EMFIT PRIVACY POLICY - ONLINE STORE, WEBSITE AND EMFIT QS SERVICE

Welcome to our Website emfit.com (the “Site”). We at Emfit Ltd and Emfit Corp. (“us”, “we”, or “our”, “Emfit”) understand that privacy online is important to users of our Site and our Site is committed to respecting your privacy. This statement governs our privacy policies with respect to those users of the Site (“Visitors”) who visit without transacting business and Visitors who register to transact business on the Site and make use of the various services offered by Emfit (collectively, “Services”) (“Authorized Customers”). This privacy policy informs you about how our organization collects, stores and uses your personal data that you provide when you use our website.

1 THE REGISTRAR OF THIS SITE

Emfit Ltd (Business ID 0813747-4) (“Emfit”)

Address: Konttisentie 8, 40800 Vaajakoski, Finland

Phone: +358-20-778-0870

Person in charge of register matters: Heikki Räisänen ([email protected])

2 ABOUT THIS POLICY

This Privacy Policy has been created to provide our website and webshop visitors and EMFIT QS Cloud Service users (“Users” or “you”) with transparent information about the privacy of our website, webshop, device and web app. This Privacy Policy aims to answer the following questions:

• What data do we collect?
• How do we collect and use your data?
• Data used for marketing or shared with third parties
• What are your data protection rights?
• Privacy policies for other websites
• Changes to our privacy policy
• How to contact us?

Please note that this Privacy Policy only applies to the processing of personal data carried out by Emfit as a data controller. This Privacy Policy may be updated from time to time. You can see the date of the last update to this Privacy Policy by referring to the “LAST UPDATE” date at the top of this page. We will not make any substantial changes without prior notice. 

3 WHAT DATA DO WE COLLECT?

We collect your personal information. Personal information is any data that relates to an individual to use as identification like:

• Personally Identifiable Information – Any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, including, but not limited to, name, address, phone number, fax number, email address, financial profiles, social security number, and credit card information. Personally Identifiable Information does not include information that is collected anonymously (that is, without identification of the individual user) or demographic information not connected to an identified individual.
• Browser and visit information – This data is provided by your browser and visits you made on our website – browser type, operating system, IP address, demographics, etc.
• Cookie-related information – A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.

However, you can browse our website without providing your personal information.

When registering an account on the app or during your use of it, we process the following general account data as inserted by you:

• E-mail address 
• Notes

EMFIT QS automatically measures, processes, collects and transmits to our cloud servers the following data:

• Heart rate 
• Breathing rate
• Movement activity and tossing&turning data
• Bed occupancy data
• Depending on the use case, sensor’s signal waveform data

Based on the use case and transmitted and received data, the cloud service further calculates many parameters to evaluate the quality and quantity of sleep and recovery, including:

• Duration of sleep 
• Sleep score 
• Sleep classes (awake, light, deep, REM) 
• Heart rate variability (RMSSD) 
• Autonomic nervous system balance 

HEALTH DATA

Please note that your Health Data is not accessible and/or collected by any third parties defined in this section, unless you voluntarily, at your will, link the EMFIT QS Cloud Service used by you or your EMFIT QS account to sync your personal data to some of available third-party data integrators. Please see Section “Third parties regarding EMFIT QS Cloud Service”.

SERVICES BY GOOGLE INC. (“GOOGLE)

The Emfit website and the webshop use some services of Google. You agree to the use and access of your personal data by Google and other third parties in accordance with the Privacy Policy of Google. Please make sure that you review the Privacy Policy of Google each time you use the Emfit website or webshop, as Google may update the policy at any time: https://www.google.com/intl/en/policies/privacy/ 

The Google services Emfit website and webshop use are Google Fonts and Google Analytics:

• Google Fonts is a typeface visualization service provided by Google.  
• Google Analytics is a web analysis service provided by Google. 

Woocommerce (owned and operated by Automattic Inc., “Automattic) provides Emfit with the online e-commerce platform for the webshop. You agree to the use and access of your personal data by Automattic and other third parties in accordance with the Privacy Policy of Automattic. Please make sure that you review the Privacy Policy of Automattic each time you use the webshop, as Automattic may update the policy at any time: https://automattic.com/privacy/

PayPal (PayPal Inc.) is a payment service provided by PayPal Inc., which allows users to make online payments using their PayPal credentials.  By giving your consent to this extract, you agree to the use and access of your personal data by PayPal Inc. and other third parties in accordance with the Privacy Policy of PayPal Inc. Please make sure that you review the Privacy Policy of PayPal each time you use the webshop, as PayPal may update the policy at any time:  https://www.paypal.com/ee/webapps/mpp/ua/privacy-prev 

