This Privacy Policy was posted on May 24th, 2018 and is effective for new and existing users of KYMIRA Sport websites, applications, and offline activities, on May 25, 2018.
KYMIRA Sport Privacy Policy
Effective: May 25, 2018
IMPORTANT NOTICE
This privacy policy covers our offline and in-store activities, and extends to our online community as well through our websites (which will refer throughout the Privacy Policy as the “Services“). Our Privacy Policy describes how we collect and process your Personal Data through our websites (www.kymirasport.com), corresponding in store, and at events. We encourage you to read this Privacy Policy as well as our Terms and Conditions of Use (referred to throughout as our “Terms“).
BY USING THE SERVICES, YOU CONSENT TO THE COLLECTION, USE AND TRANSFER OF YOUR PERSONAL DATA FOR PROCESSING IN THE UNITED KINGDOM AS DESCRIBED IN THIS PRIVACY POLICY.
In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for European consumers and users, this Privacy Policy outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR.
Who We Are
We are KYMIRA Sport, a brand name of KYMIRA Limited (collectively referred to herein as “KYMIRA Sport,” “we,” “us,” or “our“).
Information About Your Personal Data
This Privacy Policy relates to data about you, your devices, and your interaction with our Services.
“Personal Data” is information that can be used to identify you, directly or indirectly, alone or together with other information. This includes things such as your full name, email address, phone number, precise location, device IDs, certain cookie and network identifiers.”
KYMIRA Sport collects, uses, discloses and processes Personal Data as outlined in this Privacy Policy, including to operate and improve the Services and our business; for advertising and marketing; and to provide you with innovative fitness and wellness services, as further described in this Privacy Policy.
We may create de-identified or anonymous data from Personal Data by excluding data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you, through obfuscation, or through other means. Our use of anonymized and de-identified data is not subject to this Privacy Policy.
How We Collect and Use Personal Data
We collect your Personal Data in several ways and for various purposes, including:
- When you register for an account or interact with our Services.
- When you communicate with us or sign up for promotional materials.
- When you participate in special activities, offers, or programs.
- When you engage with our online communities or advertising.
- When you access third party products and services.
- When you connect with us through social media.
- When we collect data from third parties or publicly-available sources.
- When we leverage and/or collect cookies, device IDs, Location, data from the environment, and other tracking technologies.
- When we aggregate or centralize data.
- When we provide you geographically relevant Services, offers, or advertising.
- When you ask us to customize apparel, products, or Services.
- When we comply with Legal Requirements or Obligations, Law Enforcement, and for Public Safety Purposes.
How We Disclose Personal Data
We may disclose your Personal Data for the purposes as described in the prior section of this Privacy Policy and in the following ways:
- To Affiliates and Partners
- To Social Network Providers.
- For Advertising and Marketing.
- For Certain Analytics and Improvement
- For Interest-Based Advertising.
- For Legal Compliance, Law Enforcement, and Public Safety Purposes.
- In the event of an actual or contemplated sale.
Third Party Companies
Here is a list of third parties we currently share data with to help us personalise content that we deliver to the users of our website and the purpose of sharing said data.
- Facebook – Advertising
- MailChimp – Email Campaign and transactional exchanges.
- Shopify – Our online store front
- Sumo – Our website traffic services
- Digital River – our PPC agency
- McOnie – our PR agency
- Google – Analytics
- Continully – Marketing Automation Bot
Legal Basis for Processing
Residents of the European Economic Area
- If you elect not to provide personal data
You may choose not to provide KYMIRA Sport with your Personal Data. However, if you choose not to provide your Personal Data, you may not be able to enjoy the full range of Services.
- How to exercise your rights
KYMIRA Sport takes steps to keep your Personal Data accurate and up to date. If you reside in the European Economic Area, you have certain rights to the Personal Data that we have collected about you. To exercise your rights to your Personal Data, please contact us info@kymirasport.com or at the address listed below. Subject to applicable law and in exceptional circumstances only, we may charge for this service and we will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.
You have the following rights:
- Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Data, and access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved).
- Right to correction (Art. 16 GDPR): You have the right to have your Personal Data corrected, as permitted by law.
- Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data, as permitted by law. This right may be exercised among other things: (i) when your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for processing; (iii) when you object to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or when you object to the processing pursuant to Art. 21 (2) GDPR; or, (iv) when your Personal Data has been unlawfully processed.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing under limited circumstances, including: when the accuracy of your Personal Data is contested; when the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your Personal Data instead; or when you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of KYMIRA Sport override your grounds.
- Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
- Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Data, as permitted by law. This right is limited to processing based on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on those provisions, and processing for direct marketing purposes. After which, we will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- How we may disclose your Personal Data
The GDPR and national laws of European Union member states implementing the Regulation permit the sharing of Personal Data relating to users who are residents of the European Economic Area with third parties only under certain circumstances. If you reside in the European Economic Area, we will only share your Personal Data as described in our Privacy Policy under the heading “How We Disclose Personal Data” if we are permitted to do so under applicable European and national data protection laws and regulations.
