Privacy policy

This policy has been updated on: 22.05.2018

1. REGISTRAR

Emfit Oy (Business ID 0813747-4) (“Emfit”)

Address: Konttisentie 8, 40800 Vaajakoski, Finland

Telephone: +358-20-778-0870

2. PERSON IN CHARGE OF REGISTER MATTERS

Mr. Heikki Räisänen

email: heikki.raisanen@emfit.com

 

3. NAME AND PURPOSE OF REGISTER

3.1 Name of the register is Emfit Ltd’s QS Service, website and webshop personal data register.

3.2 If you do not provide the data marked as obligatory when the data is requested, Emfit might not be able to provide you with Emfit’s products or services.

3.3 Some Emfit’s services might require specific terms for processing of personal data. You are informed of those terms and your consent is asked in connection with your usage of the services.

3.4 You have the right to withdraw the consent given by you to the processing of your personal data by Emfit by at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4. PROCESSING OF PERSONAL DATA OF A CHILD

You declare that you are at least sixteen (16) years of age or of other legal age of majority to give your consent validly to this extract. If this is not the case, you declare that your parent or custodian has validly given a consent on your behalf.

5. CONTENT OF REGISTER

5.1 Website

The register includes the following personal collected through or in connection with Emfit’s website(s):

(a) email address if voluntarily given by you;

(b) first name(s) and last name(s) if voluntarily given by you; 

(c) postal address if voluntarily given by you;

(d) phone number if voluntarily given by you; 

(e) personal data in cookies according to the Cookie Policy [A1] of Emfit;

(f) if you are informed prior to the call, Emfit can record your phone calls with Emfit customer service, and the recordings can be used for quality management purposes, to handle reclamations, to train personnel and to document contracts between you and Emfit and to inspect the content of the contracts; 

(g) your feedback or your responses to or participation in opinion polls or competitions;

(h) information given by you regarding your interests in Emfit’s products and services;

(i) information given by you when you communicate with Emfit or when you communicate in Emfit’s social media (e.g. tweets, Emfit’s facebook pages etc.);

(j) your subscription to mailing lists and newsletters; and

(k) other personal data collected by third parties as explained in Section 7. 

5.2 Webshop

The register includes the following personal data for the purpose of the webshop:

(a)    email address;

(b)    first name(s) and last name(s); 

(c)    postal address;

(d)    phone number; 

(e)    account-, credit- and/or debit card numbers given by you, as collected and processed by payment services subcontractor(s) directly and not by Emfit;

(f)     personal data in cookies according to the Cookie Policy [A2] of Emfit;

(g)    if you are informed prior to the call, Emfit can record your phone calls with Emfit customer service, and the recordings can be used for quality management purposes, to handle reclamations, to train personnel and to document contracts between you and Emfit and to inspect the content of the contracts; 

(h)    user name and password of your user account; 

(i)     your feedback or your responses to or participation in opinion polls or competitions;

(j)     information given by you regarding your interests in Emfit’s products and services;

(k)    information given by you when you communicate with Emfit or when you communicate in Emfit’s social media (e.g. tweets, Emfit’s facebook pages etc.);

(l)     your subscription to mailing lists and newsletters; and

(m)  other personal data collected by third parties as explained in Section 7. 

5.3 QS Service 

The register includes the following personal data for the purpose of the QS Service:

(a)    email address. Please note that you are allowed to use any anonymous email for the QS device registration;

(b)    health, bed occupancy and other data collected with the QS device and further analyzed at cloud service, such as for example: heart-rate-variability, autonomous nervous system balance, sleep classification, heart and breathing rates, sleep score, resting heart rate, tossing & turning and other movement activity, sleeping activity, or data about the surroundings (together “Health Data”). Please note that your Health Data is not accessible by any third party defined in Section 7 unless so specified in Section 7.1 or 7.5.

(c)    if you are informed prior to the call, Emfit can record your phone calls with Emfit customer service, and the recordings can be used for quality management purposes, to handle reclamations, to train personnel and to document contracts between you and Emfit and to inspect the content of the contracts; 

(d)    user name and password of your user account; 

(e)    your feedback or your responses to or participation in opinion polls or competitions;

(f)     information given by you regarding your interests in Emfit’s products and services;

(g)    other personal data submitted by you voluntarily to the QS Service through the QS Service user interface;

(h)    your subscription to mailing lists and newsletters; and

(i)     other personal data collected by third parties as explained in Section 7. 

