At Hello Inside, we’re continuously striving to provide you with the best possible experience – and your privacy is important to us.
- make it easier for you to understand which data we collect and how we use it
- give you increased control over your data
- and provide a detailed explanation of your rights as a user.
Controller. Roots Health GmbH, FN 550059 k, Kopernikusgasse 8/20, 1060 Wien, Austria (see our imprint) (“Roots Health“, “we”, “us”). We process your personal data as a controller when you use our app or website (“Website” and, together with the Apps, “Products“) or otherwise get in contact and communicate with us.
Applicable Law. The processing of your personal data takes place in compliance with applicable local data privacy laws, e.g. the EU General Data Protection Regulation (“GDPR“) or the Austrian data protection act in its current form.
Contact. Our general point of contact for all questions, requests or concerns in regard to the processing of personal data is the email address: email@example.com (“the Email Address“). In addition, you can also contact us by mail at the above-mentioned postal address, to the attention of the Data Protection Officer
Data Protection Officer. Our Data Protection Officer can be contacted under the Email Address. Should you have any questions regarding the processing of your personal data, please do not hesitate to contact him/her.
CATEGORIES OF PERSONAL DATA WE PROCESS
Data Sources. Hello Inside processes personal data that you directly or indirectly make available to us, for example by using our Products, that others provide to us, for example when you link your profile with a Partner Platform, or that we generated on our own, for example your user ID. Please note that the exact amount of personal data we process regarding you depends on how you use our products. Therefore, we may not process personal data concerning you in all categories.
Categories of personal data we collect from you or generate. These are the categories of personal data we might collect directly or indirectly from you and/or generate on our own
Identity information – Any information that identifies you as an individual living person, including but not limited to: name (first name, last name, initials), date of birth, e-mail address, gender, profile picture, unique customer identifier number and password
Contact information – Any information that can be used to contact you, including but not limited to: phone number, shipping and billing address, e-mail address, social media handles or any other communication channel you have used to contact us.
Location information – Any information we can use to know or guess where you are, real time or otherwise, including but not limited to: chosen residential location, current log-in location (IP address), real-time device location information via device sensors and signals, GPS location (if you wish to it share with us, for example through your mobile device settings) or information that helps us guess where you may be such as the specific Hello Inside website you have visited that might give us clues about where you are or when you “check-in” to an event or website on a social media page indicating location, if it is shared with us.
Size information – Any information related to your body measurements, including but not limited to: height, weight, circumferences, etc..
Purchase Information – Any information we use to complete or in relation to your purchase record and invoice, including but not limited to: payment provider, duration of Hello Inside subscription, price, currency and VAT (based on country info). Although we do not store or otherwise process any credit card or bank details ourselves, we process a payment ID number given by the respective Payment Service Provider and can be allocated to you.
Profile and Community Information – Any information you provide to us in your social profile and/or when interacting with our communities and other users, including but not limited to: follower information in the Hello Inside community, information provided when you participating in Hello Inside events/challenges and groups/communities either as a trainer, team member, a participant or as a promoter, pictures and videos you share, information you provide in your profile biography, team memberships and roles there, interests, feedback, likes and comments, leaderboard rankings, event participation, joined groups including roles as well as challenge participations and success.
If you explicitly allow us to access your phone book, we will compare the email addresses of your contacts with email addresses from registered users within the Hello Inside community and show you a list of people you might want to follow. Anyhow, we do not store this information.
Social Media Information – Any information about you we obtain through your interaction with us on social media channels, including but not limited to: any social media information that is publicly available such as your social media handles, social media interactions and public postings, “Likes” and other reactions, social media connections, photos that are public, or those send to us by mentioning us or following our social media posts by using “handles” or “hashtags” and comments or messages you shared with us publicly or privately on social media platforms.
Device Information – Any information related to your (mobile) device, which is collected by our Apps, including but not limited to: device EUI, device ID, device fingerprint, IP/Wifi Information, operating system, data stored on device when access is granted, log information when access to device is granted, Partner Platform Apps installed and device type and version.
Browsing information – Any information on your browsing behavior, including but not limited to: browser name, IP address, clickstream data, date and time of the visit, time remained on Website, pages visited, links clicked in our marketing messages or Website, transmitted data volume, the referral URL (if you came to our Website via a different site or an advertisement), browser language and version and add-ons.
