Ab Hur Oy is the provider of exercise concepts for senior exercise, rehabilitation and wellness. As a supplier of professional and intelligent exercise equipment, HUR aims to improve its Service by providing digital solutions for its Customers and its end users.
Purposes of the processing
HUR processes personal data for the following purposes:
- customer relationship management and customer service
- fulfilment of rights and obligations of HUR and the customer
- processing for the purposes related to the data controller’s products and services such as developing, providing, performing, marketing, maintenance and technical support of products and services
- directing the data controller’s advertising (including newsletter) and allocation of marketing on basis of customer data via the data controller’s mediums and services
- in connection with the services and products (including websites operated by HUR, HUR exercise equipment and related online services and mobile devices) (“Service”) offered by HUR to its customers (also referred as “Customer”) and Customers’ end users (“You”). By Customer We mean an entity who have acquired the Service from HUR and by an end user We mean a natural person using the Service as our Customer’s client or as Customer’s employee.
- to comply with any other obligations deriving from the applicable laws or orders made by the authorities, including accounting and tax obligations, and product warranties.
Furthermore, We may use Your personal data and other data We collect to: (i) provide, personalize and improve the Service or this website, for example by providing customized or localized content and advertising; (ii) ensure technical functioning of the Service and website, develop new features, functionalities or services and provide support; (iii) to perform research, analyze and compile statistical information about Your use of the Service or website, including Your interaction with content made available therein; (iv) communicate with You for purposes related to the management of our Customer or end user (namely You) relationship (including billing, surveys, newsletters etc.); (v) send You promotional material and other marketing communications relating to our or our Customers’ products or services, and (vi) to enable interoperability and data (including personal data) exchange between Service and third party service providers or product manufacturers.
The data controller does not use solely automated decision-making, such as automated profiling, as part of processing personal data.
Legal basis for the processing
Legal basis for processing of personal data are legal obligations of the data controller, contract, consent and legitimate interests of the data controller.
The legitimate interest of the data controller is the legal basis for processing of personal data when there is a material connection between a data subject and the data controller. Such material connection is formed, for example, when the data subject has on its own initiative contacted the data controller, or when the data controller, for example, processes the data subject’s personal data in connection with a business or co-operation matter between the data subject’s employer and the data controller.
On basis of its legitimate interest, the data controller may also save to its customer register personal data of potential clients and their contact persons and representatives which can be, on reasonable grounds, expected to be interested to acquire products and services provided by the data controller.
The data controller’s electronic direct marketing may be sent to data subjects who have given their voluntary consent to electronic direct marketing. When the data subject is requested to give his or her consent, he or she will be simultaneously informed that withdrawal of consent is possible easily and at any time. In addition, in accordance with applicable data protection legislation, electronic direct marketing can also be sent to recipients for whom the data controller can reasonably consider that the products or services marketed have essential connection with the potential customer’s area of responsibility or work.
Withdrawal of consent may be done by giving a notice to the data controller or by clicking the cancelling option, which can be found in every marketing message (“Unsubscribe” link), whereupon personal data of the data subject will be removed from the data controller’s list concerning subscribers of electronic direct marketing.
Based on the agreement between HUR and its Customer, and Your consent, HUR processes (for example collect, use, disclose, transfer and store) Your personal data in connection with the provision of the Service. You have the right to withdraw your consent at any time by sending an email to email@example.com. Please see Section 10 below for further details.
The Information We Collect
The data controller processes personal data of the following persons:
- Customers of the data controller and their representatives and contact persons
- Representatives and contact persons of the data controller’s subcontractors and suppliers
- Potential customers
- Users of Services
- Other stakeholders (such as job applicants, other co-operation partners)
The following personal data of the data subjects, relevant on the basis of the above mentioned purposes of processing, are processed, such as:
- E-mail address
- Phone number
- Company and title
- Name and business ID of the company and contact person
- Additional information provided by the data subject himself/herself
- Information based on customer relationship, such as contact history, feedback and follow-up information
Furthermore, when using the Service We may ask You to provide certain personal data related to Your usage of the Service. Processed personal data may include, for example:
Your name, contact details (such as address, e-mail and phone number), occupation, gender, language and other information that personally identifies You or relates to the use of the Service, such as weight, height and training data etc. submitted or made available by You later in the course of Your subscription to our Service.
Regular sources of personal data
HUR may collect personal data when data subject interacts with Us or our business partners pursuant to our business, websites, products or services, buys our products or services, participates in a survey or campaigns, submits information through a web solution, by e-mail or by any other way.
Personal data is received and gathered:
- directly from the data subjects and customers, users and other stakeholders when purchasing or using our products or services, visiting our websites and otherwise interacting with HUR;
- from HUR’s group companies and distribution partners from whom a data subject (or organisation represented by the data subject) has purchased the products or services;
- by using cookies and related technology or third-party analytical software; and
- from public sources such as population information system, trade register or other similar external sources or from HUR’s customer database and third-party contact information providers.