 

 

6. PURPOSE OF USE OF REGISTER AND LEGAL BASIS OF PROCESSING

6.1 Website

The personal data defined in Section 5.1 (“Website”) is used for the following purposes:

(a)    responding to your contacts and questions. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose. 

(b)    marketing and marketing research. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose, unless your consent is required for the marketing or marketing research based on laws;

(c)    direct marketing and newsletters (i) based on your consent and (ii) in other situations allowed by law. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose, unless your consent is required for direct marketing and newsletters based on laws;

(d)    to develop Emfit’s products and services and Emfit’s operations. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;

(e)    when the processing is necessary for compliance with a legal obligation to which Emfit is subject. Emfit’s legal obligations is the basis for processing of the personal data for this purpose;

(f)     to take care of regulated personal data obligations of Emfit. Emfit’s legal obligations is the basis for processing of the personal data for this purpose; 

(g)    for the establishment, exercise or defence of legal claims. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose; and

(h)    for the purposes as explained in Section 7, by third parties who collect personal data in connection with the Emfit website and/or otherwise in connection with the products and services of Emfit. Legitimate interests pursued by Emfit is the legal basis for Emfit’s processing the personal data for this purpose. When you give your explicit consent separately, also your explicit consent to the processing is the legal basis for processing of personal data for this purpose.

To the extent the processing is based on Emfit’s legitimate interests, those legitimate interests exist as there is a relevant and appropriate relationship between you and Emfit as you visit Emfit’s website(s) and/or provide your information.Your interests and fundamental rights and freedoms are respected and you can expect Emfit’s processing activities. Emfit’s security methods described in Section 12 are maintained by Emfit in order to protect the data from unauthorized access. 

6.2 Webshop

The personal data defined in Section 5.2 (“Webshop”) is used for the following purposes:

(a)    taking care of customer service and customer relationship management. For example, Emfit might contact you if it is necessary for you to know of updates of the webshop. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(b)    deliver and provide the products and services of Emfit. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(c)    management and completion of purchases, payments, insurances, returns and reclamations regarding the products and services of Emfit. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(d)    responding to your contacts and questions. For example, you might contact Emfit with questions regarding the webshop. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;        

(e)    marketing and marketing research. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose, unless your consent is required for the marketing or marketing research based on laws; 

(f)     direct marketing and newsletters (i) based on your consent and (ii) in other situations allowed by law. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose, unless your consent is required for direct marketing and newsletters based on laws;

(g)    other situations required for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(h)    to develop Emfit’s products and services and Emfit’s operations. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;

(i)     when the processing is necessary for compliance with a legal obligation to which Emfit is subject. Emfit’s legal obligations is the basis for processing of the personal data for this purpose;

(j)     to take care of regulated personal data obligations of Emfit. Emfit’s legal obligations is the basis for processing of the personal data for this purpose; 

(k)    for the establishment, exercise or defence of legal claims. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose; and

(l)     for the purposes as explained in Section 7, by third parties who collect personal data in connection with the Emfit webshop and/or otherwise in connection with the products and services of Emfit.Legitimate interests pursued by Emfit is the legal basis for Emfit’s processing the personal data for this purpose. When you give your explicit consent separately, also your explicit consent to the processing is the legal basis for processing of personal data for this purpose.

To the extent the processing is based on Emfit’s legitimate interests, those legitimate interests exist as there is a relevant and appropriate relationship between you and Emfit as you visit the webshopand/or provide your information.Your interests and fundamental rights and freedoms are respected and you can expect Emfit’s processing activities. Emfit’s security methods described in Section 12 are maintained by Emfit in order to protect the data from unauthorized access. 

