PRIVACY POLICY FOR THE BLACKROLL APP

Thank you for downloading our mobile BLACKROLL App (hereinafter referred to as the “App”) from the Apple and Google app stores. Welcome to this App and thanks again for your interest in our company and products. Protecting your privacy while you use our App is important to us.

We would like to inform you about the processing of your personal data and your rights as the individual concerned (“data subject”) in connection with your use of our App. We, i.e.,

BLACKROLL AG
Hauptstraße 17
CH-8598 Bottighofen
Switzerland

Telephone:+41 (0)715085779
E-mail:datenschutz@blackroll.com

(Legal notice)

(hereinafter referred to as “we” or “BLACKROLL”)

as the controller under data protection law and, simultaneously, the service provider, would like to provide you with the following information.

Your personal data will only be processed in accordance with the provisions of the Swiss data protection laws, taking the data protection laws of the European Union into account, in particular, the European General Data Protection Regulation (GDPR), and other statutory data protection provisions.

This Privacy Policy only refers to our App. It does not refer to our web shop (available at shop.blackroll.com) or other websites operated by us. Furthermore, it does not refer to any websites operated by third parties to which links from our App may point, including, but not limited to web shops of distributors of BLACKROLL products. We, therefore, ask you to read the privacy policy of that other website, if any. In some cases, we may provide other, additional privacy policy documents to you when we contact you or process your information, as the case may be, which you should also read, if applicable.

Overview

1.Data requiring protection, categories and sources of data

2.Purposes and legal grounds for data processing

3.App download

4.Usage data

5.Non-cookie tracking technologies

6.Using the App, workout, and user account

7.Google Firebase

8.Newsletter

9.Login via Facebook and Google (Social Login)

10.Authorizations within the mobile device / push messages

11.Recipients of personal data

12.Data processing in third countries

13.Security

14.Storage period

15.Your rights

16.Your questions on data protection

17.Modifications

Data requiring protection, categories and sources of data

The subject matter of this Privacy Policy is your personal data. The term “personal data” covers any piece of information that refers to an identified or identifiable natural person (“data subject”). Consequently, your personal data comprises any piece of information that allow us or third-parties to identify you, such as your name, address, phone number, or your email account.

Generally, we process the following categories of personal data in connection with your identity:

Within the scope of our contract relationship, you need to provide such personal data that is required for performing the duties from the Terms of Use and for compliance with statutory duties. We will inform you in an appropriate manner as to which data is concerned in your particular case (e.g., by highlighting mandatory fields in forms).

In these cases, your personal data is data that you provided voluntarily, in particular, data you entered, and data gathered from your use of our App.

Purposes and legal grounds for data processing

We will process your data only for a particular purpose and only to the extent permissible under an applicable statutory provision. We will process your data for the following purposes, based on the following legal grounds:

Please refer to Art. 15, if you wish to find out how to object to such data processing and subject to which conditions we are required to discontinue and/or to restrict data processing.

Please note that this is not a complete or conclusive enumeration of the potential legal grounds, but that these are only some examples intended to make the legal framework for data protection more transparent. For further information on the legal grounds for the various types of processing in our App, please read the explanations in the Articles below.

Since our headquarters is located in Switzerland and our App is operated from Switzerland, the collection, processing, and use of your personal data generally occurs in Switzerland, unless otherwise provided in this Privacy Policy. Specifically, we collect, process, and use your personal data in the following cases described in the Articles below.

App download

When downloading our App, the necessary information will be transmitted to the corresponding app store. This includes, in particular, the user name, e-mail account, date and time of download, and the unique device ID. However, this data collection is beyond our control, since it is handled by the operator of the corresponding app store. This data will not be stored on our servers in any other manner.

