This policy has been updated on: 22.05.2018

 

 

1. REGISTRAR

 

Emfit Oy (Business ID 0813747-4) (“Emfit”)

Address: Konttisentie 8, 40800 Vaajakoski, Finland

Telephone: +358-20-778-0870

 

 

2. PERSON IN CHARGE OF REGISTER MATTERS

 

Mr. Heikki Räisänen

email: heikki.raisanen@emfit.com

 

 

3. NAME AND PURPOSE OF REGISTER

 

3.1 Name of the register is Emfit Ltd’s QS Service, website and webshop personal data register.

3.2 If you do not provide the data marked as obligatory when the data is requested, Emfit might not be able to provide you with Emfit’s products or services.

3.3 Some Emfit’s services might require specific terms for processing of personal data. You are informed of those terms and your consent is asked in connection with your usage of the services.

3.4 You have the right to withdraw the consent given by you to the processing of your personal data by Emfit by at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

 

 

4. PROCESSING OF PERSONAL DATA OF A CHILD

 

You declare that you are at least sixteen (16) years of age or of other legal age of majority to give your consent validly to this extract. If this is not the case, you declare that your parent or custodian has validly given a consent on your behalf.

 

 

5. CONTENT OF REGISTER

 

5.1 Website

The register includes the following personal collected through or in connection with Emfit’s website(s):

(a) email address if voluntarily given by you;

(b) first name(s) and last name(s) if voluntarily given by you; 

(c) postal address if voluntarily given by you;

(d) phone number if voluntarily given by you; 

(e) personal data in cookies according to the Cookie Policy [A1] of Emfit;

(f) if you are informed prior to the call, Emfit can record your phone calls with Emfit customer service, and the recordings can be used for quality management purposes, to handle reclamations, to train personnel and to document contracts between you and Emfit and to inspect the content of the contracts; 

(g) your feedback or your responses to or participation in opinion polls or competitions;

(h) information given by you regarding your interests in Emfit’s products and services;

(i) information given by you when you communicate with Emfit or when you communicate in Emfit’s social media (e.g. tweets, Emfit’s facebook pages etc.);

(j) your subscription to mailing lists and newsletters; and

(k) other personal data collected by third parties as explained in Section 7. 

 

5.2 Webshop

The register includes the following personal data for the purpose of the webshop:

(a)    email address;

(b)    first name(s) and last name(s); 

(c)    postal address;

(d)    phone number; 

(e)    account-, credit- and/or debit card numbers given by you, as collected and processed by payment services subcontractor(s) directly and not by Emfit;

(f)     personal data in cookies according to the Cookie Policy [A2] of Emfit;

(g)    if you are informed prior to the call, Emfit can record your phone calls with Emfit customer service, and the recordings can be used for quality management purposes, to handle reclamations, to train personnel and to document contracts between you and Emfit and to inspect the content of the contracts; 

(h)    user name and password of your user account; 

(i)     your feedback or your responses to or participation in opinion polls or competitions;

(j)     information given by you regarding your interests in Emfit’s products and services;

(k)    information given by you when you communicate with Emfit or when you communicate in Emfit’s social media (e.g. tweets, Emfit’s facebook pages etc.);

(l)     your subscription to mailing lists and newsletters; and

(m)  other personal data collected by third parties as explained in Section 7. 

 

5.3 QS Service 

The register includes the following personal data for the purpose of the QS Service:

(a)    email address. Please note that you are allowed to use any anonymous email for the QS device registration;

(b)    health, bed occupancy and other data collected with the QS device and further analyzed at cloud service, such as for example: heart-rate-variability, autonomous nervous system balance, sleep classification, heart and breathing rates, sleep score, resting heart rate, tossing & turning and other movement activity, sleeping activity, or data about the surroundings (together “Health Data”). Please note that your Health Data is not accessible by any third party defined in Section 7 unless so specified in Section 7.1 or 7.5.

(c)    if you are informed prior to the call, Emfit can record your phone calls with Emfit customer service, and the recordings can be used for quality management purposes, to handle reclamations, to train personnel and to document contracts between you and Emfit and to inspect the content of the contracts; 

(d)    user name and password of your user account; 

(e)    your feedback or your responses to or participation in opinion polls or competitions;

(f)     information given by you regarding your interests in Emfit’s products and services;

(g)    other personal data submitted by you voluntarily to the QS Service through the QS Service user interface;

(h)    your subscription to mailing lists and newsletters; and

(i)     other personal data collected by third parties as explained in Section 7. 

