal, regulatory, tax, accounting, or reporting requirements.

 

If you stop using the App, request deletion of your account, or your employer's agreement with us ends, we will delete or anonymise your personal data within a reasonable timeframe, typically within 90 days, unless we are required to retain it longer to comply with legal obligations. Aggregated and anonymized data that cannot be used to identify you may be retained indefinitely for statistical and analytical purposes.

7. Your Rights under GDPR

Under the UK General Data Protection Regulation, you have the following rights:

  • Right of Access: Request access to your personal data and receive a copy of the information we hold about you.

  • Right to Correction: Request correction of inaccurate or incomplete personal data.

  • Right to Erasure: Request deletion of your personal data, subject to certain legal exceptions such as compliance with legal obligations.

  • Right to Restriction: Request restriction of processing of your personal data in certain circumstances.

  • Right to Data Portability: Request transfer of your personal data to another service provider in a structured, commonly used, and machine-readable format.

  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent: Withdraw your consent at any time for processing activities based on consent, including health data processing and Google Calendar access. Withdrawal will not affect the lawfulness of processing before withdrawal.

  • Right to Lodge a Complaint: Lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

 

To exercise any of these rights, please contact us at privacy@planetonce.com. We will respond to your request within one month, or within two months for complex requests, in accordance with UK GDPR requirements.

8. Data Security

We implement appropriate technical and organisational measures to safeguard your personal data against unauthorised access, accidental loss, destruction, or damage. Our security measures include:

  • Encryption of data in transit and at rest using industry-standard protocols

  • Strict access controls and authentication mechanisms to limit data access to authorized personnel only

  • Regular security audits, vulnerability assessments, and penetration testing

  • Continuous monitoring for security threats and suspicious activity

  • Employee training on data protection and security best practices

  • Secure backup and disaster recovery procedures

  • Use of industry-leading cloud infrastructure (AWS) and database services (MongoDB) with enterprise-grade security certifications

 

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

9. International Data Transfers

Your personal data is primarily stored and processed within the United Kingdom using Amazon Web Services (AWS) and MongoDB data centers located in the UK. If we need to transfer your data outside the UK or European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your information in accordance with UK GDPR requirements. These safeguards may include:

  • Standard Contractual Clauses approved by the UK ICO

  • Transfers to countries with adequacy decisions recognizing equivalent data protection standards

  • Other appropriate legal mechanisms to ensure data protection

Further Detailed Policy information

10. Children's Privacy
Our App is designed for employee wellbeing and is intended for use by individuals who are at least 18 years old or the age of majority in their jurisdiction. We do not knowingly collect personal data from children under the age of 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.
 
11. Third-Party Services and Links
Our App may contain links to third-party websites, services, or content providers that are not operated by us. This Privacy Policy applies only to our App and services. We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party services you access through our App.
 
12. Changes to Google API Access
You can manage or revoke Google Calendar access at any time through your Google Account settings (myaccount.google.com/permissions). Revoking calendar access will prevent the App from creating new workout events in your calendar but will not affect other App functionality. Previously created calendar events will remain in your calendar but can be manually deleted by you at any time.
 
13. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App functionality. Any material changes will be communicated to you through the App, via email, or through other appropriate channels. The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy regularly to stay informed about how we process and protect your data.
 
Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with any changes, you should discontinue use of the App and contact us to exercise your data rights.
 
14. Contact Us
Thank you for trusting Planet Once Holding Ltd with your personal data. If you have any concerns, questions, or wish to exercise your data protection rights, please don't hesitate to contact us:
 

 
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

bottom of page