In connection herewith, please also refer to the relevant privacy policies of the app store operators:

Usage data

Generally, you may browse our App without disclosing any personal data. However, when you browse our App, the following information may be stored about your access and use:

We will process this usage data based on our legitimate interests for the purpose of providing this App, for ensuring the technical operation, for recording the consent granted by you, and for the security of our IT systems. We pursue the interest of making our App available for use, of ensuring its functionality, and of maintaining the latter on a permanent basis. This data will be automatically processed when you access our App. You will not be able to use our App without sharing this information. In no event we will not use this data for the purpose of drawing conclusions regarding your identity.

You may not object to the processing of your usage data, because this data is mandatorily required for a trouble-free operation of the App. The App cannot be used without processing this information.

Non-cookie tracking technologies

We use tracking technologies similar to cookies in order to enable the best possible App design. Among other things, these technologies allow us to provide certain functionality to make navigation easier and ensure a high degree of user-friendliness.

Non-cookie tracking technologies are based on identifiers which allow our web servers to recognize your mobile device, e.g., in order to determine whether your mobile device has communicated with us before. This way, they serve the purpose of enabling you to use our App, of making the use of our App more convenient for you, and of optimizing our service offering. The provisions below include detailed information on the type, function, purposes, and, if applicable, third party suppliers deployed in the use of non-cookie tracking technologies. The legal basis for the use of non-cookie tracking technologies is your consent that you grant when you first open the App.

You may revoke this consent at any time by preventing the storage of data using non-cookie tracking technologies by making the relevant settings in the App. In this case, you should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”.

Using the App, workout, and user account

Generally, you do not need to register to use the App. However, certain parts of our service offering in the App will not be available to you until you create a user account as a registered user.

Use without user account

In addition to the usage data listed in Art. 4, we will process your workout data, the country/language you selected, information on the consents granted by you, and the Terms of Use confirmed by you. We use this information (including in connection with non-cookie tracking technologies) in order to display customized recommendations and information on your workout program and matching BLACKROLL products and services to you via push messages and/or in-app messages. Push messages require an authorization via your device (see Art. 10 below). However, if you are not logged in as a registered user, we will not use this information to draw conclusions regarding your identity. In connection herewith, your data will also be used within the scope of the Google Firebase service (see Art. 7 below).

Without this type of processing, we are unable to provide the App in accordance with our Terms of Use. Processing for usage analysis and the use of non-cookie tracking technologies will only occur based on the consent that you granted for this purpose.

You should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”, if you wish to revoke your consent in this regard.

Use with user account (registered user)

Certain portions of the App’s service offering require a registration and/or login. The information to be entered in the fields that are marked as mandatory fields is required for compliance with the Terms of Use on our part. We will set up a password-protected App access for any user who properly registers him-/herself in order to allow access to his/her master/contact data, data on personal interests, and workout data stored on our servers (hereinafter referred to as the “User Account”). This is where you can look up data on your completed and recently performed exercises and manage your master/contact data. The legal basis for processing your personal data is, in particular, your consent that is a prerequisite for creating a user account. Your consent also applies to so-called sensitive data (e.g., information on your health).

In connection herewith, we will process the following information:

We use this information in order to provide our App to you and to analyze, optimize, and customize our App’s usage by means of Google Firebase. To this end, we may also create usage profiles, in order to provide you with an enhanced workout program, and to display recommendations and information on your workout program and on matching BLACKROLL products and services via push messages and/or in-app messages. We reserve the right to combine this information with other of your customer data that is stored by BLACKROLL (e.g., in connection with orders from the web shop). The reach and purpose are specified in the consent form by which you granted your consent.

You grant your consent on a voluntary basis and may revoke the same at any time, in whole or in part, with effect for the future without giving reasons, e.g., by e-mail to datenschutz@blackroll.com. Please note, however, that we may be obligated to delete your user account in this case for legal reasons and that you would only be able to use the remaining part of our service offering that is accessible without user account.

We will not disclose your personal data to third parties. Not even distributors of BLACKROLL products will receive personal data from us, but they may obtain it directly from you when you browse their website, or place order in their web shops. Push messages require your prior authorization by making the corresponding settings in your device (see Art. 10 below).