Activity information – Any information connected to your metabolic activities which you track using our Products or import, including but not limited to: activity type (meal, exercise, fasting, mood, sleep), exercise routine (start, finish time, duration), glucose score (day, meal, etc.), nutrition information, photos and personal notes.
Correspondence – Any information you share through correspondence you have with our Customer Happiness Agents, and/or other employees and personnel including any opinion you share with us that indicate your point of view and comments. This may include when you provide us feedback and review rating our service or products, or if you participate in any product research and development surveys.
Preference Information – Any information which indicates your preference whether explicitly, if provided by you, or inferred, including but not limited to: activity preference, site/brand preference, preferred language, product and product attributes preferences, units (glucose, weight, temperature) and personal goals and motivation (e.g. motivations, etc.)
Personal Data we receive from others. This is the personal data we receive from the following third parties:
Registration via Apple, Facebook or Google – If you register an Hello Inside account via social login, we will receive the following information from the respective provider:
- Apple Inc. (1 Apple Park Way Cupertino, CA 95014-0642 USA, “Apple”): First and last name, email address (if granted), gender and birthdate.
- Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, “Facebook”): First and last name, email address, gender, birthdate and profile picture.
- Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, “Google”): First and last name, email address, gender, birthdate and profile picture.
Facebook Friend List – We will receive information about your friends on Facebook from Facebook if you explicitly allow us to access it. We will use this information to make suggestions on people you might want to follow in the Products, but do not store it.
Partner Platforms – We offer an automatic import of your activity information from other platforms we have a partnership with (“Partner Platforms”). However, we only import personal data from Partner Platforms if you have given us and the partner the order to connect your Hello Inside account with the respective Partner Platform.
Apple HealthKit – We provide the opportunity to sync our Products with Apple’s (Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA; “Apple”) HealthKit framework, which provides a central repository for health and fitness data on iPhone and Apple Watch.
Within the Health Kit settings, you can decide if you want to allow our Products to read the personal data listed there and import it to the Products, to write personal data collected in our Products in the Health Kit or both.
Google Fit – We provide the opportunity to sync our Products with Google’s Fit SDK which is an open platform that lets users control their fitness data.
Within Google Fits settings you can decide if you want to allow the Products to read personal data listed in Google Fit and import it to the Products, to write personal data collected in our Products in Google Fit or both.
PURPOSE AND LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
General Information. In general, we collect and use personal data for specific purposes. However, please note that we may sometimes also use such personal data for other purposes if we have the right and permission (“legal basis”) to do so.
In this section, we provide details to all scenarios and reasons (“purposes”) where we may collect (directly and indirectly) and otherwise process your personal data. We will provide information on the legal basis of these processing activities, on what categories of personal data are affected and on categories of third parties that we share data with for the respective purpose.
The legal basis for these processing activities is the performance of your contract with us.
The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Correspondence and Preference Information.
For this purpose we share personal data with Processors, in this case with Messaging Service Providers and CRM Solution Providers.
Providing our Products. We process your personal data to be able to provide you with a seamless user experience when using our Products and the Products features.
The legal basis for these processing activities is the performance of your user agreement with us.
The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase information, Size Information, Profile and Community Information, Device Information, Browsing Information, Activity Information, Correspondence and Preference Information.
For this purpose we share personal data with other users, other services (where applicable – see Sharing of personal data with other services. for more information), Processors, in this case with Cloud Solution Providers, CRM Solution Providers, Authentication Solution Providers and Payment Solution Providers, and with Partners.
Customer Support. We process your personal data to answer your queries about your use of our Products and respond to your questions and concerns through various communications channels we make available to you, including if you contact us for questions about your privacy rights. Your requests to our customer service will be analyzed so that we can provide you with valuable service in the future.
The legal basis for these processing activities is our legitimate interest or, in the case of privacy issues, our legal obligation to process them, if applicable.
The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Profile and Community Information, Device Information, Browsing Information, Activity Information, Correspondence, Preference Information.
For this purpose we share personal data with Processors, in this case with, CRM Solution Providers and Messaging Service Providers.
Product Research and Development. We conduct analysis and research to improve our products and services. This includes asking you questions in surveys, asking you for feedback or asking you to test our Products and provide us with a review. We collect this information based on your consent. Where it is possible for the specific project or upon your request, we will remove any Identity, Contact, or Device Information, so the information cannot be used to identify you anymore and is considered “anonymized”.
- The legal basis for these processing activities is your explicit consent. You can always revoke a consent you have given.
