Privacy policy
Privacy Policy
The Body Hub™
The Body Hub™ and its affiliates (collectively the “Company”, “we”, “our” or “us”) operates a wellness, coaching and retail platform and acts as the data controller responsible for your personal data in accordance with this privacy policy. We value your security and privacy. In accordance with the Federal Decree Law No. 45 of 2021 and its Executive Regulations when they come into force (the “Data Protection Law”) and our Terms and Conditions, this privacy policy (the “Policy”) outlines:
- the categories of personal data we collect;
- the legal basis and purpose for processing such data;
- your rights as a data subject, including your right to access, correct, erase or restrict the processing of your personal data; and
- how you may exercise those rights by contacting us via the communication channels provided below.
We may collect your personal data when you use our mobile app, website or any other services that we may provide from time to time. You may at any time request to exercise your data protection rights, such as access, rectification or erasure of your personal data, subject to certain restrictions, by contacting us using the details provided in this Policy.
Definitions:
For the purposes of this Policy:
Minors means any individual who has not attained the age of eighteen (18) years, as recognised under applicable laws of the UAE.
Platform means our website, booking environments, e-commerce systems and any digital interfaces through which we provide Services or sell Products.
Products means physical goods, equipment, tools or accessories offered for sale through the Platform.
Program means a structured Service offered for a defined period or number of sessions.
Services means any wellness, coaching, training, educational, retreat or related services provided by the Company, whether online or in person.
Third-Party Service Providers means external providers who support our operations, including payment processors, booking platforms, logistics partners, hosting providers, video conferencing platforms, transcription technology providers, secure cloud storage providers and technology suppliers.
User, you or your means any person who accesses the Platform, purchases Products, books Services or otherwise interacts with us.
Contents
- What data do we collect?
- When do we collect your data?
- Why do we process your data?
- Do we share your data with third parties?
- Do we transfer your data to other countries?
- How do we protect your data?
- How long do we keep your data for?
- Marketing
- What are your data protection rights?
- Cookies
- How to manage your cookies
- Minors
- Third-party privacy policies
- Changes to our Policy
- How to contact us
- What data do we collect?
- Data that you give us:
- User Data (includes name, email address, password, phone number, date of birth, gender, billing and delivery address);
- Booking and Service Information (includes scheduling details, participation records and information required to administer sessions, Programs or events, which may be processed via our booking systems);
- Wellness and Health-Related Information (such as injuries, medical conditions, physical limitations, pregnancy information, fitness levels or goals) where voluntarily provided by you for the purpose of participating in services or ensuring safe delivery of sessions;
- Payment and billing information (only payment tokens and transaction confirmations. Full card details are processed by authorised payment providers and are not stored by us);
- Photographs, video and visual media (including progress images, assessment photos or short video clips) where taken with your explicit consent during sessions, Programs or events; and
- Feedback, reviews and survey responses.
- Data that we collect from you:
- Records of correspondence between you and us;
- Purchase history; and
- Marketing preferences.
- Any information relating to an identified or identifiable natural person provided to us or collected by us, which on its own or in combination with other non-personally identifiable information can be used to identify an individual specifically, shall be classified and treated as personal data under this Policy.
- Health or wellness information may constitute sensitive personal data under the Data Protection Law. Such information is provided voluntarily by you and is processed solely for the purpose of administering services, adapting activities to your needs and supporting your safety and wellbeing. You are not required to provide this information; however, opting not to do so may affect our ability to tailor Services appropriately.
- With your explicit consent, we may take photographs or short video recordings during sessions, Programs or events for one or more of the following purposes:
- Internal purposes: This includes maintaining client records, tracking progress over time, conducting internal assessments, quality control, case study development (for internal analysis only) and supporting service delivery. Such materials are stored securely (including on restricted-access cloud storage or secure devices) and are accessible only to authorised personnel.