- Marketing communications
Where we are legally required to do so, we ask you for your prior consent before providing you with promotional materials or information. When required by local law, when marketing consent is obtained, we use the double-opt-in method (confirmation of your email address by email before sending you promotional messages) in order to verify your consent. You may revoke your consent at any time (this will not affect the processing of your Personal Data undertaken until the revocation). If you want to stop receiving promotional materials, etc., you can do so at any time as outlined in the by updating your account profile.
- Additional use of Personal Data
Additional use of your Personal Data that is not described in this Privacy Policy will only take place as required by statute or when we have obtained your consent.
- Legal Basis for Processing under the GDPR
In this section we provide information on the legal basis for our processing of your Personal Data as required by Art. 13 and 14 of the GDPR:
- When you register for an account or interact with our Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- When you input Fitness and Wellness Data within our Services: For sensitive data (including health data and biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.
- When you use or interact with a wearable or other connected device.
- For sensitive data (including health data and biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.
- For non-sensitive Personal Data which we need in order to perform the Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- With regard to other non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance our Services.
- When we collect precise Location Data following your prior consent, we process such data on the basis of your prior consent, Art. 6(1)(a) GDPR. In other cases where we process your Location Data without consent, for example in order to provide our Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- When you communicate with us or sign up for promotional materials, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages. Where we are required under applicable local law to obtain your consent for sending you marketing information, the legal basis is your consent, Art. 6(1)(a) GDPR.
- When you participate in special activities, offers, or programs.
- For sensitive data (health data) (including health data or biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art. 9(2)(a) GDPR.
- For non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages or to allow you to participate in our special activities, offers or programs.
- When you engage with our online communities or advertising and we actively collect your Personal Data in this context, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages.
- When you access third party products and services and we obtain Personal Data about you from such third party sources:
- For Personal Data that we need in order to perform the Services (e.g. if you pay for third party products through our Services), (e.g. if you pay for third party products through our Services), such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to improve our Services.
- When you connect with us through social media:
- Where we collect your consent in such case, for instance for marketing purposes, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR.
- Where we do not collect your consent in such case, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use the full range of our Services (Art. 6 (1) (f) GDPR).
- When we collect data from third parties or publicly-available sources:
- For Personal Data which we need in order to perform the Services (e.g. for email verification purposes), such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use our Services more efficiently.
- When we leverage and/or collect cookies, device IDs, Location Data, data from the environment, and other tracking technologies, we process such data on the basis of your consent, Art. 6 (1) (a) GDPR, and based on our legitimate interest, Art. 6 (1) (f) GDPR, where we do not obtain your consent and our legitimate interest is to provide you with better Services or marketing.
- When we track you in Store, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest in enhancing your shopping experience as well as loss or crime prevention.
- When we use coarse location and data from sensors, we process such data for strictly necessary purposes in order to perform our Services, Art. 6 (1) (b) GDPR); and for our legitimate interest in marketing and improving our Services, Art. 6 (1) (f) GDPR).
- When we aggregate or centralize data, such processing is either necessary for the performance of our Services, Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with better or customized Services and marketing.
- When you sign up for our services that consist of social sharing and communication with others (including linking you to friends across platforms:
- Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR.
- Where we do not collect your consent in such case, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- When you take fitness tests or assessments, share content or achievements, or invite friends to use the Services:
- Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR.
- Where we do not collect your consent in such case, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- When we provide you geographically relevant Services, offers, or advertising:
- Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR.
- Where we do not collect your consent in such case, for such data that we need in order to perform the Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- Where we do not collect your consent in such case and where we do not need such data in order to perform the Services, we process such data for our legitimate interest in offering you marketing and improving our Services, Art. 6 (1) (f) GDPR).
- When you ask us to customize apparel, products, or Services:
- Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR.
- Where we do not collect your consent in such case, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
- When we disclose Personal Data to our affiliates and partners, and to our service providers and vendors:
- Where we collect your consent in such case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR
- Where we do not collect your consent in such case, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with better Services and marketing.
- When we process or share Personal Data in the event of an actual or contemplated sale, we process such data for our legitimate interest in offering, maintaining, providing, and improving our Services, Art. 6 (1) (f) GDPR).
- When we conduct analytics, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to develop and improve our Services.
- When we investigate suspected illegal or wrongful activity, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to ensure compliance with legal requirements and law enforcement requests and for public safety purposes.
- Right to lodge a complaint before the Data Protection Authority
We encourage you to contact us directly and allow us to work with you to address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or the place of the alleged infringement. You have the right to do so if you consider that the processing of Personal Data relating to you infringes applicable data protection laws.
