At 37CELLS ( “us,” “we,” or “our”), our mission is to help you manage your health. We exist to improve your life, not invade it. We believe this should be the standard for all companies providing wearable devices. We take your privacy seriously and want you to understand how we use, collect and share personal data, and the measures we take to protect your personal data.
We have provided supplemental notices below for residents of California and individuals located in the European Economic Area, the United Kingdom, and Switzerland (collectively “Europe” or “European”).
HOW WE COLLECT PERSONAL DATA
We collect Personal Data about you from:
- Yourself, when you provide such information directly to us, such as when completing your profile;
- Device that you wear;
- Automatic data collection, such as cookies, local storage objects, web beacons, and other similar technologies in connection with your use of the Services;
- Customers and partners, such as employers, insurance companies, coaches, teams, or other organizations that engage with our Services;
- Marketing and advertising partners, such as companies that have entered in joint marketing relationships with us or assist us with marketing or promotional services, which may provide us with data related to how you interact with our Services, advertisements or communications;
- Social media and other third-party platforms, if you interact with our pages on social media sites, post content to their sites using the Services, or otherwise sign into the Services through a third-party site or service; and
- Data providers, such as information services and data licensors, when we supplement your data.
PERSONAL DATA WE COLLECT
We may collect the following types of personal data:
- Contact details, such as your first and last name, email and mailing address, and phone number;
- Profile data, such as username and password that you may establish to create a 37CELLS account, as well as any photographs or information you choose to include in your 37CELLS profile;
- Communications that we exchange with you, including when you contact us via email, web app, or mobile app with questions, feedback, or reviews;
- Wellness data, such as resting heart rate, heart rate variability, skin temperature, blood oxygen saturation level and acceleration; metadata on workouts and sleep; the type of physical activity you engage in and the duration of your activity; data reflecting strain and recovery; your physiological profile, including birthday, sex or gender identity, weight, height, and fitness/athlete level (e.g., professional or recreational); and details you choose to submit about your diet, medications, and female health tracking. We may use certain of this information to customize your experience with us as part of our Services;
- Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them (e.g., the marketing emails you open and the links within them you click);
- Device data, such as your computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area;
- Geolocation data, such as GPS, IP address, and movement on certain exercise types if you give permission for 37 Cells to do so; and
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
COOKIES AND SIMILAR TECHNOLOGIES
Cookie Usage and Type. 37CELLS use the following cookies:
- Essential Cookies: Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
- Functionality Cookies: Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your region).
- Retargeting/Advertising Cookies:Retargeting/advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you. For more information, please see the section below titled “Interest-based advertisements.”
To find out more information about cookies, including information about how to manage and delete cookies, please visit https://ico.org.uk/for-the-public/online/cookies/ or http://www.allaboutcookies.org/, or see the “Online tracking opt-outs” section below.
HOW WE USE PERSONAL DATA
We process personal data to operate, improve, understand, and personalize our Services. We use personal data for the following purposes:
Service delivery, including to:
- Provide, operate, improve, develop, understand, and personalize the Services and our business, including testing, research, analysis and product development;
- Satisfy the reason you provided the information to us, including responding to and fulfilling requests;
- Communicate with you about the Services, including Service announcements, updates, or offers;
- Provide support and assistance for the Services;
- Create and manage your account or other user profiles;
- Customize website content and communications based on your preferences; and
- Memberships, or other transactions.
Research and development. We may create and use aggregated, de-identified or other anonymous data from personal data we collect, including wellness data, for our business purpose, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. We also use the anonymous wellness data for research purposes to help us and our research partners answer important questions about human performance and create an even-better experience for our members by identifying cutting-edge insights and providing new content and product features.
Marketing and advertising. We do not use personally identifiable wellness data for marketing or advertising purposes. We may use other personal data, such as data collected when you browse our website, to send you marketing messages or advertise the Services:
- Direct marketing. We may send you direct marketing messages as permitted by law.
Compliance and protection, including to:
- Protect against or deter fraudulent, illegal, or harmful actions and maintain the safety, security, and integrity of our Services;
- Audit our internal processes for compliance with legal and contractual requirements and internal policies;
- Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); and
- Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
HOW WE SHARE PERSONAL DATA
We may share your personal data with:
- Advertising partners that may collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above. We do not share your wellness data with advertising partners;
- Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services they render to us;
- Authorities and others, including law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with law or legal process; and
- Business transferees, such as acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, 37CELLS or our affiliates (including, in connection with a bankruptcy or similar proceedings).
HOW YOU MAY SHARE PERSONAL DATA THROUGH 37CELLS
Depending on your use of the Services, you may share personal data with:
- Other users of the Services, such as through our 37CELLS Selfie share features, which allow you to share information and content with other users of the Service.