- External purposes: Where we wish to use photographs or videos for marketing, testimonials, case studies, social media, website content or other promotional materials, we will obtain your separate, explicit consent prior to such use. You are not required to provide consent for external use in order to receive Services. Refusal will not affect your participation.
Where content is used for marketing purposes, you may withdraw your consent for future use at any time by contacting us. Withdrawal will not affect materials already lawfully published prior to withdrawal, but we will take reasonable steps to cease further use where practicable. All photographs and recordings are processed in accordance with the Data Protection Law and retained only for as long as necessary for the purposes described in this Policy or as required by law.
- With your explicit consent, we may record coaching sessions, assessment sessions, workshops or other Services (including via online platforms such as video conferencing tools) and/or use automated transcription tools to generate written transcripts of sessions. Such recordings and transcripts may include audio, video, voice data, session discussions, progress information and any wellness-related information voluntarily shared by you during the session. We process recordings and transcripts strictly for internal purposes, including:
- creating accurate session notes;
- maintaining client records;
- tracking progress over time;
- ensuring consistency and quality of service delivery; and
- supporting internal training and operational management.
We may use trusted Third-Party Service Providers to facilitate recording, transcription and storage. These providers may process data on our behalf and may operate or store data outside the UAE. Where such transfers occur, we take reasonable steps to ensure appropriate safeguards are implemented in accordance with the Data Protection Law. You are not required to consent to session recording or transcription in order to receive Services. If you decline, we will proceed without recording and may take manual notes instead. You may withdraw your consent to future recordings at any time by contacting us. Withdrawal will not affect processing already lawfully carried out prior to withdrawal. Recordings and transcripts are retained only for as long as necessary for the purposes described in this Policy or as required by applicable law, after which they are securely deleted or anonymised.
- When do we collect your data?
- We collect and process your data when you:
- interact with our website;
- purchase Products through the Platform;
- book, schedule or participate in any Services, Programs, workshops or events;
- create an account or profile within our booking or service management systems where required;
- subscribe to our newsletters, updates or marketing communications;
submit enquiries, feedback, reviews or survey responses; and - communicate with us through any of our official communication channels, including email, telephone, messaging services or social media.
- Why do we process your data?
- The below table outlines:
- Our purposes for collecting your data;
- Our legal justifications (each a “legal basis”) under the Data Protection Law for each purpose; and
- Categories of data that we use for each purpose.
- Here is an explanation of each legal basis to help you understand the table:
- Performance of a contract: When it is necessary for our Company or a Third-Party Service Providers to process your data to:
- Comply with obligations under a contract with you. This includes our obligations under the Terms and Conditions to avail our services; or
- Verify information prior to you entering into a contract with us.
- Legitimate interests: When we have a legitimate interest in processing your data in a certain way, which is necessary and justifiable considering the risks the processing may pose.
- Consent: Where you have given your explicit consent for the data to be processed for one or more specific purposes.
- Compliance with legal obligations: Where we must process your data to comply with a law.
|
Purpose of processing |
Legal Basis |
Categories of data processed |
|
Providing Services, Programs and bookings |
Performance of a Contract |
User & contact data, booking information, health/wellness information (if provided), payment confirmations, correspondence |
|
Processing orders, shipping and returns |
Performance of a Contract |
User & contact data, delivery information, transaction data |
|
Managing subscriptions and memberships |
Performance of a Contract |
User & contact data, transaction data, booking history |
|
Customer support and communications |
Performance of a contract / Legitimate interests |
Contact data, correspondence |
|
Conducting research and surveys |
Consent |
User data, booking data, feedback and survey responses |
|
Marketing and advertising purposes |
Consent |
User Data, contact Data, feedback and survey responses and booking history |
|
Enhancing User experience and improving the platform by introducing new features and technologies |
Legitimate interests |
User data, records of correspondence and booking history |
|
Maintaining the Platform and addressing technical issues |
Legitimate interests |
User data, records of correspondence and booking history |
|
Fraud prevention, risk management and security |
Legitimate interests |
Contact data, transaction data |
|
Processing on request of government or regulatory authorities |
Compliance with legal obligations |
User data, payment and billing information, records of correspondence and booking history |
|
Establishing or defending legal claims |
Legitimate interests |
User data, payment and billing information, records of correspondence and booking history |
- We will take all steps reasonably necessary to ensure your personal data is processed fairly and lawfully, in accordance with the Data Protection Law and this Policy.