 

 

6. PURPOSE OF USE OF REGISTER AND LEGAL BASIS OF PROCESSING

 

6.1 Website

The personal data defined in Section 5.1 (“Website”) is used for the following purposes:

(a)    responding to your contacts and questions. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose. 

(b)    marketing and marketing research. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose, unless your consent is required for the marketing or marketing research based on laws;

(c)    direct marketing and newsletters (i) based on your consent and (ii) in other situations allowed by law. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose, unless your consent is required for direct marketing and newsletters based on laws;

(d)    to develop Emfit’s products and services and Emfit’s operations. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;

(e)    when the processing is necessary for compliance with a legal obligation to which Emfit is subject. Emfit’s legal obligations is the basis for processing of the personal data for this purpose;

(f)     to take care of regulated personal data obligations of Emfit. Emfit’s legal obligations is the basis for processing of the personal data for this purpose; 

(g)    for the establishment, exercise or defence of legal claims. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose; and

(h)    for the purposes as explained in Section 7, by third parties who collect personal data in connection with the Emfit website and/or otherwise in connection with the products and services of Emfit. Legitimate interests pursued by Emfit is the legal basis for Emfit’s processing the personal data for this purpose. When you give your explicit consent separately, also your explicit consent to the processing is the legal basis for processing of personal data for this purpose.

To the extent the processing is based on Emfit’s legitimate interests, those legitimate interests exist as there is a relevant and appropriate relationship between you and Emfit as you visit Emfit’s website(s) and/or provide your information.Your interests and fundamental rights and freedoms are respected and you can expect Emfit’s processing activities. Emfit’s security methods described in Section 12 are maintained by Emfit in order to protect the data from unauthorized access. 

 

6.2 Webshop

The personal data defined in Section 5.2 (“Webshop”) is used for the following purposes:

(a)    taking care of customer service and customer relationship management. For example, Emfit might contact you if it is necessary for you to know of updates of the webshop. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(b)    deliver and provide the products and services of Emfit. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(c)    management and completion of purchases, payments, insurances, returns and reclamations regarding the products and services of Emfit. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(d)    responding to your contacts and questions. For example, you might contact Emfit with questions regarding the webshop. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;        

(e)    marketing and marketing research. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose, unless your consent is required for the marketing or marketing research based on laws; 

(f)     direct marketing and newsletters (i) based on your consent and (ii) in other situations allowed by law. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose, unless your consent is required for direct marketing and newsletters based on laws;

(g)    other situations required for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(h)    to develop Emfit’s products and services and Emfit’s operations. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;

(i)     when the processing is necessary for compliance with a legal obligation to which Emfit is subject. Emfit’s legal obligations is the basis for processing of the personal data for this purpose;

(j)     to take care of regulated personal data obligations of Emfit. Emfit’s legal obligations is the basis for processing of the personal data for this purpose; 

(k)    for the establishment, exercise or defence of legal claims. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose; and

(l)     for the purposes as explained in Section 7, by third parties who collect personal data in connection with the Emfit webshop and/or otherwise in connection with the products and services of Emfit.Legitimate interests pursued by Emfit is the legal basis for Emfit’s processing the personal data for this purpose. When you give your explicit consent separately, also your explicit consent to the processing is the legal basis for processing of personal data for this purpose.

To the extent the processing is based on Emfit’s legitimate interests, those legitimate interests exist as there is a relevant and appropriate relationship between you and Emfit as you visit the webshopand/or provide your information.Your interests and fundamental rights and freedoms are respected and you can expect Emfit’s processing activities. Emfit’s security methods described in Section 12 are maintained by Emfit in order to protect the data from unauthorized access. 

 

6.3 QS Service 

The personal data defined in Section 5.3 (“QS Service”) is used for the following purposes:

(a)    to provide the QS Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract; 

(b)    taking care of customer service and customer relationship management. For example, Emfit might contact you if it is necessary for you to know of updates of the QS Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(c)    management and completion of reclamations. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(d)    responding to your contacts and questions. For example, you might contact Emfit with questions regarding the QS Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;             

(e)    marketing and marketing research. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose, unless your consent is required for the marketing or marketing research based on laws;

(f)     direct marketing and newsletters (i) based on your consent and (ii) in other situations allowed by law. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose, unless your consent is required for direct marketing and newsletters based on laws;

(g)    other situations required for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(h)    to develop Emfit’s products and services and Emfit’s operations. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;

(i)     when the processing is necessary for compliance with a legal obligation to which Emfit is subject. Emfit’s legal obligations is the basis for processing of the personal data for this purpose;

(j)     to take care of regulated personal data obligations of Emfit. Emfit’s legal obligations is the basis for processing of the personal data for this purpose; 

(k)   for the establishment, exercise or defence of legal claims. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;and

(l)     for the purposes as explained in Section 7, by third parties who collect personal data in connection with the Emfit QS Service. Legitimate interests pursued by Emfit is the legal basis for Emfit’s processing of personal data for this purpose. When you give your explicit consent separately, also your explicit consent to the processing is the legal basis for processing of personal data for this purpose.

