We Roam Active Travel and Fitness app (pilot) privacy notice
We keep this privacy notice under regular review and was last updated on 14 January 2026.
We respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.
Who we are
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the United Kingdom General Data Protection Regulation (‘UK GDPR’) and the Data Protection Act 2018. We are responsible as ‘controller’ of that personal information.
As part of a programme to reduce pollution, congestion and to improve residents health in Kent, our Active Travel Team are undertaking a 6 month pilot of the ‘We Roam’ fitness and travel app (provided by Active AI Ltd, a 3rd party supplier) from January 2026. The active travel and fitness activity data collected and exported from the app and will undergo analysis using Artificial Intelligence technology to identify trends an patterns and used to encourage users to be more active and undertake regular fitness activity. Active AI Ltd will be a data controller for the use of Artificial Intelligence with regards to training, analysis and output. Our Data Protection Officer is Benjamin Watts.
The personal information we collect and use
Information collected by us
In the course of setting up a user account and profile, and using the ‘We Roam’ Active Travel and Fitness app, we collect the following personal information when you provide it to us:
- Full name
- Username
- Email address
- Password
- Age range (18 to 24 and 25 to 35 years)
- Partial postcode (first four digits, for example ME14)
- Geo location (GPS location, start and stop locations, and journey time only. No route journey map data is collected).
We also collect the following ‘special category data’ (personal data which is more sensitive and is treated with extra care and protection) via We Roam app should you voluntarily provide this to us:
- Your ethnicity (optional)
- Your gender identity (optional).
We also obtain personal information via the We Roam app should you voluntarily provide this to us:
- Your photo (optional)
- Your biography (optional)
- Your community group app posts, number of followers, following (optional)
- Health data imported from your wearable device, for example heart rate (optional)
- Data imported from your wearable device (such as Strava) which is already publicly available, for example personal best running time (optional).
We also obtain non-personal information via the We Roam app:
- Your active travel, fitness activities and motivations (walking 30 mins for leisure for enjoyment, cycling 60mins commuting to save money on travel, for example).
How we use your personal information
We use your personal information to:
- reduce congestion, air pollution and congestion, and improve journey times by reducing the reliance on vehicle modes of transport (for example, car, bus)
- reduce money spent on vehicle transport by encouraging the use of active travel (for example, cycling, walking)
- improve your physical and mental health by encouraging regular fitness activities through app-based gamification (rewards points) and community groups (such as join the local Gravesend Challenge group)
- improve social connection, reduce loneliness, and improve your health by using your geo location to promote local events and activities (local gyms, leisure centres, fun runs, cycle days)
- improve your physical and mental health via exporting data from the app and carrying out AI data analysis (of non-personal data) to identify active travel and fitness trends and patterns, to then contact you to encourage and maintain regular active travel and fitness habits (the AI data analysis may identify a reduction in your daily 60mins cycling to work routine, whereby we will contact you to encourage you to continue with your regular cycling activities, for example)
- improve your physical and mental health by enabling you to (voluntarily) import health data (heart rate) to your personal app user profile only, or publicly available data (personal best running time) from external wearable devices
- provide us and Active Travel England with an anonymised, aggregated summary report of active travel data, fitness activity data, and equalities data of We Roam app users, for purposes of monitoring grant funding, identifying patterns and trends of fitness and active travel activities nationwide, and for future health and active travel initiatives
- contact you regarding any technical issues, queries, or complaints you may have regarding the We Roam app.
Reasons we can collect and use your personal information
We rely on Article 6(1)(a) Consent – 'the data subject has given clear consent', as the lawful basis on which we collect and use your personal data.
We rely on Article 9(2)(a) – 'The data subject has given explicit consent', as the lawful basis on which we collect and use your special category data.
We take the following appropriate safeguards in respect of your special category when relying on the conditions above:
- We have a standard operating procedure for the We Roam app which relates to the geo location personal data we collect, in accordance with our CCTV policy.
- This policy is retained throughout the time we use your data and for 6 months after we cease to use it.
- We have a retention schedule which explains how long data is retained.
- We maintain a record of our processing in our ‘Record of Processing Activities’ and record in it any reasons for deviating from the periods in our retention schedule.
The provision of your:
- user account
- profile details
- equalities data (for example age range, ethnicity and gender identity)
- geo location data
- non-personal data relating to active travel and fitness activities
will enable us to:
- provide you with a service to be able to set up a user account and profile
- allow you to use of the We Roam active travel and fitness app
- carry out data analysis to identify patterns and trends
- contact you to encourage and maintain regular active travel and fitness habits and for monitoring and reporting purposes.
As we rely on your explicit consent as a basis for collecting your personal data, if you do not provide the above, we will not be able to provide you with service to be able to set up a user account and profile, and to use the We Roam active travel and fitness app, carry out data analysis to identify patterns and trends, contact you to encourage and maintain regular active travel and fitness habits, and for monitoring and reporting purposes.