- Changes to this Privacy Policy
In order to enhance our Services it might be necessary to change this Privacy Policy from time to time. We therefore reserve the right to modify this Privacy Policy in accordance with the applicable data protection laws. Please visit our Website from time to time for information on updates to this Privacy Policy.
- How to contact us or our Privacy Office
In case of questions about the processing of your Personal Data please contact us at info@kymirasport.com
If we are required under applicable law to appoint a data protection officer (DPO), you can contact the DPO that is responsible for your country/region at info@kymirasport.com.
Consent as a Basis for Processing
In some cases, we will ask for your consent to process your Personal Data. You may indicate your consent in several ways, including, as permitted by law, ticking a box (or equivalent action) to indicate your consent when (i) providing us with your Personal Data through our Services or a form (including enrolling in Promotions); or (ii) registering or creating an account with us. Due to different countries’ laws governing consent for the collection and use of Personal Data, the requirements for consent will differ across regions. We may request your consent for several activities including:
- KYMIRA Sport Marketing and Communication.
- Sharing with Third Party Services.
- Third Party Marketing.
- Collecting Mobile Device IDs, Advertising IDs, and Data from Sensors.
- Processing Sensitive Personal Data.
- Collecting and Sharing Location Data.
- Transfer of Data.
- Automated Processing.
- To Enable Social Sharing and Connect with Us on Social Media.
Interest-Based Advertising
Interest-based advertising is advertising that is targeted to you based on your web browsing and app usage over time and across websites or apps. Our advertising practices also include the creation and use of “audience segments.” You have the option to restrict the use of information for interest-based advertising and to opt-out of receiving interest-based ads. Depending on where you access our website from, you may also be asked to consent to our use of cookies, including advertising cookies. Additional information on Audience Segments and our choices for interest- based advertising is found below.
- Audience Segments
- Interest-Based Advertising Opt Outs, Choices, and Control
Managing Preferences and Withdrawing Consent
You may at any time withdraw your consent with future effect and without affecting the lawfulness of processing of your Personal Data based on the consent you provided before you withdrew it, and exercise other controls regarding website and online data collection, interest-based advertising, your communication settings, and app preferences. Depending on the Service, collection and use of Personal Data may be required for the Services to work.
We provide you several ways to manage your preferences:
- Cookie Use and Controls
- IP Address Use
- Web Pixels or Beacons Use
- HTML5 Local Storage
- Flash Cookie Use
- Social Network Interaction and Widgets
- Mobile Device Advertising IDs, Location, Sensor Data, and In-Range Device Data Use
- Withdraw Your Consent for Use of Your Mobile Device IDs and Location Data for Analytics and Advertising
- Other Ways to Manage Your Location Services
- Change Consent Settings for Communication Preferences
Transfers of Your Personal Data to Other Countries
The Personal Data KYMIRA Sport processes, and all associated Services and systems, including registration, is housed on servers in the United Kingdom. If you are located outside of the United Kingdom., please be aware that Personal Data we collect will be processed and stored in the United Kingdom (the data protection and privacy laws in the United Kingdom may offer a lower level of protections than in your country/region).
By using our Services and submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data in the United Kingdom. Where and as required, we will seek your explicit consent as outlined in this Privacy Policy.
Data Retention
We will retain your Personal Data for as long as you maintain an account or as otherwise necessary to provide you the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Where we no longer need to process your Personal Data for the purposes set out in this Privacy Policy, we will delete your Personal Data from our systems.
Where permissible, we will also delete your Personal Data upon your request.
If you have questions about our data retention practices, please contact us info@kymirasport.com
Security
We implement appropriate technical and organizational safeguards to protect against unauthorized or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
Links to Other Websites. Please note that this Privacy Policy does not apply to the practices of companies that we do not own or control or to people that we do not employ or manage. Our Services may provide a link or otherwise provide access to Third Party Sites. We provide these links merely for your convenience. We have no control over, do not review, and are not responsible for Third Party Sites, their content, or any goods or services available through the Third Party Sites. Our Privacy Policy does not apply to Third Party Sites, and any data you provide to Third Party Sites, you provide at your own risk. We encourage you to review the privacy policies of any Third Party Sites with that you interact with.
Children
We do not knowingly collect Personal Data online from children under 13 (note that the minimum age may vary based on country/region, and on local law). If you become aware that a child has provided us with Personal Data without parental consent, please contact us info@kymirasport.com. If we become aware that a child under 13 has provided us with Personal Data without parental consent, we will take steps to remove the data and cancel the child’s account.
How to Contact Us
If you have any questions, comments, or concerns about how we handle your Personal Data, then you may contact us info@kymirasport.com write to us at:
KYMIRA Limited.
Attention: Privacy Office
Science and Technology Centre, Early Gate, Whiteknights road, Reading, RG6 6BZ.