Thank you for downloading our mobile BLACKROLL App (hereinafter referred to as the “App”) from the Apple and Google app stores. Welcome to this App and thanks again for your interest in our company and products. Protecting your privacy while you use our App is important to us.
We would like to inform you about the processing of your personal data and your rights as the individual concerned (“data subject”) in connection with your use of our App. We, i.e.,
(hereinafter referred to as “we” or “BLACKROLL”)
as the controller under data protection law and, simultaneously, the service provider, would like to provide you with the following information.
Your personal data will only be processed in accordance with the provisions of the Swiss data protection laws, taking the data protection laws of the European Union into account, in particular, the European General Data Protection Regulation (GDPR), and other statutory data protection provisions.
1.Data requiring protection, categories and sources of data
2.Purposes and legal grounds for data processing
5.Non-cookie tracking technologies
6.Using the App, workout, and user account
9.Login via Facebook and Google (Social Login)
10.Authorizations within the mobile device / push messages
11.Recipients of personal data
12.Data processing in third countries
16.Your questions on data protection
Generally, we process the following categories of personal data in connection with your identity:
In these cases, your personal data is data that you provided voluntarily, in particular, data you entered, and data gathered from your use of our App.
We will process your data only for a particular purpose and only to the extent permissible under an applicable statutory provision. We will process your data for the following purposes, based on the following legal grounds:
Please refer to Art. 15, if you wish to find out how to object to such data processing and subject to which conditions we are required to discontinue and/or to restrict data processing.
Please note that this is not a complete or conclusive enumeration of the potential legal grounds, but that these are only some examples intended to make the legal framework for data protection more transparent. For further information on the legal grounds for the various types of processing in our App, please read the explanations in the Articles below.
When downloading our App, the necessary information will be transmitted to the corresponding app store. This includes, in particular, the user name, e-mail account, date and time of download, and the unique device ID. However, this data collection is beyond our control, since it is handled by the operator of the corresponding app store. This data will not be stored on our servers in any other manner.
In connection herewith, please also refer to the relevant privacy policies of the app store operators:
Generally, you may browse our App without disclosing any personal data. However, when you browse our App, the following information may be stored about your access and use:
We will process this usage data based on our legitimate interests for the purpose of providing this App, for ensuring the technical operation, for recording the consent granted by you, and for the security of our IT systems. We pursue the interest of making our App available for use, of ensuring its functionality, and of maintaining the latter on a permanent basis. This data will be automatically processed when you access our App. You will not be able to use our App without sharing this information. In no event we will not use this data for the purpose of drawing conclusions regarding your identity.
You may not object to the processing of your usage data, because this data is mandatorily required for a trouble-free operation of the App. The App cannot be used without processing this information.
We use tracking technologies similar to cookies in order to enable the best possible App design. Among other things, these technologies allow us to provide certain functionality to make navigation easier and ensure a high degree of user-friendliness.
Non-cookie tracking technologies are based on identifiers which allow our web servers to recognize your mobile device, e.g., in order to determine whether your mobile device has communicated with us before. This way, they serve the purpose of enabling you to use our App, of making the use of our App more convenient for you, and of optimizing our service offering. The provisions below include detailed information on the type, function, purposes, and, if applicable, third party suppliers deployed in the use of non-cookie tracking technologies. The legal basis for the use of non-cookie tracking technologies is your consent that you grant when you first open the App.
You may revoke this consent at any time by preventing the storage of data using non-cookie tracking technologies by making the relevant settings in the App. In this case, you should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”.
Generally, you do not need to register to use the App. However, certain parts of our service offering in the App will not be available to you until you create a user account as a registered user.
You should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”, if you wish to revoke your consent in this regard.
In connection herewith, we will process the following information:
We use this information in order to provide our App to you and to analyze, optimize, and customize our App’s usage by means of Google Firebase. To this end, we may also create usage profiles, in order to provide you with an enhanced workout program, and to display recommendations and information on your workout program and on matching BLACKROLL products and services via push messages and/or in-app messages. We reserve the right to combine this information with other of your customer data that is stored by BLACKROLL (e.g., in connection with orders from the web shop). The reach and purpose are specified in the consent form by which you granted your consent.
You grant your consent on a voluntary basis and may revoke the same at any time, in whole or in part, with effect for the future without giving reasons, e.g., by e-mail to firstname.lastname@example.org. Please note, however, that we may be obligated to delete your user account in this case for legal reasons and that you would only be able to use the remaining part of our service offering that is accessible without user account.