How long your personal data will be kept
We will hold your personal information for.
| Information to be held | Length of time retained |
|---|---|
Your app user account details (name, username, email address, partial postcode) | 24 months. This enables any users to easily reactivate their account, if the account is left inactive for a period of time. Users can request the account to be closed at any time and are able to amend their account details at any time. |
Your app user profile details (photo, biography, community group posts, number of followers and following) | 24 months. This enables any users to easily reactivate their account, if the account is left inactive for a period of time. Users can request the account to be closed at any time and are able to amend their account details at any time. |
Your equalities information (age range, ethnicity and gender identity) | This data will be included within an anonymalised and aggregated summary report for us and Active Travel England. Your equalities data will be deleted once the report is created. This report will be kept indefinitely for monitoring and future initiatives. |
Your (non-personal) active travel and fitness data (60mins walking to work daily to improve personal health) | This data will be included within an anonymalised and aggregated summary report for us and Active Travel England. This report will be kept indefinitely for monitoring and future initiatives. This non-personal data will also be used by ActiveAI Ltd for future projects. |
Who we share your personal information with
Who we share your data with, the type of data and why.
| Type of personal data | Who we share your personal information with | Purpose or activity |
|---|---|---|
Your app user account details (name, username, email address, partial postcode) | Active AI Ltd Mailchimp (for email delivery) | To enable app set up and usage To enable us to contact you via email |
Your app user profile details (photo, biography, community group posts, number of followers and following) | Active AI Ltd Cloudinary Inc. (for profile photo imagery) | To enable app set up and usage To enable the upload and use of a photo as part of your app user profile |
Your equalities information (age range, ethnicity and gender identity) | Active AI Ltd KCC Active Travel Team | To provide an anonymous, aggregated summary report for us and Active Travel England for funding and monitoring purposes. |
Your (non-personal) active travel and fitness data (60mins walking to work daily to improve personal health) | Active AI Ltd KCC Active Travel Team WeFitter (to match with any wearable device data you voluntarily provide) | To Active AI Ltd who provide trend and pattern data analysis (using AI technology) to encourage continued active travel and fitness activities. To enable you to voluntarily import data from your wearable device to show in the app. To provide an anonymous, aggregated summary report for us and Active Travel England for funding and monitoring purposes. |
We have a data processing agreement in place with Active AI Ltd who process your data on our behalf. Read the Active AI Ltd privacy notice.
We will share personal information with law enforcement or other authorities if required by applicable law or in connection with legal proceedings.
We will share personal information with our legal and professional advisers in the event of a dispute, complaint or claim. We rely on Article 9(2)(f) where the processing of special category data is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
Transferring data outside of the UK
Active AI Ltd’s servers are hosted in the UK with Amazon Web Services (AWS).
However, we transfer your data to the following countries or organisations outside the UK:
- Mailchimp (a subsidiary of Intuit) who provide email delivery services and are based in the USA. Read the Mailchimp privacy policy.
- WeFitter who provide wearable data collection and are based in Holland. Read the WeFitter privacy policy.
- Cloudinary Inc. who provide profile image collection and are based in the USA. Read the Cloudinary privacy policy.
Other countries do not necessarily have the same data protection laws as the United Kingdom. If we do transfer information outside of the European Economic Area (EEA), we will make sure that it is protected in the same way as if it was being used in the UK. We’ll use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA, which is supported by an ‘adequacy decision’ by the European Commission. Learn more on the European Commission website.
- Put in place a contract or appropriate safeguards with the recipient that means they must protect it to the same standards as the UK.
Find out more about data protection on the Information Commissioner's website.
As we transfer your data to the Netherlands (in the EU) we rely on UK GDPR Article 45 which states that this transfer may take place where there are ‘adequacy regulations’ determining that data is adequately protected by the laws in that country. Read the section 102 of Schedule 2 of the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (2019/419).
As Mailchimp (a subsidiary of Intuit) and Cloudinary Inc. are international organisations based in the United States, where necessary, we rely on Article 46 of the UK GDPR and appropriate safeguards being put in place. Both Mailchimp and Cloudinary Inc. can be found on the US data privacy framework (bridge) list which can be found on the Data privacy framework website.
If you would like further information, contact us using the details below.
Your rights
Under GDPR you have rights which you can exercise free of charge which allow you to:
- know what we are doing with your information and why we are doing it
- ask to see what information we hold about you (subject access request)
- ask us to correct any mistakes in the information we hold about you
- object to direct marketing
- make a complaint to the Information Commissioner’s Office
Depending on our reason for using your information you may also be entitled to:
- ask us to delete information we hold about you
- have your information transferred electronically to yourself or to another organisation
- object to decisions being made that significantly affect you
- object to how we are using your information
- stop us using your information in certain ways
We will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note, your request may delay or prevent us delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under GDPR.
If you would like to exercise a right, please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk .
Your right to withdraw your consent
Where we rely on your consent to process your personal information, you can withdraw your consent to our use of your data at any time. To do this, email holly@weareactiveai.com .
You can also withdraw your consent by deleting your user account within the WeRoam app via the Settings screen.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Who to contact
Please contact the Information Resilience and Transparency Team at data.protection@kent.gov.uk to exercise any of your rights, or if you have a complaint about why your information has been collected, how it has been used or how long we have kept it for.
You can contact our Data Protection Officer, Benjamin Watts, at dpo@kent.gov.uk .
The United Kingdom General Data Protection Regulation also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at the ICO website or telephone 0303 123 1113.
For further information read our privacy statement.