Privacy Policy

1. Important information and who we are

1.1 Purpose of this privacy policy

1.1.1 This privacy policy aims to give you information on how Tramp Health collects and processes your personal data through your use of the Tramp Health app, website and related services, including any data you may provide through your membership, bookings, concierge interactions, purchases, wearable integrations and use of club facilities.

1.1.2 The app, website and related services are not intended for children and we do not knowingly collect personal data relating to children through them. Membership and guest eligibility rules apply separately under our contractual terms.

1.2 Controller

1.2.1 T HEALTH (MAYFAIR) LIMITED, trading as Tramp Health, is the controller and responsible for your personal data.

• Registered office: 36 Jermyn Street, London, England, SW1Y 6DN
• Company number: 16466842

1.2.2 If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details in clause 10.

1.3 Independent practitioners and third party providers

1.3.1 Some services made available through Tramp Health are provided by independent practitioners, consultants, therapists, coaches, clinicians or third party providers. In those cases, the relevant practitioner or provider may separately act as an independent controller of personal data collected or processed by them in connection with the professional services they provide to you. This privacy policy explains how Tramp Health processes your personal data for its own purposes, including operating the app, website, membership systems, bookings, payments, club access and related services.

1.3.2 Tramp Health does not determine the purposes for which independent practitioners process personal data in connection with their professional services.

2. The types of personal data we collect about you

2.1 Personal data means any information about an individual from which that person can be identified.

2.2 We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data: includes first name, last name, previous names, title, date of birth, gender, photograph, membership ID, username or similar identifier.
• Contact Data: includes billing address, email address, telephone numbers and other contact details.
• Financial Data: includes bank account details, payment token information and limited payment related identifiers made available to us by our payment providers.
• Transaction Data: includes details about payments to and from you and details of memberships, services, bookings, appointments, products and other items you have purchased or accessed through us.
• Technical Data: includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, device identifiers, operating system and platform, app crash data and other technology on the devices you use to access our app, website and services.
• Profile Data: includes your username and password, purchases or orders made by you, booking history, preferences, interests, feedback, survey responses, account settings, concierge interactions and membership status.
• Usage Data: includes information about how you use our app, website, club systems, concierge functions, booking tools, messages and services.
• Marketing and Communications Data: includes your preferences in receiving marketing from us and your communication preferences.
• Health and Wellness Data: may include information relating to your use of wellness services, information you provide in health declarations or pre-screening forms, wearable or device data you choose to connect, and read-only hosted records such as blood test results or similar documents where this functionality is made available.

2.3 Special Category Data

2.3.1 Some of the personal data we process may be special category data under data protection law, including health related data. This may include:

• (a) information provided in health declarations, screening forms or treatment related forms;
• (b) wearable or wellness device data, where you choose to synchronise or connect such services; and
• (c) read-only hosted clinical or health related records made available through the app.

2.3.2 We only process special category data where we have a lawful basis and a separate condition for doing so under applicable data protection law.

2.4 Aggregated Data

We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data but is not considered personal data in law if it does not directly or indirectly reveal your identity.

3. How is your personal data collected?

3.1 We use different methods to collect data from and about you including through:

• Your interactions with us: You may give us your personal data by filling in forms, registering for an account, applying for membership, booking services, making purchases, syncing devices, completing assessments, sending messages through concierge or support channels, entering promotions, giving feedback or corresponding with us by post, phone, email, WhatsApp, app messaging or otherwise.
• Automated technologies or interactions: As you interact with our app or website, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We may collect this personal data by using cookies, server logs, software development kits, tracking technologies and similar technologies.
• Club and facility use: We may collect data when you check in, use club systems, access facilities, use digital booking tools, interact with staff or use concierge services.
• Third parties: We may receive personal data about you from third parties such as payment providers, technology providers, identity and authentication providers, analytics providers, communications providers, wearable integration providers and independent practitioners or service providers where necessary to facilitate bookings or services.
• Wearable and device integrations: Where you choose to connect a wearable or third party data source, we may receive data from that integration in accordance with your settings and permissions. You can disconnect wearable integrations at any time through your device or account settings.