To the extent the processing is based on Emfit’s legitimate interests, those legitimate interests exist as there is a relevant and appropriate relationship between you and Emfit as you use the QS Service and/or provide your information.Your interests and fundamental rights and freedoms are respected and you can expect Emfit’s processing activities. Emfit’s security methods described in Section 12 are maintained by Emfit in order to protect the data from unauthorized access. 

 

 

7. PERSONAL DATA COLLECTED BY THIRD PARTIES

 

7.1 HEALTH DATA

Please note that your Health Data is not accessible and/or collected by any third parties defined in this Section 7, unless you voluntarily, at your will, link the QS Service used by you or your Emfit QS account to sync your personal data to some of available third-party data integrators. Please see Section 7.5.

 

 

7.2 SERVICES BY GOOGLE INC. (“GOOGLE”)

7.2.1 Google Privacy Policy

The website and the webshop use some services of Google. Please see the list of these services in Sections 7.2.2-7.2.3.

 

You agree to the use and access of your personal data by Google and other third parties in accordance with the Privacy Policy of Google, as amended by Google at any time: 

https://www.google.com/intl/en/policies/privacy/

 

convenience Please note that the extracts of the Privacy Policy of Google below are only for purposes and that only the Privacy Policy of Google behind the link has legal relevance.

 

At the moment of latest update of this policy, Google announced to process personal information in many countries around the world:

 

“Google processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.”

 

“We regularly review our compliance with our Privacy Policy. We also adhere to several self regulatory frameworks, including the EU-US and Swiss-US Privacy Shield Frameworks. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.”

 

Please make sure that you review the Privacy Policy of Google each time you use the Emfit website or webshop,as Google may update the policy at any time.

 

7.2.2         Google Fonts 

Google Fonts is a typeface visualization service provided by Google.

 

7.2.3         Google Analytics

Google Analytics is a web analysis service provided by Google.

 

 

7.3 THIRD PARTIES REGARDING WEBSITE

 

7.3.1  Mailgun (Mailgun, Inc.)

Mailgun is an email address management and message sending service provided by Mailgun Technologies Inc.

 

You agree to the use and access of your personal data by Mailgun Technologies Inc. and other third parties in accordance with the Privacy Policy of Mailgun Technologies Inc, as amended by Mailgun Technologies Inc at any time:

 

https://www.mailgun.com/privacy-policy

 

Please note that the extracts of the Privacy Policy of Mailgun Technologies Inc. below are only for convenience purposes, and that only the Privacy Policy of Mailgun Technologies Inc. behind the link has legal relevance.

 

At the moment of latest update of this policy, Mailgun Technologies Inc. announced to transfer data outside of EU:

 

”Mailgun participates and has certified its compliance with the EU-U.S. Privacy Shield Framework. Mailgun is committed to subjecting all personal data received from the European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List https://www.privacyshield.gov/list/.”

Please make sure that you review the Privacy Policy of Mailgun Technologies Inc. each time you use the website, as Mailgun Technologies Inc. may update the policy at any time.

 

7.3.2 Wix.com Ltd., together with its affiliated companies worldwide, including DeviantArt, Inc. (“Wix.com”)

Wix.com is Emfit’s website platform provider.

 

 

You agree to the use and access of your personal data by Wix.comand other third parties in accordance with the Privacy Policy of Wix.com, as amended by Wix.comat any time:

 

https://www.wix.com/about/privacy  

 

Please note that the extracts of the Privacy Policy of Wix.com below are only for convenience purposes, and that only the Privacy Policy of Wix.com behind the link has legal relevance.

 

 

At the moment of latest update of this policy, Wix.com announced to transfer data outside of EU:

 

“5.1. Wix Visitors’, Wix Users’ and Users-of-Users’ Personal Information may be maintained, processed and stored by Wix and our authorized affiliates and service providers in the United States of America, in Europe (including in Lithuania, Germany and the Ukraine), in Israel, and in other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law (as further explained below).”

