At Salter, we place great importance on the security of all personal data associated with our users. As we value that you do not want the personal information you provide to be distributed indiscriminately, we explain how we collect information, what we do with it, and the controls you have regarding the use of such data by Salter.
The entity responsible for the collection, processing, and use of personal data for the purposes of the General Data Protection Regulation (hereinafter "GDPR") is Comercial Salter S.A., C/Lluis Millet 52, 08950 Esplugues del Llobregat (Barcelona), Spain (hereinafter Salter).
If you have any questions about data protection at Salter, please contact us via mail, fax, or email at:
Comercial Salter S.A. (A08544298)
08950, Esplugues del Llobregat (Barcelona), Spain
Email: privacy@salter.es
This Privacy and Cookies Policy applies to:
“Fitness facilities” includes gyms, health centers, and physiotherapy centers.
The information and personal data you submit through the website or the application will be sent and stored on secure servers located in the EU-European Economic Area (EEA). This is necessary to process the information. The information you provide may be transferred by us to our other offices and/or to the third parties mentioned under the circumstances described above (see Information Exchange), which may be located in the United States or other places outside the EEA and may be processed by personnel outside the EEA. By submitting information through the website or the Application, you agree to this storage, processing, and/or transfer. The concerned countries may not have data protection laws similar to those of the EEA. In particular, the regulation of the United States regarding access to data by authorities is significantly different from that of Europe.
When you place orders or access the website, your data will be transferred securely via encryption. Salter only uses TLS (Transport Layer Security) 1.0 to 1.2 for communication between Salter devices and servers. Older versions of PFS (Perfect Forward Security), used by Salter for encryption, will not be used. Salter only uses HSTS processes that are less than a year old. The encryption will be generically named as SSL (encryption system). The processes described above ensure a high level of security for data transfers.
The processing operations related to the purpose and legal basis that may occur regarding your personal data are detailed below.
4.1. Website Usage/Registration
The legal basis for the processing of your personal data is determined in accordance with Art. 6.I of the GDPR. Data collection on the website is optional and is legitimized by your consent in accordance with Art. 6.I a) of the GDPR.
We set up access (profile) for each user to the data stored on our website. To create a profile, users must register with their email address on any device or on the Salter website.
On the S Cloud website, you can add more information to your profile, such as a profile picture, body weight, height, sex, language, date of birth, address, phone number, email, and newsletter settings, fitness level, training experience, training frequency, preferred training days, training session duration, and sports practiced, to provide effective attention and offer you a training plan based on the analysis created by your trainer. We note that the mentioned information is optional, and you can decide whether to provide this information and to what extent.
4.2. Salter Training Software
To enable training on a training machine with Salter Training software, registration is required (see 5.1). After successful registration, the user will receive a confirmation by email, with the use of which the user can set a password to access password-protected areas, such as the Salter website or the Salter APP.
In order to enable analysis of training in the MyResults APP, training data (training machine(s), weights, repetitions, sets, rest, distance, duration, etc.) are automatically stored. In addition, training results can be documented manually via the MyResults APP.
5.3. SALTER MyResults APP
For the use of the MyResults fitness application, the following data is required: name, height, email, sex, and date of birth. In addition to training documentation and training progress, the mentioned data also enables the analysis of maximum strength and weight imbalances.
5.4. S Cloud
We distinguish between providing S Cloud data to gyms and personal data from your gym membership subscription. S Cloud data is data that SALTER collects as part of its contract, while personal data from your subscription is the data collected by you under the terms of your affiliation contract with the gym.
To allow a trainer from your gym to monitor your training, you must share with them all or part of the MyResults APP result data or the viewing of your information on S Cloud.
To constantly improve our offerings and make them more interesting and user-friendly, we use various methods based on anonymous or pseudonymous data. By using our offer, you accept this use of exclusively anonymous and pseudonymous data.