- Third-party social media platforms, when you choose to connect your account on those services with 37CELLS or post content to social media.
- Public. When you make personal data visible to other users of the Services, it may become publicly available and can be collected, viewed and used by anyone;
- Managing entity. If your use of the Services is on behalf of or managed by a managing entity, such as a coach, team, organizing body, or other entity with which you are affiliated, your account information and personal data will be shared with the managing entity, and you consent to that managing entity allowing that information to be publicly shared, subject to any features of the Services that expressly override that control. The managing entity will determine how the relevant information and content is shared; and
- Corporate wellness programs. If you use the Services in connection with an employer or organizational wellness program, we may share your information with that organization subject to your consent. Typically, we will share only aggregated data with these organizations.
Access, update, or delete. When you log in to your account, you may access, and, in some cases, edit or delete the certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request a full deletion of your account and corresponding data by emailing email@example.com. You will be asked to complete a verification form in connection with such deletion request in order to ensure that you have the authority to delete your account. We may need to retain certain personal data in our records, as well as aggregated or non-identifiable data derived from or incorporating your personal data that does not identify you, after you update or delete it.
Privacy settings. You can change certain privacy settings at any time in the mobile application
Push notifications and device permissions. When you use our mobile application, you may initially opt-out of push notifications that we may send you or revoke any permissions you previously granted to us at any time such as permission to access your camera or camera roll, Bluetooth, microphone, Siri, search, push notifications, background app refresh and/or cellular data access, by changing the settings on your mobile device.
Geolocation data. You may allow or disallow 37CELLS to collect geolocation data by enabling or disabling location services on your device. If you decline to grant 37CELLS access to this data, we will not be able to provide certain services, capabilities, or features to you.
Wellness data. You can disable collection of additional wellness data by un-pairing your 37 CELLS device from your smartphone.
37CELLS Teams. If you have joined a 37 CELLS Team, you may stop the sharing of your personal data with the members of the 37CELLS Team at any time by accessing your 37CELLS mobile application, navigating to the Team view, opening the menu from the Description page, and selecting Leave Team.
Marketing communications. We will give you the ability to opt-out of marketing-related emails and other communications by going to our preferences management page, or by following the opt-out or unsubscribe instructions contained in the message. You cannot opt-out of receiving certain non-marketing emails regarding the Service.
Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we have summarized below:
- Blocking Cookies in your browser. Most browsers let you remove or reject Cookies, including Cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about Cookies, including how to see what Cookies have been set on your device and how to manage and delete them, visit allaboutcookies.org.
- Blocking advertising ID use in your mobile device settings. Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of your advertising ID associated with your mobile device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our websites from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers. You can also opt-out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.
- Platform opt-out. Some third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
- Google (AdWords): google.com
- Microsoft (Bing): ads.microsoft.com/en-us/resources/policies/personalized-ads
- Facebook: facebook.com/about/ads
- Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:
Please note that some opt-out features are cookie-based, meaning that when you use these opt-out features, an “opt-out” Cookie will be placed on your computer or other device indicating that you do not want to receive interest-based advertising from certain companies. If you delete your Cookies, use a different browser, or use a different device, you will need to renew your opt-out choice. Opting-out of interest-based advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Service.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to online services. The Services do not currently support “Do Not Track” requests or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
OTHER SITES AND SERVICES
The Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. You can learn about and control how these third parties use and share personal data about you, including with 37CELLS, by reviewing their privacy notices and exercising the privacy choices they offer.
DATA SECURITY AND RETENTION OF PERSONAL DATA
We employ a number of physical, technical, organizational and administrative security measures designed to protect the personal data we collect. While we endeavor to protect the privacy of your account and other personal data we hold in our records, no security measures are failsafe, and we cannot guarantee the security of your personal data.
PERSONAL DATA OF CHILDREN
We do not knowingly collect or solicit personal data from anyone under the age of 13, or under the age of 16 in countries subject to the GDPR, unless exempted by individual country exceptions (for more information, please see “Privacy Notice for European Residents” below). If you are under 13, or 16 where applicable, please do not attempt to register for the Services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 13, or 16 where applicable, we will delete that information as quickly as possible. If you believe that a child under 13, or 16 where applicable, may have provided us personal data, please contact us at privacy@37 Cells.com.
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to privacy@37 Cells.com or at the mailing address below.
Attn: Legal Department
27/115 Peregian Springs Drive, Peregian Springs, Queensland, Australia 4573
NOTICE FOR CALIFORNIA RESIDENTS
We are providing this supplemental privacy notice to consumers in California, pursuant to the California Consumer Privacy Act of 2018 (“CCPA”).
