15. DATENSCHUTZHINWEIS FÜR IN EUROPA ANSÄSSIGE PERSONEN
Wenn Sie Ihren Wohnsitz im Europäischen Wirtschaftsraum, im Vereinigten Königreich oder in der Schweiz haben (zusammenfassend als Europa" bezeichnet), haben Sie möglicherweise zusätzliche Rechte gemäß der Allgemeinen Datenschutzverordnung (GDPR") oder anderen europäischen Datenschutzvorschriften.
Controller and European Representatives. WHOOP, Inc. will be the controller of your Personal Data processed in connection with the Services. Our contact information is as follows:
1325 Boylston Street, Suite 401
Boston, MA 02215
Unser EU-Vertreter ist:
20095 Hamburg Deutschland
Unser Vertreter im Vereinigten Königreich ist:
DP Data Protection Services UK Ltd.
Zu Händen: Whoop, Inc.
16 Great Queen Street, Covent Garden,
5AH, Vereinigtes Königreich
Sie können sich mit jedem der oben genannten Vertreter in Verbindung setzen: firstname.lastname@example.org
Legal bases for processing. The “How We Use Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.
- Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate the Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or Services you access and request.
- Research and development: These activities constitute our legitimate interests.
- Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
- Compliance and protection: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
- Consent: To the extent that Wellness Data that we collect is considered health data or another special category of Personal Data subject to the GDPR, we ask for your explicit consent to process this data. You can use your account settings and tools to withdraw your consent at any time, including by unpairing your WHOOP Strap, stopping use of a feature, removing our access to a Third-Party service, or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner indicated at the time you give consent or in as listed in our Services.
Wir können Ihre personenbezogenen Daten aus Gründen verwenden, die nicht in dieser Datenschutzrichtlinie beschrieben sind, sofern dies gesetzlich zulässig ist und der Grund mit dem Zweck, für den wir sie erhoben haben, vereinbar ist. Wenn wir Ihre personenbezogenen Daten für einen nicht verwandten Zweck verwenden müssen, werden wir Sie darüber informieren und die entsprechende Rechtsgrundlage erläutern.
Retention. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data subject rights. You have certain rights with respect to your Personal Data, including:
- Access. You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. You can also access certain of your Personal Data by logging into your account.
- Rectification. . If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account.
- Erasure. You can request that we erase some or all of your Personal Data from our systems.
- Withdrawal of consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability. You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
- Restriction of processing: You can ask us to restrict further processing of your Personal Data.
- Right to file complaint. You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or European Economic Area Member State.
For more information about these rights, or to submit a request, please email email@example.com or firstname.lastname@example.org. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Processing of Personal Data in the United States. To provide the Services, we will process your Personal Data in the United States, where WHOOP is based. If such processing involves the transfer of Personal Data to the U.S. in a manner governed by European data protection law, the transfer will be performed pursuant to the applicable requirements of the law, such as standard contractual clauses, the individual’s consent, or other circumstances permitted by European data protection law.
Privacy Shield Certification. WHOOP certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of Personal Data transferred from the EU to the U.S. For more information about the Privacy Shield Program, and to view our certification, please visit www.privacyshield.gov.
Obwohl sich WHOOP nicht mehr auf das Privacy Shield Framework stützt, um grenzüberschreitende Datenübermittlungen zu erleichtern, bleibt WHOOP den Privacy Shield Principles verpflichtet: (1) Benachrichtigung, (2) Einwilligung, (3) Verantwortlichkeit für die Weitergabe, (4) Sicherheit, (5) Datenintegrität und Zweckbindung, (6) Zugang und (7) Rückgriff, Durchsetzung und Haftung in Bezug auf alle personenbezogenen Daten, die wir im Vertrauen auf das Privacy Shield aus der EU erhalten haben, bevor es außer Kraft gesetzt wurde. Die Datenschutzschild-Prinzipien sehen vor, dass wir potenziell haftbar bleiben, wenn ein Dritter, der personenbezogene Daten in unserem Auftrag verarbeitet, diese Datenschutzschild-Prinzipien nicht einhält (außer in dem Maße, in dem wir nicht für das Ereignis verantwortlich sind, das zu einem angeblichen Schaden führt). Unsere Einhaltung des Datenschutzschildes unterliegt den Ermittlungs- und Durchsetzungsbefugnissen der U.S. Federal Trade Commission.
Please contact us at email@example.com with any questions or concerns relating to our Privacy Shield Certification. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States. You can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.
If you have any questions about this section or our data practices generally, please contact us at firstname.lastname@example.org or using the contact information above.