4. How we use your personal data

4.1 Legal basis

4.1.1 The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

• Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
• Legitimate interests: We may use your personal data where it is necessary to conduct our business and pursue our legitimate interests, for example to operate our services, prevent fraud, maintain platform security, manage bookings, improve our services and administer our relationship with you. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests.
• Legal obligation: We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to.
• Consent: We rely on consent where we have obtained your agreement to use your personal data for a specified purpose, including where required for certain forms of marketing, cookies or special category data processing.

4.2 Special category data

4.2.1 Where we process health or wellness data, we process such data where permitted under Article 9 UK GDPR, including where:

• (a) you have given explicit consent;
• (b) processing is necessary for the provision of health or wellness services by a relevant professional; or
• (c) it is necessary for the establishment, exercise or defence of legal claims.

4.2.2 “UK GDPR” means Regulation (EU) 2016/679 as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, as amended from time to time.

4.3 Purposes for which we will use your personal data

We may use your personal data in the following ways:

• To register you as a new member or user: Identity, Contact, and Profile data are used, with the legal basis being performance of a contract with you.
• To manage your membership, account and relationship with us, including notifying you about changes to our terms or privacy policy: Identity, Contact, Profile, and Marketing and Communications data are used, with the legal basis being performance of a contract with you, legal obligation, and legitimate interests.
• To process and administer bookings, appointments, classes, consultations, treatments, events, purchases and related payments: Identity, Contact, Financial, Transaction, and Profile data are used, with the legal basis being performance of a contract with you and legitimate interests in recovering sums due.
• To operate concierge, messaging and support functions, including AI-assisted concierge functionality where available: Identity, Contact, Profile, Usage, and Transaction data are used, with the legal basis being performance of a contract with you and legitimate interests in operating and improving our services.
• To host and display information, records or documents made available through the app, including read-only hosted health records where applicable: Identity, Profile, and Health and Wellness Data are used, with the legal basis being performance of a contract with you and consent or other applicable lawful basis for special category data.
• To enable wearable or device integrations where you choose to connect them: Identity, Profile, Technical, Usage, and Health and Wellness Data are used, with the legal basis being performance of a contract with you and consent where required.
• To provide wellness insights, summaries or app/website features derived from connected data or your use of services: Profile, Usage, and Health and Wellness Data are used, with the legal basis being performance of a contract with you, legitimate interests, and consent where required.
• To administer and protect our business, app, website and systems, including troubleshooting, testing, analytics, fraud prevention, security, support, reporting and hosting: Identity, Contact, Technical, and Usage data are used, with the legal basis being legitimate interests and legal obligation.
• To manage club access, member verification, operational control and security: Identity, Profile, Usage, and CCTV or monitoring data where applicable are used, with the legal basis being performance of a contract with you, legitimate interests, and legal obligation where applicable.
• To manage complaints, incidents, disputes and legal claims: Identity, Contact, Profile, Transaction, Usage, and relevant Health and Wellness Data where necessary are used, with the legal basis being legitimate interests, legal obligation, and establishment, exercise or defence of legal claims.
• To send you service related communications, including booking confirmations, reminders, updates, notices and operational messages: Identity, Contact, Profile, Transaction, and Marketing and Communications data are used, with the legal basis being performance of a contract with you and legitimate interests.
• To send you marketing communications where permitted by law: Identity, Contact, Profile, Usage, and Marketing and Communications data are used, with the legal basis being consent where required and legitimate interests where permitted.
• To improve our services, app, website, member experience and business operations through analytics, feedback and research: Technical, Usage, Profile, and aggregated data are used, with the legal basis being legitimate interests.

4.4 AI-assisted features

4.4.1 We may use AI-assisted tools and automated systems within the app, including for concierge, search, summaries, recommendations, workflow support and service navigation. These features are used to support service delivery and user experience. Outputs are generated based on available data and system inputs and may not be complete or accurate.

4.4.2 We do not intend for AI-assisted features to provide medical advice, diagnosis, treatment or clinical decision support. Where AI-assisted features are used, you remain responsible for reviewing information and decisions made by the app, and we may use human review where appropriate.