It is not possible to link such data to your person. However, we want to inform you about this and, at the same time, inform you about your right to object to the creation of usage profiles using pseudonyms for advertising purposes, market research, or telemedia-based needs design.
In particular:
6.1. Server Log Files
Each time you access the Salter website or applications, usage data will be transmitted through the corresponding internet browser and stored in the server log files. The datasets stored in this case will contain the following data: date and time of retrieval, the name of the accessed page, IP address, referring URL (the URL of the source from which you accessed the Salter website), volume of data transmitted, and product and version information for the browser used. User IP addresses will be deleted or altered in such a way that specific personal details cannot be assigned to an identified or identifiable person, or can only be done with highly disproportionate economic, time, and workforce costs. We will evaluate the datasets from the log files anonymously in order to further improve our service on the Website, make it more user-friendly, or to quickly locate and eliminate errors and monitor server capacities. The legal basis for the storage in log files as described above is Article 6 letter f) GDPR (processing is necessary to protect the legitimate interests of the data controller).
6.2. Cookies
At Salter, we strive to make the interaction with the website or application as simple and meaningful as possible. Therefore, when you visit our website or access any application, our web server will send a cookie to your computer or mobile device (as applicable). Cookies are small pieces of information that are issued to your computer or mobile device (as applicable) when you visit a website or access or use a mobile application, whose function is to store (and sometimes track) information about your use of the website or application (as applicable). Such cookies only last for the duration of your website or application session and expire when you close your browser or exit the application. Other cookies are used for longer periods to remember you when you return to log in.
Acceptance of cookies is not a condition for visiting our website or our applications. However, we inform you that their use may be limited if the cookie function is deactivated.
The cookies used by Salter do not store any personal data. These cookies cannot be assigned to any specific person, including you. When a cookie is activated, it is assigned an identification number, but your personal data is not linked to this number. Therefore, all the information that Salter receives through cookies is anonymous, indicating, for example, which pages of our store have been visited, which products have been viewed, etc. In isolated cases, our associated companies may be allowed to collect, process, or use data from our website as described above through cookies. This will apply in particular to web analytics or social media services mentioned below. In this case, the data will be collected based on cookie technology with the aim of optimizing our advertising and the entire range of online services. Therefore, this data will not be used to identify you personally but will only serve to produce an anonymous evaluation of service usage. At no time will this data be combined with the personal data stored by Salter. Using this technology, we can present you with specific Salter advertising and/or offers and services based on the connection with the information obtained from click analysis. Our goal here is to make our range of online services as attractive as possible to you and to present you with corresponding Salter advertising based on your areas of interest. The legal basis for the use of cookies on our website is Article 6 letter f) GDPR (processing is necessary to protect the legitimate interests of the data controller).
Salter uses the services of certain partners that help us design the Internet service and the Salter website for your benefit. Therefore, when you visit the Salter website, cookies from associated companies will also be stored on the hard drive. These will be temporary/permanent cookies and will therefore be automatically deleted after the pre-set time (see above). The cookies from our associated companies will also not contain any personal data. Data will only be collected under a pseudonym under a user ID. This data refers to information such as which products you have viewed, which ones you have purchased, etc. In this context, some of our advertising partners will also collect information through the Salter website about the pages you have visited previously or in which products you have been interested, so that they can show you information that best corresponds to your interests. At no time will this data be stored with your personal data.
You can choose a setting in your browser or device configuration that allows the storage of cookies with your consent. If you only want to accept Salter cookies but not cookies from our service providers and partners, you can select the "Block third-party cookies" setting in your browser. There is generally a help option in your web browser options that will tell you how to reject new cookies and disable existing ones. For shared computers configured to accept cookies and Flash cookies, we recommend that you always log out completely at the end of your session.