 

6.3 QS Service 

The personal data defined in Section 5.3 (“QS Service”) is used for the following purposes:

(a)    to provide the QS Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract; 

(b)    taking care of customer service and customer relationship management. For example, Emfit might contact you if it is necessary for you to know of updates of the QS Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(c)    management and completion of reclamations. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(d)    responding to your contacts and questions. For example, you might contact Emfit with questions regarding the QS Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;             

(e)    marketing and marketing research. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose, unless your consent is required for the marketing or marketing research based on laws;

(f)     direct marketing and newsletters (i) based on your consent and (ii) in other situations allowed by law. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose, unless your consent is required for direct marketing and newsletters based on laws;

(g)    other situations required for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;

(h)    to develop Emfit’s products and services and Emfit’s operations. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;

(i)     when the processing is necessary for compliance with a legal obligation to which Emfit is subject. Emfit’s legal obligations is the basis for processing of the personal data for this purpose;

(j)     to take care of regulated personal data obligations of Emfit. Emfit’s legal obligations is the basis for processing of the personal data for this purpose; 

(k)   for the establishment, exercise or defence of legal claims. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;and

(l)     for the purposes as explained in Section 7, by third parties who collect personal data in connection with the Emfit QS Service. Legitimate interests pursued by Emfit is the legal basis for Emfit’s processing of personal data for this purpose. When you give your explicit consent separately, also your explicit consent to the processing is the legal basis for processing of personal data for this purpose.

To the extent the processing is based on Emfit’s legitimate interests, those legitimate interests exist as there is a relevant and appropriate relationship between you and Emfit as you use the QS Service and/or provide your information.Your interests and fundamental rights and freedoms are respected and you can expect Emfit’s processing activities. Emfit’s security methods described in Section 12 are maintained by Emfit in order to protect the data from unauthorized access. 

7. PERSONAL DATA COLLECTED BY THIRD PARTIES

7.1 HEALTH DATA

Please note that your Health Data is not accessible and/or collected by any third parties defined in this Section 7, unless you voluntarily, at your will, link the QS Service used by you or your Emfit QS account to sync your personal data to some of available third-party data integrators. Please see Section 7.5.

7.2 SERVICES BY GOOGLE INC. (“GOOGLE”)

7.2.1 Google Privacy Policy

The website and the webshop use some services of Google. Please see the list of these services in Sections 7.2.2-7.2.3.

You agree to the use and access of your personal data by Google and other third parties in accordance with the Privacy Policy of Google, as amended by Google at any time: 

https://www.google.com/intl/en/policies/privacy/

convenience Please note that the extracts of the Privacy Policy of Google below are only for purposes and that only the Privacy Policy of Google behind the link has legal relevance.

At the moment of latest update of this policy, Google announced to process personal information in many countries around the world:

“Google processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live.”

“We regularly review our compliance with our Privacy Policy. We also adhere to several self regulatory frameworks, including the EU-US and Swiss-US Privacy Shield Frameworks. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.”

Please make sure that you review the Privacy Policy of Google each time you use the Emfit website or webshop,asGoogle may update the policy at any time.

7.2.2         Google Fonts 

Google Fonts is a typeface visualization service provided by Google.

7.2.3         Google Analytis

Google Analytics is a web analysis service provided by Google.

7.3 THIRD PARTIES REGARDING WEBSITE

7.3.1  Mailgun (Mailgun, Inc.)

Mailgun is an email address management and message sending service provided by Mailgun Technologies Inc.

You agree to the use and access of your personal data by Mailgun Technologies Inc. and other third parties in accordance with the Privacy Policy of Mailgun Technologies Inc, as amended by Mailgun Technologies Inc at any time:

https://www.mailgun.com/privacy-policy

Please note that the extracts of the Privacy Policy of Mailgun Technologies Inc. below are only for conveniencepurposes, and that only the Privacy Policy of Mailgun Technologies Inc. behind the link has legal relevance.

At the moment of latest update of this policy, Mailgun Technologies Inc. announced to transfer data outside of EU:

”Mailgun participates and has certified its compliance with the EU-U.S. Privacy Shield Framework. Mailgun is committed to subjecting all personal data received from the European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List https://www.privacyshield.gov/list/.

Please make sure that you review the Privacy Policy of Mailgun Technologies Inc. each time you use the website, as Mailgun Technologies Inc. may update the policy at any time.

7.3.2 Wix.com Ltd., together with its affiliated companies worldwide, including DeviantArt, Inc. (“Wix.com”)

Wix.com is Emfit’s website platform provider.

You agree to the use and access of your personal data by Wix.comand other third parties in accordance with the Privacy Policy of Wix.com, as amended by Wix.comat any time:

https://www.wix.com/about/privacy  

Please note that the extracts of the Privacy Policy of Wix.com below are only for convenience purposes, and that only the Privacy Policy of Wix.com behind the link has legal relevance.

