Privacy Policy

Privacy Policy of Virtusan App
Version 1.1 – 23.08.2023.

About us

This privacy policy (“Privacy Policy“) explains how we process and protect your personal data when you use this application (the “Application“). The Application is operated by Virtusan AG, Niklausenstrasse 19, 6005 St. Niklausen LU, Switzerland (the “COMPANY“, “we“, “our“, or “us“). The Company is the controller for the data processing described below.

Unless otherwise defined in this Privacy Policy or our General Terms & Conditions, the definitions used in this Privacy Policy have the same meaning as in the Swiss Federal Act on Data Protection or the EU General Data Protection Regulation. In Romania, we have appointed an EU representative in accordance with Article 27 of the GDPR. If you are visiting us from Romania, you can also contact Virtusan Intelligent SRL: by e-mail to: [email protected] by mail to: Delea Veche 24, Building A, Floor 9, District 2, Bucharest

1. Personal data we collect

We collect or receive personal information for a number of purposes connected with our business operations when you use our Application. This includes the following:

  • Personal Information (e.g. name and surname, e-mail address, phone number);
  • In-app Identifiers (e.g. screen name, account ID, customer number and other user-, account- and device-level ID that are used to identify you, your account or your device);
  • Billing information (e.g. form of payment, payment card number, bank account number, purchase history);
  • Usage data (e.g. interaction with our Application, such as app launches, taps, clicks, scrolling, music listening data, video views, duration and time of usage of specific app features and other information about how the user interacts with the Application);
  • Diagnostics data (e.g. crash logs, launch time, hang rate, energy use and other information related to the performance of the Application);
  • Health and Fitness (e.g. Heart Rate, Heart Rate Variability, Sleep Duration, Sleep Phases, Sleep Score, Stress Score, Movement);

2. How we collect personal data

We collect information about our users when they use our Applications, including taking certain actions within it.

Directly

  • When users register in our Application;
  • When users access, use, or otherwise interact with our Application or connected wearables;
  • When users correspond with us by electronic means;
  • When users submit their data to us;

Indirectly

  • From service providers such as market research, advertising and analytics companies;
  • From third-party integrations included in our Application;
  • Through public sources, such as public registers (e.g. commercial registers), news articles, sanctions lists, and Internet searches;

3. Legal basis and purposes

Our legal basis for collecting and using the personal data described in this Privacy Policy depends on the personal data we collect and the specific purposes for which we collect it.

Contract: To perform our contractual obligations or take steps linked to a contract with you. In particular:

  • Performance of the contract: To provide our services we especially need your Personal Information, Billing Information and In-App Identifiers.
  • Customer Support: To provide you with customer support.
  • Account management: To set up and manage your account in our Application, as well as to verify your credentials when logging in.

Consent: We may rely on your freely given consent at the time you provided your personal data. In particular:

  • Marketing: To provide you with news, special offers and general information about goods, services and events which we offer by means of push notifications, ads or newsletters.
  • Third-Party Advertising: To provide you with news, special offers and general information about goods, services and events which are offered by our partners, by means of push notifications, ads or newsletters.
  • Analytics and tracking: To analyse, improve, personalise and monitor the usage of our Application and communications.
  • Sensitive data (Health and Fitness data): We only process sensitive data described above with your explicit consent. Specifically we will ask you for your consent to analyse your data explained above that we collect from your wearables. You can withdraw your consent at every time with effect for the future. More information on your rights is provided under section 10 below. If you use the Application via your company, we may share monthly anonymized reports and a dashboard with your company about your self-evaluation and your usage of the Application. This data is anonymized and we will never share your personal health data with third parties including your company.

Legitimate interests: We may rely on legitimate interests based on our assessment that the processing is fair and reasonable and does not override your interests or fundamental rights and freedoms. In particular:

  • App functionality and security: To provide, maintain and improve our Application, as well as to detect, prevent and address security threats.
  • Developer communications: To notify you about changes to our Application and our Privacy Policy.
  • Service development: To develop new services.