6.4. Web Analysis Tools
In order to constantly improve and optimize our offering, as well as to display ads of relevant and interesting content outside of our website and to measure the effectiveness of our advertising, we use so-called tracking technologies. We use the services of Google Analytics, Google AdWords (remarketing), Branch.io, Firebase, Custom Audience for Website, and Crashlytics. The legal basis for the use of tracking and remarketing tools on our website is Article 6 letter f) GDPR (processing is necessary to protect the legitimate interests of the data controller). In detail:
6.4.1. Google Analytics
Google Analytics is a service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google"). eGym uses the "User ID" functionality of Google Analytics on all web platforms, as well as the website, training machines, fitness application, and trainer application to obtain pseudonymous (non-personal) information about the usage of our services, both locally and globally, to improve and analyze the services provided by eGym.
eGym Web and Mobile Website
Google Analytics will use "cookies," such as text files, which will be stored on your computer and allow Google to analyze the usage and scope of the services used. As a general rule, the information collected by cookies regarding the use of our website (including the IP address) will be transmitted to a Google server in the USA, where it will be stored. The "Google Analytics" website has been expanded with the code "gat._anonymizeIp();" to ensure anonymous collection of IP addresses (known as IP masking). Therefore, your IP address will only be collected by Google in abbreviated form, ensuring anonymity and preventing any conclusion about your identity. If IP anonymization is activated on this website, your IP address will first be shortened by Google within member states of the European Union or other states that are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to the Google server in the USA and shortened there. Google will use this information to evaluate your use of our website, compile reports on website activity, and provide us with other services associated with the use of websites and the internet. The IP address transmitted by your browser as part of Google Analytics will not be associated with other data from Google. Google may only transmit this data to third parties in legally specified situations or when processing order data. In no case will Google store your data together with other collected data. You can prevent the storage of cookies by configuring your browser accordingly. However, in this case, some functions of the website may be limited. By downloading and installing the corresponding plug-in, you can prevent Google from storing data produced by cookies regarding your use of the website (including your IP address) and processing this data. The mentioned plug-in can be downloaded through the following link (http://tools.google.com/dlpage/gaoptout?hl=de). You can find more information about Google Analytics and data protection at http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html.
Salter Applications
Information regarding the usage of the Applications is obtained by Salter when the user downloads, installs, and/or uses the application on a mobile device. The data collected by Salter includes the device model, geographic information (only if this option is configured on the device), or the operating system installed on the device (iOS, Android), as well as aggregated data related to the use of the Application. An identifying password allows differentiation between individual users of the application. However, this password does not allow conclusions to be drawn regarding the identity of a specific user. Furthermore, user login information is not stored or processed by the system. The resulting analyses of application usage help us improve our service, develop new features, and optimize our focus on user needs. The mobile data collected by Google Analytics and the identifying password are not collected or associated with other data from Google. You can object to the collection of your data through the Application settings on your mobile device. In the case of applications on Apple devices (iOS operating system), you can object in the general settings of the application (e.g., eGym Fitness App / Training App). In the case of applications on mobile devices with the Android operating system, you can object through the application profile settings. However, we inform you that such refusal may limit the functionality of the Application.
6.4.2. Google AdWords (Remarketing)
We also use remarketing functionalities on our website provided by the Google AdWords service. Google AdWords is an online advertising service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). The use of remarketing functionalities allows us to present users with advertisements of their interest on our website through Google Display Network ("Google Ads") or on other websites. This is based on an analysis of users' interactions on the website, for example, which services and offers the user has shown interest in, with the purpose of showing the user advertisements from other websites after they have visited the eGym website. For this purpose, Google stores a number, called a "cookie," in the browser of users who visit certain Google services or websites within the Google network. These users are stored through the "cookies." The "cookies" enable a unique identification of a specific computer's browser. However, Google or eGym cannot identify the individual using this information. As a general rule, the information collected by cookies regarding the use of our website (including the IP address) is transmitted to a Google server in the USA where it is stored. It should be noted that on this website, "Google AdWords" (remarketing) has been expanded with the code "gat._anonymizeIp();" to ensure the anonymous collection of IP addresses. Therefore, your IP address is only collected by Google in an abbreviated form, guaranteeing anonymity and preventing any conclusions about the identity of the users. If anonymous activation is enabled on this website, your IP address will first be abbreviated by Google within the specific state of the European Union or a state that is part of the European Economic Area. Only in exceptional cases will the complete IP address be transmitted to Google's server in the USA and abbreviated there. You can prevent the storage of cookies by adjusting your browser software accordingly. However, we inform you that this may limit your use of the website's functions to their full extent. Similarly, you can disable Google's interest-based ads, as well as Google's interest-based ads from other websites (those websites that are part of the Google network) from your browser by modifying the "opt-out settings" at www.google.de/settings/ads and clicking on the "disable" link. Additionally, you can refuse interest-based ads at http://www.networkadvertising.org/choices/?partnerId=1. We inform you that this refusal requires the storage of a refusal cookie on your computer.