 

“Wix.com Ltd. is based in Israel, which is considered by the European Commission to be offering an adequate level of protection for the personal information of EU Member State residents.”

 

“EU-U.S. Privacy Shield & Swiss-U.S. Privacy Shield Disclosure: Wix.com participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Wix.com is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov]”

 

Please make sure that you review the Privacy Policy of Wix.com each time you use the website, as Wix.com may update the policy at any time.

 

7.3.3 Freshdesk (Freshworks, Inc.)

Freshdesk is a support and contact request management service provided by Freshworks, Inc.

 

You agree to the use and access of your personal data by Freshworks, Inc.and other third parties in accordance with the Privacy Policy of Freshworks, Inc., as amended by Freshworks, Inc.at any time:

 

https://www.freshworks.com/privacy/?utm_source=freshdesk&utm_medium=referral

 

Please note that the extracts of the Privacy Policy of Freshworks, Inc.below are only for convenience purposes, and that only the Privacy Policy of Freshworks, Inc. behind the link has legal relevance.

 

At the moment of latest update of this policy, Freshworks, Inc. announced to transfer data outside of EU and in other countries:

 

“We store and process data, including personal information, in the United States and the European Economic Area (“EEA”) and possibly in other countries through third parties that we use to operate and manage the Service(s). When you access or use our Websites or the Service(s), or otherwise provide information to us, you are consenting, on behalf of you and your authorized agents or End-Customers, (and representing that you have the authority to provide such consent) to the processing and transfer of information in and to the United States and other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.”

 

“Freshworks, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Freshworks, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list].”

 

Please make sure that you review the Privacy Policy of Freshworks, Inc. each time you use the website, as Freshworks, Inc. may update the policy at any time.

 

 

7.4 THIRD PARTIES REGARDING WEBSHOP

 

7.4.1         Privacy Policy of Shopify Inc. (“Shopify”)

The webshop is hosted by Shopify and Shopify provides Emfit with the online e-commerce platform for the webshop. 

 

You agree to the use and access of your personal data by Shopify and other third parties in accordance with the Privacy Policy of Shopify, as amended by Shopify at any time: 

 

https://www.shopify.com/legal/privacy

 

Please note that the extracts of the Privacy Policy of Shopify below are only for convenience purposes, and that only the Privacy Policy of Shopify behind the link has legal relevance.

 

At the moment of latest update of this policy, Shopify announced to transfer personal data outside of EU:

 

“Shopify works with merchants and users around the world, including in the EEA. If you are located in the EEA, your personal information is processed by Shopify’s Irish affiliate, Shopify International Ltd. As part of our service, we may transfer your personal information to other regions, including to Canada and the United States. In order to ensure that your information is protected when transferred out of the EEA, Shopify relies on the EU-U.S. Privacy Shield (described in more detail below), as well as inter-company agreements between our various affiliates that may process your information on behalf of Shopify International Ltd.

 

If you are located in the EEA, you have certain rights under European law with respect to your personal data, including the right to request access to, correct, amend, delete, port to another service provider, or object to certain uses of your personal data. If you are a merchant, a partner, a visitor of Shopify’s websites, or a user of Shopify’s support services and wish to exercise these rights, please reach out to us using the contact information below. If you are a customer of a merchant who uses Shopify’s platform and wish to exercise these rights, please contact the merchants you interacted with directly -- we serve as a processor on their behalf, and can only forward your request to them to allow them to respond.”

 

Please make sure that you review the Privacy Policy of Shopify each time you use the webshop, as Shopifymay update the policy at any time.

 

7.4.2         PayPal by PayPal Inc. 

PayPal service is a payment service provided by PayPal Inc., which allows users to make online payments using their PayPal credentials.

 

By giving your consent to this extract, you agree to the use and access of your personal data by PayPalInc. and other third parties in accordance with the Privacy Policy of PayPalInc., as amended by PayPal Inc. at any time:

 

https://www.paypal.com/ee/webapps/mpp/ua/privacy-prev  

 

Please note that the extracts of the Privacy Policy of PayPal below are only for convenience purposes, and that only the Privacy Policy of PayPal behind the link has legal relevance.

 

At the moment of latest update of this policy, PayPal Inc. announced to transfer data to non-EEA member states:

 

“Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. 

 

The parties mentioned above may be established in jurisdictions other than your own and outside the European Economic Area and Switzerland. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data.  In particular, for transfers of your Personal Data within PayPal related companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here).  Other transfers may be based on contractual protections. Please contact us for more information about this.