At the moment of latest update of this policy, Wix.com announced to transfer data outside of EU:

“5.1. Wix Visitors’, Wix Users’ and Users-of-Users’ Personal Information may be maintained, processed and stored by Wix and our authorized affiliates and service providers in the United States of America, in Europe (including in Lithuania, Germany and the Ukraine), in Israel, and in other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law (as further explained below).”

“Wix.com Ltd. is based in Israel, which is considered by the European Commission to be offering an adequate level of protection for the personal information of EU Member State residents.”

“EU-U.S. Privacy Shield & Swiss-U.S. Privacy Shield Disclosure: Wix.com participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Wix.com is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov]”

Please make sure that you review the Privacy Policy of Wix.com each time you use the website, as Wix.com may update the policy at any time.

7.3.3 Freshdesk (Freshworks, Inc.)

Freshdesk is a support and contact request management service provided by Freshworks, Inc.

You agree to the use and access of your personal data by Freshworks, Inc.and other third parties in accordance with the Privacy Policy of Freshworks, Inc., as amended by Freshworks, Inc.at any time:

https://www.freshworks.com/privacy/?utm_source=freshdesk&utm_medium=referral

Please note that the extracts of the Privacy Policy of Freshworks, Inc.below are only for convenience purposes, and that only the Privacy Policy of Freshworks, Inc. behind the link has legal relevance.

At the moment of latest update of this policy, Freshworks, Inc. announced to transfer data outside of EU and in other countries:

“We store and process data, including personal information, in the United States and the European Economic Area (“EEA”) and possibly in other countries through third parties that we use to operate and manage the Service(s). When you access or use our Websites or the Service(s), or otherwise provide information to us, you are consenting, on behalf of you and your authorized agents or End-Customers, (and representing that you have the authority to provide such consent) to the processing and transfer of information in and to the United States and other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.”

“Freshworks, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Freshworks, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list].”

Please make sure that you review the Privacy Policy of Freshworks, Inc. each time you use the website, as Freshworks, Inc. may update the policy at any time.

7.4 THIRD PARTIES REGARDING WEBSHOP

7.4.1         Privacy Policy of Shopify Inc. (“Shopify”)

The webshop is hosted by Shopify and Shopify provides Emfit with the online e-commerce platform for the webshop. 

You agree to the use and access of your personal data by Shopify and other third parties in accordance with the Privacy Policy of Shopify, as amended by Shopify at any time: 

https://www.shopify.com/legal/privacy

Please note that the extracts of the Privacy Policy of Shopify below are only for convenience purposes, and that only the Privacy Policy of Shopify behind the link has legal relevance.

At the moment of latest update of this policy, Shopify announced to transfer personal data outside of EU:

“Shopify works with merchants and users around the world, including in the EEA. If you are located in the EEA, your personal information is processed by Shopify’s Irish affiliate, Shopify International Ltd. As part of our service, we may transfer your personal information to other regions, including to Canada and the United States. In order to ensure that your information is protected when transferred out of the EEA, Shopify relies on the EU-U.S. Privacy Shield (described in more detail below), as well as inter-company agreements between our various affiliates that may process your information on behalf of Shopify International Ltd.

If you are located in the EEA, you have certain rights under European law with respect to your personal data, including the right to request access to, correct, amend, delete, port to another service provider, or object to certain uses of your personal data. If you are a merchant, a partner, a visitor of Shopify’s websites, or a user of Shopify’s support services and wish to exercise these rights, please reach out to us using the contact information below. If you are a customer of a merchant who uses Shopify’s platform and wish to exercise these rights, please contact the merchants you interacted with directly — we serve as a processor on their behalf, and can only forward your request to them to allow them to respond.”

Please make sure that you review the Privacy Policy of Shopify each time you use the webshop, as Shopifymay update the policy at any time.

7.4.2         PayPal by PayPal Inc. 

PayPal service is a payment service provided by PayPal Inc., which allows users to make online payments using their PayPal credentials.

By giving your consent to this extract, you agree to the use and access of your personal data by PayPalInc. and other third parties in accordance with the Privacy Policy of PayPalInc., as amended by PayPal Inc. at any time:

https://www.paypal.com/ee/webapps/mpp/ua/privacy-prev  

Please note that the extracts of the Privacy Policy of PayPal below are only for convenience purposes, and that only the Privacy Policy of PayPal behind the link has legal relevance.