Necessity for compliance with legal obligations: To meet regulatory and public interest obligations. In particular:

  • Legal compliance: To comply with applicable regulations and legislation.
  • Exercise of rights: For the legal enforcement of claims and rights.
  • Age and Parental Control: To verify your age and to ensure parental control if needed so to fulfill our legal obligations.

4. Data retention

We retain personal data for so long as it is needed for the purposes for which it was collected or in line with legal and regulatory requirements or contractual arrangements.

5. Newsletter

We may send newsletters and other notifications by email and through other communication channels. We may have newsletters and other notifications sent by third parties or send them with the help of third parties.

In principle, you must expressly consent to the use of your e-mail address and other contact addresses, unless the use is permitted for other legal reasons. Newsletters and other notifications may contain web links or tracking pixels that record whether an individual newsletter or notification has been opened and which web links were clicked (performance measurement). Such web links and tracking pixels record the use of newsletters and other notifications. We need this statistical recording of usage, including success and reach measurement, in order to be able to offer newsletters and other notifications effectively and in a user-friendly manner, as well as permanently, securely and reliably, based on the reading habits of the recipients.

You can unsubscribe from newsletters and other notifications at any time and thereby object in particular to the aforementioned collection of usage. You can do so by contacting us directly or following the link included in the footer of each newsletter we send you.

6. Service providers

We may employ third party companies (“Service Providers”) to facilitate the operation of our Application, provide the Application on our behalf, perform Application-related services, assist us in analysing how our Application is used or help us provide you with tailor-made offers and exclusive deals. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Categorie(s) of service providers who might access your personal data:

  • Affiliates
  • Analytics Companies
  • Advertising and Marketing Companies
  • Payment processing service providers
  • IT and technical service providers
  • Providers of wearables such as FitBit, Garmin, Apple Watch, Oura etc.

6.1 Google Analytics 4

Our Application uses the web analytics service Google Analytics 4, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you have not consented to the use of the analytics tools, your data will not be collected as part of Google Analytics 4. Google Analytics 4 uses JavaScript and pixels to read information on your terminal device and cookies to store information on your terminal device. This is used to analyse your usage behaviour and to improve our Application.

The access data is compiled by Google on our behalf into pseudonymous usage profiles and transferred to a Google server in the USA. We will process the information obtained in order to evaluate your use of the website and to compile reports on website activities. The data collected as part of the usage analysis of Google Analytics 4 is enriched with data from the Google Search Console and linked to data from Google Ads, in particular to measure the success of our advertising campaigns (so-called conversions). The following data may be processed by Google Analytics 4: IP address; user ID and device ID; referrer URL (previously visited page); pages viewed (date, time, URL, title, length of stay); downloaded files; clicked links to other websites; achievement of certain goals (conversions); technical information (operating system; browser type, version and language; device type, brand, model and resolution); approximate location (country, region and city, if applicable, based on anonymised IP address). To know more about Google’s cookie usage, consult its privacy policy here.

7. Data transfers

The Company and/or the Service Providers may transfer your personal data to and process it:

  • In the EU/EEA;
  • In the USA;

We may use service providers who are partly located in so-called third countries (outside the European Union or the European Economic Area or Switzerland) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the EU. We safeguard your personal data per our contractual obligations and applicable data protection legislation when transferring data abroad.

Such safeguards may include:

  • the transfer to countries that have been deemed to provide an adequate level of protection according to lists of countries published by the Federal Data Protection and Information Commissioner, as well as to countries where there is an adequacy decisions by the European Commission in place;
  • applying standard data protection model clauses, binding corporate rules or other standard contractual obligations that provide appropriate data protection.

If a third country transfer takes place and there is no adequacy decision or appropriate safeguards, it is possible and there is a risk that authorities in the third country (e.g. intelligence services) can gain access to the transferred data and that the enforceability of your data subject’s rights cannot be guaranteed.