 

If you make transactions with parties outside the EEA or Switzerland or connect our Service with platforms, such as social media, outside the EEA or Switzerland, we are required to transfer your Personal Data with those parties in order to provide the requested Service to you.”

 

Please make sure that you review the Privacy Policy of PayPal each time you use the webshop, as PayPal may update the policy at any time.

 

 

7.5 THIRD PARTIES REGARDING QS SERVICE 

 

7.5.1 Freshdesk (Freshworks, Inc.)

Freshdesk is a support and contact request management service provided by Freshworks, Inc.

 

You agree to the use and access of your personal data (excluding access to your Health Data unless you have added your Health Data content in a support ticket) by Freshworks, Inc.and other third parties in accordance with the Privacy Policy of Freshworks, Inc., as amended by Freshworks, Inc.at any time:

 

https://www.freshworks.com/privacy/?utm_source=freshdesk&utm_medium=referral

 

Please note that the extracts of the Privacy Policy of Freshworks, Inc. below are only for convenience purposes, and that only the Privacy Policy of Freshworks, Inc. behind the link has legal relevance.

 

At the moment of latest update of this policy, Freshworks, Inc. announced to transfer data outside of EU and in other countries:

 

“We store and process data, including personal information, in the United States and the European Economic Area (“EEA”) and possibly in other countries through third parties that we use to operate and manage the Service(s). When you access or use our Websites or the Service(s), or otherwise provide information to us, you are consenting, on behalf of you and your authorized agents or End-Customers, (and representing that you have the authority to provide such consent) to the processing and transfer of information in and to the United States and other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.”

 

 

“Freshworks, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Freshworks, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list].”

 

 

Please make sure that you review the Privacy Policy of Freshworks, Inc. each time you use the QS Service, as Freshworks, Inc. may update the policy at any time.

 

 

7.5.2 3rd Party Data IntegrationOption: UnderArmour (MapMyFitness)

You can optionally decide to share your personal data with UnderArmour through an integration to their services. With this integration your personal data will be automatically sent to UnderArmour. Emfit will access, create or modify only limited information concerning your UnderArmour account as it is needed for creating the synchronization link: data source device, data source priority & user id. 

 

You agree to the use and access of your personal data by Under Armour, Inc. and Under Armour Europe B.V., and other third parties in accordance with the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V., as amended by Under Armour, Inc. and Under Armour Europe B.V. at any time:

 

https://account.underarmour.com/privacy?embedded=1

 

Please note that the extracts of the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V. below are only for convenience purposes, and that only the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V.  behind the link has legal relevance.

 

At the moment of latest update of this policy,Under Armour, Inc. and Under Armour Europe B.V. announced to transfer data outside of EU:

 

“The Personal Data Under Armour processes, and all associated Services and systems, including registration, is housed on servers in the United States. If you are located outside of the United States, please be aware that Personal Data we collect will be processed and stored in the United States (the data protection and privacy laws in the United States may offer a lower level of protections than in your country/region).”

 

“Under Armour Inc. has self-certified that it complies with the EU-U.S. Privacy Shield Framework ("Privacy Shield") and the Swiss-U.S.- Privacy Shield regarding the collection, use, and retention of Personal Data from European Union member states and Switzerland. 

Under Armour Inc.'s Privacy Shield certifications do not extend to the Under Armour connected fitness apps (e.g., the certifications do not cover data collected using any of the MapMyFitness, UA Record, Endomondo, or MyFitnessPal apps). We have implemented other mechanisms to legitimize transfers of Personal Data from the Under Armour apps to the United States.

For EU and Swiss Personal Data received in the United States under the Privacy Shield, Under Armour has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the standards of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles govern. To learn more about the Privacy Shield program, please visit the US Department of Commerce Privacy Shield website. To view our certification page, please visit the Privacy Shield List.”

 

Please make sure that you review the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V. each time you use the QS Service, as Under Armour, Inc. and Under Armour Europe B.V. may update the policy at any time.

 

7.5.3  3rd Party Data IntegrationOption: Wellmo

You can optionally decide to share your personal data with Mobile Wellness Solutions MWS Ltd through an integration to their services. With this integration your personal data will be automatically sent to Mobile Wellness Solutions MWS Ltd. Emfit will access, create or modify only limited information concerning your Wellmo account as it is needed for creating the synchronization link. 