At the moment of latest update of this policy, PayPal Inc. announced to transfer data to non-EEA member states:

“Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. 

The parties mentioned above may be established in jurisdictions other than your own and outside the European Economic Area and Switzerland. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data.  In particular, for transfers of your Personal Data within PayPal related companies, we rely on Binding Corporate Rules approved by competent Supervisory Authorities (available here).  Other transfers may be based on contractual protections. Please contact us for more information about this.

If you make transactions with parties outside the EEA or Switzerland or connect our Service with platforms, such as social media, outside the EEA or Switzerland, we are required to transfer your Personal Data with those parties in order to provide the requested Service to you.”

Please make sure that you review the Privacy Policy of PayPal each time you use the webshop, as PayPal may update the policy at any time.

7.5 THIRD PARTIES REGARDING QS SERVICE 

7.5.1 Freshdesk (Freshworks, Inc.)

Freshdesk is a support and contact request management service provided by Freshworks, Inc.

You agree to the use and access of your personal data (excluding access to your Health Data unless you have added your Health Data content in a support ticket) by Freshworks, Inc.and other third parties in accordance with the Privacy Policy of Freshworks, Inc., as amended by Freshworks, Inc.at any time:

https://www.freshworks.com/privacy/?utm_source=freshdesk&utm_medium=referral

Please note that the extracts of the Privacy Policy of Freshworks, Inc. below are only for convenience purposes, and that only the Privacy Policy of Freshworks, Inc. behind the link has legal relevance.

At the moment of latest update of this policy, Freshworks, Inc. announced to transfer data outside of EU and in other countries:

“We store and process data, including personal information, in the United States and the European Economic Area (“EEA”) and possibly in other countries through third parties that we use to operate and manage the Service(s). When you access or use our Websites or the Service(s), or otherwise provide information to us, you are consenting, on behalf of you and your authorized agents or End-Customers, (and representing that you have the authority to provide such consent) to the processing and transfer of information in and to the United States and other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy.”

“Freshworks, Inc. participates in and has certified its compliance with the EU-U.S. and Swiss-US Privacy Shield Framework. Freshworks, Inc. is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List [https://www.privacyshield.gov/list].”

Please make sure that you review the Privacy Policy of Freshworks, Inc. each time you use the QS Service, as Freshworks, Inc. may update the policy at any time.

7.5.2 3rd Party Data IntegrationOption: UnderArmour (MapMyFitness)

You can optionally decide to share your personal data with UnderArmour through an integration to their services. With this integration your personal data will be automatically sent to UnderArmour. Emfit will access, create or modify only limited information concerning your UnderArmour account as it is needed for creating the synchronization link: data source device, data source priority & user id. 

You agree to the use and access of your personal data by Under Armour, Inc. and Under Armour Europe B.V., and other third parties in accordance with the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V., as amended by Under Armour, Inc. and Under Armour Europe B.V. at any time:

https://account.underarmour.com/privacy?embedded=1

Please note that the extracts of the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V. below are only for convenience purposes, and that only the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V.  behind the link has legal relevance.

At the moment of latest update of this policy,Under Armour, Inc. and Under Armour Europe B.V. announced to transfer data outside of EU:

“The Personal Data Under Armour processes, and all associated Services and systems, including registration, is housed on servers in the United States. If you are located outside of the United States, please be aware that Personal Data we collect will be processed and stored in the United States (the data protection and privacy laws in the United States may offer a lower level of protections than in your country/region).”

“Under Armour Inc. has self-certified that it complies with the EU-U.S. Privacy Shield Framework (“Privacy Shield”) and the Swiss-U.S.- Privacy Shield regarding the collection, use, and retention of Personal Data from European Union member states and Switzerland. 

Under Armour Inc.’s Privacy Shield certifications do not extend to the Under Armour connected fitness apps (e.g., the certifications do not cover data collected using any of the MapMyFitness, UA Record, Endomondo, or MyFitnessPal apps). We have implemented other mechanisms to legitimize transfers of Personal Data from the Under Armour apps to the United States.

For EU and Swiss Personal Data received in the United States under the Privacy Shield, Under Armour has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the standards of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles govern. To learn more about the Privacy Shield program, please visit the US Department of Commerce Privacy Shield website. To view our certification page, please visit the Privacy Shield List.”