- Unless otherwise notified, we do not ordinarily rely solely on automated decision making when processing your personal data and if we do, you may object to any such automated processing at any time.
- We rely on you to provide accurate and complete personal data. We will update or rectify your personal data when you notify us of changes or inaccuracies, in accordance with this Policy and our obligations under applicable law.
- Do we share your data with third parties?
- We may, from time to time, share your personal data with trusted third parties where necessary to operate the Platform, provide Services, process payments, fulfil deliveries or comply with legal obligations. Such third parties may include booking and management system providers, payment processors, logistics and courier partners, technology and hosting providers, professional advisers and government or regulatory authorities where required by law. For example, where you purchase a Product, we may share your name, delivery address, phone number and email address with fulfilment centres and courier companies for the purpose of processing and delivering your order.
- Where you book or participate in Services or Programs, certain information may be processed through our booking and customer management systems in order to administer scheduling, attendance and communications.
- In any instance where we share your personal data, we seek to ensure, where reasonably practicable, that recipients apply appropriate standards of data protection consistent with applicable laws and this Policy.
- Do we transfer your data to other countries?
In order to operate the Platform, provide Services, process payments and fulfil deliveries, we may transfer, process or store personal data outside the United Arab Emirates (UAE). This may include transfers to countries that may not provide the same level of data protection as the UAE. For example, certain booking, payment, hosting or customer management systems used by the Company, as well as international logistics partners, may operate or store data in other jurisdictions. Where such transfers occur, we take reasonable steps to ensure that appropriate safeguards are implemented in accordance with the Data Protection Law.
- How do we protect your data?
- We implement appropriate technical and organisational measures to help protect the security of your personal data in accordance with the Data Protection Law. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, we cannot warrant or guarantee the security of any personal data you transmit to us and you do so at your own risk.
- We have established policies and procedures for securely managing information and protecting personal data against unauthorized access. We continually assess our data privacy information management and security practices. We do this in the following ways:
- Protecting against unauthorized access to personal data by using appropriate technical and organisational security measures such as anonymisation;
- Conducting regular reviews of our security practices;
- Providing data security training to our team members;
- Maintaining a data breach response plan and notifying the UAE Data Office and affected data subjects where required under the Data Protection Law; and
- Ensuring personal data is retained only for as long as necessary and securely deleted, in accordance with our data retention practices and applicable law.
- How long do we keep your data for?
- We keep your personal data for a maximum period of five (5) years or only for as long as necessary to fulfil the purposes for which it was collected, including but not limited to providing Services, processing transactions, managing bookings, handling enquiries and complying with legal obligations.
- Retention periods are determined based on the type of data, the nature of the relationship with you, operational requirements and any legal, accounting or regulatory obligations that apply.
- Where personal data is no longer required, we will take reasonable steps to securely delete, anonymise or restrict access to such data, unless continued retention is necessary or permitted under applicable law.
- Marketing
- If you have agreed to receive marketing communications from us or our partners, you may always opt out at a later date. You may withdraw your consent at any time or object to the processing of your personal data for direct marketing purposes.
- Please note that we may continue to send you service-related e-mails necessary for your use of our Services.
- Please note that if you unsubscribe from our marketing communications, this will not affect promotional messages from third parties or unaffiliated marketers whose services you accessed via our Platform. We do not control the marketing practices of such third parties and you should contact them directly to exercise your opt-out rights.
- Finally, we will remove your personal data from our direct marketing lists upon request but please be aware that if such information is also held by a different third party's marketing directory through your request or election, you will need to request removal with such third party directly.