- The data categories processed for this purpose depend on the specific project/survey and might include all categories of personal data we process.
- For this purpose we share personal data with Processors, in this case with Research/Survey Solution Providers and CRM Solution Providers.
Domain and Network Security and User Authentication. To protect our domains, detect unusual activities, and prevent security threats and protect our users from unauthorized accesses (such as hackers), we screen all traffic to our Products, and authenticate user log-in information using tokens to verify the details you provide to us and compare it with other available information, such us the credentials you have provided directly to us or other platforms (such as Facebook) or information that is available in the public domain to ensure only “authorized” users have access to our Products.
- The legal basis for these processing activities is our legitimate interest.
- The data categories processed for this purpose are Identity Information, Contact Information, Browsing Information and Device Information.
- For this purpose we share personal data with Processors, in this case with Authentication Solution Providers and Data Analytics Solution Providers.
Business Operational Analytics. We need to know how we do as a business. This is in the interest of our shareholders, our board members, our employees, and our partners, as well as our users. We create data models for different analytical purposes and analyze using these data models how our Products are selling in different markets, what are the popular features of our Products, what worked and what didn’t in terms of our marketing and advertising campaigns, our Product designs and distribution strategy, our website design and overall user experience, so we can establish, implement, and evaluate our business strategy.
This includes, for example, analyzing data to understand how users browse our Website and use the Apps to improve our user experience design to make sure you will continue to use our Products and interact with us on our Websites and Apps.
The legal basis for these processing activities is our legitimate interest.
The data categories processed for this purpose are Identity Information, Location Information, Purchase Information, Profile and Community Information, Social Media Information, Device Information, Browsing Information, Activity Information, Correspondence Information and Preference Information.
For this purpose we share personal data with Processors, in this case with Data Analytics Solution Providers and Cloud Solution Providers.
Personalized Marketing Messages Via Email / Push Notification. Upon your explicit consent, we send you marketing messages that we think you would be interested in (“personalized”) to the email address you provide to us or via push-notifications when you have installed our Apps.
We might also send such messages when you purchase our Products and we consider that to be an indication of interest in our Products, services, promotions, and various offerings.
To send you “personalized” messages, we observe your online behavior, and analyze it to best estimate what you might be interested in, and you can benefit from. We therefore use different analytics tools to understand what your behavior means in terms of your like and dislike of our Products, and to understand the impact (success rates) of the messages delivered to you.
Additionally, we assess your behavior when reading such emails with the help of so-called web beacons or tracking pixels.
The legal basis for these processing activities is your explicit consent or our legitimate interest. You can always revoke a consent given or object to the data processing for this purpose which is based on our legitimate interest
The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Profile and Community Information, Social Media Information, Device Information, Browsing Information, Activity Information, Correspondence Information and Preference Information.
For this purpose we share personal data with Processors, in this case with CRM Solution Providers and Messaging Service Providers.
Targeted messages on 3rd-party advertising platforms. We use third-party solutions to send targeted campaigns and messages on their platforms. Therefore, Social Media Platforms will attempt to match your profile in their database to determine the optimal time and place (e.g the page you are browsing). Besides that, we analyze information to understand the impact of our campaigns.
- Please note that you may see ads from Hello Inside on social media or other platforms even if you have not consented to data processing for this purpose. This will not happen based on the fact that we process and share your personal data, but randomly.
- The legal basis for these processing activities is your explicit consent. You can always revoke a consent you have given.
- The data categories processed for this purpose are Identity Information, Contact Information, Location Information, Purchase Information, Profile and Community Information, Social Media Information, Device Information, Browsing Information, Activity Information and Preference Information.
- For this purpose we share personal data with Processors, in this case with Advertising Solution Providers and Data Analytics Solution Providers.
Cooperation with Law Enforcement and Regulatory Authorities (including Courts). When we are legally required to provide your personal data for national and public security reasons, crime prevention, investigation and prosecution, anti-money laundering, judicial proceedings, protection of other individuals’ rights and freedoms, and enforcement of civil claims, we will provide information as requested by the authorities or parties once we are satisfied that the request is mandated by law. We may not be able to notify you if it is against the law to do so.
- The legal basis for these processing activities is our respective legal obligation, the necessity in order to protect the vital interests’ people or the necessity for public interest.
- The data categories processed for this purpose depend on the specific request/obligation and might include all categories of personal data we process. Anyhow, we will always limit the amount of personal data processed for this purpose to the smallest amount possible.
