Privacy Policy

The user will find information below about what data is collected when registering or using the Women’s Best App (hereinafter also “WB app” or “App”) and how it is used, processed or passed on. This Privacy Policy (together with the General Terms of Use) sets out the basis on which we process the personal data that we collect from you or that you transmit to us as part of the WB app.

The controller responsible for data processing is:

WOMEN’S BEST GmbH
Eduard Bodem Gasse 3
6020 Innsbruck

Austria

Email: gdpr@womensbest.com

To assert the rights named in this Privacy Policy or if you have any questions about the use, collection or processing of personal data, the user should contact the above address or email address.

Women’s Best GmbH (referred to hereafter as “Women’s Best” “WB” or “we”) takes the protection of your personal data very seriously and uses extreme care and the most advanced security standards to guarantee it.

We consider it our overriding responsibility to safeguard the confidentiality of the personal data provided by you and to protect it from unauthorized access. WB uses technical and organizational security measures to protect user data from unauthorized access, accidental or intentional manipulation, destruction or loss. 

 

I. Processing of personal data when using the WB app

1. Definitions

In order to ensure a transparent and easily understandable declaration regarding the processing of your personal data, we would like to inform you about the individual legal definitions used in this Privacy Policy:

  1. Personal Data
    'Personal data' means any information relating to an identified or identifiable natural person (hereafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  2. Processing
    'Processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

  3. Restriction of processing
    'Restriction of processing' means the marking of stored personal data with the aim of limiting its processing in the future.

  4. Profiling
    'Profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

  5. Pseudonymization
    'Pseudonymization' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

  6. File system
    'File system' means any structured set of personal data which is accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

  7. Controller
    'Controller' means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  8. Processor
    'Processor' means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

  9. Recipient
    'Recipient' means a natural or legal person, public authority, agency, or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

  10. Third party
    'Third party' means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

  11. Consent
    'Consent' of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

 

2. Lawfulness of processing

Processing is lawful only if there is a legal basis for processing data. According to Article 6 paragraph 1 sentence 1 points (a)-(f) GDPR, the legal basis for the processing can be in particular:

  1. the data subject has given consent to the processing of their personal data for one or more specific purposes;

  2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

  3. processing is necessary for compliance with a legal obligation to which the controller is subject;

  4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;

  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. 

3. Data processing by app stores

Before you can install the app, you may have to conclude a user agreement with an app store operator (e.g. Google, Apple) for access to their portal (e.g. Google Play Store, App Store). The app store operator collects and processes data such as username, email address and individual device identifier as the responsible controller in connection with the use of the app store. We are not a party to the user agreement with the app store operator and have no influence on their data processing. In this respect, the Privacy Policy of the respective app store operator applies.

4. Log files

Each time the app is used, certain information is automatically transmitted and stored by us in so-called log files.

The log files are stored by us for 7 to 10 days exclusively to identify faults and for security reasons (e.g. to investigate attempted attacks) and then deleted. Log files, which must be kept for evidence purposes, are excluded from deletion until the respective incident has been finally clarified and can be passed on to investigating authorities in individual cases. This data processing is carried out to protect our legitimate interests on the basis of Article 6 paragraph 1 sentence 1 (f) GDPR.

The following information in particular is stored in the log files:

  • Abbreviated IP address (internet protocol address) of the end device from which the app is opened;
  • Name of the service provider through which the online offer is accessed;
  • Name of the retrieved files or information;
  • Date and time as well as duration of the retrieval;
  • Operating system and information on the end device used;
  • Http status code (e.g. “Request successful” or “Requested file not found”).

5. Registration in the WB app

To use the app, you have to register. With the explicit registration of the user, the following data can be collected (if entered by the user themselves):

  • Gender,
  • First name,
  • Last Name,
  • Date of birth,
  • Email address,
  • Address,
  • Phone number,
  • Payment data (if a chargeable service has been booked).