4.4.3 We do not carry out automated decision making or profiling that produces legal effects or similarly significant effects on you within the meaning of Article 22 UK GDPR.

4.5 Marketing

4.5.1 You may receive marketing communications from us if you have requested information from us, purchased services from us, or otherwise engaged with us, where permitted by law, unless you have opted out.

4.5.2 You can ask us to stop sending you marketing messages at any time by following the opt-out links in any marketing message, changing your preferences in the app where available or contacting us using the details in clause 10.

4.5.3 We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.

4.6 Cookies

We do not use cookies.

5. Disclosures of your personal data

5.1 We may share your personal data where necessary with the parties set out below for the purposes described in this privacy policy:

• service providers who provide IT, hosting, infrastructure, communications, authentication, analytics, customer support and system administration services;
• payment service providers and payment processors, including providers used for direct debit and card payments;
• independent practitioners, consultants, therapists, clinicians, coaches and third party providers where necessary to facilitate bookings, communications or services;
• professional advisers including lawyers, bankers, auditors and insurers;
• regulators, authorities and other bodies where disclosure is required by law or necessary to protect rights, safety or compliance;
• third parties to whom we may choose to sell, transfer or merge parts of our business or our assets; and
• wearable integration providers and third-party platforms where you choose to connect such services.

5.2 We require third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third party service providers acting on our behalf to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, unless they act as an independent controller in their own right.

6. International transfers

6.1 Some of our service providers, systems or integration partners may process personal data outside the UK.

6.2 Whenever we transfer your personal data outside the UK to countries which do not provide the same level of data protection as UK law, we ensure that a similar degree of protection is afforded it by implementing appropriate safeguards, which may include:

• transferring personal data only to countries that have been deemed to provide an adequate level of protection; or
• using UK approved transfer mechanisms such as the International Data Transfer Agreement or the UK Addendum to the European Commission’s standard contractual clauses.

6.3 If you would like further information about the specific mechanism used when your personal data is transferred outside the UK, please contact us using the details in clause 10.

7. Data security

7.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

7.2 In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

7.3 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data retention

How long will you use my personal data for?

8.1 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Different types of personal data may be retained for different periods depending on their purpose, including:

• membership and account data;
• transaction and payment records;
• health and wellness data;
• communications and support records.

8.2 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal, regulatory, tax, accounting or other requirements.

8.3 By law we have to keep basic information about our members (including Contact, Identity, Financial and Transaction Data) for six years after they cease being members for tax and legal purposes.

8.4 If you request the permanent deletion of your account and data through the app, we will initiate a programmatic purge across our core databases and integrated third party systems. You acknowledge that this action is irreversible and will result in the immediate termination of your membership. We may still retain certain data where we have a prevailing legal or regulatory obligation to do so (e.g. for tax or financial auditing).

9. Your legal rights

9.1 Under certain circumstances, you have rights under data protection law in relation to your personal data, including the right to:

• Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
• Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in certain scenarios, such as if you want us to establish the data’s accuracy.
• Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine readable format.
• Withdraw consent at any time where we are relying on consent to process your personal data (e.g. for marketing or health data tracking).

9.2 If you wish to exercise any of the rights set out above, please contact us using the details in clause 10.

9.3 You will not usually have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee or refuse to comply if your request is clearly unfounded, repetitive or excessive.

9.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights.

9.5 We try to respond to all legitimate requests within one month. It may sometimes take longer if your request is particularly complex or you have made a number of requests. In that case, we will notify you and keep you updated.

10. Contact details

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

• Email address: francesco@tramphealth.co.uk
• Postal address: 36 Jermyn Street, London, England, SW1Y 6DN

11. Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

12. Changes to the privacy policy and your duty to inform us of changes

12.1 We keep our privacy policy under regular review. This version was last updated on 14/05/26.

12.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

13. Third party links

13.1 The app and website may include links to third party websites, plug-ins and applications (such as Apple Health, Oura or Whoop).

13.2 Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

13.3 We do not control these third party websites or platforms and are not responsible for their privacy statements. When you leave our app, website or connect a third party device, we encourage you to read the privacy policy of every service you use.