Please make sure that you review the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V. each time you use the QS Service, as Under Armour, Inc. and Under Armour Europe B.V. may update the policy at any time.

7.5.3  3rd Party Data IntegrationOption: Wellmo

You can optionally decide to share your personal data with Mobile Wellness Solutions MWS Ltd through an integration to their services. With this integration your personal data will be automatically sent to Mobile Wellness Solutions MWS Ltd. Emfit will access, create or modify only limited information concerning your Wellmo account as it is needed for creating the synchronization link. 

You agree to the use and access of your personal data by Mobile Wellness Solutions MWS Ltdand other third parties in accordance with the Privacy Policy of Mobile Wellness Solutions MWS Ltd, as amended by Mobile Wellness Solutions MWS Ltd at any time:

http://www.wellmo.com/privacy-policy/

At the moment of latest update of this policy, Mobile Wellness Solutions MWS Ltd announced to transfer data outside of EU:

”Your tracker wellness data is stored within the European Union and is not transferred outside the European Economic Area (EEA) without your consent. However, in the following cases some of your information may be transferred to countries outside the EEA:

•Your information, excluding tracker wellness data, (such as name, email address or analytics data) may be transferred to subcontractors outside the EEA for the performance of the Service.

•When you link an external service to your Wellmo account, data from that service may be transferred to Wellmousing an aggregation service located outside the EEA. This may involve transfer and storage of your data outside the EEA.

•When you provide a third party consent to access your Wellmo data, that third party may be located or use services located outside the EEA. Check the third party’s privacy policy for details.

In such cases we take steps to ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard agreements approved by relevant authorities (where necessary) and by requiring the use of other appropriate technical and organizational information security measures.

By using the Service you consent to such disclosure.”

Please make sure that you review the Privacy Policy of Mobile Wellness Solutions MWS Ltd each time you use the QS Service, as Mobile Wellness Solutions MWS Ltd may update the policy at any time.

7.5.4 Mailgun (Mailgun, Inc.)

Mailgun is an email address management and message sending service provided by Mailgun Technologies Inc.

You agree to the use and access of your email address (and explicitlyexcluding access to your Health Data) by Mailgun TechnologiesInc. and other third parties in accordance with the Privacy Policy of Mailgun Technologies Inc, as amended by Mailgun Technologies Inc at any time:

https://www.mailgun.com/privacy-policy

Please note that the extracts of the Privacy Policy of Mailgun Technologies Inc. below are only for conveniencepurposes, and that only the Privacy Policy of Mailgun Technologies Inc. behind the link has legal relevance. 

At the moment of latest update of this policy, Mailgun Technologies Inc. announced to transfer data outside of EU:

”Mailgun participates and has certified its compliance with the EU-U.S. Privacy Shield Framework. Mailgun is committed to subjecting all personal data received from the European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List https://www.privacyshield.gov/list/.

Please make sure that you review the Privacy Policy of Mailgun Technologies Inc. each time you use the QS Service, as Mailgun Technologies Inc. may update the policy at any time.

7.5.5         Personal Data that You Direct Emfit to Share

You can allow Emfit to share your personal data (including Health Data) with other parties. For example, you might ask Emfit to link your Emfit QS account with a third-party app; send status updates to Facebook or Twitter; or ask Emfit to share data with your employer as part of a wellness program. If you ask to share your personal data with a third party, that personal data is governed by the third-party’s privacy policy. You can revoke your consent to share your personal data with the third party in your QS Service account settings.

8. REGULAR SOURCES OF PERSONAL DATA

8.1 Website

(a)    enquiry from you;

(b)    personal data given by you when contacting Emfit;

(c)    when you use the website;

(d)    data from third parties listed in Section 7; 

(e)    when you subscribe to mailing lists or newsletters;

(f)     data through contact and other forms and when you give answers to polls or competitions; 

(g)    data collected through cookies.

8.2  Webshop

(a)    enquiry from you;

(b)    personal data given by you when contacting Emfit;

(c)    when you use the webshop; 

(d)    when you make an order of Emfit’s products or services;

(e)    when you make a reclamation to Emfit;

(f)     data from third parties listed in Section 7; 

(g)    when you subscribe to mailing lists or newsletters

(h)    data through contact and other forms and when you give answers to polls or competitions;

(i)     data collected through cookies.

