App Privacy Policy

Last updated February 24, 2022
This Privacy Policy contains information about how we process your personal data in the context of the VISTA – Workplace Wellbeing – iOS and Android app (the “App”).

 

1. General
Controller for the purposes of the General Data Protection Regulation (“GDPR”) regarding the processing of personal data in the context of the App is Vistawellbeing 12 Beaumont Ave, Richmond. TW9 2HE (“Vistawellbeing“, “we”, “us” or “our”).

By means of this Policy, we would like to explain to you which data we collect in the context of our App, for which purposes and how we use (“Use”) the data, and which rights you have.

Please note that our App may contain links and integrations too of other providers’ websites whose content we do not control, and which are not subject to this Privacy Policy.

 

2. Data we collect, process and use
We process your personal data only if it is necessary for providing a functional website, our contents, and our services.

We use from Google Fit Biking and Running data which is stored in the user’s account to pre-fill our input form within the app.

Data that is used within the processing is:

  • Google Fit Session ID (to prevent duplicates on sync)
  • Google Fit Session length (distance)

 

All this data can be removed at user’s request by letting us know on our e-mail: datacontroller@vistawellbeing.io

 

2.1. Visiting our Website (https://vistawellbeing.io/) & using our App
The use of our Website is possible without providing your personal data to us. Regarding the Website & App: As is the case with most websites, our systems, however, do automatically register every access to or visit of our Website and temporarily store this information in a “log file.”

 

Among the data saved in this context are in particular:
IP-address of the accessing computer or smart phone

  • Name and URL of the accessed file
  • Date and time of the access
  • Access status/HTTP status code
  • Amount of data transferred for each transmission
  • Browser identification data

 

This data does not allow us to draw any conclusions about the data subject. The above-mentioned data is processed for the purpose of enabling visitors to use our Website/App (to establish a connection) and for internal system-related purposes (technical administration, system security). Log files are stored in order to ensure the functionality of our Website. Additionally, the data allows us to optimise the Website/App to ensure that our systems are secure. As far as personal data is concerned, data processing related to accessing our Website/App is based on Article 6(1) sentence 1(f) GDPR (legitimate interests). The legitimate interest is based on the above-mentioned purposes.

 

2.2 Contact
Our Website/App offers the possibility to get in touch with us via e-mai or telephonel. If you contact us via e-mail or send us an enquiry, we store the personal data you transmitted via e-mail. It is not mandatory for you to provide information; we only receive and store personal data that you send us. This data is used for processing your respective request only. The legal basis for the processing of the aforementioned personal data is: Article 6 (1) sentence 1 (f) GDPR (legitimate interests). Our legitimate interest is based on the fact that we can only perform the action the user asked for (e.g. answering an enquiry) if we process his/her personal data. If you contact us with the aim of potentially entering a business relationship with us, processing your personal data is also done under the following legal basis: Article 6 (1) sentence 1 (b) GDPR (performance of a contract and steps necessary prior to entering a contract).

 

2.3 Register process for marketing messaging
Our Website offers the possibility to sign up for our Newsletter or to download various Resources (ebooks, case studies, whitepapers, Sketch templates). You can opt-in for our marketing messaging through the forms available on the website or through the live chat tool.

Once you send us your email address to receive such communications from us, you allow us to personalise your experience of the website and messaging you receive on email or through the live chat tool.

You are able to customise your interests and messaging options, or opt-out at any time through the Unsubscribe button available in the emails you receive from us.

To see what technical third-party tools we use to email you, and their respective Privacy Policies, please check section 2.8 Messaging tools of this document.

 

2.4 Cookies
Our Website uses cookies. Cookies are small text files that are stored in your Internet browser for the purpose of technical session control. They make navigating our Website easier for you and allow us to analyse anonymous, respectively personalised user behaviour if you’ve signed up for it, which helps optimise our Website design. Cookie data can only be associated with a specific individual if you’ve opted to sign up for our Marketing messaging.

 

The Website uses cookies to the following extent: Transient / Session cookies, Persistent / Setting cookies, and Analysis cookies.

Transient cookies are automatically deleted when you close your browser. This includes, in particular, the session cookies. These store a so-called session ID, which identify user session in the browser.

 

Session cookies are deleted when you log out or close your browser.

 

Persistent cookies help the Website remember your information and settings when you visit them in the future. They are automatically deleted after a specified period, which may differ depending on the cookie. We also use cookies on our Website which enable an analysis of the user’s surfing behaviour. Most browsers automatically accept cookies. You can, however, change your browser settings to not set any cookies or to always show a notice before setting a new cookie. However, if you chose to deactivate the setting of cookies altogether, not all functions of our Website may be (entirely) usable. The legal basis for the processing of personal data related to cookies is Article 6(1) sentence 1 (f) (legitimate interest). Our legitimate interest is based on the above-mentioned purposes, to optimise Website use and to improve your user experience.

