The information we collect through the Services is controlled by ObVus Solutions Inc., which is headquartered in the United States at 12235 Gorham Ave., Los Angeles, California 90049, USA. For personal information collected by a minderPro, the minderPro will be the data controller; to exercise any of your rights with a minderPro, please contact the respective minderPro. As a patient, ObVus can access the personal information that you provide to our minderPros, and where we use that personal information for our own purposes, we will be an independent controller.
The Legal Bases for Using Your Personal Information. We collect your information as a data controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:
- Our use of your personal information is in our legitimate interest as a commercial organization (for example in order to make improvements to our products and services and to provide you with information you request); you have a right to object to processing as explained in the section below entitled Your Legal Rights;
- Our use of your personal information is necessary to perform a contract or take steps to enter into a contract with you (for example, to facilitate your participation a trial class that you have requested, where we use your personal information to respond to your customer service requests, to provide our services through our Site or Apps); and/or
- Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have (for example, where we are required to disclose personal information to a court or tax authority).
- Our use of your personal information is in accordance with your consent (for example, when you consent to sharing your personal information with a third party for their own marketing).
Our use is necessary to protect your vital interests (for example, if you are injured during a workout)
If you would like to find out more about the legal bases on which we process personal information, please see Appendix A at the end of this policy or contact us using the details below.
Retention of Your Personal Information. We retain your personal information for as long as necessary to provide our services to you, to fulfil the purposes described in this Policy and/or our business purposes, or as required by law, regulation, or internal policy.
Special Categories of Personal Information. We require an additional legal basis to process special categories of personal information which includes your health data (when you use one of our Minder devices, or when we ask you to provide to us with your health information, such as health conditions that you disclose to us when completing a minderPro agreement), which shall be one of the following:
- You have provided explicit consent;
- The processing is necessary to protect your vital interests or those of another person where you are physically or legally incapable of giving consent (for example in exceptional situations such as a medical emergency); or
- The processing is necessary for the establishment, exercise, or defense of legal claims.
- Profiling. We may analyze members’ workout habits and activities, interests, and preferences in order to provide our services, such as to customize workouts, and for our marketing purposes.
Processing of Information from Children Between the Ages of 14 and 17. Where a child in the EU between the ages of 14 and 17 provides us with personal information through the Services and our processing is based on consent as a legal basis, we will obtain the consent of the child’s respective parent or guardian. The parent or guardian has the right to withdraw such consent provided on behalf of their child at any time.
Your Legal Rights. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, when Ultimate acts as a data controller, European Union individuals have certain rights in relation to their personal information:
Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
You also have the right to request that we delete your information.
We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.
Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use where such use is justified on our legitimate interests and we must verify as to whether we have a compelling interest to continue to use your data.
We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to data portability: To the extent that we process your information (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction: You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the EEA.
Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request at firstname.lastname@example.org. In your message, please indicate the right you would like to exercise and the information that you would like to access, review, correct, or delete.
We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
We may not always be able to fully address your request, for example if it would affect the duty of confidentiality we owe to others or if we are legally entitled to deal with the request in a different way.
Cross-border Transfer of Information. We generally maintain servers and systems in the United States hosted by third party service providers. Our European Union franchisees may transfer personal information to us in the United States, and we also may subcontract the processing of your information to, or otherwise share your information with, other third parties in the United States or countries other than your country of residence. As a result, where the personal information that we collect through or in connection with the Site, App, or our services, or is provided to us by our franchisees, is transferred to and processed in the United States or anywhere else outside the European Economic Area (EEA) for the purposes described above, we will take steps to ensure that the information receives the same level of protection as if it remained within the EEA, including entering into data transfer agreements, using the EU Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU - US Privacy Shield. You may have a right to details of the mechanisms under which your data is transferred outside the EEA.