All of Handy Gym’s websites and mobile apps, as well as, the products or services offered through such platforms or at events or Handy Gym training courses are collectively referred to in the Policy as the “Services”. Unless otherwise noted, our Services are provided by Global Traktus S.L.
Your Personal Data
When we refer to “you” or “your” in this Policy we mean any individual who is a visitor or unregistered guest of any of our Services, who holds an account or creates a profile for any Services offered by Handy Gym, who receives any survey, questionnaire, application, or other form of Personal Data request from Handy Gym, or any individual who comments on, reviews, or who otherwise posts any content generated by the individual on any of our Services (or Handy Gym’s social media networks which then may be shared with or accessed by the Services).
“Personal Data” as used in the Policy means information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number, precise geographic location, “Device IDs” (as defined below), certain cookie and network identifiers, and “Health-Related Information” (as defined below).
We may also create anonymous data from Personal Data by excluding personally identifiable data components (such as your name, email address, telephone number, or IDs) that makes the data personally identifiable to you, through one or more secure methods of data anonymization. Our use of anonymized data is not subject to this Policy.
BY USING THE SERVICES, YOU CONSENT TO THE COLLECTION, USE, AND TRANSFER OF YOUR PERSONAL DATA FOR PROCESSING IN SPAIN AS PROVIDED FOR IN THIS POLICY.
1. HOW DO WE COLLECT PERSONAL DATA?
We may collect Personal Data in any situation where you may voluntarily provide us such Personal Data (i.e., via email, a response to a survey, participation in an event or course, or other direct contact from you), as well as, in a number of other ways which include:
- If you choose to register with us and create a user account or profile you are required to enter your name, email, and create a password. If you make a payment to Handy Gym you are required to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g., a credit card number and expiration date or other payment information). If you provide a billing address, we will regard that as the location of the account holder to determine which Handy Gym entity with whom you contract.
- Additionally, you have the option of providing and/or storing additional information as may be specified on the applicable Handy Gym Services. For example, if you register with one of Handy Gym’s apps, then such additional information may include the collection of a limited amount of fitness, physical activity, and health-related information from you (collectively, “Health-Related Information”). This Health-Related Information (such as whether you are pregnant, suffer from a heart condition, dizziness, high blood pressure, and knee or back problems) helps you determine your eligibility to participate in training programs that may be accessed through the corresponding Handy Gym APP. If you participate in such training programs, we may also obtain certain measurements, height, weight, and age from you. Your calories burned, distance travelled and heart rate may be obtained from your mobile device. We may also receive Health-Related Information and other related data from the Apple HealthKit API.
- When you access the Services from your own devices (whether your own computer or mobile phone, tablet, or other devices), then we may collect certain identifying information of your device such as the IP address, UUID (for mobile devices), operating system version, device type, system and performance information, the files viewed on our Services (e.g., HTML pages, graphics, etc.), and browser type (collectively, “Device IDs”). We may use your Device ID to provide a tailored experience for you. In addition, the Device ID information may be collected in order to determine the aggregate number of unique devices using a particulate Service, to track total usage, analyze data, and communicate with you more effectively. We may combine your Device ID with information from third parties to provide you with a better experience and to improve the quality of our service. We do not share any Personal Data with third parties in association with your Device ID.
- Visitors or unregistered guest users are only required to provide as much information as is reasonably necessary to complete any transaction which they have initiated through the Services, including an email address, billing, and shipping information. However, unlike a registered user who may opt to have shipping information stored, unregistered guest users’ shipping information will not be stored and will only be used for purposes of completing the transaction for which it was provided.
- We will be using browser session data to store your shopping cart on any Handy Gym website where products or services may be purchased, as well as, your session data while you browse these websites. Your session data will be stored only for that browser session. However, if you have logged into your Handy Gym website account as a registered user, then your activities will be saved by browser session and stored on the server with a session ID.
- We do monitor the use of the Services by collecting aggregate information. No Personal Data is collected in this process. Typically, such information comprises user statistics, traffic patterns, sales, and site usage. This information is used for our business optimization and assessment purposes, including to improve usability, performance, and effectiveness of the Services.
- In some instances, we may collect aggregate data through cookies and similar files. The majority of browser applications accept cookies and similar files, but you can usually change the browser settings to prevent this. However, if you do so, some functionality of the Services may be impaired or lost, particularly any customization features of the Services. Cookies help us customize your content experience (for example to store your password so you do not have to re-enter it each time you access your account on a Handy Gym app) and to learn which areas of the Services are useful and which areas need improvement.
- We also do allow certain Google Analytics features on our Services that are used as part of our display advertising (such as banners or other ad formats that include text, videos, images, flash, and etc.) and subsequent retargeting ads. You may opt out of certain types of Google Analytics tracking (or preempt your participation in Google Analytics) by contacting Google directly through its customer ad support feature and/or downloading the Google Analytics opt-out browser add-on. Again, you may always remove or disable cookies via your own browser’s settings.