6.4.3. Branch.io
To enhance user experience, eGym uses the service Branch.io, a service provided by Branch Metrics, Inc., 2443 Ash Street, Palo Alto, CA 94306, USA. This service simplifies users' interactions with eGym products by adapting links in email notifications to their purpose. For example, if a user wants to use the eGym Fitness app but has not yet installed it on their smartphone, Branch.io allows the app to be located in their smartphone's operating system store.
Branch.io creates a specific user hyperlink that eGym uses to send email notifications to users. To ensure improved user navigation, Branch.io records the operating system and version, timestamp, API key (app identification key), app version, device model, manufacturer and identification number, iOS advertising identifier, iOS vendor identifier, Android advertising identifier, IP address, and network status. The mentioned data, especially the IP address, will only be used to link eGym products and will only be used for a limited period. Branch.io may use cookies. For information on how to handle cookies and how they can be blocked or deleted, please refer to section 6.2 of eGym's privacy policy. You can object to data collection by Branch.io at the following link: https://app.link/optout. Additionally, you can find more information about Branch.io's privacy policy at https://branch.io/policies/#privacy.
6.4.4. Firebase
Firebase is a development platform for mobile and web applications, launched in 2011 by Firebase, Inc. from San Francisco, USA, and developed and acquired by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") in 2014.
eGym uses Firebase in its Fitness App and Trainer App by analyzing user behavior within the applications. Anonymous data on activity, touch gestures, scrolling, or user interactions are collected and stored. As part of the service, only anonymous data is collected and not linked to actual user data. For iOS devices, you can disable anonymous data collection in the app's settings under the Fitness tab. For Android devices, select incognito mode in your browser settings. Additionally, you can find more information about Firebase at: https://firebase.google.com/support/faq/ and its privacy policy at: https://www.google.com/policies/privacy/.
6.4.5. Custom Audience from Website
Custom Audiences from Website is a marketing method from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, to target advertisements to its own customers or potential customers on Facebook. eGym integrates the so-called "Facebook Pixel" on the pages studiosuche.de and http://campaign.egym.de/next to find out which members have visited the website and only show them their own advertisements. A "Facebook Pixel" is a JavaScript code for web pages that automatically creates target groups for website visitors to be contacted again. For this purpose, email addresses or phone numbers are uploaded to Facebook's servers. The information is encrypted using the SHA256 process and then matched with Facebook to display ads specifically.
To facilitate this process, explicit consent is requested. By using this website, you agree to the processing of the data collected about you by Facebook and the processing as described and for the stated purpose.
You can object to receiving advertising at any time. To do this, click on the link to unsubscribe ("Why am I seeing this?") in a specific advertisement and hide the advertisement directly by clicking on it, and choose the "Hide all from this advertiser" function.
For more information about the service, visit: https://de-de.facebook.com/business/help/449542958510885/?helpref=hc_fnav.