You may delete your user account and the related data at any time via the function “Delete user account” in the menu “Settings > Privacy”.

Google Firebase

This App uses Google Firebase, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Firebase uses non-cookie tracking technologies, i.e., identifiers which allow Google servers to recognize your mobile device, e.g., in order to determine whether your mobile device has communicated with us before. Generally, the information generated this way on your use of our App (including your IP address and the other types of usage data listed in Art. 4, workout data, and, if applicable, data on your user account) will be transmitted to a Google server in the U.S. and stored on that server. The Google parent entity Google LLC has been certified under the EU-U.S. Privacy Shield and, thus, offers a guaranty that the European data protection law (see www.privacyshield.gov/participant?id=a2zt000000001L5AAI will be complied with.

Within the scope of functions and purposes described below, Google will engage in activities on our behalf under a Commissioned Processing Agreement as instructed by us:

The legal basis for all activities listed above is that they are a prerequisite for performing the agreement, since the processing of the transmitted data is required for performing our duties under the Terms of Use agreed upon by you and us. In addition, we process data based on our legitimate interests in the economically sound/trouble-free operation and optimization (in particular, user-friendliness) of our App and in providing premium services which may be used at the user’s option.

Processing for usage analysis and the use of non-cookie tracking technologies will only occur based on the consent that you granted for this purpose. You may revoke this consent at any time by preventing the usage analysis by Google Firebase by making the relevant settings in the App. In this case, you should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”.

Within the scope of this usage analysis, Google will also estimate from which country you access the App, your age, and your gender.

For further information on the use of data by Google and on data protection in connection with Google Firebase please click on the following links:

Newsletter

The newsletter is mailed using the so-called double opt-in procedure, i.e., we will not send you a newsletter by email, unless you have expressly confirmed that you wish us to activate the newsletter service. We will then send you an email confirmation and ask you to confirm by clicking on the link contained in that e-mail that you wish to receive our newsletter. Upon completion of this separate double opt-in procedure, you have granted your consent to receiving the newsletter.

In the event the newsletter is subscribed to from within a user account, we may omit the renewed double opt-in, since your e-mail account was verified by a confirmation link during the activation of your customer account. In this case, a simple opt-in (by clicking a check box) in the user account is sufficient.

Within the meaning of this Art. 8, we will not send you newsletters without your prior registration, i.e., based on your consent. In the event that the content of a newsletter is accurately described during the registration process, this information will govern the reach of your consent. Apart from this, our newsletters include information on our products, offers, promotional campaigns, events, and our business.

In the event you should decide at a later date that you do not wish to receive our newsletter any more, you may revoke your consent at any time. A notice in text form (e.g., e-mail, letter) directed to the address in the contact data set forth in in Art. 16 or to datenschutz@blackroll.com shall suffice. Of course, you will find an unsubscribe link in every newsletter.

The newsletter is mailed using MailChimp, a newsletter mailing platform operated by the U.S. provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, U.S. In this context, data will be processed on our behalf subject to a Data Processing Agreement (Auftragsverarbeitungsvertrag) that we have concluded with MailChimp. In that agreement, MailChimp agrees to protect the personal data of our users, to process it only on our behalf, and, in particular, not to disclose it to any third party

The email accounts of our newsletter recipients and any other data referred to in this Privacy Policy will be stored on the U.S. based servers of MailChimp. MailChimp will use this information for mailing and analyzing the newsletters on our behalf. Furthermore, according to MailChimp, it may use this data to optimize or improve its own services, e.g., for technical optimization of newsletter mailings, the appearance of the newsletter, or for economic purposes in order to determine in which countries the recipients are based. However, MailChimp will neither use the data of our newsletter recipients to contact them on its own behalf nor disclose this data to third parties.

We trust in the reliability, IT security, and data protection of MailChimp. MailChimp has been certified in accordance with the EU-U.S. Privacy Shield and, thus, promises to comply with the EU data protection requirements (see www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.