- If you arrive at any of Handy Gym’s Services from an external source (such as “refer a friend” promotions), we record information about the source that referred you to us. We collect your Personal Data from third parties if you give permission to those third parties to share your information with us or where you have made that information publicly available online.
- Our Services may provide links to third-party websites that are outside of our control and not covered by the Policy (e.g. Instagram, Facebook, Twitter, etc.). We encourage you to review the privacy policies posted on these (and all) websites and corresponding apps to learn about these third parties’ policies and practices with respect to your Personal Data.
2. HOW DOES HANDY GYM USE PERSONAL DATA?
Whether you access any of the Services either as a visitor or unregistered guest, or as a registered user, your Personal Data is used to provide the transaction or give you access to the products, content, or other services you may purchase or request. If you choose to create a user name and profile/account, we may additionally use your Personal Data to contact you to remind you about products which remain in your shopping cart or to obtain product feedback or reviews.
Other ways we may use your Personal Data include:
- We may disclose your Personal Data internally within Handy Gym and with other companies that are affiliated with or controlled by Handy Gym in order to provide and improve the Services, or for marketing purposes.
- We may disclose your Personal Data with our business partners, service providers, vendors, authorized distributors, agents, or contractors in order to provide a requested service or transaction or to process the information on our behalf (collectively, “Data Processors”). For example, if we need to ship something to you, we must share your name and address with a shipping company. We require that these Data Processors agree to process Personal Data based on our instructions and in compliance with prevailing privacy laws and any other appropriate confidentiality and security measures.
- We also may share non-personal, aggregate information regarding customer demographics, traffic patterns, sales, and site usage with our Data Processors or other thirty party internet advertisers or content publishers. We may transact some services or offer access to content in collaboration with these Data Processors or other third parties. Personal Data that you provide to those Data Processors or other third parties may be sent to us so that we can deliver the requested product, content, or service.
- Personal Data may also be accessed by third-party applications, such as gadgets or extensions, through Services. Any Personal Data when you enable such a third party application is processed under the Policy. Any information collected by a third party application provider is governed by their privacy policies.
- We may disclose your Personal Data with our social media network providers and any comments, statuses, updates, likes, tweets, and etc. that you voluntarily share with us through our social media networks may appear on our Services in the scrolling bar or other designated areas that shows activity on our pages or profiles.
- We may from time to time contact individuals based on Personal Data that you may provide us that will be used for “refer a friend” or similar “email to a friend” promotions. You must have the consent of those individuals whose Personal Data or other information you are providing to us. By submitting the Personal Data or other information of such individuals, you confirm that you have that individual’s prior consent: (a) to his/her Personal Data (such as their name and email address) being disclosed to us, and (b) to our contacting them. Handy Gym reserves the right to disclose that we have obtained the individual’s Personal Data or other information from you and that we are contacting them because you have told us they may be interested in our Services and have provided us with their name and email address. You are solely responsible for any personal messages you submit to the individual. You must not submit any message containing content that is illegal, obscene, indecent, offensive, blasphemous, defamatory or otherwise inappropriate.
- In order to accommodate changes in our business, we may sell our company or buy other companies or assets, including any Personal Data or related information collected through our Services as outlined in this Policy. If we sell substantially all of our assets, customer information, including Personal Data, will be one of the assets transferred to the acquirer and that entity and its affiliates may use your Personal Data under the terms of their own privacy policies, which may differ from this Policy.
Our use of Personal Data other than for the reasons set out above is on an opt-in basis. This means that you will not receive communications from us regarding, for example, specials, new products or new services unless you have given us affirmative permission to receive such communications.
Except in connection with our obligations to comply with any Legal Requirements, we will not share any Health-Related Information (including your data from the Apple HealthKit API) with any third parties for marketing and advertising purposes or for any other purpose without your prior consent.
3. WHAT ABOUT A CHILD’S PERSONAL DATA?
Our Services do not target and are not intended to attract children under the age of 16. We do not knowingly collect information from or about children under the age of 16. If you become aware that a child has provided us with Personal Data without parental consent, please contact us by our contact box. If we become aware that a child under 16 has provided us with Personal Data without parental consent, we will take immediate steps to remove such Data and cancel the child’s account without notice.
4. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We only retain the Personal Data collected from you for as long as your account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it unless otherwise required by law. We will retain and use information as necessary to comply with Legal Requirements, to resolve disputes, and/or enforce our agreements as follows:
- Any backups of the contents of closed or deleted accounts may be kept for three (3) months after date of closure or deletion.
- Billing information is retained for a period of seven (7) years as of their provision to us.
We reserve the right to make adjustments to the above periods that may result as a result of any orders, laws, or regulations issued by any governmental, legislative, or regulatory body with jurisdiction over us.
