Privacy Policy
XTERRA, a fitness equipment
and service brand of Dyaco International Inc. (hereinafter referred to as ¡§The Company¡¨)
is committed to the protection of your personal data, respects your privacy,
and aims to give you (hereinafter referred to as ¡§The Member¡¨) clear and
transparent rules of gathering and administrating your data. To ensure the confidentiality of your
personal information on the Internet or other e-Commerce activities, the Company
provides a privacy declaration to all online browsers and service users. Please
read the following Privacy Policy to understand how your personal information
will be handled while using XTERRA+ APP online service (hereinafter referred to as
¡§The Service¡¨).
Upon the completion of the membership registration procedure or the use
of the Service, you will be deemed to have read, understood, and agreed to this
Privacy Policy. If you do not agree to abide by this Privacy Policy, you must
stop accessing and stop using the Service as well as any information on the Service.
If you have any questions about the Privacy Policy or the APP, please feel free
to contact us via email: digital_service@dyaco.com.
By
joining the Company¡¦s XTERRA membership, you agree to provide your personal information under
the rules of the following Privacy Policy. The legal basis of the processing is
the consent of the Member given as a clear declaration provided by the Company
via XTERRA+ APP (hereinafter referred to as ¡§the Consent¡¨).
Members are responsible for the custody of their member account and password
obtained after registration. You
should neither provide any personal information, especially such as passwords
to anyone nor lend your mobile device to others. While sharing your devices
with others or using a public computer, remember to close the browser window to
prevent others from reading your personal information or letters. Whenever the
Members find that their member account or password has been illegally obtained,
used, or stolen, they should notify the Company immediately, otherwise the
consequences will be borne by the Members themselves and the rights and claims
stated in the Company¡¦s Privacy Policy will not be applicable. Therefore, the
related damages or losses incurred due to the fault of the of the Member will
not be compensated by the Company.
I.
The Administrator.
The Administrator of your
data is Jason
Tsai
Address: 31F, No. 213, Chaofu Road,
Xitun Dist., Taichung City 40757, Taiwan
Registered
number of the Company: 23751545
II.
Membership Registration and the data we collect.
After you apply for the Company¡¦s XTERRA+ APP membership, the Company will be
able to obtain your personal information. While using the Service, the Company
will also collect other specific information, including your activities. By giving
the Company your Consent, you agree to the Company¡¦s collection, storage,
processing and use of these data.
In the future, your Member account
will be used as your membership right to exercise claims.
III.
Types of data
The list of the data that
you agree for the Company to use presents as follows:
a)
Identity data, including
-
first name,
-
last name,
-
username,
-
date of birth,
-
gender,
-
height,
-
weight;
b)
Contact data, including
-
email address,
-
telephone numbers,
-
residence address;
c)
Financial data, including
-
Bank account number,
-
Payment card details;
d)
Profile data, including
-
Social media accounts details,
-
Third party App accounts details;
e)
Workout data, including
-
workout types,
-
fitness machine types,
-
running/riding distance,
-
burned calories number,
-
heart rate,
-
average watt,
-
speed/pace profile,
-
inclination profile,
-
resistance level profile,
-
GPS data from smartphone or smartwatch;
IV.
Member Agreement Statement
By setting up a Member profile, you agree that the Company may collect, process
and use your personal data in accordance with the following conditions, and
confirm that the following relevant rights and information have been notified.
1. Personal Data Recipients:
a. The Company and its affiliated
companies.
b. Any approved third party such as¡K e.g. law firms, vendors,
contractors, agents, service providers.
2.
Purposes of Collecting Personal Data:
The Company collects,
processes and uses the personal data for the following specific purposes:
a. To satisfy your request for the
Company¡¦s product or Service and improve the Service.
b. To customize advertisement and
business behavior management service, contact individuals, and conduct consumer
research.
c. To use data and records of
surveys, research, analyses and statistics in order to improve the quality of
the Service.
d. To plan new product functions
and new services of the Company.
e. For customer service and
problem handling.
f. To provide internal and
external customer¡¦s anonymous reports.
g. For notice of various services
and activities of the Company.
h. To provide you with the
functions of the service that you request.
3. The
provision of personal data is a requirement necessary to enter into a contract
of providing Memberrs with the Service.
4.
The Company will send you the commercial materials or e-mails after obtaining
your Consent before your registration and log-in.
The
Company will automatically receive and record your information on computers,
mobile devices (such as smartphones, tablet devices, wearable devices, etc.)
and browsers, including IP address, cookie data of XTERRA
website, software and hardware attributes, and various data received by XTERRA+
APP. These data are used for analyzing the total traffic or online behavior
surveys of users only. The
Company also uses the cookie technology to provide more suitable services for
users¡¦ personal needs, such as storing, correcting, and tracking the online
information that you browse, and reading these cookies when you register, log
in, browse, and log out.
5.
All the data that is collected by the Company may be stored and processed in
every country where the Company operates and conducts activities (.....). The
information may be transferred between those countries that are not
subject to GDPR regulations. In order to ensure the protection of your data,
the processing is carried out in compliance with this present Privacy Policy.
V.
Member¡¦s Rights
1.
You have the right to obtain
confirmation as to whether or not your personal information is being collected
and/or processed. You also have a right to request that the Company disclose
the data it collects, uses, and/or otherwise processes.