Mailgun (Mailgun, Inc.) is an email address management and message sending service provided by Mailgun Technologies Inc. You agree to the use and access of your personal data by Mailgun Technologies Inc. and other third parties in accordance with the Privacy Policy of Mailgun Technologies Inc, as amended by Mailgun Technologies Inc at any time: https://www.mailgun.com/privacy-policy

THIRD PARTIES REGARDING EMFIT QS CLOUD SERVICE

Freshdesk (Freshworks, Inc.) is a support and contact request management service provided by Freshworks, Inc.  You agree to the use and access of your personal data (excluding access to your Health Data unless you have added your Health Data content in a support ticket) by Freshworks, Inc. and other third parties in accordance with the Privacy Policy of Freshworks, Inc., as amended by Freshworks, Inc. at any time:  https://www.freshworks.com/privacy/?utm_source=freshdesk&utm_medium=referral 

Mailgun (Mailgun, Inc.) is an email address management and message sending service provided by Mailgun Technologies Inc. You agree to the use and access of your email address (and explicitly excluding access to your Health Data) by Mailgun Technologies Inc. and other third parties in accordance with the Privacy Policy of Mailgun Technologies Inc, as amended by Mailgun Technologies Inc at any time: https://www.mailgun.com/privacy-policy

3rd Party Data Integration Option: UnderArmour (MapMyFitness). You can optionally decide to share your personal data with UnderArmour through an integration to their services. With this integration your personal data will be automatically sent to UnderArmour. Emfit will access, create or modify only limited information concerning your UnderArmour account as it is needed for creating the synchronization link: data source device, data source priority & user ID.  You agree to the use and access of your personal data by Under Armour, Inc. and Under Armour Europe B.V., and other third parties in accordance with the Privacy Policy of Under Armour, Inc. and Under Armour Europe B.V., as amended by Under Armour, Inc. and Under Armour Europe B.V. at any time: https://account.underarmour.com/privacy?embedded=1 

3rd Party Data Integration Option: Wellmo. You can optionally decide to share your personal data with Mobile Wellness Solutions MWS Ltd through an integration to their services. With this integration your personal data will be automatically sent to Mobile Wellness Solutions MWS Ltd. Emfit will access, create or modify only limited information concerning your Wellmo account as it is needed for creating the synchronization link.  You agree to the use and access of your personal data by Mobile Wellness Solutions MWS Ltd and other third parties in accordance with the Privacy Policy of Mobile Wellness Solutions MWS Ltd, as amended by Mobile Wellness Solutions MWS Ltd at any time: http://www.wellmo.com/privacy-policy/

Personal data you direct Emfit to share: You can allow Emfit to share your personal data (including Health Data) with other parties. For example, you might ask Emfit to link your EMFIT QS account with a third-party app; send status updates to Facebook or Twitter; or ask Emfit to share data with your employer as part of a wellness program. If you ask to share your personal data with a third party, that personal data is governed by the third-party’s privacy policy. You can revoke your consent to share your personal data with the third party in your QS Service account settings. 

5 WHAT ORGANIZATIONS ARE COLLECTING THE INFORMATION?

In addition to our direct collection of information, our third party service vendors (such as credit card companies, clearinghouses and banks) who may provide such services as credit, insurance, and escrow services may collect this information from our Visitors and Authorized Customers. We do not control how these third parties use such information, but we do ask them to disclose how they use personal information provided to them from Visitors and Authorized Customers. Some of these third parties may be intermediaries that act solely as links in the distribution chain, and do not store, retain, or use the information given to them.

6 HOW DO WE COLLECT AND USE YOUR PERSONAL INFORMATION? 

COLLECTION OF PERSONAL INFORMATION

We collect your data in the following forms:

Website

• enquiry from you
• personal data given by you when contacting Emfit
• when you use the website
• data from third parties listed in the following section
• when you subscribe to mailing lists or newsletters
  
• data through contact and other forms and when you give answers to polls or competitions
  
• data collected through cookies
  

Webshop

• enquiry from you
• personal data given by you when contacting Emfit
• when you use the webshop
• when you make an order of Emfit’s products or services
• when you complete a survey or provide feedback on our products or services or via emails
• when you make a reclamation to Emfit
• data from third parties listed in the following section (data collected by third parties)
• when you subscribe to mailing lists or newsletters
• data through contact and other forms and when you give answers to polls or competitions
• data collected through cookies 

EMFIT QS Cloud Service

• enquiry from you
• data given by you when contacting Emfit
• when you use the EMFIT QS Cloud Service
• when you complete a survey or provide feedback on our products or services or via emails
• when you make a reclamation to Emfit
• data from third parties listed in the following section (data collected by third parties)
• when you subscribe to mailing lists or newsletters
• data through contact and other forms and when you give answers to polls or competitions.  

