Effective date: November 30, 2018
We at Wearit know you care about how your personal information is used and shared, and we take your privacy seriously. We process your personal data when you use our apps, devices, software, websites, applications programming interfaces (APIs), sensors, products, and services (the “Services” or “Wearit Services”).
The processing of your Personal Data takes place in compliance with the European Union’s General Data Protection Regulation 2016/679 (GDPR) and the Italian data protection law (D.Lgs. 196/2003).
You will learn about the data we collect, how we use it, the controls we give you over your information, and the measures we take.
1. DATA CONTROLLER
2. INFORMATION ABOUT YOUR PERSONAL DATA
"Personal Data" is information that can be used to identify you, directly or indirectly, alone or together with other information.
We will ask for your consent to process your Personal Data ticking a box (or equivalent action) to indicate your consent when (i) providing us with your Personal Data through our Services or a form; or (ii) registering or creating Your Account with us.
2.1 Account Information
Some information is required to create Your Account on our Services or are provided when you interact with us, such as:
login and account information, including a nickname, a valid email address (username) and a password;
personal details, including date of birth and gender;
data on physical characteristics, such as weight and height;
location, device IDs;
When you create Your Account or interact with us or you enable certain features of the Services you may choose to provide further information, such as:
profile photo; performance metrics of your activities, including location, start time, duration, distance, vertical, speed, angle, G-Force, ski-level, perceived fatigue-level;
event participation: name, location, time;
biometric data and data elements derived therefrom, training plans, interactive features;
photographs, images and videos, illustrations, animations;
text, communications, replies, “likes”, comments;
Any of the above mentioned and further information you provide, post, upload, store, share, send or display, and the information generated by the Services you choose, are together defined also as “Your Content”.
Friendship and Group Information
If you contact us or participate in a survey, contest or promotion, we collect the information of Your Content you submit, such as:
group name, user, time joined;
interactive games: performance metrics, record, location, users;
friendship requests or acceptances: time, user;
messages and interactions with other users.
If you connect with friends on the Services or invite friends who have not jet joined, you may provide us their email addresses, access to their social networking accounts, use the contact list on your mobile phone.
We do not store your contact list and delete it after it is used for adding contacts as friends.
3. INFORMATION COLLECTED AUTOMATICALLY
3.1 Device Information
Your devices collect data to estimate a variety of metrics like the speed and distance travelled, the quality and fatigue-level of your activity, calories burned, active minutes, and location. The data collected varies depending on which device you use. When your device syncs with our applications or software, data recorded on your device is transferred from your device to our servers.
3.2 Location Data
The Services include features that use precise location data, including GPS signals, device sensors, Wi-Fi access points, and cell tower IDs, or derive your approximate location from your IP address. We collect this type of data if you grant us access to your location. You can always remove our access using the specific setting inside our digital tools (web or mobile). When you do so we will not be able to provide you with the Services.
3.3 Usage Information
Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, “cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested.
When your device syncs with our applications or software, data recorded on your device is transferred from your device to our servers.
We may use this data to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services interesting to as many users as possible.
4. INFORMATION RECEIVED FROM THIRD PARTIES
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. For example, if you connect to Facebook or Google, we may receive information like your name, profile picture, age range, language, email address, and friend list. You may also choose to grant us access to your exercise or activity data from another service.
We may partner with third parties, such as employers and insurance companies that offer Wearit services to their employees and customers. In such cases, those companies may provide us with your name, email address, or similar information (like a telephone number or subscriber ID) so that we can invite you to participate or determine your eligibility for particular benefits, such as discounts or free services.
You can stop sharing the information from the other service with us by using the specific setting inside our digital tools (web or mobile). When you do so we will not be able to provide you with the Services.
5. HEALTH DATA AND OTHER SPECIAL CATEGORIES OF PERSONAL DATA
To the extent that information we collect is health data or another special category of personal data subject to the GDPR (under Ar. 9 GDPR Special Categories of Personal Data are “data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”), we ask for your explicit consent to process the data. We obtain this consent specifically when you take actions leading to our obtaining the data, for example, when you pair your device to Your Account, grant us access to your exercise or activity data from another service, or use the health tracking feature.
You can withdraw your consent to process your Special Categories of Personal Data mentioned above in articles 2, 3, 4 by using the specific setting inside our digital tools (web or mobile). When you do so we will not be able to provide you with the Services.
6. INFORMATION THAT’S BEEN DE-IDENTIFIED
We may provide that information to our partners and we may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as an individual person.
7. PURPOSES AND LEGAL BASIS OF PROCESSING PERSONAL DATA
We collect your Personal Data in a number of ways and for various purposes. In this section we provide information on the legal basis for our processing of your Personal Data as required by Art. 13 and 14 of the GDPR. Some processing is addressed in multiple sections because more than one legal basis may apply depending on the circumstances or Service.