Website usage, Log files and Cookies
Information Collected by Our Customers
Our Customers can use the online tools and functionalities We provide in connection with the Service, as well as tools provided by third parties, to collect information similar to that referred to in Section 2.1 and 2.2 above when You use the Service. HUR does not control its Customers’ use of these tools or functionalities. In our agreements with our Customers We require that they comply with applicable privacy laws and that they will provide any required notices regarding sharing Your personal data with us collected by using the Service. In this instance, HUR is the data processor and our Customer is the data controller under a data processing agreement executed between HUR and our Customer.
Sharing of Your Information
We will not sell Your personal data any third party.
However, We may share the data (whether personal data or non-personally identifiable data) with our customers, affiliates, subcontractors, suppliers or distributors for the above purposes. In case We share the data, We will ensure that personal data is shared and processed only to the extent necessary and only for the intended purpose. Such third parties are also required to maintain the confidentiality of Your personal data.
We may use aggregated and anonymized information about end users for the purposes of internal research and to determine trends or metrics concerning how end users are engaging with our Service or website. We may disclose reports of such general trends publicly or share mentioned information with our affiliates or business partners for product development, without disclosing end users’ personal data.
Transfers of Personal Data to Other Countries
Third Party Social Network Services and External Websites
Our websites may include links to third party websites. Please note that We do not control, and are not responsible for the content or practices of such websites, which are subject to their own terms and conditions, and privacy policies.
Retention periods of personal data
The data controller will process and retain personal data only as long it is necessary for compliance with a legal obligation or for the purposes of processing which have been determined in advance. Personal data which has become redundant, i.e. personal data which the data controller no longer has legal basis to retain or process, will be deleted on regular basis in accordance with the data controller’s internal data protection policy.
We take reasonable administrative, physical and electronic measures designed to protect the information (including personal data) that We collect or receive from or about end users of our Service from unauthorized access, use or disclosure. For example, when You enter personal data on forms on our Service, We encrypt this data using relevant encrypting methods (for example SSL) or other technologies. We have to inform You, however, that no method of transmitting information over the internet or storing it is completely secure. For that reason, We cannot guarantee the absolute security of any information (including personal data).
Access to personal data is given exclusively to authorized persons on HUR’s side or its Customers, affiliates, subcontractors, suppliers or distributors, for instance, in connection with the supply of support services or other services relating to the Service. We have ensured that our employees do not process personal data on a wider basis than required for the provision of the Service. HUR’s personnel have received training on the confidentiality obligations and restrictions relating to the processing of personal data. HUR ensures that its employees who process personal are committed to confidentiality and under an appropriate statutory obligation of confidentiality. HUR ensures that its employees who process personal data are in compliance with the Personal Data Safety and Security measures as defined in GDPR (for EU and Schengen area).
Information about Cookies and Similar Technologies
You have the option to accept all cookies or reject other than necessary technical cookies on our cookies banner upon the first visit from Your device to our website. You can set Your browser to accept, block or delete all or certain cookies. You can later change Your cookie preferences. Please note that if You choose to block cookies, this may prevent the proper functioning of the Service or our website.
Rights of the data subject
Right of access by the data subject to his or her data
The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and a copy of the personal data processed.
Right to rectification and erasure
Within the limits of the legislation, the data subject has the right to obtain the rectification or erasure of inaccurate, unnecessary, defective or outdated personal data concerning him or her.
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a supervisory authority, if the data controller is infringing applicable legislation concerning personal data processing and data protection. The supervisory authority in Finland is the Data Protection Ombudsman, www.tietosuoja.fi.
Right to withdraw consent
In case where processing of personal data is based on the consent of the data subject, the data subject has the right to withdraw his or her consent by notifying the data controller.
Right to object
The data subject has the right to object, on grounds relating to his or her particular situation, at any time processing of personal data concerning him or her and having its legal ground on the legitimate interest of the data controller, including profiling.
The data controller will no longer process personal data unless the data controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time of processing data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
Right to data portability
The data subject has the right to receive data concerning him or her, which he or she has provided to the data controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another data controller, in cases where processing is based on consent or contract and the processing is carried out by automated means.
When exercising the above described right to data portability, the data subject has the right to have personal data transmitted directly from one data controller to another, where technically feasible.
Responsibilities of the data controller
The data controller will inform the data subject about all measures that have been taken on basis of a request, without undue delay and in any case within one month having received such a request. The time limit may be prolonged for at most two months where needed, taking into consideration quantity and complexity of the requests made. The data controller will inform the data subject about such possible prolongment within one month having received the request, as well as about the reasons for delay. If the data subject has presented his or her request electronically, the information must be provided electronically when possible, unless the data subject requests otherwise.
If the data controller does not carry out the measures based on the data subject’s request, the data controller must immediately and at the latest within one month since having received the request, notify the data subject about the reasons for this, as well as about the possibility to lodge a complaint with a supervisory authority and to use other legal remedies.
Ab Hur Oy
67100 KOKKOLA, FINLAND
Please note that prior to fulfilling a request we have a right as well as an obligation to verify your identity, due to which we must be able to recognize you in an adequate manner.