We will not disclose your personal data to third parties. Not even distributors of BLACKROLL products will receive personal data from us, but they may obtain it directly from you when you browse their website, or place order in their web shops. Push messages require your prior authorization by making the corresponding settings in your device (see Art. 10 below).
You may delete your user account and the related data at any time via the function “Delete user account” in the menu “Settings > Privacy”.
This App uses Google Firebase, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Firebase uses non-cookie tracking technologies, i.e., identifiers which allow Google servers to recognize your mobile device, e.g., in order to determine whether your mobile device has communicated with us before. Generally, the information generated this way on your use of our App (including your IP address and the other types of usage data listed in Art. 4, workout data, and, if applicable, data on your user account) will be transmitted to a Google server in the U.S. and stored on that server. The Google parent entity Google LLC has been certified under the EU-U.S. Privacy Shield and, thus, offers a guaranty that the European data protection law (see www.privacyshield.gov/participant?id=a2zt000000001L5AAI will be complied with.
Within the scope of functions and purposes described below, Google will engage in activities on our behalf under a Commissioned Processing Agreement as instructed by us:
Processing for usage analysis and the use of non-cookie tracking technologies will only occur based on the consent that you granted for this purpose. You may revoke this consent at any time by preventing the usage analysis by Google Firebase by making the relevant settings in the App. In this case, you should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”.
Within the scope of this usage analysis, Google will also estimate from which country you access the App, your age, and your gender.
For further information on the use of data by Google and on data protection in connection with Google Firebase please click on the following links:
The newsletter is mailed using the so-called double opt-in procedure, i.e., we will not send you a newsletter by email, unless you have expressly confirmed that you wish us to activate the newsletter service. We will then send you an email confirmation and ask you to confirm by clicking on the link contained in that e-mail that you wish to receive our newsletter. Upon completion of this separate double opt-in procedure, you have granted your consent to receiving the newsletter.
In the event the newsletter is subscribed to from within a user account, we may omit the renewed double opt-in, since your e-mail account was verified by a confirmation link during the activation of your customer account. In this case, a simple opt-in (by clicking a check box) in the user account is sufficient.
Within the meaning of this Art. 8, we will not send you newsletters without your prior registration, i.e., based on your consent. In the event that the content of a newsletter is accurately described during the registration process, this information will govern the reach of your consent. Apart from this, our newsletters include information on our products, offers, promotional campaigns, events, and our business.
In the event you should decide at a later date that you do not wish to receive our newsletter any more, you may revoke your consent at any time. A notice in text form (e.g., e-mail, letter) directed to the address in the contact data set forth in in Art. 16 or to email@example.com shall suffice. Of course, you will find an unsubscribe link in every newsletter.
The newsletter is mailed using MailChimp, a newsletter mailing platform operated by the U.S. provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, U.S. In this context, data will be processed on our behalf subject to a Data Processing Agreement (Auftragsverarbeitungsvertrag) that we have concluded with MailChimp. In that agreement, MailChimp agrees to protect the personal data of our users, to process it only on our behalf, and, in particular, not to disclose it to any third party
We trust in the reliability, IT security, and data protection of MailChimp. MailChimp has been certified in accordance with the EU-U.S. Privacy Shield and, thus, promises to comply with the EU data protection requirements (see www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.
We would like to draw your attention to the fact that following the mailing of the newsletter your user behavior regarding our newsletter will be analyzed on our behalf. This analysis is based on so-called web beacons, also known as tracking pixels, that are included in the e-mail messages, and links encoded using this technology. Web beacons are one-pixel image files that are linked with our website and, thus, allow us – in combination with encoded links, to analyze your user behavior with regard to our newsletter (so-called open and/or click tracking). This is achieved by collecting technical information, e.g., on your browser, your system, your IP address, and the time of downloading the mail and/or the link via web beacons and encoded links, that is matched with your e-mail account and assigned a unique ID.
The so-called open tracking using web beacons is not possible, if you have disabled the display of images by default in your e-mail browser. However, in that case, the newsletter will not be fully displayed and you may not be able to use all of its features. If you allow the display of images on a case by case basis, this will trigger the tracking described above. The only way to prevent the so-called click tracking is not to click on the links in the corresponding e-mail.