 

2.5 Analytic Tools
2.5.1 Google Analytics
The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help analyze how you use the Website.\

 

The information generated by the cookie about your use of the Website will normally be transmitted to and stored by Google on servers in the United States. In case IP-anonymisation is activated on the Website, your IP address will be truncated within the area of member states of the European Union or within other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of the Website for the purpose of evaluating your use of the Website, compiling reports on Website activity and providing other services for the website operator relating to website activity and internet usage.

 

 

The IP address that your browser transfers within the scope of Google Analytics will not be associated with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use all functions of the Website.

You can also opt-out from the storage by Google of the data that is created by the cookie and is related to the use of the Website (including your IP address) and the processing of such data by Google by downloading and installing the Google Analytics opt-out browser add-on available under https://tools.google.com/dlpage/gaoptout?hl=en.

 

 

As an alternative to the browser add-on or within browsers on mobile devices, you can click this link in order to opt-out from being tracked by Google Analytics within this Website in the future (this opt-out option applies only for the browser in which you set it and with regard to the Website).

 

In this case, an opt-out cookie is put on your device. In case you delete your cookies, you will have to use the aforementioned link again. For further information on Google Analytics please refer to http://www.google.com/analytics/terms/de.html, http://www.google.com/intl/de/analytics/learn/privacy.html, http://www.google.de/intl/de/policies/privacy/

 

 

The legal basis for the processing of the data described in section 2.7 (to the extent such data is to be considered personal data) is Article 6 (1) sentence 1 lit. f GDPR (legitimate interests). The legitimate interests to Use such data is that we use and analyze the respective data to improve our Website, such as by gaining a better understanding of your interests and requirements regarding our Website and to help personalize your user experience. Google is committed (to the best of our knowledge) to the EU-US Privacy Shield Agreement published by the US Department of Commerce on the collection, use, and retention of personal data from EU member states. Google has declared through certification that it will comply with the relevant privacy shield principles. The European Commission expects the US to provide adequate legal protection for personal data transferred from the EU to self-certified organisations in the US under the Privacy Shield. Further information can be found at https://www.privacyshield.gov/EU-US-Framework

We also collect and/or process your Personal Data when you give us your specific consent.

 

2.6 Scopes Selection & Justification

VISTA reads data from Google Fit using your Gmail account. This is in order to automatically sync the physical activities progress recorded within Google Fit (Google) with VISTA physical challenges (biking and running). A narrower scope would not be sufficient because you would need to manually fill in the data for each VISTA physical challenge.

 

3. Third Parties; Technical implementation by subcontractors
Personal data collected in the context of using our Website will not be transmitted to third parties or otherwise without your consent, except in cases explicitly described in this Privacy Policy. Transmission to government institutions and authorities will be made only pursuant to compulsory legal regulations. The legal basis for such processing of personal data is Article 6(1) sentence 1 (c) GDPR (fulfilling legal obligations).

 

We may use external service providers for website operation and for the services offered there (hosting, live chat, registration form) who process your personal data for us. These service providers process your data only according to our instructions. The legal bases for such processing of personal data are Article 6 (1) sentence 1 (b) GDPR (performance of a contract and steps necessary prior to entering a contract) and Article 28 GDPR (data processing).

 

4. How we store your personal data
We use Google Cloud as our back-end cloud provider to store all your data securely.

 

4.1. How long do we store your Personal Data
As far as the other stipulations of this Policy do not prescribe a certain amount of time that we need to retain your personal data, we only store personal data generated in the context of using our Website for as long as is necessary to process your requests or enquiries.

 

We aim to answer initial inquiries within 10 working days and will keep you in our database until you make a decision on that project, or remain idle for a period longer than 12 months.

 

If we pass the initial inquiry, we will delete your personal data in you remain idle for a period longer than 12 months after our last contact.
You may choose to opt-out of communications with us regarding your business inquiry at any point during the proceedings. You can communicate your wish to be opted-out through an email at hello@vistawellbeing.io.

 

5. Functionality enhancement by using Google Fit integration
We enhance the Challenges functionality within the App by offering the opportunity for any user to sync and pre-fill their health data with the selected challenge.

A sample set of users were excited to have this functionality in place enhancing engagement through the availability of Google Fit integration.

 

6. Your rights
You have the right to request information from us at any time about your personal data stored by us. If the legal requirements are met, you also have rights vis-à-vis us to request from us access to and rectification or erasure or restriction of processing concerning your personal data or to object the processing of your personal data. If you have given your consent to the use of personal data, you can revoke such consent at any time (for the future). If you believe that the processing of your personal data by us is in breach of the applicable data protection laws, you can issue a complaint with the competent supervisory authority for data protection.

 

7. Contact
For all data privacy questions (incl. assertion of your rights as per Section 5 of this Privacy Policy), you can contact us at hello@vistawellbeing.io.

 

8. Data Security
We maintain current technical measures to ensure data security protection, especially to protect your personal data against risks during transmission and against third-party access. These measures will be updated according to the latest technical developments.

 

9. Changes
Our Privacy Policy may change from time to time, for example, due to further developments of our Website or legal changes. We, therefore, reserve the right to change this Privacy Policy at any time with effect for the future.