When you register for Your Account or interact with our Services.
We collect Personal Data when you use or interact with our Services, including when you register with us.
The data you provide to create Your Account and Your Content enable your activity within our Services, and to provide the Service generally, including to develop, enhance, and improve our Services and your experience. We also use this data for internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
Certain user profile information, including your username, location, and any video or image content that you have uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services.
Please remember that any content you upload to your public user profile, along with any information or content that you voluntarily disclose online in a manner other users can view becomes publicly available, and can be collected and used by anyone.
Your username may also be displayed to other users if and when you send messages or comments or upload images or videos through the Services and other users can contact you through messages and comments.
Using the information we collect, we are able to deliver the Services to you and honour our Term of Service contract with you. For example, we need to use your information to provide you with your Wearit dashboard tracking your exercise, activity, and other trends; to enable the community features of the Services; and to give you customer support.
For the Services’ community features, we may use your information to help you find and connect with other users and to allow other users to find and connect with you. For example, Your Account contact information allows other users to add you as a friend. When another user has your email or mobile phone number in their contact list or in their friend network on a connected service, we show that user that you are a user of the Services.
When you register for an account or interact with our Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
2. When you input Additional Information, Health and other Special Categories of Personal Data within our Services or use our Services that collect or infer such data from mobile device sensors. When you use or interact with a wearable or other connected device
We also collect Personal Data, including Special Categories of Data, when you input Additional Information, Health and other Special Categories of Personal Data within our Services, when you use mobile device sensors, or an Internet-connected device such as activity trackers or other wearables that are not personal computers or mobile phones or tablets.
When you use a wearable or connected device or product, we may also collect certain information about the device or product such as serial number, Bluetooth address, UPC, or other device related information.
For Special Categories of Personal Data (including health data and biometric data) as defined in the GDPR, we process such data on the basis of your consent, Art. 9 (2) (a) GDPR.
For Personal Data which we need in order to perform the Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR, or on the basis of our legitimate interest to enhance our Services, Art. 6 (1) (f) GDPR.
3. When you provide us Location Data.
We collect Location Data as part of the functionality of our Services, such as to provide route tracking, geographically relevant Services, offers, or ads and to conduct analytics to improve the Services. We may collect Location Data in several ways, such as through your wireless carrier, based on WiFi access point location, via Bluetooth beacons, through a connected device, or directly from the device on which you use the Services. If you choose to purchase or rent apparel or products with specially embedded hardware to track the movement or location of the apparel product, these technologies may also enable collection of precise Location Data. If you are accessing the Services through one of our mobile applications, the way we collect precise Location Data will differ depending on your mobile device's operating system.
When we collect precise Location Data following your prior consent, we process such data on the basis of your prior consent, Art. 6(1)(a) GDPR.
In other cases where we process your Location Data without consent, for example in order to provide our Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
4. When you communicate with us or sign up for promotional materials.
We collect Personal Data when you communicate with us or sign up to receive promotional materials or information via email, push notifications, or text messages - including email address, mobile number, etc.
If you consent to such messages, we may use your Personal Data and other information to communicate with you about the Wearit products or Services you have rent or used; provide you with promotional messages and personalized advertising; to notify you of Services we think may be of interest to you and for other marketing purposes.
We may use your Personal Data to respond to your requests for technical support, online services, product information or to any other communication you initiate. This includes accessing your account to address technical support requests. We may also use your Personal Data to address your requests, inquiries and complaints.
When we provide you geographically relevant Services, offers, advertising, promotional materials:
Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR.
Where we do not collect your consent in such case, for such data that we need in order to perform the Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
Where we do not collect your consent in such case and where we do not need such data in order to perform the Services, we process such data for our legitimate interest in offering you marketing and improving our Services, Art. 6 (1) (f) GDPR
5. When you engage with our online Community or advertising.
We may collect your Personal Data when you engage with our online Community, which is the total group of users that have signed-up and are using our Services. This includes when you click on advertisements, interact with our social media pages, submit content, leave reviews, or otherwise enter information into comment fields, blogs, games, races and other community forums sponsored by or affiliated with Wearit. You should be aware that if you voluntarily disclose information, personal or otherwise, online in any community area or as Interactive Games (such as “UpSki Games” in our Mobile App) that information can be collected and used by others.
For example, if you use chat or if you post personal information online, you may receive unsolicited messages from others. Wearit has no control over this use of your personal information.
When you engage with our online communities or advertising and we actively collect your Personal Data in this context, we process such data on the basis of basis of your prior consent, Art. 6 (1) (a) GDPR, and our legitimate interest to provide you promotional messages, Art. 6 (1) (f) GDPR.