To review the privacy policy of MailChimp please go to: mailchimp.com/legal/privacy/. In addition, MailChimp uses the Google Analytics tool and may integrate it into the newsletters. For further information on Google Analytics please refer to the relevant section of our website’s general Privacy Policy: www.blackroll.com/de/datenschutzerklaerung.

We would like to draw your attention to the fact that following the mailing of the newsletter your user behavior regarding our newsletter will be analyzed on our behalf. This analysis is based on so-called web beacons, also known as tracking pixels, that are included in the e-mail messages, and links encoded using this technology. Web beacons are one-pixel image files that are linked with our website and, thus, allow us – in combination with encoded links, to analyze your user behavior with regard to our newsletter (so-called open and/or click tracking). This is achieved by collecting technical information, e.g., on your browser, your system, your IP address, and the time of downloading the mail and/or the link via web beacons and encoded links, that is matched with your e-mail account and assigned a unique ID.

The so-called open tracking using web beacons is not possible, if you have disabled the display of images by default in your e-mail browser. However, in that case, the newsletter will not be fully displayed and you may not be able to use all of its features. If you allow the display of images on a case by case basis, this will trigger the tracking described above. The only way to prevent the so-called click tracking is not to click on the links in the corresponding e-mail.

Login via Facebook and Google (Social Login)

Optionally, you may use a so-called social login, i.e., you use your existing Facebook profile (hereinafter referred to as “Facebook Login”) or our Google account (hereinafter referred to as “Google Sign-in”), to register within the App.

If you wish to use the Social Login, you will be redirected to Facebook or Google, as the case may be, during the login process. On the next screen, you will be asked to log in with your user name and password, unless you have already logged into Facebook or Google, respectively. Of course, BLACKROLL will not become aware of your login credentials.

In the next step, you will confirm the transmission of your data to BLACKROLL vis-à-vis Facebook or Google, as the case may be. When you use the Social Login, the following data will be transmitted from Facebook or Google, respectively, to BLACKROLL: First name, family name, e-mail account, profile picture, user ID, access token.

BLACKROLL will create your user account with the data received. There will be no other type of permanent link between your user account and your account with Facebook or Google, as the case may be. When you log into the App using the Facebook Login or your Google account, as the case may be, Facebook or Google, respectively, will generate a unique token (string consisting of letters and numbers) which will be stored and exchanged with Facebook or Google, respectively, during the login process for secure authentication. The legal basis for processing your personal data in this context is, in particular, that this is a prerequisite for performing the agreement, since the processing of the transmitted data is required for performing our duties under the Terms of Use agreed upon by you and us. Furthermore, your data will be processed based on our legitimate interest of allowing you the optional use of additional premium services.

The connection between our App and Facebook or Google, respectively, may be removed at any time. To this end, you need to delete the connection with the “BLACKROLL APP” in the profile settings of your Facebook/Google account. If you wish to continue to use the App as a registered user, you may need to create a new user account in the App afterwards.

Please refer to the privacy policies of Facebook or Google, respectively, for further information on the purpose and scope of data collection and the further processing and use of your data, and your corresponding rights and the available settings to protect your privacy:

Unless you select the “Social Login” feature of the corresponding service provider in our App, no data will be transferred to the service provider. However, when you click on one of the buttons you leave our App; your data will be sent to the corresponding service provider, including when you are not a registered member of that community.

Authorizations within the mobile device / push messages

The App supports the display of messages (so-called push messages) on the start/home screen of your mobile device and within the App (so-called in-app messages) via the Firebase Cloud Messaging feature of the Google Firebase service (cf. Art. 7 above). Therefore, the App may ask you to grant the corresponding device authorizations. Granting the authorization is optional. However, if you wish to receive push messages, the authorization should to be granted, since otherwise you would not be able to use this function. We need this authorization in order to provide you with the requested services in accordance with our Terms of Use.

