Privacy Policy

XTERRA, a fitness equipment and service brand of Dyaco International Inc. (hereinafter referred to as ¡§The Company¡¨) is committed to the protection of your personal data, respects your privacy, and aims to give you (hereinafter referred to as ¡§The Member¡¨) clear and transparent rules of gathering and administrating your data.  To ensure the confidentiality of your personal information on the Internet or other e-Commerce activities, the Company provides a privacy declaration to all online browsers and service users. Please read the following Privacy Policy to understand how your personal information will be handled while using XTERRA+ APP online service (hereinafter referred to as ¡§The Service¡¨).  Upon the completion of the membership registration procedure or the use of the Service, you will be deemed to have read, understood, and agreed to this Privacy Policy. If you do not agree to abide by this Privacy Policy, you must stop accessing and stop using the Service as well as any information on the Service. If you have any questions about the Privacy Policy or the APP, please feel free to contact us via email: digital_service@dyaco.com.

By joining the Company¡¦s XTERRA membership, you agree to provide your personal information under the rules of the following Privacy Policy. The legal basis of the processing is the consent of the Member given as a clear declaration provided by the Company via XTERRA+ APP (hereinafter referred to as ¡§the Consent¡¨).
Members are responsible for the custody of their member account and password obtained after registration.  You should neither provide any personal information, especially such as passwords to anyone nor lend your mobile device to others. While sharing your devices with others or using a public computer, remember to close the browser window to prevent others from reading your personal information or letters. Whenever the Members find that their member account or password has been illegally obtained, used, or stolen, they should notify the Company immediately, otherwise the consequences will be borne by the Members themselves and the rights and claims stated in the Company¡¦s Privacy Policy will not be applicable. Therefore, the related damages or losses incurred due to the fault of the of the Member will not be compensated by the Company.

 

I.                 The Administrator.

The Administrator of your data is Jason Tsai

Address: 31F, No. 213, Chaofu Road, Xitun Dist., Taichung City 40757, Taiwan

Registered number of the Company: 23751545

 

 

II.               Membership Registration and the data we collect.


After you apply for the Company¡¦s XTERRA+ APP membership, the Company will be able to obtain your personal information. While using the Service, the Company will also collect other specific information, including your activities. By giving the Company your Consent, you agree to the Company¡¦s collection, storage, processing and use of these data.

In the future, your Member account will be used as your membership right to exercise claims.

III.             Types of data

 

The list of the data that you agree for the Company to use presents as follows:

a)     Identity data, including

-        first name,

-        last name,

-        username,

-        date of birth,

-        gender,

-        height,

-        weight;

b)     Contact data, including

-        email address,

-        telephone numbers,

-        residence address;

c)     Financial data, including

-        Bank account number,

-        Payment card details;

d)     Profile data, including

-        Social media accounts details,

-        Third party App accounts details;

e)     Workout data, including

-        workout types,

-        fitness machine types,

-        running/riding distance,

-        burned calories number,

-        heart rate,

-        average watt,

-        speed/pace profile,

-        inclination profile,

-        resistance level profile,

-        GPS data from smartphone or smartwatch;

 

IV.            Member Agreement Statement
By setting up a Member profile, you agree that the Company may collect, process and use your personal data in accordance with the following conditions, and confirm that the following relevant rights and information have been notified.


1. Personal Data Recipients:
  a. The Company and its affiliated companies.
  b. Any approved third party such as¡K e.g. law firms, vendors, contractors, agents, service providers.

 

2.     Purposes of Collecting Personal Data:

The Company collects, processes and uses the personal data for the following specific purposes:
  a. To satisfy your request for the Company¡¦s product or Service and improve the Service.
  b. To customize advertisement and business behavior management service, contact individuals, and conduct consumer research.
  c. To use data and records of surveys, research, analyses and statistics in order to improve the quality of the Service.
  d. To plan new product functions and new services of the Company.
  e. For customer service and problem handling.
  f. To provide internal and external customer¡¦s anonymous reports.
  g. For notice of various services and activities of the Company.
  h. To provide you with the functions of the service that you request.

3. The provision of personal data is a requirement necessary to enter into a contract of providing Memberrs with the Service.

4. The Company will send you the commercial materials or e-mails after obtaining your Consent before your registration and log-in.

The Company will automatically receive and record your information on computers, mobile devices (such as smartphones, tablet devices, wearable devices, etc.) and browsers, including IP address, cookie data of XTERRA website, software and hardware attributes, and various data received by XTERRA+ APP.  These data are used for analyzing the total traffic or online behavior surveys of users only.  The Company also uses the cookie technology to provide more suitable services for users¡¦ personal needs, such as storing, correcting, and tracking the online information that you browse, and reading these cookies when you register, log in, browse, and log out.

5. All the data that is collected by the Company may be stored and processed in every country where the Company operates and conducts activities (.....). The information may be transferred between those countries that are not subject to GDPR regulations. In order to ensure the protection of your data, the processing is carried out in compliance with this present Privacy Policy.

