The Data Privacy Statement was last updated on May 24, 2018!
Protecting the personal privacy of every customer is a crucial part of gaining and keeping your trust in
us. We strive to provide a high level of privacy protection across all of our businesses and services
and to deploy consistent, rigorous policies and procedures by providing the following Privacy Statement.
This privacy statement (the “Statement”) serves as our commitment to you to protect the security and privacy
of your personal data, and covers the following areas of privacy concerns:
1. Your Personal data – what is it
2. What roles do we play in processing your data
3. When are your personal data collected
4. Our collection of personal data
5. Use of Opt-In/Subscribe Personal Data
6. How do we process your personal data
7. What is our lawful basis for processing your personal data
8. Necessity to provide us data
9. Sharing your personal data
10. How long do we keep your personal data
11. Privacy of data subjects under the age of 16
12. Your rights and your personal data
13. Profiling
14. Further processing
15. Security
16. What are your choices
17. Whom should I contact
This Statement does not apply to third-party applications, products, services, websites or social media features
that may be accessed through links that we provide on our websites and interfaces. Accessing those links
may result in the collection of information about you by a third party. We do not control or endorse
those third-party websites or their privacy practices. We encourage you to review the privacy policies
of such third parties before interacting with them.
Your privacy is of utmost importance to us in servicing you. Our products and services are rendered to you
on the basis of your understanding of your data privacy rights.
Please read this Statement carefully. When visiting our website and using our Apps and other services that
link to or reference this Statement, you agree to be bound by the terms and conditions of this Statement.
Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be
by the data alone or in conjunction with any other data in the data controller’s possession or likely
to come into such possession. The processing of your personal data is governed by applicable privacy
laws.
What roles do we play in processing your data?
We are the data controller with respect to processing your data (contact details below). This means that
we decide how your personal data is processed and for what purposes. We know that you care how data about
you is used and shared, and we appreciate your trust that we will do so carefully and sensibly.
When are your personal data collected?
Some of your data can, in particular, be collected by us:
• whenever you download and install PICOOC Apps through mobile terminal (e.g. mobile phone, tablet equipment,
etc.) and become our user
• whenever you register to use our online services (each time you log in or each time you use them)
• whenever you fill in forms and agreements that we send to you
• whenever you use our services and products
• whenever you contact us via the various channels we offer you
Our collection of personal data
The personal data we collect include any and all data you provide to us when you register an account with
us, enter on our website, use our apps, provide us information, update or add information to your account,
or give us in any other way. You can choose not to provide data to us, but we may then not be able to
service you where such services require processing such data. We use the data that you provide for purposes
administering your use of our services, such as communicating with you, responding to your requests,
managing your account, customizing your service experience with us, improving our products and services,
and personalizing marketing measures and activities. We may communicate with you by mail, email or telephone.
We will send you strictly service-related announcements or information on rare occasions when it is necessary
to do so.
Examples of the data we collect and store include: When you register or log in, we collect data you entered,
including Email address or phone number you used for registration, user ID, ethnicity, birthday, gender
and height. Dependent on the version you use you can select between User ID, E-Mail address or Phone
number to login. We store the information from you, which you have selected with your account.
When you use PICOOC Apps, we collect following data:
• Physical data: body weight, user impedance, body fat, muscle rate, visceral fat index, BMR, body water,
protein, bone mass, body girth(if you record), etc.
• Device data: login time, IP address, device Mac Address, device model, device manufacturer, operating system,
and further other device data required to provide and improve our services
• Other information: user photo, comments, record of chat or phone call when using customer service, etc.
We also receive and store certain types of data whenever you interact with us. For example, we use "cookies,"
which are unique identifiers that we transfer to your device to enable our systems to provide features
of our services such as prefilled information on other websites, provide remote access for you, allow
you to visit our website without re-entering your username and/or password, verify that you have the
authorization needed for the services to process your requests, personalize and improve your experience,
record your preferences, customize functionalities for your devices, and to improve the functionality
and user-friendliness of our services. It also helps us to better understand how you interact with our
services and to monitor aggregate usage and web traffic routing on our website. Most of the cookies used
by us are so-called "session cookies". Cookies do not cause any damage on your computer or device and
do not contain any viruses. Most browsers automatically accept cookies as the default setting. You can
modify your browser setting by editing your browser options to reject our cookies or to prompt you before
accepting a cookie. However, if a browser does not accept cookies or if you reject a cookie, some portions
of our services may not function properly. You may refuse the use of cookies by selecting the appropriate
settings on your browser by visiting
www.allaboutcookies.org for details on how to delete or reject cookies and for further information
on cookies generally.