6.4.6. Crashlytics
Likewise, for our mobile applications, we also use Crashlytics, a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. This service supports the improvement and troubleshooting of our applications by collecting and storing anonymous usage data. More information about these services can be found in <u><a href="https://egym.com/es/privacidad/%20/try.crashlytics.com/terms/privacy-policy.pdf">try.crashlytics.com/terms/privacy-policy.pdf</a></u>.
6.4.7. Google Maps API
S Cloud uses the Google Maps API, a map service from Google Inc. ("Google"), to display an interactive map. By using Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored by Google on servers in the United States.
Google may share the information obtained through Analytics & Maps with third parties if required by law or if third parties process this information on behalf of Google.
Google will never associate your IP address with other data from Google. However, it would be technically possible for Google to identify at least individual users based on the received data. It would be possible for Google's website to use personal information and personality profiles from Google for purposes beyond our control. The data will be transmitted to the United States.
You can easily disable the Google Maps service and prevent data transfer to Google: Disable JavaScript in your browser. However, please note that you will not be able to use the map display in this case.
By using this website and not disabling JavaScript, you expressly acknowledge the data protection situation and agree to the processing of information about you by Google as described and for the stated purpose.
Revocability of Consents/Special Note on the Right to Object
To the extent that we use data for a purpose that requires your consent in accordance with the law, we will always request your express consent and record your consent. We inform you that you can revoke a given consent at any time. We remind you that, to the extent that your personal data is processed according to your legitimate interests, in the context of a balancing of interests according to Art. 6 (1) sentence 1 f) GDPR, and/or your personal data is processed for the purpose of direct advertising, you can exercise your right to object to the processing of your personal data at any time. To revoke consent or express your objection, a simple message to us is sufficient. The lawfulness of data processing based on consent carried out until then is not affected by the revocation.
We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as necessary to achieve the desired or contracted service(s) (see detailed services/uses indicated in clause 5), which is generally for the duration of the contractual relationship with you and/or with your consent.
After the purposes of processing have been fulfilled or in the event of termination/cancellation of a contract or after the revocation of consent, the corresponding data from SALTER will be blocked or deleted, provided that their further retention is not required by legal retention obligations (e.g., according to the Commercial Code or other applicable laws).
In order to use the desired service(s) (see detailed services/uses indicated in clause 5.1), it is necessary to provide the required personal data according to clause 5.1 for the purpose of concluding the contract or providing the requested service.
Providing data that is not absolutely necessary for the respective contract or for the provision of the desired service is voluntary and easily recognizable since the corresponding input fields are marked as "optional."
The failure to provide the required data for contract conclusion or for the provision of the desired service could result in the fact that we cannot or do not provide the corresponding contractual service in accordance with the contract.
Recipient, according to Art. 13 (1) (e) GDPR, can be any natural or legal person, public authority, agency, or another body to whom personal data is disclosed. As part of order processing, SALTER transfers personal data to the following processors:
|
Data Processor |
Address / Country |
Service |
Details |
|
Amazon Web Services, Inc. |
410 Terry Avenue North, Seattle, Washington 98109-5210, USA (Region: Ireland) |
AWS provides data processing and storage services as part of cloud computing service |
The processing and storage of the data in question are carried out exclusively in data centers within the EEA |
|
Google Ireland Limited |
Gordon House, Barrow Street, Dublin 4, Ireland |
SALTER uses the services of Google Cloud Platform to store and process customer data, as well as to operate S Cloud |
The processing and storage of the data in question are carried out exclusively in data centers within the EEA |
All servers on which SALTER stores customer data from COMERCIAL SALTER S.A. are located within the European Union / European Economic Area (EEA).
Below, we provide some clarifications about your legal rights regarding our storage of your personal data. According to the new GDPR, you have the right to:
We also point out that, according to Art. 77 (1) GDPR, without prejudice to any administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data is unlawful.
We hereby declare that in the context of using SALTER's services and the use of our services, you are not subject to a decision based solely on automated processing, including profiling, which has a legal effect on you or similarly significantly affects you.