Personally Identifiable Information collected by Emfit is securely stored and is not accessible to third parties or employees of Emfit except for use as indicated above.

USE OF PERSONAL INFORMATION

We use your personal information for the following purposes:

• To create and manage your account on our website
• To process details related to your orders and refunds
• To identify you once you register on our website
• To provide you better usability and service
• To contact you and respond to your queries and feedbacks
• To understand which sections of the website are visited and how frequently

USE OF LOGIN INFORMATION

Emfit uses login information, including, but not limited to, IP addresses, ISPs, and browser types, to analyze trends, administer the Site, track a user’s movement and use, and gather broad demographic information.

USE OF COOKIES

Cookies are used for a variety of reasons. We use Cookies to obtain information about the preferences of our Visitors and the services they select. We also use Cookies for security purposes to protect our Authorized Customers. Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using emfit.com, with the drawback that certain features of website may not function properly without the aid of cookies. You can find more details about which cookies are used and how in our cookie declaration page.

USE OF DATA COLLECTED FOR EMFIT QS CLOUD SERVICE

The personal data collected for the EMFIT QS Cloud Service is used for the following purposes:

• to provide the EMFIT QS Cloud Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;
• taking care of customer service and customer relationship management. For example, Emfit might contact you if it is necessary for you to know of updates of the EMFIT QS Cloud Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;
• management and completion of reclamations. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract; 
• responding to your contacts and questions. For example, you might contact Emfit with questions regarding the EMFIT QS Cloud Service. The legal basis for processing of the personal data for this purpose is: the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;
• marketing and marketing research. Legitimate interests pursued by Emfit is the legal basis for processing the personal data for this purpose, unless your consent is required for the marketing or marketing research based on laws;
• direct marketing and newsletters (i) based on your consent and (ii) in other situations allowed by law. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose, unless your consent is required for direct marketing and newsletters based on laws;
• other situations required for the performance of a contract with you or in order to take steps at your request prior to entering into a contract;
• to develop Emfit’s products and services and Emfit’s operations. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose;
• when the processing is necessary for compliance with a legal obligation to which Emfit is subject. Emfit’s legal obligations is the basis for processing of the personal data for this purpose;
• to take care of regulated personal data obligations of Emfit. Emfit’s legal obligations is the basis for processing of the personal data for this purpose;
• for the establishment, exercise or defence of legal claims. Legitimate interests pursued by Emfit is the legal basis for processing of personal data for this purpose; and
• for the purposes as explained in Section 7, by third parties who collect personal data in connection with the Emfit QS Service. Legitimate interests pursued by Emfit is the legal basis for Emfit’s processing of personal data for this purpose. When you give your explicit consent separately, also your explicit consent to the processing is the legal basis for processing of personal data for this purpose.

To the extent the processing is based on Emfit’s legitimate interests, those legitimate interests exist as there is a relevant and appropriate relationship between you and Emfit as you use the EMFIT QS Cloud Service and/or provide your information. Your interests and fundamental rights and freedoms are respected and you can expect Emfit’s processing activities. Emfit’s security methods described in the following chapter are maintained by Emfit in order to protect the data from unauthorized access. 

HOW DOES THE SITE KEEP PERSONALLY IDENTIFIABLE INFORMATION SECURE?

All of our employees are familiar with our security policy and practices. The Personally Identifiable Information of our Visitors and Authorized Customers is only accessible to a limited number of qualified employees who are given a password in order to gain access to the information. We audit our security systems and processes on a regular basis. Sensitive information, such as credit card numbers or social security numbers, is protected by encryption protocols, in place to protect information sent over the Internet. While we take commercially reasonable measures to maintain a secure site, electronic communications and databases are subject to errors, tampering, and break-ins, and we cannot guarantee or warrant that such events will not take place and we will not be liable to Visitors or Authorized Customers for any such occurrences.

The personal data processed by Emfit are secured by using the following methods and principles:

• locks at Emfit’s premises
• electrical surveillance systems of Emfit’s premises and equipment
• firewall, anti-malware and spam filtering systems of Emfit’s communication networks and other software and hardware that protect the security of communication networks
• professional knowledge of Emfit’s personnel
• training of Emfit’s personnel
• the content of the register is in electronic form except for temporary special occasions
• Emfit’s policies and guidelines relating to personal data matters.

7 DATA USED FOR MARKETING OR SHARED WITH THIRD PARTIES

DATA USED FOR MARKETING

Based on your preference, our organization would like to send you marketing emails for products, services, and offers that you might like. You have the right at any time to stop our organization from contacting you. You can anytime opt-out of our marketing-related emails as instructed, or by contacting us at [email protected]

DATA SHARING WITH THIRD PARTIES

Our organization will never share your personal information with third-party sites without taking prior permission from you. Though, we share your personal information within the organization, business partners, authorized third-party services.