 

You agree to the use and access of your personal data by Mobile Wellness Solutions MWS Ltdand other third parties in accordance with the Privacy Policy of Mobile Wellness Solutions MWS Ltd, as amended by Mobile Wellness Solutions MWS Ltd at any time:

 

http://www.wellmo.com/privacy-policy/

 

At the moment of latest update of this policy, Mobile Wellness Solutions MWS Ltd announced to transfer data outside of EU:

 

”Your tracker wellness data is stored within the European Union and is not transferred outside the European Economic Area (EEA) without your consent. However, in the following cases some of your information may be transferred to countries outside the EEA:

•Your information, excluding tracker wellness data, (such as name, email address or analytics data) may be transferred to subcontractors outside the EEA for the performance of the Service.

•When you link an external service to your Wellmo account, data from that service may be transferred to Wellmo using an aggregation service located outside the EEA. This may involve transfer and storage of your data outside the EEA.

•When you provide a third party consent to access your Wellmo data, that third party may be located or use services located outside the EEA. Check the third party’s privacy policy for details.

In such cases we take steps to ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) and by requiring the use of other appropriate technical and organizational information security measures.

By using the Service you consent to such disclosure.”

 

Please make sure that you review the Privacy Policy of Mobile Wellness Solutions MWS Ltd each time you use the QS Service, as Mobile Wellness Solutions MWS Ltd may update the policy at any time.

 

7.5.4 Mailgun (Mailgun, Inc.)

Mailgun is an email address management and message sending service provided by Mailgun Technologies Inc.

 

You agree to the use and access of your email address (and explicitlyexcluding access to your Health Data) by Mailgun TechnologiesInc. and other third parties in accordance with the Privacy Policy of Mailgun Technologies Inc, as amended by Mailgun Technologies Inc at any time:

 

https://www.mailgun.com/privacy-policy

 

Please note that the extracts of the Privacy Policy of Mailgun Technologies Inc. below are only for convenience purposes, and that only the Privacy Policy of Mailgun Technologies Inc. behind the link has legal relevance. 

 

At the moment of latest update of this policy, Mailgun Technologies Inc. announced to transfer data outside of EU:

 

”Mailgun participates and has certified its compliance with the EU-U.S. Privacy Shield Framework. Mailgun is committed to subjecting all personal data received from the European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List https://www.privacyshield.gov/list/.”

 

Please make sure that you review the Privacy Policy of Mailgun Technologies Inc. each time you use the QS Service, as Mailgun Technologies Inc. may update the policy at any time.

 

7.5.5         Personal Data that You Direct Emfit to Share

You can allow Emfit to share your personal data (including Health Data) with other parties. For example, you might ask Emfit to link your Emfit QS account with a third-party app; send status updates to Facebook or Twitter; or ask Emfit to share data with your employer as part of a wellness program. If you ask to share your personal data with a third party, that personal data is governed by the third-party’s privacy policy. You can revoke your consent to share your personal data with the third party in your QS Service account settings.

 

 

8. REGULAR SOURCES OF PERSONAL DATA

 

8.1 Website

(a)    enquiry from you;

(b)    personal data given by you when contacting Emfit;

(c)    when you use the website;

(d)    data from third parties listed in Section 7; 

(e)    when you subscribe to mailing lists or newsletters;

(f)     data through contact and other forms and when you give answers to polls or competitions; 

(g)    data collected through cookies.

 

8.2  Webshop

(a)    enquiry from you;

(b)    personal data given by you when contacting Emfit;

(c)    when you use the webshop; 

(d)    when you make an order of Emfit’s products or services;

(e)    when you make a reclamation to Emfit;

(f)     data from third parties listed in Section 7; 

(g)    when you subscribe to mailing lists or newsletters

(h)    data through contact and other forms and when you give answers to polls or competitions;

(i)     data collected through cookies.

 

8.3 QS Service

(a)    enquiry from you;

(b)    data given by you when contacting Emfit;

(c)    when you use the QS Service;

(d)    when you make a reclamation to Emfit;

(e)    data from third parties listed in Section 7; 

(f)     when you subscribe to mailing lists or newsletters;

(g)    data through contact and other forms and when you give answers to polls or competitions.

 

 

9. REGULAR TRANSFEREES OF DATA

 

Personal data can be transferred to following third parties for the following purposes: 

(a)    Emfit can provide the personal data to its subcontractors who process the personal data on behalf of Emfit, such as Emfit’s ICT service providers and marketing services providers; and

(b)    personal data can be transferred if it is necessary to comply with legislation or requirements of authorities, to supervise and enforce Emfit’s legitimate interests or to detect, defend against or repair fraud or security or technical problems.