2. You
have the right to query, read, delete and modify your XTERRA+
APP account and provided there personal information at any time.
3. You have the right to
request to erasethe personal data collected by the Service about you under
certain circumstances, for example, when the Company's original purpose of
collecting your personal data no longer exists.
4. You
have the right to request a correction or an update of your personal data
whenever you find any inaccuracy.
5. You
have the right to object to processing your personal data for certain
purposes. For example, the App would like to analyze your fitness level
according to your workout data.
6. You
have the right to withdraw your Consent at any time by ¡K .sharing your workout
data to another App.
7. You
have the right not to be subject to a decision based solely on automated
processing, including profiling, if such processing has a legal effect or
otherwise significantly affects you.
8. You
have the right to request that the Company restrict the processing of your
personal data, such as your heart rate You can ask that the Company limit the
processing of that data in certain circumstances. For example, the personal
data only can be used for workout recommendations.
9. You
have the right to request to transfer a copy of your personal data collected by
the Service to another company. The request shall be clear and made
voluntarily. After transferring the copy, the Company is not liable for the
processing of the data practiced by another company. This present Privacy
Policy of the XTERRA+ APP is binding only regarding to the
data processed by the Company.
10. You
have the right to lodge a complaint on the processing of your personal data
with a supervisory authority. E.g. In the EU, you can file a
complaint with your national data protection authority.
11. The
Company may send you specific messages related to the Service (such as service
announcements and management messages) that are considered part of the Service.
If you do not wish to receive them, you can request the Company to stop sending
the service-related messages.
12. Please,
contact the Company directly, whenever you wish to exercise any of the above
rights via the email address digital_service@dyaco.com.
VI.
Sharing the Member¡¦s personal
information with third-party companies on request
The
Company may share the Member¡¦s protected personal information with third-party
companies (such as e.g. Apple, Google etc.) at the explicit request of the
Member made by popping a dialogue message to get the user¡¦s permission. By
making the request, the information shared are no longer protected by the
Company¡¦s Privacy Policy. After transferring the copy, the Company is not able
to protect the data and therefore is not liable for the processing, use or
storage of the data practiced by another companies. Please know that the
Privacy Policy of the XTERRA+ APP is binding only regarding to the data
processed by the Company.
.
VII.
Personal Data Storage Duration
Except for those legally
required or allowed to retain a longer time, the Company will retain your personal information only for
the period of time required to achieve the purpose set for this Privacy Policy.
VIII.
The Company¡¦s obligations
1.
Only the data that are adequate,
relevant and limited to what is necessary in relation to the purposes stated
above may be processed.
2.
The Company must take every
reasonable step to ensure that personal data that are inaccurate, even without
the Member¡¦s knowledge, are erased or rectified without delay.
3.
The Company has the obligation to
erase personal data without undue delay when:
a)
the personal data are no longer
necessary in relation to the purposes stated in this Privacy Policy;
b)
The Member withdraws the Consent
on which the processing is based and where there is no other legal ground for
the processing;
c)
The Member objects to the
processing and there are no overriding legitimate grounds for the processing;
d)
The personal data have been
unlawfully processed;
e)
The personal data have to be
erased for compliance with a legal obligation;
4.
The Company shall communicate any
rectification or erasure of personal data or restriction of processing to each
recipient to whom the personal data have been disclosed unless this proves
impossible or involves disproportionate effort. The Company shall inform the Member
about those recipients on his or her request.
5.
The Company is obliged to process
all the personal data in a manner that ensures appropriate security, including
protection against unauthorised or unlawful processing and against accidental
loss, destruction or damage, using appropriate technical or organisational
measures such as¡Khosting the data in a public cloud computing platform like AWS.
6.
The Company cannot process any
information without the Consent.
7.
If the Consent is given in a
written declaration which also concerns other matters, the request for Consent
will be presented in a manner that is clearly distinguishable from the other
matters.
8.
E.g. The Company will inform the Member
via email about the transfer of the personal data to a third country (outside
the EU and EEA or a territory which has a data protection equivalence
agreement). The company provides relevant safeguards such as the data is
stored in a public cloud platform who can meet the requirement of data
protection.
9.
The Company implements technical
and organisational measures ¡Ksuch as to host data in AWS to ensure a level of
security appropriate to the risk.
10.
If there is a personal data
breach likely to result in a risk to the rights and freedoms of natural
persons, the Company will without undue delay and, where feasible, not later
than 72 hours after having become aware of it, notify the breach to the supervisory
authority.
11. When
the personal data breach is likely to result in a high risk to the rights and
freedoms of natural persons, the Company will communicate the personal data
breach to the Members without undue delay unless the conditions specified in
article 34 point 3 of the GDPR.
IX.
Amendments to the Privacy Policy
You have read and agreed to
each of the descriptions above. The Company may modify or amend this Policy
from time to time. You can always find an up-to-date version under the link: ¡Kprivacy
policy on XTERRA+
App When the Company makes major changes in the processing of personal data,
you will be notified through the Service. If you continue to use the Service, it
will be deemed that you have agreed to the modification or amendment of the Privacy
Policy of the Company.
X.
Jurisdiction
Whenever there is a dispute
arising out of this agreement, both parties agree that the Taipei District
Court of Taiwan shall be the court of first instance to exercise jurisdiction.