Personal data is understood to be all information that relates to an identified or identifiable person.
1. Responsible person & contact
Responsible for the data processing we describe here is KINASTIC AG, Badenerstrasse 47, 8004 Zürich, Switzerland. If you have any questions or concerns about data protection in connection with the app, you can contact us at this address or via email at: firstname.lastname@example.org
2. Collection and use of personal data
We collect Personal Data through the App in a number of ways, including in connection with your registration, your requests, and when you use the App.
In connection with providing the App, we collect and process the following data:
2.1 Registration data:
The app is only available to registered users. When registering for the app, we collect the following personal data: First and last name, email address, date of birth, user name, password, date and time of registration and, if applicable, means of payment, purchases and payments made via the app and other information that you provide to us during registration.
We use this information to identify you, provide you with the App and App features, and communicate with you and inform you of news and offers.
2.2 Usage data (including health data):
On the one hand, we collect personal data that you provide to us yourself, e.g. when you record your height, weight, interests, preferences, goals or information about your mental state, health and diet. On the other hand, we process and store personal data that is automatically collected or generated by your use of the app, e.g. when we create a training plan for you, when you complete workouts, participate in programs or create evaluations.
In each case, this may also involve personal data requiring special protection. In particular, the personal data processed may, under certain circumstances, allow conclusions to be drawn about your health and your health-related behavior.
We use this information to provide you with the features of the app. We also process this information automatically to adapt and personalize the offers to your needs and preferences. For example, we use this data to analyze and evaluate your physical and mental condition and, based on this, to create individual training plans, nutrition tips and other recommendations for you and to inform you about offers that may be of interest to you. We will never share this data with your employer, fitness center, insurance company or other contractual partner without your express permission.
We also evaluate this information and use it to improve and further develop the app and our offerings. Such analyses help us, for example, to better understand the connections between physical and mental condition as well as our coaching and the implementation of our coaching and to develop further functions of the app based on this.
If you contact us by e-mail, via the app or other ways, the data you provide will be stored automatically. This data is used for the purpose of processing your contact.
2.3 Contractor programs:
If you receive or obtain the App through an offer provided by your employer, fitness center, sports provider, health insurer or other contractor, or if you use a contractor's program available through the App, we will also collect this information and the program you choose.
We use this information to provide you with the app and the services under the program of the contractual partner. We will never share personal information about you with the contractor without your express permission.
2.4 Automatically collected data:
When you call up and use the app, certain data is automatically collected, e.g. device manufacturer, operating system, settings, MAC address and other details about your smartphone, IP address, date and time of use, pages called up and content viewed, functions used, Apple Health as well as Google Fit data and others (if released by you).
Certain features require the use of your device's location. We collect and use location data only when you actively share it.
We need this data primarily to be able to provide you with the app and the app's functions and to ensure the proper and secure operation of the app. In addition, we use this information to improve and further develop the app and our offers. For this purpose, the data is evaluated on an aggregated basis, for example, to determine which pages and functions are favored or how many accesses occur and when.
2.5 Aggregated data
We may aggregate the Personal Data that you and other App users provide. Provided that the aggregated data does not personally identify you or any other person, we may use such aggregated data for the purposes set forth in Section 2 and for any other purposes.
In addition to the aforementioned purposes, we may also use the Personal Data we collect to assert or enforce our legal claims (e.g., in the event of unauthorized access to the App), to defend ourselves in connection with legal disputes and regulatory proceedings, and to prevent and investigate crimes and misuse of KINASTIC's services.
3. Legal basis
The use of the app and the entry of personal data is voluntary. If you want to use the app, you must register and enter certain information in the app. With the registration, a contract is concluded between you and us. The processing of personal data is necessary for the performance of this contract and the provision of the functions of the app. The processing is also in our legitimate interest. It allows us to better and more specifically tailor our services to your needs and interests and to expand and improve our offerings. For the processing of particularly sensitive personal data, such as health data, and its possible disclosure to third parties (for example, in the context of programs of contractual partners), we rely on your express consent. Depending on the functions offered, we may also ask for your consent in other cases.