5. WHAT RIGHTS DO YOU HAVE TO YOUR PERSONAL DATA?
We confirm the legal basis on which we process your Personal Data as required by the European General Data Protection Regulation (“GDPR”). We only will use and process your Personal for the following lawful reasons:
- When it is necessary to process a transaction on your behalf or to perform under a contract. For example, if you purchase products from us, we will send you emails related to your order.
- When we have a legitimate business interest or compelled by Legal Requirements. For example, when we email you about products we have available that are related to your order with us.
As a resident of a member nation of the European Union, we also provide you with the following rights under as required by the GDPR:
- Right to Access of Personal Data: You may request confirmation regarding the purposes for which we have processed your Personal Data, as well as, access relevant information on that processing and what Personal Data is involved.
- Right to Receive Personal Data: You may request to receive the Personal Data that you have provided to us in a secure, portable manner or request that we transmit your Personal Data directly to a data controller that you identify to us.
- Right to Request Restriction of the Processing of Personal Data (Right to Withdraw Consent): You may request that we restrict our processing of Personal Data in certain situations such as when there is a discrepancy or mistake involving your Personal Data, or when you may oppose the deletion of your Personal Data, and instead, request an appropriate restriction on our use of your Personal Data. You also retain the right at any time to withdraw your consent to any processing of your Personal Data for purposes where you had previously consented (such as receiving direct marketing emails from us).
- Right to Object to Processing: You have the right to object to our processing of Personal Data in any situation where our processing is unlawful, or which may subject your personal freedoms, interests, or rights to prejudicial and irreparable harm; provided, however, that if Legal Requirements or other compelling legitimate business grounds apply in such circumstances, then these may override the impact of prejudicial and irreparable harm to your personal freedoms, interests, or rights and we may still process your Personal Data as needed.
- Right to Have Corrections Made to Personal Data: You have the right to request any lawful change or correction to Personal Data that you have provided to us.
- Right to Deletion of Personal Data: You have the right to ask us to delete your Personal Data to the full extent permitted by law and any Legal Requirements to which we are bound.
We will respond to your request to exercise these rights within a reasonable time (and in all cases within 30 days of receiving a request). In order to exercise any of these rights, please contact us at firstname.lastname@example.org or at our mailing address as provided in Section VIII of this Policy.
6. WHAT IS HANDY GYM’s COMMITMENT TO THE PROTECTION OF PERSONAL DATA?
Handy Gym Privacy Shield Information for US Residents.
We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. We are committed to testing, monitoring, and maintaining records related to data security and access controls impacting our Systems that are aligned with industry best practices and commensurate with the size of transactions and collection of Personal Data that we process and transfer. While we cannot fully eliminate security risks associated with the storage, transfer, and transmission of Personal Data, we will endeavor to remain educated and retain the internal and external resource expertise in order to adapt and modify our data protection practices as required by evolving global data security and cyber threats, terrorism, and fraudulent or malicious programs.
HANDY GYM Privacy Shield Information for EU/Swiss Residents
If you reside in a member country of the EU or Switzerland, Handy Gym does self-certify that it complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”). Handy Gym has self-certified that it adheres to the Privacy Shield Principles of notice, choice, onward transfer (including our Data Processors or other third parties as permitted in this Policy), security, data integrity, access, and enforcement. To learn more about the Privacy Shield program, and to view Handy Gym ’s certification, please visit: https://www.privacyshield.gov/list.
Under the Privacy Shield’s “Onward Transfer Principle”, we may remain liable for the processing of Personal Data of European Union residents that we transfer to our Data Processors or other third party service providers or agents. In certain situations, we may be also required to disclose Personal Data in order to comply with lawful requests from public authorities, including to meet national security or law enforcement purposes.
To the extent human resources data is transferred by us from the EU or Switzerland in the context of an employment relationship, Handy Gym commits to cooperate with European Union data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to the transfer of such human resources data transferred from the EU and Switzerland.
7. HOW WILL YOU KNOW OF CHANGES TO THE POLICY?
The most recent version of this Policy was updated on December 5, 2019. We may change the Policy from time to time. In circumstances where a change will materially change the way in which we collect or use your Personal Data, we will send a notice of this change to all of our then-current registered account holders in advance of implementing such changes.
8. HOW CAN YOU CONTACT US IN ORDER TO EXERCISE YOUR RIGHTS OR MAKE ANY INQUIRIES OR COMPLAINTS?
If you wish to exercise any of your rights regarding your Personal Data as outlined in this Policy, or if have any questions or complaints about the Policy, please contact us at email@example.com. You may also contact us by mail at:
Global Traktus S.L.
Oporto 19 (offices)
36201 Vigo, Spain
Complaints will be resolved internally in accordance with our complaints procedures. We encourage you to contact us directly and allow us to work with you to address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority. You have the right to do so if you consider that our collection, processing, or transfer of Personal Data relating to you violates applicable privacy or data protection laws.