8. Data disclosure

We may disclose your personal data in the good faith belief that such action is necessary:

  • To comply with a legal obligation (i.e., if required by law or in response to valid requests by public authorities, such as a court or government agency);
  • To protect the security of the Application and defend our rights or property;
  • To prevent or investigate possible wrongdoing in connection with us;
  • To defend ourselves against legal liability.

9. Data security

We take reasonable technical and organisational security measures that we deem appropriate to protect your stored data against manipulation, loss, or unauthorised third-party access. Our security measures are continually adapted to technological developments. We also take internal data privacy very seriously. Our employees and the Service Providers that we retain are required to maintain secrecy and comply with applicable data protection legislation. In addition, they are granted access to personal data only insofar as this is necessary for them to carry out their respective tasks or mandate. The security of your personal data is important to us but remember that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

10. Your rights

You have the below data protection rights. To exercise these rights, you may contact the above address or send an e-mail to: [email protected]. Please note that we may ask you to verify your identity before responding to such requests.

  • Right of access: You have a right to request a copy of your personal data, which we will provide to you in an electronic form.
  • Right to amendment: You have the right to ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  • Right to withdraw consent: If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent with effect for the future. This includes cases where you wish to opt-out from marketing communications. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you initially consented unless there is another legal basis for processing. You may use the Application settings to adjust your consent settings. To stop receiving emails from us, please change your privacy preferences within the Application settings or contact us at [email protected].
  • Right to erasure: You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected or when it was unlawfully processed.
  • Right to restriction of processing: You have the right to request the restriction of our processing of your personal data where you believe it to be inaccurate, our processing is unlawful, or where we no longer need to process it for the initial purpose, but where we are not able to delete it due to a legal obligation or because you do not want us to delete it.
  • Right to portability: You have the right to request that we transmit your personal data to another data controller in a standard format such as Excel, where this is data which you have provided to us and where we are processing it on the legal basis of your consent or to perform our contractual obligations.
  • Right to object to processing: Where the legal basis for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have a compelling legal basis for the processing which overrides your interests or if we need to continue to process the personal data for the exercise or defence of a legal claim.
  • Right to lodge a complaint with a supervisory authority: You have the right of appeal to a data protection supervisory authority if you believe that the processing of your personal data violates data protection law. You are entitled to contact the relevant Supervisory Authority—in Switzerland, the Federal Data Protection and Information Commissioner, Feldeggweg 1 CH – 3003 Bern, [email protected]. If you use our service in the EU/EEA, you can exercise this right, for example, before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement. The competent data protection authority at the seat of our EU-Representative in Romania is the National Supervisory Authority For Personal Data Processing (https://www.dataprotection.ro/).

11. Links to third-party apps and sites

Our Application may contain links to websites or apps that are not operated by us. When you click on a third party link, you will be directed to that third party’s website or app. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party websites or services.

We maintain online presences on social networks to, among other things, communicate with customers and prospective customers and to provide information about our products and services. If you have an account on the same network, it is possible that your information and media made available there may be seen by us, for example, when we access your profile. In addition, the social network may allow us to contact you. The content communication via the social network and the processing of the content data is thereby subject to the responsibility of the social network. As soon as we transfer personal data into our own system, we are responsible for this independently. This is then done in order to carry out pre-contractual measures and to fulfill a contract. For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to their data protection declarations. Below is a list of social networks on which we operate an online presence:

Instagram: Privacy policy
LinkedIn: Privacy policy
Twitter: Privacy policy
Facebook: Privacy policy
TikTok: Privacy policy

12. Changes to this privacy policy

We may update our Privacy Policy from time to time. We, therefore, encourage you to review this Privacy Policy periodically for any changes. We will notify you via email and/or a prominent notice on our Application, prior to the change becoming effective and update the ‘effective date’ at the top of this Privacy Policy, but we encourage you to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13. Contact us

If you have any questions about this Privacy Policy, do not hesitate to get in touch with us at: [email protected].

Search

You are using an outdated browser which can not show modern web content.

We suggest you download Chrome or Firefox.