Effective Date: 25 November 2018
This document describes how iQniter ApS collects and processes your personal data.
- visit our websites http://www.iqniter.com and my.iqniter.com
- use our ‘Services’, which cover iQniter’s training solutions and iQniter Smart Sensors related hereto, your dedicated page on my.iqniter.com, iQniter’s dedicated fan page on Facebook, Instagram and Twitter.
- Who are we
- The information we collect about you
- How we use your personal data
- Disclosures of your personal data
- Data security
- Retention period
- Your rights
Who are we
If you have any questions or concerns about how your personal data is handled, including any requests to exercise your legal rights, please contact us via our Contact Form or via email at firstname.lastname@example.org.
The information we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include anonymous data.
We may collect, use, store and disclose different kinds of personal data about you which we have grouped together as follows. Some of the data you have provided to us directly whereas other personal data about you is collected by our Services, automatically:
- Identity Data includes first name, last name, username or similar identifier, title, date of birth, country of residence and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Body metrics includes Height, Weight, Max heart rate, Functional Threshold Power and Activity Level
- Workout Data includes workout information our Services collect automatically when you use them, that is heart rate, power, cadence, burned calories, fitness tests results and challenges results. Our Services also include tailored features that personalize your experience and enhance the value that our platform provides to you. For example, we may use your gender, birthdate and weight to estimate your personal calorie burn during a workout or compute your initial Max HR value based on your gender and birthdate.
- Financial Data includes bank account and credit card information, which is stored safely at third parties.
- Transaction Data includes details about payments to and from you and other details of Services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website and our Services.
- Profile Data includes your username and password (encrypted), purchases or orders made by you, your interests, preferences, feedback, information provided to our customer survey and survey responses. You also have the option to add you heart rate belt and related profile information such as Max HR, FTP, gender, weight, etc.
- Usage Data includes information about how you use our Services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and third parties and your communication preferences.
How we use your personal data
We have set out below, in a table format, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
In some cases, we may ask you to consent specifically to a processing activity. We will not process your personal data if you do not consent specifically to such processing, e.g. disclosure of your personal data to third-party partners. If you have provided your consent to a processing activity you may withdraw such consent at any time, however, this will not affect any processing that has already taken place.
Type of personal data (as categorized above)
Legal basis for processing, incl. description of our legitimate interest where relevant
|To register you as a user of a Service and in our system|
Necessary to perform a contract with you, c.f. GDPR art. 6 (1)(b)
|To provide our Services to you including provide real-time feedback during your workout, identify you on the leaderboard using your name etc.||Necessary to perform a contract with you, c.f. GDPR art. 6 (1)(b)|
To perform customer service
Performance of a contract with you, c.f. GDPR art. 6 (1)(b a)
(b) Necessary for our legitimate interests (to perform customer service), c.f. GDPR art. 6 (1)(f)
|Share your User name and Sensor ID with your fitness club operator(s) of the fitness clubs you exercise in for the purpose of enabling you to use our Services in the fitness club. For the same purpose your User Name, Sensor ID and Workout Data will be shown on the leaderboard in the studio where you perform your workout during your workout.||Performance of a contract with you, c.f. GDPR art. 6 (1)(b a)|
|To share your data registered by our Services with the fitness club operator(s) of the fitness clubs you exercise in. The Purpose is set out below under disclosures and will depend on which disclosures you consent to.||This will be based on your consent, c.f. GDPR art. 6 (1)(a).|
|To send you newsletters and other marketing material, including displaying ads on other companies’ websites and applications, as well as on platforms like Facebook, Instagram and Twitter.||(a) Necessary for our legitimate interests (to market our Services), c.f. GDPR art. 6 (1)(f).|
|To administrate our relation to you, including asking you to participate in user surveys||Necessary for our legitimate interests (to study how customers use our Services, to develop them and to grow our business), c.f. GDPR art. 6 (1)(f).|
|To administer and protect our business and the Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security and to prevent fraud), c.f. GDPR art. 6 (1)(f).|
|To use data analytics to improve the Website and Services, marketing, customer relationships and experiences||Necessary for our legitimate interests (to define types of customers for our Services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy), c.f. GDPR art. 6 (1)(f).|
Disclosures of your personal data
We disclose information we collect about you in the ways described below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers.
Disclosure of personal data to fitness club operators
When you use our Services, you may in the Privacy setting – via an opt-in function – choose to share your personal data as described above. Below is explained in further detail what personal information you can choose to share with your fitness club operators. We will only share your personal data with the fitness club operator based on your explicit consent, except for the following personal data which are basics for using the iQniter services in the fitness clubs and will always be displayed on the fitness clubs group screen: Your display name and your actual values for the current selection of exercise metrics during an iQniter session (Heart Rate, Power, Peak Training Effect, Recovery Time, Score, etc.).
For improved personal training services: If you agree, we share your Workout Data history with your fitness club operators and trainers in order to allow them track your fitness level over time and optionally provide you enhanced and personalized training program. We share your personal fitness level attributes (e.g. FTP, LTHR, Max HR, Activity level, VO2Max, gender, height, weight, birthdate) with your fitness club operators. This information is basic for proper operation of the iQniter Services in the fitness club. They can edit these values for you and make them more accurate for you, based on their professional experience and their acquaintance with you. For example, they can edit your FTP for you and then your %FTP and power zones displayed on our training systems will be more accurate. You can change permissions in your Privacy settings at my.iqniter.com.
For public leaderboards: If you agree, iQniter and iQniter partners want to service you by promoting your workout performance on our websites, other public leaderboards or general email services. For example, being visible on public leaderboards showing top-10 having most burned calories or top-10 achieved highest score. You can change permissions on your Privacy settings at my.iqniter.com.
Disclosure of personal data to other third parties
We share information with other third parties that help us operate, provide, improve, integrate, customize, support and market our Services.
iQniter uses its best efforts to protect Personal Information against loss and unauthorized use. Please beware that personal information may be legally and rightfully disclosed when it is required by law or when we are protecting iQniter’s rights or property or the rights or property of other iQniter users, if we have reason to believe that other parties may be interfering with your or our rights and property.
Data Processors: We work with third-party service providers to provide website and application development, hosting, support, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf – iQniter subsidiaries, iQniter affiliates, iQniter distributors, they do so under written instruction from us, including abiding by policies and procedures designed to protect your information.
Disclosure of training data: If agreed, we disclose your Identity Data and Workout Data to Movescount (Amer Sports Cooperation), Netpulse or other third parties you agree to for the purpose of displaying your training data to you in their system.
Twitter: We use the short messaging service Twitter Inc., 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. When using Twitter, for example, by means of a “re-tweet”, Twitter links your Twitter account with the corresponding websites you used. Twitter passes this information on to other users, in particular your followers. This represents a transmission of data into the USA and thus data processing in terms of data protection law into a third country. Twitter has not informed us about either the content of the transmitted data or about further use of the data. For the Twitter data protection disclaimer, see: http://twitter.com/privacy
Integration of Third-Party Services: The website may include links to third-party websites, plug-ins and applications such as YouTube, maps from Google Maps, RSS feeds, or graphics. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
From time to time, we may also need to disclose personal information to other parties, such as any person (natural or legal) or organisation to whom we may be required by applicable laws to disclose personal information, including, but not limited to, law enforcement authorities, financial institutions, and central and local government.
Personal information may also be disclosed in connection with a corporate restructuring, sale, or assignment of assets, merger, divestiture, or other changes of the financial status of us.
Finally, personal information may also be disclosed if necessary, to protect the vital interests of us (unless this would prejudice the rights and freedoms or interests of you), or in our judgment to comply with applicable law, legal or regulatory obligations or regulatory inquiries or requests.
We use data hosting service providers in Europe to host the information we collect, and we use technical measures to secure your data. While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep the data we collect about you depends on the type of data processed, as described in further detail below. When we no longer have a legitimate purpose for processing your data, we will either delete or anonymize your information.
User account information: As a ground rule, we retain your account information until you delete your user account. If you have not been active for 24 months, we will automatically delete your account.
Information relating to your purchase of the Services will as a ground rule be deleted after three years after the end of the calendar year that you made your purchase. However, we may retain your data for a longer period of time in case we a legitimate purpose for this, e.g. if it is necessary for the establishment, exercise or defense of legal claims or in case it is necessary to comply with a legal obligation,
Accounting information will be stored for 5 years till the end of the accounting year pursuant to the Book Keeping Act.
We also retain some of your data as necessary to support business operations and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information. Please note that we keep documentation for your consent for two years after you withdraw your consent due to the statute of limitation. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
To create transparency about our processing of your Personal Data, please find below information of your rights as registered. You have the right to:
Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Our Services give you the ability to access and update certain information about you from within the Service. For example, you can access and update your personal information from your account settings and update your name, gender and birthdate. You can also update your profile picture, primary email address, weight, height and additional fitness related attributes.
Correction of the personal information that we hold about you. You can correct this information at my.iqniter.com. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. You can ask us to delete all personal data collected and processed by iQniter. Data and profiles that identifies you will be deleted 30 days after you have informed us to do so. As a consequence, related data, e.g. training records, will be anonymized.
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal information to another party (also known as data portability). Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information.
You may opt out of receiving general service communication or promotional communications from us by using the unsubscribe link within each email, updating your email preferences within your Privacy Settings page at http://my.iqniter.com, or by contacting us as provided below to have your contact information removed from our service email list, promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services or other important communication such as password reset notifications.
The right to lodge a complaint: You also have the right to lodge a complaint with the local data protection authority, if you believe or suspect that we process your Personal Data in an unlawful manner. In Denmark it is Datatilsynet. You can find Datatilsynets contact information here.
Where your data was transferred to other applications and maintained by third parties, for example Movescount, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted.
Version 2.2, November 2018