Effective Date: 01.01.2020
How information is collected:
- Registering and setting up a user account
- Using our interactive cardio fitness equipment
- Visiting our website: https://www.woodway.com/
- Signing up for our Newsletter
- Purchasing equipment
A. General information and our contact information
W229 N591 Foster Ct. Waukesha,
WI 53186 USA
“Woodway USA”, “we” or “us”.
1.2 Under the GDPR, Woodway is a “business” that collects information from users, called “data subjects” under GDPR Art. 4 (Para. 1), and the contact information for Woodway’s representative under the GDPR (Art. 4 (Paras. 17 and 27)) is the following:
79576 Weil am Rhein
Tel. +49 7621 – 940 999 – 14
Fax. +49 7621 – 940 999 – 40
1.4 Under the OPL, Woodway is an “operator” (Nevada Revised Statutes 603A.330) that collects and maintains covered personal information, of the type identified in Sec. 2 below, from “consumers” (NRS 603A.310) who reside in Nevada and use or visit our website. Under Nevada law, you can prevent us from selling your personal information (but not the transfer of data to service providers that process data on our behalf) by submitting a verified request. Such requests can be made by notifying Woodway using the contact information under Sec. 1.1 above which is our “designated request address” under the OPL. Covered operators must accept and honor such “sales opt-out” or “do not sell” requests.
2. Types of data processed, categories of users
2.1 Type of data processed
- Contact details (e.g., e-mail, phone numbers, physical address)
- Personal user profiles (first and last name, user ID, login, PW)
- Training data (user statistics, settings, preferences)
- Health data, such as Weight, heart rate, recovery value
- Content data (e.g., text input, photographs, videos)
- Usage data (e.g., websites visited, interest in content, access times)
- Meta/communication data (e.g., information, IP addresses)
- Other identifiers (Social Security number, driver’s license number, passport number, geolocation data, audio, electronic, visual, thermal, olfactory, professional, employment-related information and education information (CCPA § 1798.140(o)(1)(A)-(J))
2.2 Categories of users
- Visitors and users of the website and online offers
- Users of cardio fitness equipment with user profile
- Users are “data subjects” (defined as an “identified or identifiable natural person”) under the GDPR
- Users are “consumers” (defined as a “natural person who is a California resident”) under the CCPA; note that, until 1 January 2021, consumers will not include employees, job applicants and those involved in business-to-business transactions
- Users are “consumers” (defined as “a natural person who is a Nevada resident”) under the OPL
3. Purpose of processing
We use your personal data for:
- Provision of the website and online offers, its functions and content
- Provision and management of user and training data
- Answering contact requests and communicating with users
- Investigation, enforcement, exercise or defense of and against legal claim(s) and legal disputes, as well as for the detection, investigation and prevention of criminal offenses
- Security measures
- Web analysis
- Purposes of direct marketing, e.g. in the form of an e-mail newsletter or postal advertising
4. Provision of the website and log files
(1) In the case of the merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the personal data that your browser automatically transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (GDPR Art. 6 (Para. 1) and CCPA §§ 1798.140(d) and (o)(1)(F)):
- IP address
- Date and time of the request
- Time zone difference to Central Standard Time (CST)
- Content of the request (concrete page)
- Access Status/HTTP Status Code
- Amount of data transferred in each case
- Website from which the request originates
- Operating system and its interface
- Language and version of the browser software
(2) The IP addresses of the users are deleted or anonymized after the end of the use. In the case of anonymization, the IP addresses are changed in such a way that the individual details of personal or factual circumstances can no longer be assigned to a specific or identifiable person, or only with a disproportionate amount of time, cost and manpower.
5. What are “cookies” and how we use them
(1) In addition to the logfiles data, cookies are stored on your computer when you use our website. Cookies are small text files that are allocated and stored on your hard drive to the browser you are using and through which certain information flows to the place that sets the cookie (here by us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective.
(a) This website uses the following types of cookies, the scope and functioning of which are explained below:
- Session Cookies (see (b) below
- Persistent cookies (see (c) below
(b) Session cookies store a so-called session ID, with which various requests from your browser can be assigned to the shared session. The session cookies are deleted when you log out or close the browser. If you restart your browser and go back to the website, the website will not recognize you. You must log in again (if a login is required) or you will need to re-set templates and preferences if the website offers these features. Then a new session cookie is generated, which stores your information and remains active until you leave the page and close your browser.