V.              Member¡¦s Rights

1.     You have the right to obtain confirmation as to whether or not your personal information is being collected and/or processed. You also have a right to request that the Company disclose the data it collects, uses, and/or otherwise processes.

2.     You have the right to query, read, delete and modify your XTERRA+ APP account and provided there personal information at any time.

3.     You have the right to request to erasethe personal data collected by the Service about you under certain circumstances, for example, when the Company's original purpose of collecting your personal data no longer exists.

4.     You have the right to request a correction or an update of your personal data whenever you find any inaccuracy.

5.     You have the right to object to processing your personal data for certain purposes. For example, the App would like to analyze your fitness level according to your workout data.

6.     You have the right to withdraw your Consent at any time by ¡K .sharing your workout data to another App.

7.     You have the right not to be subject to a decision based solely on automated processing, including profiling, if such processing has a legal effect or otherwise significantly affects you.

8.     You have the right to request that the Company restrict the processing of your personal data, such as your heart rate You can ask that the Company limit the processing of that data in certain circumstances. For example, the personal data only can be used for workout recommendations. 

9.     You have the right to request to transfer a copy of your personal data collected by the Service to another company. The request shall be clear and made voluntarily. After transferring the copy, the Company is not liable for the processing of the data practiced by another company. This present Privacy Policy of the XTERRA+ APP is binding only regarding to the data processed by the Company.

10.  You have the right to lodge a complaint on the processing of your personal data with a supervisory authority. E.g. In the EU, you can file a complaint with your national data protection authority.

11.  The Company may send you specific messages related to the Service (such as service announcements and management messages) that are considered part of the Service. If you do not wish to receive them, you can request the Company to stop sending the service-related messages.

12.  Please, contact the Company directly, whenever you wish to exercise any of the above rights via the email address digital_service@dyaco.com.

 

VI.            Sharing the Member¡¦s personal information with third-party companies on request

The Company may share the Member¡¦s protected personal information with third-party companies (such as e.g. Apple, Google etc.) at the explicit request of the Member made by popping a dialogue message to get the user¡¦s permission. By making the request, the information shared are no longer protected by the Company¡¦s Privacy Policy. After transferring the copy, the Company is not able to protect the data and therefore is not liable for the processing, use or storage of the data practiced by another companies. Please know that the Privacy Policy of the XTERRA+ APP is binding only regarding to the data processed by the Company.

 

.

VII.         Personal Data Storage Duration

Except for those legally required or allowed to retain a longer time, the Company will retain your personal information only for the period of time required to achieve the purpose set for this Privacy Policy.

 

VIII.       The Company¡¦s obligations

1.     Only the data that are adequate, relevant and limited to what is necessary in relation to the purposes stated above may be processed.

2.     The Company must take every reasonable step to ensure that personal data that are inaccurate, even without the Member¡¦s knowledge, are erased or rectified without delay.

3.     The Company has the obligation to erase personal data without undue delay when:

a)     the personal data are no longer necessary in relation to the purposes stated in this Privacy Policy;

b)     The Member withdraws the Consent on which the processing is based and where there is no other legal ground for the processing;

c)     The Member objects to the processing and there are no overriding legitimate grounds for the processing;

d)     The personal data have been unlawfully processed;

e)     The personal data have to be erased for compliance with a legal obligation;

 

4.     The Company shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed unless this proves impossible or involves disproportionate effort. The Company shall inform the Member about those recipients on his or her request.

5.     The Company is obliged to process all the personal data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures such as¡Khosting the data in a public cloud computing platform like AWS.

6.     The Company cannot process any information without the Consent.

7.     If the Consent is given in a written declaration which also concerns other matters, the request for Consent will be presented in a manner that is clearly distinguishable from the other matters.

8.     E.g. The Company will inform the Member via email about the transfer of the personal data to a third country (outside the EU and EEA or a territory which has a data protection equivalence agreement). The company provides relevant safeguards such as the data is stored in a public cloud platform who can meet the requirement of data protection.

9.     The Company implements technical and organisational measures ¡Ksuch as to host data in AWS to ensure a level of security appropriate to the risk.

10.  If there is a personal data breach likely to result in a risk to the rights and freedoms of natural persons, the Company will without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the breach to the supervisory authority.

11.  When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Company will communicate the personal data breach to the Members without undue delay unless the conditions specified in article 34 point 3 of the GDPR.

IX.           Amendments to the Privacy Policy

You have read and agreed to each of the descriptions above.  The Company may modify or amend this Policy from time to time. You can always find an up-to-date version under the link: ¡Kprivacy policy on XTERRA+ App When the Company makes major changes in the processing of personal data, you will be notified through the Service.  If you continue to use the Service, it will be deemed that you have agreed to the modification or amendment of the Privacy Policy of the Company.

X.             Jurisdiction

Whenever there is a dispute arising out of this agreement, both parties agree that the Taipei District Court of Taiwan shall be the court of first instance to exercise jurisdiction.