We obtain certain types of data when your web browser accesses us and other content served by us or on our
behalf on other websites, such as the Internet protocol (IP) address used to connect your computer to
the internet, device ID or token, unique identifier, device type, referral URL, computer and connection
data such as the type of operating system you use, your device information, your software information,
browser type, browser language and version, ad data, access times, your browsing history, and your web
log information. We also obtain information about your smart mobile devices when you use our App, which
includes device manufacturer, device model, operating system and its version, screen width and height,
screen density, carrier. We collect such information to increase your using experience, and to provide
better service.
We keeps your account information active in our user registration databases in order to provide immediate
access to your personal data each time you visit our website or use our App and other services, as noted
above.
All the data we collect from you may be stored as log files in our server. These log files are used for analysis,
research, auditing, and other purposes. After the server processed your data, the data will be transferred
to databases. We routinely back-up a copy of your data to prevent loss in case of a server breakdown
or human error. However, all such copies of your data in our backup database will be retained only for
as long as our data retention policy permits (see “How long do we keep your personal data?” below), and
will in any case be deleted immediately upon your request.
Please note that for Android Version 6 and 7 devices, location service permission needs to be turned on to
enable Bluetooth, due to a Google regulation that we have no control over, but we will not access the
location service data.
Use of Opt-In/Subscribe Personal Data
You have a choice of whether and how you receive a variety of marketing measures and activities from us related
to product solutions, services and helpful business content. You can manage your preferences through
the notification page of the App (Me/Settings/Notification/Email Notification).
How do we process your personal data?
We comply with our obligations under applicable privacy laws by keeping personal data up to date; by storing
and destroying it securely; by collecting and retaining only the necessary data that we need to service
you; by protecting personal data from loss, misuse, unauthorized access and disclosure and by ensuring
that appropriate technical measures are in place to protect personal data.
The processing operations we perform on your data cover automated and non-automated means of collecting,
recording, organizing, structuring, storing, altering, retrieving, using, transmitting, disseminating
or otherwise making available, aligning or combining, restricting, and/or erasing your data.
We use your personal data for the following purposes:
• To design and deliver our services and activities to you
• To operate our website and Apps to provide you access to and use of our services
• To provide services and products requested by you as described when we collect the information
• To maintain the integrity and safety of our data technology systems which store and process your personal
data
• To provide anonymous reporting for internal and external customers
• To share your contact details with our logistics partners so that they can assist us to deliver our services
and products to you
• To enforce or defend our policies or agreement with you
• To detect and investigate data breaches, illegal activities, and fraud
If you wish to subscribe/opt-in to our marketing measures and activities, we will use your name and email
address to send the communications to you. Out of respect for your privacy, if you no longer wish to
receive these communications from us, please close the setting from the App (Me/Settings/Notification/Email
Notification).
What is our lawful basis for processing your personal data?
In general, the lawful bases for us to process your personal data for the various types of processing performed
on your data (please refer to “How do we process your personal data?” section of this Statement) is,
as applicable, processing based on your consent. Therefore, it is necessary for us to enter into privacy
statement and user agreement with you to pursue the legitimate interest of our Company or of third parties.
Where we talk about our legitimate interest or that of third parties, such legitimate interest can include:
• Prevention of fraud, misuse of company IT systems, or money laundering
• Operation of a whistleblowing scheme
• Physical security, IT and network security
• Internal investigations
• Proposed mergers and acquisitions
We will collect, process and use the personal data supplied by you only for the purposes communicated to
you and will not disclose your data to third parties except under the circumstances of data disclosure
described in the “Sharing your personal data” section below.
Necessity to provide us data
You are not under any obligation to provide us any personal data. As noted below, the choice is yours. However,
please note that without certain data from you, we may not able to undertake some or all of our obligations
to you under our service agreement with you, or adequately provide you with our full range of services.
If you would like to obtain more detail about this, please contact us following the instructions in the
“Whom should I contact?” section below.
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with the categories
of data recipients listed below. We will only share your data with third parties outside of the Company
with your consent, and you will have an opportunity to choose for us not to share your data.