Emfit has entered into and will continue to enter into partnerships and other affiliations with a number of vendors. Such vendors may have access to certain Personally Identifiable Information on a need to know the basis for evaluating Authorized Customers for service eligibility. Our privacy policy does not cover their collection or use of this information. 

DISCLOSURE OF PERSONALLY IDENTIFIABLE INFORMATION TO COMPLY WITH THE LAW

We will disclose Personally Identifiable Information in order to comply with a court order or subpoena or a request from a law enforcement agency to release information. We will also disclose Personally Identifiable Information when reasonably necessary to protect the safety of our Visitors and Authorized Customers.

8 TRANSFER TO COUNTRIES OUTSIDE EEA

Emfit might transfer your personal data to countries outside the European Economic Area (EEA) and European Union (EU) (“Third Country”) to its subsidiaries or other subcontractors who process personal data on behalf of Emfit and with whom Emfit has entered into standard data protection clauses adopted by the EU Commission or there is another legal basis for the transfer of personal data to Third Countries. The subsidiaries are:

NORTH AMERICA

Emfit, Corp.

415 N. Guadalupe St. PMB 403, San Marcos, TX 78666, U.S.A.

CHINA

Emfit Technology Co., Ltd.

#2004 Dingsheng-Guangchang 1st bldg., Jinhui-Road, Danshui, Huiyang, Huizhou-City, Guangdong, China (516211)

Also the third parties defined in Section 4 might transfer your personal data to Third Countries, according to their privacy policies.

If there is no legally based right to transfer the data to a Third Country*, the basis of the transfer is your consent to the transfer, in which case you are hereby informed of the risks of such transfers. Such risks may include that the level of protection of individuals arising out of the EU laws is not necessarily guaranteed in those Third Countries, which can include e.g. that third parties or authorities can have access to the data to wider extent than according to EU laws, the security methods might not be at the level as regulated under EU laws and the users might not have effective remedies to inspect their data, rights to access their data or get their data corrected at the level as regulated under EU laws.

* A legally based right to transfer the data to a Third Country can be the following: A transfer may take place where either: (i) the EU Commission has decided that the Third Country or a territory or a processing sector within that Third Country ensures an adequate level of protection, (ii) the transferee has entered into standard data protection clauses adopted by the EU Commission, or (iii) there is other legal basis for the transfer, such as so called privacy shield approved by the EU Commission.  

9 WHAT ARE YOUR DATA PROTECTION RIGHTS?

We would like to make sure that you are fully aware of your data protection rights. Every user is entitled to the following rights:

• The right to access – You have the right to ask for copies of your personal information provided to us.
• The right to rectification – You have the right to tell us to correct the personal information that you believe needs correction. You also have the right to complete the information you believe is incomplete.
• The right to erase – You have the right to ask us to erase all your personal data at any time.
• The right to object – You have the right to object to our organization’s processing of your personal data, under certain conditions.
• The right to data portability – You can anytime ask us to transfer your personal information to any other organization or directly to you, under certain conditions.

You also have the right to:

• Restrict processing
• Complain to a supervisory authority
• Withdraw consent

Visitors and Authorized Customers may contact us to update Personally Identifiable Information about them or to correct any inaccuracies by emailing us at [email protected]

We also provide Visitors and Authorized Customers with a mechanism to delete/deactivate Personally Identifiable Information from the Site’s database by contacting. However, because of backups and records of deletions, it may be impossible to delete a Visitor’s entry without retaining some residual information. An individual who requests to have Personally Identifiable Information deactivated will have this information functionally deleted, and we will not sell, transfer, or use Personally Identifiable Information relating to that individual in any way moving forward.

In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the data protection supervisory authority.

10 PRIVACY POLICY FOR OTHER LINKED WEBSITES

Our Website emfit.com contains links to other websites. Our privacy policy applies to only our website and not other linked websites. Please note that when you click on one of these links, you are moving to another website. We encourage you to read the privacy statements of these linked sites as their privacy policies may differ from ours.

11 CHANGES TO OUR PRIVACY POLICY

Our organization reviews and updates its privacy policy on a regular basis. We may change our data privacy practices and place any updates on this privacy policy page. However, if we are changing our privacy policy in a manner that might cause disclosure of Personally Identifiable Information that a Visitor or Authorized Customer has previously requested not be disclosed, we will contact such Visitor or Authorized Customer to allow such Visitor or Authorized Customer to prevent such disclosure.

12 HOW TO CONTACT US

If you have any queries related to our data privacy practices or this privacy policy, feel free to contact us at [email protected]