Privacy policy
Status as of June 1, 2024
Fundamentals
ilogs smartwear GmbH – hereinafter referred to as “ILOGS” – attaches great importance to protecting your personal data. When processing your data, we comply with the current provisions of the European General Data Protection Regulation (GDPR) as amended. Below you will find an explanation of how we process your personal data when you use our website, web store, web application, smartphone applications, our smart ring or services and when you contact our support team.
Changes to this privacy policy
We will regularly revise and update this Privacy Notice in accordance with changing legal, technical and business developments. When we update this Privacy Notice, we will note the date of the last revision at the top of this statement. We encourage you to periodically review this Privacy Notice to stay informed about how we are protecting your personal data.
Person responsible for data processing
ilogs smartwear GmbH, Krone Platz 1, 9020 Klagenfurt am Wörthersee, Austria is responsible for the processing of personal data. If you have any questions, please contact us by e-mail: datenschutz@ilogs.care or write directly to our data protection officer:
ilogs smartwear GmbH
attn. Andreas Jansa, Data Protection
Krone Platz 1 | 9020 Klagenfurt am Wörthersee
Austria
What data is collected from you and how
Depending on the purpose and manner in which you contact us or which of our products you use, you may provide us with data that we process. Below you will find an overview of which data you can transfer to us via which channels.
Which channels are used to collect data
You can contact us in various ways. Data is collected from you in order to provide our services. This includes our website, the web store, web application, smartphone applications (e.g. the Nextring app) and services, as well as your communication in the context of a support request.
Data which you transfer to us
When using our devices (such as the Smartring N1) and services, you may provide us with the following personal data:
– Master data such as first name, last name, user name, title
– Contact data such as billing address, delivery address, home address, email, phone
– User information such as gender, height and weight, user ID and other information you provide to us
– Activity and contextual information provided by users such as activities, notes, comments, user feedback and tags you enter into the app.
– Calculated user, sleep, health and activity data such as sleep stages (deep, light, REM, awake), activity level during the day, daily form and body mass index
– Login data such as username, password to our systems
Data that we automatically collect from you
In addition to the data you provide us with, the following data is collected:
– Technical data such as MAC and IP address, browser type, operating system, type of device with which you access our websites and applications
– Usage data of functions that you use in our websites and applications.
– The content of conversations with our support department can be written down in tickets for follow-up purposes.
How we protect your data
Place of data processing
Your data is processed within the EU and the European Economic Area. Currently, this is an ISO 9001:2015 and ISO 27001:2013 certified data center in France. The data transfer from the APP to the data center is encrypted.
Technical and organizational measures (TOMs)
The TOMs are implemented by ILOGS in accordance with the GDPR. They are continuously evaluated for feasibility and state of the art and, if necessary, improved and brought to a higher level of security and protection.
The purposes for which your data is processed
The data collected from you will be processed for the following specific purposes. Different purposes may apply at the same time.
– Provision of the product and services
– Billing of our services
– Communication with you regarding your inquiries
– Improvement of our product and services
– Marketing: we inform you about new products by e-mail
Note:
If information is bundled or anonymized, it is no longer personal data.
Disclosure to third parties
ILOGS does not sell or rent your personal information and only shares it with certain trusted service providers and partners to provide and improve our services, to enable partner services and other offerings, and to operate our business. Whenever we share data with third-party service providers, we require that your data is used only for the purposes we have authorized and only for the reasons stated in this Privacy Policy. We also require these service providers to protect your personal data to at least the same standards that we apply ourselves.
Below you will find a list of the third-party providers and systems used.
– Microsoft 365 to process your requests by e-mail
– Atlassian Jira to process your requests to us (also by telephone and e-mail)
– Google Analytics to analyze the activities on our website
– WooCommerce to process your purchase in our webshop
– GoCardless to process SEPA payments
– Apple – if you pass on the data of the ring to Apple Health
Subcontractor
ILOGS works closely with the company Joint Chinese Limited – with the address: Building 6 and 4, Huafeng Tech Park, Guangtian Road, Luotian Industrial Area, Songgang Town, Bao’an District, Shenzhen, P.R China – for the further development of the rings and the APP as well as for the operation of the server in the EU. There is an agreement between the two companies to comply with data protection regulations.
How long your data will be processed
The retention period for your personal data generally depends on the duration of the lifecycle of your Nextring account. Your personal data will be deleted as soon as it is no longer needed for the purpose for which it was originally collected, unless we are required by law to store the data for longer. For example, your measurement data on sleep, daily form and activity will only be stored for as long as your Nextring account is active.
ILOGS is also required by law to retain certain personal data for a certain period of time, e.g. for tax purposes. These mandatory retention periods may relate, for example, to accounting and tax requirements, legal claims or other legal purposes. Please note that the mandatory retention periods for personal data vary depending on the applicable law.
You can delete your Nextring account yourself in the APP at any time. You can also inform us in writing that we should delete all your data.
Cookies
The website or the software installed on the server uses cookies. Cookies are text files that receive information and enable you to use extended functionalities (e.g. spam protection check in the contact form – if activated). (e.g. spam protection check in the contact form – if activated.) Cookies only store the necessary information and cannot cause any damage to your computer. You can define the storage duration of your cookies in your browser profile yourself and delete cookies on your computer yourself at any time. Cookies are technically necessary to ensure the full functionality of this website at all times.
Legal basis for the processing
Our legal bases for processing your data depend on the respective processing purposes. These are
– Contract
If we process personal data for the purpose of providing services, this is done on the basis of a user contract, which is concluded when you create your account and accept our terms of use.
– Consent
We only process your sensitive personal data with your consent. In some cases, your actions constitute consent to the processing of your data, e.g. when you add health data to your notes or add health-related tags in the app.
– Legitimate interest
We process your personal data on the basis of our legitimate interests when we process it to market our products and websites, to provide our customer service and to improve our services. When deciding to use your personal data on the basis of our legitimate interests, we carefully balance our own interests against your right to privacy in accordance with applicable law.
– Legal obligation
We must process certain information in order to comply with legal obligations, which may vary from country to country. Such obligations may arise, for example, from consumer protection or tax laws.
Disclosure of personal data
We reserve the right to disclose personal data in certain circumstances, e.g:
– when we have your explicit consent to do so
– when reasonably necessary for our legitimate interests in conducting our business, such as in the event of a merger, acquisition or sale
– to protect Nextring’s legal rights and property and
– to comply with legal requirements. However, ILOGS will resist any request to provide legal authorities with access to user data for surveillance or law enforcement purposes and will notify users if we receive such a request, to the extent permitted by law
Otherwise, your personal data will never be passed on to individuals or other organizations.
Your data protection rights
As an end user, you also have these rights if you have a contractual relationship with an ILOGS sales partner.
Duty to inform
Data subjects must be informed about the details of data processing and their rights (who/what/when/where/how/why).
Right to information
It must be possible to obtain information about which data of the data subject is stored or processed separately from the data of other persons.
Right to rectification
To avoid incorrect evaluations.
Right to erasure (“right to be forgotten”)
In the absence of necessity, consent and lawfulness. Personal data must also be deleted after expiry (e.g. after termination of a business relationship).
Right to restriction of processing
For the duration of audits or the safeguarding of legal claims. It must be possible to exclude data from processing without deleting it.
Right to data portability
Data relating to a person must be passed on to other service providers and service providers on request. This must be done automatically or in a structured form.
Right to object
In the case of higher interests, a data subject can prohibit the processing of their data.
Right to lodge a complaint
If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the data protection authority https://www.dsb.gv.at.