Within our app, you can also provide the following optional information:

  • Height,
  • Weight (e.g. to calculate your Body Mass Index),
  • Food allergies,
  • Food intolerances,
  • Diet,
  • General physical fitness,
  • Existence of physical complaints,
  • General physical condition,
  • Smoking habits,
  • Drinking habits,
  • Sleep habits,
  • Work hours,
  • Work activity (low or heavy physical activity),
  • Existing pregnancy and existing lactation period.

For this processing of particularly sensitive health data, we obtain your consent in accordance with Article 9 paragraph 2 (a) GDPR.

The personal data you provide when registering will be collected, processed and used by WB for the purpose of establishing the contract for the use of the WB app, for the execution and processing of the contract and for billing purposes. The legal basis for the aforementioned data processing is Article 6 paragraph 1 sentence 1 (a, b) GDPR.

6. Use of location data, camera access and photos

  1. In the WB app you have the option of communicating your current location.
    The use of the location data (e.g. display of the current position or centering of the map) usually takes place on your mobile device. To use the location services, they must be activated in your mobile operating system. As soon as these are activated and the WB app is launched for the first time, access to the location information is requested. The confirmation results in the WB app being allowed to access your location information. You can deactivate the WB app’s access to your location at any time in the corresponding settings of your mobile device.
  2. You can grant the WB app access to your camera. If you give the app this permission, you can upload your own pictures and videos if necessary. However, the camera data is only saved locally. Should it be possible to share these images/videos in the future, an additional explicit consent will be required on your part. You can deactivate access to the camera in the device settings of your end device at any time and thus revoke your consent at any time.

7. Zendesk

The WB app gives you the option of accessing the Women’s Best website and contacting our customer service there. Our website uses technology provided by Zendesk International Ltd, 55 Charlemont Place, Saint Kevin’s, Dublin D02 F985, Ireland (“Zendesk”) to collect and store pseudonymous data for the purposes of web analytics and to operate the ticketing system used to respond to support requests. User profiles can be created from this pseudonymized data under a pseudonym. Cookies can be used for this. The cookies enable, among other things, the recognition of the Internet browser. If the information collected in this way has a personal reference, it is processed in accordance with Article 6 paragraph 1 (f) GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes.

The data collected with the Zendesk technologies will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separate consent of the data subject. In order to avoid the storage of Zendesk cookies, you can set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, switching off all cookies can mean that some functions on our website can no longer be executed. You can deactivate the data collection and storage for the purpose of creating a pseudonymized user profile at any time with effect for the future by sending us your objection informally by email to the email address given in the imprint.

We have concluded an order processing agreement with Zendesk, with which we oblige Zendesk to protect our customers’ data and not to pass it on to third parties.

Personal data may be transmitted to Zendesk Inc. servers in the USA. For such data transfers, Zendesk follows Binding Corporate Rules (BCRs) which have been recognized by the Irish Data Protection Authority as appropriate safeguards for compliance with European data protection standards.

You can find more information about Zendesk’s data protection at https://www.zendesk.de/company/customers-partners/privacy-policy/.

8. Chat system

The WB app gives you the option of contacting our customer service via a live chat-system developed by Women’s Best GmbH, Eduard-Bodem-Gasse 3, 6020 Innsbruck, Austria.

The WB live chat-system collects and stores pseudonymous data for the purposes of web analytics and to operate the ticketing system used to respond to support requests. User profiles can be created from this pseudonymized data under a pseudonym. Cookies can be used for this. The cookies enable, among other things, the recognition of the Internet browser. If the information collected in this way has a personal reference, it is processed in accordance with Article 6 paragraph 1 (f) GDPR on the basis of our legitimate interest in effective customer service and the statistical analysis of user behavior for optimization purposes.

The data collected with the Women’s Best technologies will not be used to personally identify the visitor to this website and will not be combined with personal data about the bearer of the pseudonym without the separate consent of the data subject. In order to avoid the storage of cookies, you can set your Internet browser so that no more cookies can be stored on your computer in the future or cookies that have already been stored are deleted. However, switching off all cookies can mean that some functions on our website can no longer be executed. You can deactivate the data collection and storage for the purpose of creating a pseudonymized user profile at any time with effect for the future by sending us your objection informally by email to the email address given in the imprint.