We may disclose your personal data to:
• Our authorized staff to provide you services such as customer service, for internal administration purposes,
to detect and deal with data breaches, illegal activities, and fraud, and to maintain the integrity of
our information technology systems
• Third party service providers whom we sub-contract to work on our behalf or for us and therefore may have
access to your data only for purposes of performing these tasks on our behalf and under obligations similar
to those described in this Statement, who perform functions such as data processing, auditing, order
fulfillment, managing and enhancing customer data, providing customer service, conducting customer research
or satisfaction surveys, logistics support, marketing support, payment processing and invoice collection
support, informational systems technical support, to help us provide, analyze, and improve our services
such as data storage, maintenance services, database management, web analytics, improvement of our service
features, and to assist us in detecting and dealing with data breaches, illegal activities, and fraud
• Governments and/or government-affiliated institutions, courts, or law enforcement agencies, to comply with
our obligations under relevant laws and regulations, enforce or defend our policies or agreement with
you, respond to claims, or in response to a verified request relating to a government or criminal investigation
or suspected fraud or illegal activity that may expose us, you, or any other of our customers to legal
liability; provided that, if any law enforcement agency requests your data, we will attempt to redirect
the law enforcement agency to request that data directly from you, and in such event, we may provide
your basic contact information to the law enforcement agency
• Third parties involved in a legal proceeding, if they provide us with a court order or substantially similar
legal procedure requiring us to do so
We may provide you with opportunities to connect with third party applications or services. If you choose
to use any such third party applications or services, we may facilitate sharing of your information with
your consent. However, we do not control the applications or services of those third parties or how they
use your information, and your use of such applications and services is not governed by this Statement.
Please review the terms and the privacy policies of those third parties before using their applications
or services.
We will display your personal data and account activity in your profile page and elsewhere on our service
portals according to the preferences you set in your account. You can review and revise your profile
information at any time. Please consider carefully what information you disclose in your profile page
and your desired level of anonymity. In your profile page, we will also display your device information
as well as provide the network connection information for the devices to the applications that connect
to your devices. Our services also include sharing and publishing features that by their nature support
sharing with users you choose. Those users may see your name, email address, photo and some information
from your profile page, and files you choose to share. They may also forward your shared files or published
devices to the public. Public information may be broadly and quickly disseminated. Please consider what
files your share and devices you publish.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary for the given purpose for which your data
is processed. If you will provide us, or have provided us, consent for us to process your data, we will
process your personalized data for no longer than your consent is effective. Notwithstanding the above,
we may retain your personal data as required by applicable laws and regulations, as necessary to assist
with any government and judicial investigations, to initiate or defend legal claims or for the purpose
of civil, criminal or administrative proceedings. If none of the above grounds for us to keep your data
apply, we will delete and dispose of your data in a secure manner according to our data protection policy.
Privacy of data subjects under the age of 16
Our products and services are not targeted to persons under the age of 16. We do not knowingly collect or
process personal data from persons under the age of 16. Please note that if you are under the age of
16, you will need to provide us a written signed consent from your parent or guardian indicating that
your parent or guardian has consented for us to process your data and send us the consent through contact
information provided from the section of “Whom should I contact?”
Your rights and your personal data
Unless subject to an exemption under applicable privacy laws, you have the following rights with respect
to your personal data:
• The right to request a copy of your personal data which we hold about you
• The right to request that we correct any personal data if it is found to be inaccurate or out of date
• The right to request to erase your personal data where it is no longer necessary for us to retain such
data, except we are not obliged to do so if we need to retain such data in order to comply with a legal
obligation or to establish, exercise or defend legal claims
• The right to withdraw your consent to the processing at any time, if and where we rely on your consent
to process your data. This includes cases where you wish to opt out from marketing communications that
you receive from us
• The right to request that we provide you with your data and where possible, to transmit that data directly
to another data controller, where the processing is based on your consent or is necessary for the performance
of an agreement with you, and in either case we process the data by automated means
• The right to restrict our processing of your personal data where you believe such data to be inaccurate,
our processing is unlawful; or that we no longer need to process such data for a particular purpose unless
we are not able to delete the data due to a legal or other obligation or because you do not wish for
us to delete it
• The right to object to us using your personal data, where the legal justification for our processing of
your personal data is our legitimate interest. We will abide by your request unless we have compelling
legitimate grounds for the processing which override your interests and rights, or if we need to continue
to process the data for the establishment, exercise or defense of legal claims
• The right to lodge a complaint regarding our processing of your data, with the competent authority where
you reside or in which your data is processed
If you would like to exercise any of the above rights, please do so by providing your request via the contact
information from the “Whom should I contact??” section.
After receiving your request, we will evaluate your request and inform you how we intend to proceed on your
request. Under certain circumstances in accordance with applicable privacy laws and regulations, we may
withhold access to your data, or decline to modify, erase, port, or restrict the processing of your data.
Please be advised that if you exercise the rights to erase data, restrict or object to our processing, or
to withdraw your consent, we may not be able to continue our services to you if the necessary data is
missing for processing.