8.3 QS Service

(a)    enquiry from you;

(b)    data given by you when contacting Emfit;

(c)    when you use the QS Service;

(d)    when you make a reclamation to Emfit;

(e)    data from third parties listed in Section 7; 

(f)     when you subscribe to mailing lists or newsletters;

(g)    data through contact and other forms and when you give answers to polls or competitions.

 

 

9. REGULAR TRANSFEREES OF DATA

Personal data can be transferred to following third parties for the following purposes: 

(a)    Emfit can provide the personal data to its subcontractors who process the personal data on behalf of Emfit, such as Emfit’s ICT service providers and marketing services providers; and

(b)    personal data can be transferred if it is necessary to comply with legislation or requirements of authorities, to supervise and enforce Emfit’s legitimate interests or to detect, defend against or repair fraud or security or technical problems.

10. TRANSFER TO COUNTRIES OUTSIDE EEA

10.1 Emfit might transfer your personal data to countries outside the European Economic Area (EEA) and European Union (EU) (“Third Country”) to its subsidiaries or other subcontractorswho process personal data on behalf of Emfit and with whom Emfit has entered into standard data protection clauses adopted by the EU Commission or there is another legal basis for the transfer of personal data to Third Countries. 

10.2 The subsidiaries are:

North America

Emfit, Corp.

P.O. Box 342394, Austin, TX 78734, U.S.A

Southeast Asia

Emfit Technology Co., Ltd.

#2004 Dingsheng-Guangchang 1st bldg., Jinhui-Road, Danshui, Huiyang, Huizhou-City, Guangdong, China (516211)

10.3 Also the third parties defined in Section 7 might transfer your personal data to Third Countries, according to their privacy policies in Section 7. 

10.4 If there is no legally based right to transfer the data to a Third Country*), the basis of the transfer is your consent to the transfer, in which case you are hereby informed of the risks of such transfers. Such risks may include that the level of protection of individuals arising out of the EU laws is not necessarily guaranteed in those Third Countries, which can include e.g. that third parties or authorities can have access to the data to wider extent than according to EU laws, the security methods might not be at the level as regulated under EU laws and the users might not have effective remedies to inspect their data, rights to access their data or get their data corrected at the level as regulated under EU laws. 

10.5 *) A legally based right to transfer the data to a Third Countrycan be the following: A transfer may take place where either: (i) the EU Commission has decided that the Third Country or a territory or a processing sector within that Third Country ensures an adequate level of protection, (ii) the transferee has entered into standard data protection clauses adopted by the EU Commission, or (iii) there is other legal basis for the transfer, such as so called privacy shield approved by the EU Commission.

11. PROCESSING BY THIRD PARTIES

The website, webshop, QS Service and Emfit’s other services and products can include links to third party websites or services. Emfit is not liable for processing of data by these third parties. 

12. METHODS HOW REGISTER IS SECURED

The personal data processed by Emfit are secured by using the following methods and principles:

(a)    locks at Emfit’s premises;

(b)    electrical surveillance systems of Emfit’s premises and equipment;

(c)    firewall, anti-malware and spam filtering systems of Emfit’s communication networks and other software and hardware that protect the security of communication networks;

(d)    professional knowledge of Emfit’s personnel;

(e)    training of Emfit’s personnel;

(f)     the content of the register is in electronic form except for temporary special occasions; and

(g)    Emfit’s policies and guidelines relating to personal data matters.

13. RIGHT OF ACCESS

13.1  After having supplied sufficient search criteria, you have the right to get information on which personal data on you are being processed by Emfit or information that no such personal data is being processed. 

13.2 Where such personal data is being processed by Emfit, Emfit shall provide you a copy of the data and the following information:

(a)    the purposes of the processing;

(b)    the categories of personal data concerned;

(c)    the recipients or categories of recipients to whom the personal data is to be or have been disclosed, in particular to recipient in Third Countries;

(d)    the period for which the personal data will be stored;

(e)    the existence of the right to request from Emfit rectification or erasure of personal data concerning you or to object to the processing of such personal data;

(f)     the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority; 

(g)    where the personal data is not collected from you, any available information as to their source; and

(h)    the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

13.3 For any further copies requested by you, Emfit may charge a reasonable fee based on administrative costs. 

14. RECTIFICATION, PERIOD FOR WHICH PERSONAL DATA WILL BE STORED AND RIGHT TO LODGE COMPLAINT TO SUPERVISORY AUTHORITY

14.1  Emfit shall, at your request, without undue delay correct, erase or supplement your personal data contained in its personal data register in case of erroneous, unnecessary, incomplete or obsolete data taking into account the purpose of the processing, including by way of supplementing a corrective statement. 