(c) Persistent cookies are automatically deleted after a predetermined duration, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.
|Technically Necessary Cookies||Technically necessary cookies enable the use of our website by enabling basic functions such as page navigation and access to secure areas of the website. Your visit to our website cannot function properly without these cookies.||Session cookies – deleted when the browser is closed.|
|Performance (e.g. user’s browser) and Preferences||When using our website, cookies are used (e.g. to recognize the browser) to improve performance (e.g. faster loading of content). When you visit our website, the country and language selections you have selected, or you have chosen yourself will be stored in cookies in order to save you from re-selecting on subsequent visits. In advance, it is checked whether your browser supports cookies and this information is stored in another cookie. You will then be shown localized contact information, which is also stored, in terms of country and language. GDPR Art. 6 (Para. 1) and CCPA § 1798.140(x).||Session cookies – deleted when the browser is closed.|
|Analysis Cookies (statistics)||We use third-party analytics cookies to understand how visitors use our site. This helps us to improve the quality and content on our site. The aggregated statistical information includes data such as the total number of visitors. For example, we learn how often and in what order each page has been viewed and how much time visitors spend on our pages on average. We also find out if users have visited our website earlier. GDPR Art. 6 (Para. 1) and CCPA § 1798.140(x)). For more information, see Section 13 (Web Analysis Services).||Persistent cookies remain but are automatically deleted after 1 year if the website has not been visited, unless shorter deadlines apply in individual cases.|
|Advertising Cookies (marketing)||We use advertising cookies to assess the efficiency of our advertising activities and to derive optimizations from them. GDPR Art. 6 (Para. 1) and CCPA § 1798.140(x).||Persistent cookies remain but are automatically deleted after 1 year if the website has not been visited, unless shorter deadlines apply in individual cases.|
(4) Control over cookies
You can set your browser to inform you about cookie settings e.g., to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases, or in general, and activate to automatically delete the cookies when you close the browser. When disabling cookies, the functionality of this website may be limited.
(1) The ProSmart Display is an interactive user interface that personalizes every aspect of the application: user profiles, guided enhancement, real/game runs, streaming TV. It is also possible to customize the user interface according to personal preferences. The ProSmart display is designed to access your personal user profile and information from any ProSmart treadmill worldwide. Our cloud storage collects your ProSmart statistics (backend STATS website). With STATS, you can track the training history using data and graphs, export the data to apps or make it available to your trainer.
(2) To use ProSmart services, you need to register (“Create Profile”). Some data, such as your first name, last name, password, gender, height, weight and your email address, in some cases your mobile phone number, are required to open an account within our services (“User Information”). This is the only information you need to provide to create an account with us. In addition, you can voluntarily change your personal preferences (simple, medium or strong) which automatically adjusts the stored preferences.
(3) To gauge a variety of metrics, your device collects data such as the distance, watts per minute, speed, total duration of training, calories burned, weight, heart rate. The data collected depends on the device you are using. If your device is paired with applications or software, the data stored on your device will be transferred from your device to our servers.
(4) Smart Coach is designed to guide a user through a personalized training program that records progress and statistics for each workout. The training programs are designed to be tracked over several weeks. Once a user is logged on, the user can review the provided statistics for guided training and select a training program to begin. The details of each training are displayed on the selection tab.
(5) Should the information collected be health or personal data of another special category covered by the GDPR, we expressly ask for your consent to data processing. We will obtain this consent separately if you take any action that results in us collecting the information; for example, if you pair your device with your account, grant us access to your sports or activity data from another service, or use the Health Tracking feature. You may use your account settings and tools to withdraw your consent at any time, including by no longer using a feature, removing our access to a third party, disconnecting your device, or deleting your data or account.
7. E-mail newsletter
7.1 Newsletter Subscription
(1) With your consent, you can subscribe to our e-mail newsletter (herein after referred to as the “Newsletter“) with which we inform you about our products, sales and events.
(2) To subscribe to our newsletter subscription, we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to receive the Newsletter. If you do not confirm your registration within 14 days, your information will be automatically deleted. In addition, we store your IP addresses used at registration and confirmation and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any misuse of your personal data.
(3) The only obligation to send the Newsletter is your e-mail address. Providing further information is voluntary and will be used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending the newsletter.
(4) The legal basis for the above-mentioned processing operations within the scope of the newsletter subscription is your consent in accordance with GDPR Art. 6 (Para. 3).
(6) The data provided by you when you subscribe to the newsletter will be deleted when the Newsletter is unsubscribed.
7.2. Newsletter-shipping after product purchase
(1) If you have purchased products or services, we may also send you our Newsletter without pre-registration for the newsletter subscription, to the e-mail address you provided at the time of purchase. This applies to Newsletters for the promotion of similar products as those you bought in our online store.
(2) For this purpose, this e-mail address is stored in our newsletter address database. In order to prove the legitimacy of sending the Newsletter, we also store your IP address used at the time of purchase and the time of purchase. GDPR Art. 6 (Para. 3)
(3) Our legitimate interest in data processing is the direct promotion of our products to our customers as well as your interest in offers and promotions.