Profiling
To offer better service or product, we will analyze your operational behaviors using the App (such as weighing,
viewing measurement reports, viewing data trends, viewing data analysis, etc.) to analyze user behavior
characteristics, and summarize user preferences and interests to guide for product or services optimization
and iteration; we will analyze the your physical data (such as weight, fat rate, muscle rate, moisture
rate, and bone mass, etc.) as to provide you with customized content and services; by analyzing device
information such as device manufacturer, device model, and operation system and its version, screen width
and height, screen density and telecom carrier, using behavior and habit can be summarized and targeted
to improve the service quality and optimize user experience.
We are mindful of the impact that profiling can create. Therefore, we apply the following safeguards:
• We have carried out, and will carry out on an annual basis, a Data Protection Impact Assessment to consider
and address the impact to you before we conduct any new profiling
• We only collect the minimum amount of data we need for our profiling purposes
• To the extent possible, our priority is to use anonymized or pseudonymized data, instead of data that can
directly or indirectly identify you, in our profiling activities
• All such data are secured with the technical measures described in the “Security” section of this Statement
• We carry out regular checks to ensure that our systems are working as intended
If you do not agree with our carrying out profiling using your data, please note that you have the right
to object to such use of your data, and you can object through contact information provided from the
section of “Whom should I contact?”.
Further processing
If we wish to use your personal data for a new purpose not covered by this Statement, then we will provide
you with a new notice explaining this new use prior to commencing such further processing for a new purpose,
setting out the relevant new purpose and processing conditions. In such case, we will find a lawful basis
for further processing, and whenever necessary we will seek your prior written consent to such further
processing.
Security
We protect your data using technical measures to minimize the risks of misuse, unauthorized access, unauthorized
disclosure, loss or theft, and loss of access. Some of the safeguards we use are data pseudonymization,
data encryption, firewalls, data access authorization controls and so on. We take our data security very
seriously. Therefore, the security mechanisms used to protect your data are checked and updated regularly
to provide effective protection against abuse.
The information we collect are usually encoded. Moreover, we have put in place additional and comprehensive
state-of-the-art security measures when your data are accessed via the internet. Firewalls prevent unauthorized
access. Diverse encryption and identification layers protect your data from intrusion or disclosure to
third parties during data transfer. Furthermore, we internally use sophisticated encoding methods in
order to prevent de-coding by unauthorized persons. Moreover, an electronic identifier is generated during
data transfer to safeguard your information.
For your confidentiality and security, we use user ID and password to secure your personal information. Do
not disclose your personal information (especially password) to anyone. When you are finished using our
services, please do not forget to log out from your account. If you share a computer, whether in a public
or private setting, be sure to sign off and close your browsers when finished using a shared computer.
Despite our best efforts, however, security cannot be absolutely guaranteed against all threats. If you believe
that the security of your data has been compromised, or if you like more information on the measures
we use to protect your data, please contact us following the instructions in the “Whom should I contact?”
section below.
What are your choices?
You can always choose not to provide your data to us, although we may need such data to process your requests,
in which case we will inform you of our constraints.
To the extent that you have consented to our processing of your data, you can choose to discontinue our processing
at any time.
You can choose to request from us a copy of the personal data we store and process regarding you.
You can choose to add or update data that you have provided to us.
You can choose to erase your data, or you may choose to restrict our processing of your data instead.
You can choose to port your data to a third party under conditions stated above.
You can choose to object to our processing of your data.
You can choose to not allow us to engage in building a personalized marketing profile based on such profile.
Your choice or request on any aspects of data processing listed above can be communicated to us using
the channels set forth in the “Whom should I contact” section of this Statement.
In summary, what we are allowed to do with your data is, with limited exceptions under applicable privacy
laws, up to you. However, in the event that you choose for us not to further process your data, such
choice may affect the delivery of our obligations or services to you; in this situation, we will inform
you of our constraints.
Whom should I contact?
If you have any question about this Statement, or if you would like to exercise any of your rights, or if
you have any complaints that you would like to discuss with us, please in the first instance send us
signed and dated request, together with a copy of your identity card. Please be as accurate as possible:
by post to
PICOOC Technology Co., Ltd
Data Protection Officer
Deshengyuan Zone, Room 309, 3rd Floor, C Building, No. 28, Xinjiekou Outer Street, Xicheng District, Beijing
(CN)
or
by e-mail to
dpo@picooc.com
In case of disagreements relating to our processing of your personal data, you can submit a request for mediation
or other administrative action to the data protection supervisory authority with the competent authority
where you reside or in which your data is processed. Please click here for a list of local data protection
authorities in EEA countries:
http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.