California Privacy Rights. If you are a California resident, you have the following rights:
- Access: You can request a copy of the personal information that we maintain about you.
- Deletion: You can ask to delete the personal information that we have collected from you.
Please note that the CCPA limits these rights by, for example, prohibiting businesses from providing certain sensitive information in response to an access request and limiting the circumstances in which they must comply with a deletion request.
You are entitled to exercise the rights described above free from discrimination.
Exercising your rights. To exercise these rights, you can submit requests as follows:
- To request access to or deletion of personal data collected via your use of the Services, please email us at privacy@37 Cells.com.
- To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional personal data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
- Authorized agents: California residents can empower an “authorized agent” to submit requests on their behalf. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.
- PRIVACY NOTICE FOR EUROPEAN RESIDENTS
If you are a resident of the European Economic Area, the United Kingdom, or Switzerland (collectively, “Europe”), you may have additional rights under the General Data Protection Regulation (the “GDPR”) or other European data protection legislation.
Controller and European Representatives. 37CELLS, Inc. will be the controller of your personal data processed in connection with the Services. Our contact information is as follows:
Attn: Legal Department
27/115 Peregian Springs Drive, Peregian Springs, Queensland, Australia 4573
Legal bases for processing. The “How We Use Personal Data” section above explains how we use your personal data. We will only process your personal data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others but will depend on the type of personal data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.
- Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our services. Where we cannot process your personal data as required to operate the Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or services you access and request.
- Research and development: These activities constitute our legitimate interests.
- Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
- Compliance and protection: From time to time we may also need to process personal data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
- Consent: To the extent that wellness data we collect is considered health data or another special category of personal data subject to the GDPR, we ask for your explicit consent to process the data. You can use your account settings and tools to withdraw your consent at any time, stopping use of a feature, removing our access to a third-party service, or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process personal data based on the consent you expressly grant to us at the time we collect such data. When we process personal data based on your consent, you have the right to withdraw it any time in the manner indicated when you consent or in our Services.
Retention. To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data subject rights. You have certain rights with respect to your personal data, including:
- Access: You can request more information about the personal data we hold about you and request a copy of such personal data. You can also access certain of your personal data by logging into your account.
- Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account.
- Erasure: You can request that we erase some or all of your personal data from our systems.
- Withdrawal of consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes, such as for direct marketing purposes.
- Restriction of processing: You can ask us to restrict further processing of your personal data.
- Right to file complaint: You have the right to lodge a complaint about our practices with respect to your personal data with the supervisory authority of your country or EEA Member State.
For more information about these rights, or to submit a request, please email 37 Cells@gdpr-rep.com or privacy@37 Cells.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.
Processing of personal data in the United States. To provide the Services, we will process your personal data in the U.S. If such processing involves the transfer of personal data to the U.S. in a manner governed by European data protection law, the transfer will be performed pursuant to the applicable requirements of the law, such as standard contractual clauses, the individual’s consent, or into n other circumstances permitted by European data protection law.
Privacy Shield Certification. 37CELLS certified to the EU-U.S. Privacy Shield Framework set forth by the U.S. Department of Commerce regarding the collection and use of personal data transferred from the EU to the U.S. For more information about the Privacy Shield Program, and to view our certification, please visit www.privacyshield.gov.
Although 37CELLS no longer relies on the Privacy Shield Framework to facilitate cross-border data transfers, 37 CELLS remains committed to the Privacy Shield Principles of (1) notice, (2) consent, (3) accountability for onward transfer, (4) security, (5) data integrity and purpose limitation, (6) access and (7) recourse, enforcement and liability with respect to all personal data received from within the EU in reliance on the Privacy Shield before it was invalidated. The Privacy Shield Principles require that we remain potentially liable if any third-party processing personal data on our behalf fails to comply with these Privacy Shield Principles (except to the extent we are not responsible for the event giving rise to any alleged damage). Our compliance with the Privacy Shield is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Please contact us at privacy@37 Cells.com with any questions or concerns relating to our Privacy Shield Certification. If you do not receive timely acknowledgment of your Privacy Shield-related complaint from us, or if we have not resolved your complaint, you may also resolve a Privacy Shield-related complaint through JAMS, an alternative dispute resolution provider located in the United States. You can visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint, at no cost to you. Under certain conditions, you may also be entitled to invoke binding arbitration for complaints not resolved by other means.
If you have any questions about this section or our data practices generally, please contact us at privacy@37 Cells.com or using the contact information above.
Services means, collectively, our websites and mobile apps, any software embedded within 37CELLS, as well as any features, content, or applications offered, from time to time, by 37CELLS in connection therewith.