8. Disclosure to third parties
(1) The processing of the newsletter dispatch takes place with involvement of services and IT systems of an external service provider xxxx, which we have commissioned as part of the job processing.
(2) In the course of hosting the training data and user profiles, your data processed by us will be processed by our cloud service provider Athlios (connected fitness technology), https://athlios.com/ on the basis of contract processing.
(3) In the case of the use of web analysis services and third-party providers, the data will be transmitted to the extent described herein.
9. Automated decision-making
In principle, we do not use fully automated decision-making in accordance with GDPR Art. 22 to establish and execute the business relationship.
In order to be able to inform and advise you on products in a targeted manner, we use web analysis tools, especially tracking technology, on our behalf. These enable communication and advertising tailored to your needs.
B. Data processing by third parties
11. Web analytics services and advertising
11.1 Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compile reports on website activity and other information relating to website activity and internet use. services to the website operator.
(2) The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google.
(3) You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by using the available data provided by Google. Download and install the browser plug-in:
(4) This website uses Google Analytics with the extension “_anonymizeIp()”, which means that IP addresses can be shortened and excluded, so that if the data collected about you is personally identifiable, it will be immediately excluded and the personal data will be immediately deleted.
(5) We use Google Analytics to analyze and regularly improve the use of our website. With the statistics obtained, we can improve our offers and make it more interesting for you as a user. For the exceptional cases in which personal information is transferred to the US, Google has submitted to the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework. GDPR Art. 6 (Para. 1)
11.2 Google Tag Manager
(1) This website uses the Google Tag Manager as part of Google Analytics. Tags are small code elements on our website that, among other things, are used to measure traffic and behavior, to capture the impact of online advertising and social channels, to use remarketing and targeting groups, and to measure their website to test and optimize. Google Tag Manager is a solution that allows us to manage website tag using a surface. The Tag Manager tool itself (which implements the Tags) is a cookie less domain. The tool causes other tags to be set off, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.
(2) Further information about Google Tag Manger can be found at: https://www.google.de/tagmanager/use-policy.html
11.3 AdWords and Google Conversion Tracking
(1) This website uses Google AdWords. AdWords is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). As part of Google AdWords, we use what’s called conversion tracking. When you click on an ad placed by Google, a cookie for conversion tracking is set. Cookies are small text files that the internet browser places on the user’s computer. These cookies expire after 30 days and are not used for the personal identification of users. If the user visits certain pages of this website and the cookie has not yet expired, Google, and we, can recognize that the user has clicked on the ad and has been redirected to this page.
(2) Each Google AdWords customer receives a different cookie. The cookies cannot be tracked through adWord customers’ web sites. The information collected with the conversion cookies is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers will find out the total number of users who clicked on their ad and have been redirected to a page tagged with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users. If you do not wish to participate in tracking, you can object to this use by easily disabling the Google Conversion Tracking cookie via your Internet browser under User Settings. They are then not included in the conversion tracking statistics.
11.4 Google Double-Click
(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected by Google’s use of this tool and therefore inform you according to our knowledge: by integrating DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will find out and store your IP address.
(3) You can prevent participation in this tracking procedure in several ways: a) by setting your browser software accordingly the suppression of third-party cookies will prevent you from receiving third-party ads b) by disabling cookies for conversion tracking by setting your browser to block cookies from the “www.googleadservices.com” domain, https://www.google.de/settings/ads, this setting will be deleted if you delete your cookies c) by disabling the interest-based advertisements of providers that are part of the “About Ads” self-regulatory campaign, http://www.aboutads.info/choices via the link, this setting will be deleted when you delete your cookies d) by permanently deactivating Firefox, Internet Explorer or Google Chrome in your browsers, http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of this offer to the full extent.
12. Social media
12.1 Using Facebook and Twitter plug-ins
(1) We currently use the following social media plug-ins: Facebook, Twitter, Instagram and LinkedIn. You can recognize the provider of the plug-in by marking it on the box by using its initial letter or logo. We offer you the possibility to communicate with the provider of the plug-in via the direct button. Only if you click on the selected field and activate it does the plug-in provider receive the information that you have accessed the corresponding website of our online offer. In addition, the data referred to in Section (3) below shall be transmitted. In the case of Facebook, according to the respective providers in the EU, the IP address is anonymized immediately after collection. By activating the plug-in, personal data from you is transmitted to the respective plug-in provider and stored there (with US providers in the USA). Since the plug-in provider collects data via cookies we recommend that you delete all cookies before clicking on the grey box via the security settings of your browser.
(2) We have no influence on the collected data and data processing operations, nor are we aware of the full scope of the data or the purposes of the processing and the storage periods. We also do not have any information on the deletion of the collected data by the plug-in provider.