- For this purpose we share personal data with authorities, including courts and with Processors, in this case with Messaging Service Providers.
Contract Dispute and/or Legal Compliance. We need to keep evidence in case of any contractual dispute, or to defend ourselves in case of any investigatory audits or privacy compliance disputes and complaints, including how we have handled your privacy rights. Besides that, we might also have to process certain information which might include personal data to comply with statutory retention periods.
- The legal basis for these processing activities is our respective legal obligation or our legitimate interest.
- The data categories processed for this purpose depend on the specific obligation and situation and might include all categories of personal data we process. Anyhow, we will always limit the amount of personal data processed for this purpose to the smallest amount possible.
- For this purpose we share personal data with authorities, including courts, our lawyers and tax advisors and Processors, in this case Cloud Solution Providers and Messaging Service Providers.
SHARING OF PERSONAL DATA
General Information. We share your personal data with third parties
- if this is necessary, for the purposes listed above,
- if you have instructed us to do so (e.g. if you connect your account to a partner platform),
- to exercise or protect the rights and interests of Hello Inside, our users and personnel, or
- if you have (explicitly) consented beforehand.
We distinguish between the following categories of third-parties we share personal data with:
- other users of our Products,
- other services,
- authorities including courts and
- lawyers and tax advisors.
Sharing of personal data with other users. The use of certain features of our Products includes the sharing of personal data with other users. These features would not work without such data sharing, i.e. it is necessary to fulfill our user agreement with you. Using the following features includes sharing of personal data with, i.e. making personal data visible to other users:
Leaderboard – If you track a glucose activity, you can be asked to join a weekly/monthly Leaderboard of accumulated glucose metrics, or highscores among the community. You can opt out of this at any time in your privacy settings.
Partner Platforms – If you connect your Hello Inside profile with your accounts on Partner Platforms and decide to import or share personal data from our products there, this includes the transfer of your data to the platform upon your explicit instruction to do so by connecting your Hello Inside account to your respective Partner Platform account.
Social Networks and Messenger Services – If you decide to share activities via a social media plattform or messenger service you may use on your mobile device, you explicitly instruct us to share the respective data with the messaging service you have chosen.
Sharing of personal data with our Service Providers (“Processors”). We share your personal data with Processors that help us to conduct the processing activities necessary for the purposes of tracking product behaviour. Our Processors will have access to your personal data as reasonably necessary to perform their tasks on our behalf and are obligated to protect it and not to disclose or use it for other purposes. We use processors of the following categories: Advertising Solution Providers, Data Analytics Solution Providers, Cloud Solution Providers, CRM Solution Providers, Messaging Service Providers, Authentication Solution Providers and Research/Survey Solution Providers.
Sharing of personal data with authorities and lawyers and tax advisors. We share personal data with authorities and lawyers and tax advisors where this is necessary.
Data Selling. We do not sell any of your personal data to third parties.
RETENTION OF PERSONAL DATA
Retention Period. In order to enable you to use our Products, we retain personal data for as long as you have an account with us. Anyhow, if certain personal data is no longer required for the purposes listed above, e.g. because certain functions of our Products are no longer operated or offered, we will delete or anonymize this data within a reasonable time after the complete fade out of the function.
If our user agreement with you is terminated and you don’t request us to immediately delete your personal data, we will delete it 25 months after termination.
Deletion of personal data. If you request deletion of your account or if we delete it after the above-mentioned period, your personal data processed by Hello Inside will be deleted, with the following exceptions:
- Personal data required for our performance of statutory obligations will not be deleted but reduced to the minimum necessary.
- Personal data that we need to defend against claims, that we need to enforce our claims or that we need to document our compliance with legal requirements will not be deleted but reduced to the minimum necessary.
- Personal Data we have collected for analytical purposes or research will not be deleted but anonymized.
YOUR RIGHTS CONCERNING PERSONAL DATA
Revocation of Consent. If you have given your consent to the processing of personal data for a specific purpose, you can withdraw (revoke) it at any time. However, this does not affect the lawfulness of data processing based on the consent before the revocation. Please note that in certain cases, we may continue to process your personal data after you have withdrawn consent, if we have another legal basis to do so.
If you want to revoke the marketing consent you have given, please:
- log in to the Hello Inside App
- click on Profile
- go to Privacy Settings
- unmark the stay informed checkbox.