6. When you access third party products and services.
We may allow you to register and interact with another website, mobile application, or Internet location (collectively "Third Party Sites") through our Services, specifically inside the mobile App section called “Smart Services”, and we may collect Personal Data that you share with Third Party Sites through our Services. When we do so, we will inform you of the further details of how we use your Personal Data.
When you access third party products and services and we obtain Personal Data about you from such third party sources:
For Personal Data that we need in order to perform the Services such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to improve our Services.
7. When you connect with us through social media.
You may choose to enable, log into, or sign on to the Services through social media or social networking services, such as Facebook or Google ("Social Networking Service" or "SNS").
When you connect using your SNS accounts, we may collect Personal Data that you have provided to that SNS:
Facebook Inc.: First and last name, email address, gender, birthdate, profile picture, friend list;
Google Inc.: First and last name, email address, gender, birthdate; and profile picture.
We use this data to provide, enhance, and personalize the Services (e.g., to help connect you with or suggest friends within our Services).
When you connect with us through social media:
Where we collect your consent in such case, for instance for marketing purposes, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR.
Where we do not collect your consent in such case, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use the full range of our Services (Art. 6 (1) (f) GDPR).
8. When we collect data from third parties or publicly-available sources.
We may obtain certain data about you from third party sources to help us provide and improve the Services and for marketing and advertising. We may combine your Personal Data with data we obtain from our Services, other users, or third parties to enhance your experience and improve the Services.
In this case:
For Personal Data which we need in order to perform the Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use our Services more efficiently.
9. When we leverage and/or collect cookies, device IDs, Location, data from the environment, and other tracking technologies.
We may collect certain Personal Data using cookies and other technologies such as web beacons, device IDs, advertising IDs, geolocation, Flash cookies and IP addresses. We specifically use browser cookies for different purposes, including cookies that are strictly necessary for functionality and cookies that are used for personalization, performance/analytics, and advertising.
In this case, we process such data on the basis of your consent, Art. 6 (1) (a) GDPR, or
based on our legitimate interest, Art. 6 (1) (f) GDPR, where we do not obtain your consent and our legitimate interest is to provide you with better Services or marketing.
10. When we aggregate or centralize data.
We aggregate and centralize Personal Data and Special Categories of Data for purposes of analytics, innovation, and to provide enhanced services to our customers and end-users.
When we aggregate or centralize data, such processing is either necessary for the performance of our Services, Art. 6 (1) (b) GDPR, or
we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with better or customized Services and marketing.
When we conduct analytics, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to develop and improve our Services.
11. When we link you to friends across platforms.
Some of our Services consist of social sharing and communication with others. We use your Personal Data to enable sharing as described in the Services, including to enable you to find and link to friends on other Wearit platforms.
In this case:
Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR.
Where we do not collect your consent in such case, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
12. When we comply with Legal Requirements or Obligations, Law Enforcement and for Public Safety Purposes.
When we use Personal Data for the previous purposes or we investigate suspected illegal or wrongful activity:
processing is necessary for compliance with a legal obligation to which we are subject, Art. 6 (1) (c) GDPR, or
we process such data on the basis of our legitimate interest to ensure compliance with legal requirements and law enforcement requests and for public safety purposes, Art. 6 (1) (f) GDPR.
8.DATA CONCERNING MINORS
Wearit will never be responsible for a minor's communication of falsified personal information.
Persons under the age of 14 are not permitted to create accounts unless their parent has consented in accordance with applicable law. If we learn that we have collected the personal information of a child under the relevant minimum age without parental consent, we will take steps to delete the information as soon as possible. Parents who believe that their child has submitted personal information to us and would like to have it deleted may contact us at email@example.com.
9. HOW WE DISCLOSE PERSONAL DATA
a. To Service Providers and Vendors. With technical partners to provide, improve, and personalize the Services.
b.To Social Network Providers.
c. To other Users/Wearit Registered Users.
With other users in the context of specific Services that are social in nature. In these cases, we disclose social data and certain Fitness and Wellness Data by default because the service being provided is one of social interaction. Additionally, any information you post or disclose in our community forums (for example Facebook) is public.
d. For Advertising and Marketing.
With advertising and marketing partners for advertising and marketing purposes on Wearit's behalf and on behalf of third parties, including Facebook.
In addition, with your consent, we may share your precise Location Data with Third Parties for on and off platform personalization and curated marketing and advertising purposes.
e. For Certain Analytics and Improvement.
With certain companies for purposes of analytics and improvement of the Services.
f. For Interest-Based Advertising.
With companies involved in interest-based advertising, including web, mobile app and other advertising. This advertising consists of Wearit and third party ads that are personalized and displayed on our sites and apps and through other channels. Advertising also includes personalized ads from the Wearit family of companies displayed on Third Party Sites and apps and through other channels.
g. For Legal Compliance, Law Enforcement, and Public Safety Purposes
h. In the event of an actual or contemplated sale.
With prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.
10. TRANSFERS OF YOUR PERSONAL DATA TO OTHER COUNTRIES.
Our products and services may be provided using resources and servers located in various countries around the world. Therefore your personal data may be transferred outside the country where you use our services, including to countries outside the European Economic Area (EEA), where the level of data protection may not be deemed adequate by the European Commission. In such cases we take steps to ensure that adequate protection for your personal data is provided as required by applicable laws.
By using our Services and submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data to third countries.
11. PERIOD OF DATA RETENTION
We will retain your Personal Data for as long as you maintain Your Account or as otherwise necessary to provide you the Services.
We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, prevent harm.
You may at any time withdraw your consent with future effect and without affecting the lawfulness of processing of your Personal Data based on the consent you provided before you withdrew it. Depending on the Service, collection and use of Personal Data may be required for the Services to work.
You can use Your Account to withdraw your consent at any time, including by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or Your Account.
Wearit and its users may retain and continue to use, store, display, reproduce, share, modify, create derivative works, perform, and distribute any of Your Content that otherwise has been shared through the Services. When you post something publicly, or you share information in others may choose to comment on it, making Your Content part of a social conversation, or part of a group game, Wearit and its users license to Your Content continues even if you stop using the Services and you terminate Your Account.
Following termination of your Account, or stopping using the Services or the removal of Your Content from the Services, we may retain Your Content and Your Personal Data, not shared and non public, until the expiring of the limitation period prescribed by law to comply with our legal obligations, resolve disputes, and enforce our agreements
Expired this period, your Personal Data will be transformed into an anonymous form, in order not to permit – even indirectly – to identify the interested parties.
12. METHODS OF PROCESSING
In addition to Wearit, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by Wearit.
The Data is processed at the Wearit's operating offices and in any other places where the parties involved in the processing are located.
We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
A cookie is a small text file that is saved to, and, during subsequent visits, retrieved from your computer or mobile device. If you use our services, we will assume that you agree to the use of such cookie.
While this Policy uses the general term “Cookies”, as they are the main method for storing information used by this website, the browser's "Local Storage" space is also used for the same purposes as the Cookies. All the information included in this section is also applicable to this "Local Storage".
Cookies used on website
Cookies are an essential part of how our website works. The main purpose of our Cookies is to improve your browsing experience. For example, they are used to remember your preferences (language, country, etc.) while browsing and on future visits.
Third parties Cookies used on Website
Some Website pages contain electronic tags that we use for example to help deliver cookies on our websites or count users who have visited those websites. We include similar technologies in our electronic communications to determine whether you open and act on them.
In addition to placing tag on our own websites, we sometimes work with other companies to place our tag on their websites or in their advertisements. This helps us develop statistics on how often clicking on an advertisement on our website results in an action on the advertiser's website.
Finally, our Website often contain tag or similar technologies from third-party analytics providers, which help us compile aggregated statistics about the effectiveness of our promotional campaigns or other operations. These technologies enable the analytics providers to set or read their own cookies or other identifiers on your device, through which they can collect information about your online activities across applications, websites or other products. However, we prohibit these analytics providers from using tag on our sites to collect or access information that directly identifies you (such as your name or email address). If you wish to opt out of data collection or use by some of these analytics providers, you can can do so by using the specific setting inside our digital tools (web or mobile).
14. HOW TO CONTACT US
If you have any questions, comments, or concerns about how we handle your Personal Data, then you may contact us at:
15. HOW TO EXERCISE YOUR RIGHTS
To exercise your rights to your Personal Data, please contact us through our email firstname.lastname@example.org. Subject to applicable law and in exceptional circumstances only, we may charge for this service and we will respond to reasonable requests as soon as practicable and in any event, within the time limits prescribed by law.
You have the following rights:
Revocation of consent (Art. 7 GDPR): you can revoke your consent – in those cases where consent for processing is necessary – for future data processing at any time. However, this does not affect the lawfulness of Data processing based on the consent before the revocation. In certain cases, we may continue to process your information after you have withdrawn consent, if we have another legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Data, and access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved).
Right to rectification (Art. 16 GDPR): You have the right to have your Personal Data corrected, as permitted by law.
Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data, as permitted by law. This right may be exercised among other things: (i) when your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for processing; (iii) when you object to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or when you object to the processing pursuant to Art. 21 (2) GDPR; or, (iv) when your Personal Data has been unlawfully processed.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing under limited circumstances, including: when the accuracy of your Personal Data is contested; when the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your Personal Data instead; or when you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of Wearit override your grounds.
Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Data, as permitted by law. This right is limited to processing based on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on those provisions, and processing for direct marketing purposes. After which, we will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to lodge a complaint before the Data Protection Authority.
You have the right to do so if you consider that the processing of Personal Data relating to you infringes applicable data protection laws.