We use the Google Firebase technology (for further details please refer to Art. 7 of this Privacy Policy) in order to send you push messages or in-app messages. Your mobile device will be assigned a pseudonymized push reference number that also stores details on when and how long a certain push message or in-app-message, respectively, was read. This reference number serves as the target for push messages and/or in-app messages and will enable us to display push messages and/or in-app messages on your mobile device.

Your personal data will not be transmitted to distributors, including in those cases where push messages or in-app messages, respectively, contain third-party contents from distributors of BLACKROLL products.

The authorization will remain activated until you disable it in your mobile device. Push messages can be disabled and re-enabled at any time. For example, on an Android mobile device go to “System settings” > Apps > BLACKROLL App > authorizations“; on an iOS mobile device go to “System settings > BLACKROLL App > messages“.

Recipients of personal data

We will only pass on your personal data to external recipients if this is required for providing the App, if you have granted your consent, or on another kind of statutory authorization.

External recipients may include, but are not limited to:

Data processing in third countries

Generally, we will not process your data outside Switzerland and the European Union (EU) or the European Economic Area (EEA). In the event that we should transmit your data to third countries outside the EU and/or the EEA in an individual case, we will ensure prior to passing on your data that this is either a legally permissible exception, or that the recipient either offers an adequate protection of personal data, or that you grant your consent to this data transmission. For example, an adequate protection of personal data is warranted by the recipient’s certification under the EU-U.S. Privacy Shield, the acceptance of EU Standard Contractual Clauses, or the existence of Binding Corporate Rules (BCR) by or at the recipient’s organization. Please contact us at datenschutz@blackroll.com, if you wish to receive a copy of the specific precautions regarding the transmission of your data to third countries. The EU Commission has passed a decision on the adequate protection of personal data provided in Switzerland (eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32000D0518).

Security

We take technical and organizational precautions to protect your personal data against coincidental or willful manipulation, loss, destruction, or access of unauthorized parties. Our data processing systems and our precautions and security measures will be continuously improved based on the then-current state of the art.

In particular, we will secure the transmission of any personal data transmitted in connection with your user account by data encryption. This applies to the registration as well as to the log-in.

We use the encryption protocol Transport Layer Security (TLS), more commonly known by the name of its precursor Secure Sockets Layer (SSL).

Please note that we are unable to promise, in particular with regard to communication via the contact feature and e-mail, absolute data security. In particular, when confidential information is concerned, we recommend using a safe communication channel, e.g., postal mail.

Our employees are bound to privacy protection rules and regulations.

Storage period

We will store your personal data only as long as required for meeting the purposes or – if a consent was granted – as long as you do not withdraw your consent. In the event of a withdrawal, we will no longer process your personal data, unless its continued processing is permitted in accordance with the applicable statutory provisions, or even compellingly required (e.g., due to retention periods under commercial or tax law). We will also erase your personal data if we are obligated to do so subject statutory requirements.

For further details on the storage periods that apply to your personal data please refer to the above Articles.

Your rights

As a data subject, you have numerous rights. In particular, these are:

If you should have any questions regarding the processing of your personal data, your rights as a data subject, any consents that you may have granted, please do not hesitate to contact us via any of the other communication channels specified in Art. 16. Please contact us directly if you wish to exercise any of your rights as a data subject.

Your questions on data protection

If you should have question on data protection or wish to exercise your rights as a data subject please contact us:

BLACKROLL AG
Hauptstraße 17
CH-8598 Bottighofen
Switzerland

fax: ...
e-mail: datenschutz@blackroll.com

Modifications

From time to time it may become necessary to modify, review, or amend the content of this Privacy Policy. We, therefore, reserve the right to modify, review, or amend it at any time. We recommend you read the most current version of this Privacy Policy next time you browse or use our App. We will publish the revised version of this Privacy Policy in the same place.

Last revised: May 2019 (Version 1.0)

You may download this Privacy Policy in PDF format here in order to store it permanently and to print it, if necessary.