Please note: The implementation may take a few days. Meanwhile, you may still receive a couple of marketing messages from us based on the marketing consent you have given in the past.
If you like to receive a copy of your personal data processed, please send an email to firstname.lastname@example.org
Right to Rectification. You have the right to obtain the rectification of inaccurate personal data we process concerning you. In case the personal data processed by us is not correct, we will rectify these without undue delay and inform you of this rectification. Please note that (i) you can rectify much of your personal data in the settings of our Products on your own and that (ii) it is not technically possible for us to rectify all kinds of data in our Products.
Right to Erasure. You have the right to have personal data we store about you deleted. If you have requested a copy of your personal data we process, your account can only be deleted after the export is completed, because otherwise, we would no longer be able to comply with this request.
Please note that we consider a request to delete your account as a termination of our user agreement with you. However, you are free to subsequently create a new account at any time.
Please also be aware that deletion may take up to a couple of days.
Right to Restriction of Processing. You have the right to obtain a restriction of processing of your personal data from us in the following cases:
- the personal data is no longer necessary for the purpose they were collected or otherwise processed for;
- you have withdrawn consent on which the processing is based and there is no other legal ground for the processing;
- you have objected to the processing pursuant and there are no overriding legitimate grounds for the processing;
- the processing is unlawful;
- the personal data have to be erased for compliance with a legal obligation in European Union or Member State law to which Hello Inside is subject to.
Right to Data Portability. You have the right to (i) receive a copy of your data in a structured, commonly used and machine-readable format and (ii) transmit those Data to another controller without hindrance from us. In order to exercise your right to data portability please send an email to email@example.com.
Right to Object. You have the right to object at any time to the processing of personal data for which our legitimate interests are the legal basis, including profiling. You also have the right to object to processing of personal data for direct marketing purposes.
Right to File a Complaint. You have the right to file a complaint with your local data protection authority, if you think that our processing of your personal data infringes applicable law.
The Österreichische Datenschutzbehörde (Austrian Data Protection Authority) can be contacted as follows:
Mail: firstname.lastname@example.org Phone: +43 (0) 1 52152 2550 Postal-Address: Barichgasse 40-42, 1030 Wien, Austria Web: https://www.dsb.gv.at/kontakt
Security Measures. We are committed to protecting your personal data and do implement appropriate technical and organizational security measures to protect it against any unauthorized or unlawful processing and against any accidental loss, destruction, or damage. We require our service providers to do the same through contractual agreements.
These security measures are constantly revised to comply with the latest technological developments. However, you should be aware that any transmission of your personal data through the internet is at your own risk. We can only protect your personal data once it reaches our area of responsibility.
Transfer of personal data outside of the EU/EEA/CH. We only share your personal data with third parties outside the EU, EEA and Switzerland if (i) the third party is located in a country that provides an adequate level of data protection under Article 45 of the GDPR or if (ii) appropriate safeguards are in place to protect your personal data and your rights related thereto.
Do Not Track Signals. Our Products do not recognize or respond to browser-initiated Do Not Track signals. To learn more about Do Not Track signals, you can visit https://allaboutdnt.com.
California Consumer Privacy Act (“CCPA”). For information regarding your rights as a citizen of the US-State of California pursuant CCPA, please refer to Annex 1 – Information for California Residents pursuant the California Consumer Privacy Act (“CCPA”) .
ANNEX 1 – INFORMATION FOR CALIFORNIA RESIDENTS PURSUANT THE CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”)
Categories of Personal Information we process. In the preceding 12 months, we have collected the categories of personal information listed below.
Moreover, you have the right to opt out of sales of personal information and to receive equal service and price and not be discriminated against even if you exercise any of your CCPA rights.
Toll-free number for requests pursuant CCPA by residents of the US-State of California: 888 694 6364.
In any case, your request must include sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, which may include your email address, name and account id (which is required only if you already have an account with us).
We will not discriminate against you if you choose to exercise your rights under the CCPA.
The right to opt out from data selling is not enforceable regarding Hello Inside, because Hello Inside does not sell user data at all.
Metrics reporting. We disclose the number of requests to know we received, complied with in whole or in part, or denied and the number of requests to delete that we received, complied with in whole or in part, or denied retroactively for each year. Please note that as Hello Inside is not selling any personal information, we therefore do not count “do not sell my data” requests.
Please note that the rights mentioned are not absolute rights. In individual cases it is possible that the exercise of these rights is opposed by rights or obligations of Hello Inside or third parties.