- What are your data protection rights?
- You have the right to access information held about you. Your right of access can be exercised at any time and without the need to provide a reason, in accordance with the Data Protection Law.
- You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- You may also request that we restrict the processing of, erase, transfer the information you gave us from one organisation to another or otherwise process your personal data in line with the relevant articles providing for such rights set out in the Data Protection Law.
- We do not charge a fee for responding to your data subject access request unless the request is manifestly unfounded or excessive, in which case a reasonable fee may be charged or we may refuse to act on the request.
- When you contact us about a potential personal data error or query, we will confirm or verify the information in question, then correct verified inaccuracies and respond to the original inquiry. We will endeavor to send a correction notice to businesses or others whom we know to have received the inaccurate data, where required or appropriate. However, some third parties and third-party apps or sites may continue to process inaccurate data about you until their databases and display of data are refreshed or until you contact them personally to ensure the correction is made in their own files.
- We shall not discriminate against you for exercising your rights by denying services or changing prices or quality of service, unless objectively justifiable and applied equally across all individuals accessing our Services.
- If you would like to exercise any of your data rights, please contact us via the details below. We will respond to you within the timeframe required by law, which is generally 30 days.
- Cookies
- We use cookies and similar tracking technologies on the Platform to ensure functionality, enhance performance, analyse usage and, where permitted, support marketing activities.
- Cookies are small text files placed on your device when you visit a website. They help websites recognise your device, remember preferences and improve user experience.
- We may use the following categories of cookies:
- Strictly necessary cookies
These are required for the operation of the Platform, including enabling purchases, bookings, security and network management. The Platform cannot function properly without them.
- Performance and analytics cookies
These help us understand how visitors interact with the Platform, which pages are visited and how services are used. This allows us to improve functionality and user experience.
- Functionality cookies
These allow the Platform to remember choices you make, such as preferences or previously entered information.
- Marketing and advertising cookies
Where used, these cookies may help us deliver relevant promotions or measure the effectiveness of campaigns.
- Some cookies may be placed by Third-Party Service Providers who support our operations, such as technology, analytics or advertising partners. These third parties may collect information about your online activities over time and across different websites, subject to their own privacy policies. We do not control the practices of such third parties.
- You can manage or disable cookies through your browser settings. However, restricting cookies may impact certain features of the Platform, including bookings or purchases.
- Where required by law, we will request your consent before placing non-essential cookies on your device.
- How to manage your cookies
Before we store or access non-essential cookies or similar technologies on your device, we will ask for your explicit consent during account creation or via a settings prompt or consent banner. You can choose to accept all cookies, decline all non-essential cookies or manage your preferences at any time through the privacy or settings section of the website. In addition, most web browsers allow you to control cookies through their settings. However, restricting cookies may affect the availability or functionality of certain features, including purchases or bookings.
- Minors
- Certain Services may be made available to Minors only with prior authorisation from a parent or legal guardian, as described in our Terms and Conditions.
- We do not knowingly collect personal data directly from Minors without appropriate authorisation from a parent or legal guardian. If we become aware that personal data has been collected without such authorisation, we will take reasonable steps to delete it, subject to our legal obligations.
- Third-party privacy policies
- The Platform may contain links to third-party websites, services or applications that are not operated or controlled by us.
- This Policy applies only to personal data processed by the Company. We are not responsible for the privacy practices, security or content of third parties. We encourage you to review their policies before providing any personal data.
- Changes to our Policy
We keep our Policy under regular review and may make changes to it from time to time. Where we make material changes to this Policy or to how we process your personal data, we will take appropriate steps to notify you, such as posting a notice on our app or website or contacting you directly via email (where feasible). Your continued use of our Services after such notice constitutes your understanding of the changes. We encourage you to periodically review this Policy for the latest information on our privacy practices.
- How to contact us
If you have any questions or concerns about this Policy, or would like to exercise any of your rights as a data subject, please contact: hello@body-hub.com
Updated as at March 2026