9. Disclosure of data to third parties/service providers

In principle, the data collected by us will only be passed on if:

  • Pursuant to Article 6 paragraph 1 sentence 1 (a) GDPR, you have given your explicit consent,

  • the transfer, pursuant to Article 6 paragraph 1 sentence 1 (f) GDPR, is required to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

  • pursuant to Article 6 paragraph 1 sentence 1 (c) GDPR, we are legally obliged to pass the data on, or

  • pursuant to Article 6 paragraph 1 sentence 1 (b) GDPR, this is necessary for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place in response to your request (e.g. when forwarding inquiries and orders to regional cooperation partners).

In addition, data may be passed on in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.

Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this Privacy Policy, this may include data centers, software providers, IT service providers and consulting companies. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures to protect the rights of the data subjects and are regularly checked by us.

If these service providers process your data outside of the European Union, this may result in your data being transferred to a country with a lower data protection standard than in the European Union. In these cases, WB ensures that the service providers concerned guarantee an equivalent level of data protection, either contractually or otherwise (e.g. by concluding standard contractual clauses with the service provider).

10. Duration of storage; retention periods

We store your data for as long as is necessary to provide our app and the associated services or we have a legitimate interest in further storage. In all other cases, we delete your personal data, with the exception of data that we must continue to store to fulfill contractual or legal (e.g. tax or commercial law) retention periods (e.g. invoices). Contractual retention periods can also result from contracts with third parties (e.g. owners of copyrights and ancillary copyrights).

We block data that is subject to a retention period until the period has expired.

 

II. Your privacy rights vis-à-vis Women’s Best

  1. Revocability of consent, Article 7 GDPR
    In accordance with Article 7 paragraph 3 GDPR, you have the right to revoke any consent you have given us to process your data at any time without giving any reason. You may send your revocation notice in no particular format to the mailing address or email address shown at the beginning of this Privacy Policy. Revocation of the consent does not affect the legality of the data processed up to the withdrawal based on your consent (Article 7 paragraph 3 sentence 2 GDPR). 

  2. Right of access to information, Article 15 GDPR
    Pursuant to Article 15 paragraph 1 GDPR you have the right to know whether we process your personal data. If we do, you have a right to additional information (Article 15 paragraph 2 GDPR). 

  3. Right to rectification, erasure or restriction of processing, Articles 16, 17 and 18 GDPR
    According to Article 16 GDPR, you have the right to demand the correction of incorrect data and the completion of incomplete data without delay – also by means of a supplementary declaration.
    In particular, pursuant to Article 17 GDPR you have the right to demand the erasure of personal data concerning yourself if the processing of your personal data is not or no longer permitted.

  4. Right to object, Article 21 GDPR
    Pursuant to Article 6 paragraph 1 (e) or (f) GDPR you have the right to object at any time to the processing of your personal data on grounds relating to your particular situation; this applies also to any profiling based on these provisions. We will then no longer process your data unless we demonstrate compelling legitimate grounds for such processing which override your own interests, rights, and freedoms.
    You may exercise the right to object at any time by contacting us via the contact options specified in the imprint. 

  5. Right to lodge a complaint with a supervisory authority, Article 77 GDPR
    Without prejudice of another administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your job or the place of the presumed violation if you believe that the processing of your respective personal data is unlawful. The data protection authority of the Republic of Austria provides forms for exercising your legal rights and for making complaints at https://www.dsb.gv.at/download-links/dokumente.html. The following applies to our European customers: Your competent supervisory authority is that of your place of residence. A list of all supervisory authorities can be found under  https://edpb.europa.eu/about-edpb/about-edpb/members_en.

 

Status of the Privacy Policy: 20 December 2022

© 2024 Women's Best.