14.2  If Emfit does not take such action on your request, Emfit shall inform you without delay and at the latest within one (1) month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy. Please note that you may bring the matter to be handled by the supervisory authority.

14.3 The personal data will be stored during the time period for which is necessary in relation to the purposes for which they are processed.

14.4 You have the right to lodge a complaint to the supervisory authority. The contact details of the supervisory authority:

http://www.tietosuoja.fi/en/index/yhteystiedot.html

Office of the Data Protection Ombudsman

P.O. Box 800

FIN-00521 HELSINKI

FINLAND

Address:

Ratapihantie 9, 6rd floor

00520 HELSINKI

Tel: +358 29 56 66700 (exchange)

Fax: +358 29 56 66735

Email: tietosuoja@om.fi

15. RIGHT TO PROHIBIT AND OBJECT PROCESSING

15.1 You have the right to prohibit Emfit to process your personal data for purposes of marketing purposes.

15.2 You have the right not to be subject to a measure which produces legal effects concerning you or significantly affects you, and which is based solely on automated processing intended to evaluate certain personal aspects relating to you or to analyse or predict in particular your performance at work, economic situation, location, health, personal preferences, reliability or behaviour. Automated decision-making is not used to process personal data at the moment by Emfit when its processes personal data according to this policy.

15.3 You have the right to object, on grounds relating to your particular situation, to the processing of personal data which is based on either of the following grounds for processing: (i) when processing has been found necessary for the purposes of the legitimate interests of Emfit or (ii) when processing has been found necessary in order to protect your vital interests. You however do not have the right to object, if Emfit demonstrates compelling legitimate grounds for the processing which override your interests or fundamental rights and freedoms or for the establishment, exercise or defence of legal claim.

16. RIGHT TO DATA PORTABILITY

16.1  At your request, if Emfit processes the personal data based on your consent or on a contract with you and if the processing is carried out by automated means:

(a)    Emfit shall provide you with the personal data which you have provided to Emfit, in a structured, commonly used and machine-readable format;

(b)    On your requestand if technically feasible, Emfit must transmit the personal your data in the same format directly to another controller.

16.2 This right referred may not adversely affect the rights and freedoms of others.

17. RIGHT TO BE FORGOTTEN AND ERASURE

17.1 You have the right to have your personal data erased at request if one of the following grounds applies:

(a)    the personal data is no longer necessary for the purposes for which they were collected or otherwise processed;

(b)    you withdraw consent on which the processing is based and where there is no other legal ground for the processing;

(c)    you object to the processing;

(d)    the personal data have been processed unlawfully; or

(e)    the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Emfit is subject.

17.2  However, Emfit does not have to erase the data based on above grounds to the extent Emfit still needs to process the data:

(a)    for exercising the right of freedom of expression and information;

(b)    for compliance with a legal obligation which requires processing by law to which Emfit is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c)    for reasons of public interest in the area of public health in accordance with legal requirements;

(d)    for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with legal requirements; or

(e)    for the establishment, exercise or defence of legal claims.

 

 

18. RIGHT TO RESTRICTION OF PROCESSING

18.1  ‘Restriction of processing’ means the marking of stored personal data with the aim of limiting its use in the future.

If you request, Emfit must restrict processing in the following situations: 

(a)    the accuracy of the personal data is contested by you, for a period enabling Emfit to verify the accuracy of the personal data;

(b)    the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; 

(c)    Emfit no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims; or

(d)    you have objected to processing, but verification whether the legitimate grounds of Emfit override those of yours is still ongoing.

18.2  In the situations listed above, Emfit can only process the personal data:

(a)    with your consent or for the establishment, exercise or defence of legal claims;

(b)    for the protection of the rights of another natural or legal person;

(c)    for reasons of important public interest of the Union or of a Member State; and 

(d)    to store the data. 

Scroll to Top