Optionally, you may use a so-called social login, i.e., you use your existing Facebook profile (hereinafter referred to as “Facebook Login”) or our Google account (hereinafter referred to as “Google Sign-in”), to register within the App.
If you wish to use the Social Login, you will be redirected to Facebook or Google, as the case may be, during the login process. On the next screen, you will be asked to log in with your user name and password, unless you have already logged into Facebook or Google, respectively. Of course, BLACKROLL will not become aware of your login credentials.
In the next step, you will confirm the transmission of your data to BLACKROLL vis-à-vis Facebook or Google, as the case may be. When you use the Social Login, the following data will be transmitted from Facebook or Google, respectively, to BLACKROLL: First name, family name, e-mail account, profile picture, user ID, access token.
The connection between our App and Facebook or Google, respectively, may be removed at any time. To this end, you need to delete the connection with the “BLACKROLL APP” in the profile settings of your Facebook/Google account. If you wish to continue to use the App as a registered user, you may need to create a new user account in the App afterwards.
Please refer to the privacy policies of Facebook or Google, respectively, for further information on the purpose and scope of data collection and the further processing and use of your data, and your corresponding rights and the available settings to protect your privacy:
Unless you select the “Social Login” feature of the corresponding service provider in our App, no data will be transferred to the service provider. However, when you click on one of the buttons you leave our App; your data will be sent to the corresponding service provider, including when you are not a registered member of that community.
Your personal data will not be transmitted to distributors, including in those cases where push messages or in-app messages, respectively, contain third-party contents from distributors of BLACKROLL products.
The authorization will remain activated until you disable it in your mobile device. Push messages can be disabled and re-enabled at any time. For example, on an Android mobile device go to “System settings” > Apps > BLACKROLL App > authorizations“; on an iOS mobile device go to “System settings > BLACKROLL App > messages“.
We will only pass on your personal data to external recipients if this is required for providing the App, if you have granted your consent, or on another kind of statutory authorization.
External recipients may include, but are not limited to:
Generally, we will not process your data outside Switzerland and the European Union (EU) or the European Economic Area (EEA). In the event that we should transmit your data to third countries outside the EU and/or the EEA in an individual case, we will ensure prior to passing on your data that this is either a legally permissible exception, or that the recipient either offers an adequate protection of personal data, or that you grant your consent to this data transmission. For example, an adequate protection of personal data is warranted by the recipient’s certification under the EU-U.S. Privacy Shield, the acceptance of EU Standard Contractual Clauses, or the existence of Binding Corporate Rules (BCR) by or at the recipient’s organization. Please contact us at firstname.lastname@example.org, if you wish to receive a copy of the specific precautions regarding the transmission of your data to third countries. The EU Commission has passed a decision on the adequate protection of personal data provided in Switzerland (eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32000D0518).
We take technical and organizational precautions to protect your personal data against coincidental or willful manipulation, loss, destruction, or access of unauthorized parties. Our data processing systems and our precautions and security measures will be continuously improved based on the then-current state of the art.
In particular, we will secure the transmission of any personal data transmitted in connection with your user account by data encryption. This applies to the registration as well as to the log-in.
We use the encryption protocol Transport Layer Security (TLS), more commonly known by the name of its precursor Secure Sockets Layer (SSL).
Please note that we are unable to promise, in particular with regard to communication via the contact feature and e-mail, absolute data security. In particular, when confidential information is concerned, we recommend using a safe communication channel, e.g., postal mail.
Our employees are bound to privacy protection rules and regulations.
We will store your personal data only as long as required for meeting the purposes or – if a consent was granted – as long as you do not withdraw your consent. In the event of a withdrawal, we will no longer process your personal data, unless its continued processing is permitted in accordance with the applicable statutory provisions, or even compellingly required (e.g., due to retention periods under commercial or tax law). We will also erase your personal data if we are obligated to do so subject statutory requirements.
For further details on the storage periods that apply to your personal data please refer to the above Articles.
As a data subject, you have numerous rights. In particular, these are:
If you should have any questions regarding the processing of your personal data, your rights as a data subject, any consents that you may have granted, please do not hesitate to contact us via any of the other communication channels specified in Art. 16. Please contact us directly if you wish to exercise any of your rights as a data subject.
If you should have question on data protection or wish to exercise your rights as a data subject please contact us:
Last revised: May 2019 (Version 1.0)