(3) The plug-in provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or customizing its website. Such an evaluation is carried out (also for unlogged users) for the presentation of demand-oriented advertising and in order to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider in order to exercise this. Through the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve our offer and make it more interesting for you as a user. GDPR Art. 6 (Para. 1)
(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link to the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid assigning to your profile with the plug-in provider.
(5) We hereby expressly point out that we, as the provider of this website, do not receive any knowledge of the content and scope of the transmitted data as well as their use of the plug-in provider. More information on the purpose and scope of the data collection and its processing by the plug-in provider is provided within the following shared privacy statements of these providers. You will also receive further information about your rights in this regard and settings options to protect your privacy.
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php more information on data collection: http.//vvww.facebook.cona/help/186325668085084, http://vvww.faceb-ook.cona/about/privacy/your-info-on-other#applications as well as http://www.face-book.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Frame-work.
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://wyvvv.privacyshield.gov/EU-US-Framework.
13. Plug-ins and Tools
(1) We have incorporated YouTube videos into our online offering, which http://www.YouTube.com and can be directly playable from our website. These are all integrated in the “advanced privacy mode”, i.e. no data about you as a user will be transferred to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transferred. We have no influence on this data transfer.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This is done regardless of whether YouTube provides a user account through which you are logged in or if there is no user account. If you are logged in to Google, your data will be mapped directly to your account. If you do not want to be assigned to your YouTube profile, you must log out before activating the button. YouTube stores your data as user profiles and uses it for the purposes of advertising, market research and/or customizing the design of its website. Such an evaluation is carried out (even for unlogged users) for the provision of demand-oriented advertising and in order to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, and you must contact YouTube to exercise this.
(1) Functions of Instagram service are integrated on our website. These features are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to assign the visit to our pages to your user account. We would like to point out that we, as the provider of the pages, do not receive any knowledge of the content of the transmitted data as well as their use by Instagram.
13.3 Google Fonts
(1) This website uses web fonts provided by Google for the uniform presentation of fonts. When you visit a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
C. Customer’s rights
14.1 Your rights under the GDPR
If personal data is processed by you, you are a data controller in accordance with the GDPR and you are entitled to the following rights towards us as the controller. If you wish to exercise your rights or would like more information, please contact us or our Data Protection Officer.
(a) Rights under GDPR Article 15 et seq.
1. The data subject shall have the right to request confirmation from the controller as to whether personal data concerning him/her are being processed; if this is the case, he or she shall have a right of information on such data. personal data and the information detailed in GDPR Art. 15. Among certain legal prerequisites you have the right to correction in accordance with GDPR Art. 16, which Right to restrict processing in accordance with GDPR Art. 16 and the Right to erasure (“Right to be forgotten”) GDPR Art. 17. In addition, you have the right to release the data provided by your sin a structured, common and machine-readable format (right to data portability) in accordance with GDPR Art. 20, provided that the processing is carried out by means of automated procedures and is based on consent or on a contract pursuant to GDPR Art. 6 (Para. 1).
(b) Withdrawal of consent in accordance with GDPR Art. 7 (Para. 3)
If the processing is based on consent, you can revoke your consent to the processing of personal data to us at any time. Please note that the revocation will only work for the future. Processing operations that took place before the revocation are not affected.
(c) Right of appeal
You have the option to contact us or a data protection supervisory authority with a complaint (GDPR Art. 77).
(d) Right of opposition under GDPR Art. 21
In addition to the rights, you have the right to object as follows:
- Case-by-case right of opposition
You have the right at any time for reasons arising from your particular situation against the processing of personal data concerning you which, pursuant to GDPR Art. 6 (Para. 1)(data processing in the public interest and data processing on the basis of a balance of interests) to object; this also applies to profiling based on this provision in GDPR Art. 4 (Para. 4).
If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for the processing that outweigh your interests, freedoms, or serve the processing the assertion, exercise or defense of legal claims.
- Right of objection to the processing of data for advertising purposes
In individual cases, we process your personal data for direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling in as it is linked to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
14.2 Your rights under the CCPA – the “Do Not Sell My Personal Information” notice
CCPA §§ 1798.120 and 135(a)(1)-(2) require that we provide a clear and conspicuous link to enable you, the consumer, or a person authorized by you, to opt-out of the sale of your personal information. Please use the link identified in Section 1.1 above to accomplish this opt-out right.
D. Final Provisions
(1) We have taken technical and organizational security measures in accordance with GDPR Arts. 24 and 32 in order to protect your personal data from loss, destruction, manipulation and unauthorized use. All our employees and all third parties involved in data processing are obliged to comply with the requirements of the GDPR and to treat personal data confidentially. The CCPA does not directly impose data security requirements.
(2) SSL or TLS encryption: This site uses SSL or TLS for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator. TLS encryption. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock icon in your browser line. If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.