4. Cookies, analytics tools and other technologies related to the use of the App.
The app uses "cookies", i.e. small text files that are stored on the user's terminal device. Cookies allow the identification of the user and serve to provide more user-friendly, effective and secure services. Cookies only collect data as enumerated in this clause 4 or in clause 2.
4.2 Analysis tools
We use Firebase Analytics and Google Analytics to measure app usage. Firebase Analytics and Google Analytics are services of Google Inc.
With the help of these tools, user behavior within our app can be determined. When you install the app, we record when and for how long the app is used, which pages of the app are called up, which functions are clicked on and which content is displayed. This allows us to understand how you interact with our app.
If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google at http://www.google.com/ads/preferences.
You can revoke your consent to the use of Firebase and Google Analytics in the app settings at any time with effect for the future. Deactivating this function does not affect the normal operation of the app.
5. Disclosure of personal data and transfer abroad
We disclose personal data to third parties in the course of our business activities and for the purposes set out in section 2, to the extent permitted by law. Such third parties are in particular the following entities:
- External IT service providers of ours that provide services to us to enable us to provide the App and its functionality, such as providing IT infrastructure, software, data analytics, email delivery, and other services
- Contractual partners under special programs (e.g., your employer or your health insurance company), provided you have given us your consent to do so
- Recipients chosen by you, if you have chosen this accordingly in the app, e.g. by sharing data with a specific person
- Acquirers or parties interested in acquiring business units, companies or other parts of KINASTIC AG, in connection with a reorganization, merger, transfer or other disposal of our company, our assets or parts thereof.
We also use and disclose your personal information, including health information, when we believe it is necessary or appropriate:
- To protect the rights, privacy, safety or property of us, you or others.
The recipients of the data may be anywhere in the world. In particular, you must expect the transfer of your data to other countries in Europe and the USA, where our IT service providers are located (such as Google). The hosting of the website and your data happens on servers of Google in Zurich/Switzerland.
We take the legally required precautions to protect personal data when it is transferred abroad. If we transfer personal data to a country without adequate legal data protection, we ensure an adequate level of protection by concluding data protection clauses with the recipients of the data as required by law or rely on the legal exceptions, such as your consent, the conclusion or performance of a contract, or the establishment, exercise or enforcement of legal claims. You can obtain further information and a copy of the aforementioned contractual guarantees from the office mentioned in point 1.
6. Retention period
We will retain your data for as long as it is necessary for the purpose for which it was collected (e.g., as long as your user account exists and is active, we will also retain the registration and usage data), as well as beyond that in accordance with the statutory retention and documentation obligations or insofar as we have a legitimate interest in retaining it (e.g., for evidentiary purposes or for IT security).
App profiles, including the profile data provided by the user, can be deleted by us three years after the last login in case of inactivity.
As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized as a matter of principle and as far as possible. The personal data collected during registration is usually stored at least for the duration of the registration.
For operational data (e.g., system logs, logs), shorter retention periods of twelve months or less generally apply.
7. Data security
We take reasonable technical and organizational precautions to protect your personal information from unauthorized access and misuse, and from the risk of loss, accidental alteration, or unintentional disclosure. Although we and our technical partners do our best to protect your Personal Data, we cannot guarantee the security of any information transmitted to and through the App. Any transmission is at your own risk.
Please keep your account credentials safe and do not share them with anyone.
8. Your rights
You have the right to request information about the personal data concerning you as well as its correction or deletion. The data you have entered can be viewed at any time within the app and can be corrected and deleted by you there. If you delete your user account or data in the app, this data will be deleted or anonymized so that a personal reference can no longer be established. Data that has already been aggregated remains aggregated.
If the processing is based on your consent, you have the right to revoke this consent with effect for the future. Such a revocation does not affect the legality of the data processing carried out until the revocation.
To exercise such rights, please contact us at the contact address in section 1. If you incur any costs, we will inform you in advance.
For our part, we reserve the right to enforce the restrictions provided for by law, for example if we are obliged to retain or process certain data, require it for the assertion of claims or have another overriding interest.
A data subject also has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (www.edoeb.admin.ch). The competent data protection authorities of EU countries can be viewed at this link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm