DATA PROTECTION INFORMATION REGNA APP
The following information relates to the Processing your Personal Data from users of the REGNA App (hereinafter referred to as “App”) (= “Data Subject” in terms of the GDPR; hereinafter referred to as “you” / “your”).
For the purpose of this data protection information, the terms listed in this section II., when used in their capitalized form, shall have the meaning as set forth below:
“GDPR” means General Data Protection Regulation (Regulation (EU) 2016/679).
“Personal Data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (article 4 no. 1 GDPR).
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4 no. 7 GDPR).
‘Data Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing (article 4 no. 9 GDPR).
III. Situations, purposes and legal bases of the Processing of your Personal Data
To use the App, you have to log in to the App with either the credentials of your REGNA APP account you registered for (email and password), or with your Facebook or Twitter account credentials.
Once your register for a REGNA account, we process your REGNA credentials (email address and password) when you log in or authentication.
For a login via Facebook or Twitter you will be forwarded to Facebook or Twitter, where you can log in with your Facebook or Twitter credentials and grant the App access to your Personal Data from your public profile (e.g. name, picture etc.) and – if you granted consent in your Facebook/Twitter platform settings – your email address, date of birth, and/or friends list.
These processing activities are necessary for the provision of our service, namely to provide you with dedicated access to your REGNA profile (see sec. 2 of this data protection information) (legal base: article 6 para. 1 lit. b) GDPR).
2. REGNA profile
When you log in to the App for the first time, we collect Personal Data from you in order to create and/or to complete your user profile.
This includes mandatory Personal Data like your (nick-) name, your email address (if you registered via email/password), gender, as well as information on your height, cup size. This processing activity is necessary to provide you with the core functionalities of the App.
In addition, we also process Personal Data, which you voluntarily provide us with, in order to provide you with additional functionalities and/or an even more customized user experience, such as
- date of birth,
- information on weight and height, which is necessary to provide you with made to measure products
(legal base: article 6 para. 1 lit. b) GDPR). These optional data can be deleted from your profile at any time (see section VI. 2. of this data protection information). This may, however, have the consequence that the described functions are no longer available.
3. Push Notifications
If you have granted consent to receive push notifications, we process your device token ID to send you push notifications to your App including information on about for example a new version of the App or on current campaigns (legal base: article 6 para. 1 lit a) GDPR).
You have the right to withdraw your consent at any time by disabling the push notifications for the App in your device settings. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
We collect personal information directly from you. We receive and store information you enter on our Services, when you call or email or communicate with us through social media (Twitter, Facebook, et al.), or participate in events or other promotions. Part of our Services involves collecting, storing, processing and otherwise using images or videos of your body in order to calculate various measurements relating to certain features of your body. You provide the images or videos of your body that we use when you take your photographs or videos as requested and described within our Services; you control how and when the photographs or videos are taken. You agree that any photograph or video you provide shall not be pornographic, lewd or otherwise likely offensive to members of Regna and we reserve the right to refuse access to our Services to any user who provides such photographs or videos. We automatically delete photographs and videos related to measurements once they are processed. Please see the next section for more information.
Examples of personal information that we collect include sizing information, body portfolio image, name, email address, credit card number, purchase and order information, personal preferences, and responses to survey information.
Usage and Log Information: When you use our Services, we collection and log information about your use of our Services, including your browser type and language, access times, pages viewed, your IP address and location.
Device Information: We may collect information about the computer or device you use to access our Services, including the hardware model, operating system and version, MAC address, unique device identifier, phone number, International Mobile Equipment Identity ("IMEI") and mobile network information. In addition, the Services may access your device's native phonebook, with your consent, to facilitate your use of certain features of the Services.
Information Collected by Cookies and Other Tracking Technologies: We use various technologies to collect information, and this may include sending cookies to you. Cookies are small data files stored on your hard drive or in device memory that help us to improve our Services and your experience, see which areas and features of our Services are popular and count visits. We may also collect information using web beacons (also known as "tracking pixels").
We may also obtain information from other sources and combine that with information we collect through our Services.
Regna uses stripe payments. which requires information about your phone number and apps installed on the device in order to ensure secure and successful payment. Please refer to the Stripe policy
IV. REGNA product newsletter
If you have subscribed to our email newsletter via “double opt-in” procedure we will send you from time to time newsletters to inform you about our products and promotions (legal base: Art. 6 para 1 lit. a) GDPR).
You can withdraw your consent and unsubscribe from our REGNA product newsletter at any time by sending an email with your unsubscribe request to our customer service (firstname.lastname@example.org) and/or by clicking on the unsubscribe link which is contained in every newsletter email.
8. Target audience advertising for REGNA users
8.1 REGNA related personalization of e-mail-marketing
We use your e-mail address and certain demographic data of your REGNA profile (name, gender, location), to tailor our email-marketing (see Section IV. 7.) to target groups (legal base: Art. 6 para 1 lit. a) GDPR).
You can object to this data processing by opting-out of our e-mail-marketing according to Section 7.1 (2) and/or 7.2 (2). .
8.2 Personalized remarketing on Facebook
If you have granted consent, we will transfer your hashed e-mail address and certain demographic data of your REGNA profile (gender, location) to Facebook so that we can show you target group-based advertising for REGNA products on Facebook (legal base: Art. 6 para. 1 lit. a) GDPR). For more information please refer to the following link: https://www.facebook.com/legal/terms/customaudience.
You can withdraw your consent at any time by deactivating "Personalized Remarketing" in the privacy settings. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.
V. Categories of Data Recipients of your Personal Data
Your Personal Data may be disclosed to or accessed by the following categories of Data Recipients:
- Our service providers who are involved in the development and provision of the App and its functionalities, our CRM system provider as well as our service analytics and retargeting providers and linked social media platforms for third party log in purposes; we ensure that suitable safeguards (e.g. conclusion of EU Standard Contractual Clauses and, if necessary, additional measures with such providers) for adequate data protection are in place, if Personal Data are disclosed to service provides established outside the EU/EEA,
- Selected employees within REGNA, insofar as this is absolutely necessary (on a need-to-know base) for the performance of their obligations (e.g. support staff), and
- Other REGNA users as follows:
- If "Private - Only me" is set in the privacy settings of the REGNA App (default setting), other REGNA users can only see basic information from your profile ((nick)name (your surname will be abbreviated to the first letter of your name), country/town, TRAC score and number of your followers, and number of REGNA users you are following),
- If you have set "Public - Everyone" in the privacy settings of the REGNA App, other REGNA users also have access to your workouts and related training information.
Deletion of Measurement Photographs and Videos
After you submit photographs or videos for measurement, we process them to calculate measurements and other information useful for using our Services. Once processed, the original photographs or videos are automatically deleted from our servers. If measurement photographs or videos stay unprocessed for over 90 days, we automatically delete them from our servers. One instance in which a set of photographs or videos may go unprocessed is if you submit a set photographs or videos but do not associate them with an account.
While we make our absolute best efforts to delete photographs and videos in a timely manner, we cannot guarantee that such deletion always occurs within a particular timeframe. In addition, as for any other digital information, there may be ways to access photographs or videos while still in temporary storage or, forensically, even after they are deleted.
Regna secures your personal information from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.
VI. Storage and deletion of your Personal Data
All Personal Data that you share with us or that are generated when using the App are securely stored in your App (Frontend) as well as in our cloud databases (Backend). Upon request, your Personal Data will be deleted from both the App and the cloud database (see hereafter).
- REGNA profile and account
In the user settings ("About you") you can also at any time delete non-mandatory Personal Data from your REGNA profile.
You can also delete your entire REGNA profile and account by contacting our support via email@example.com.
- Analytic Data
Personal Data about your latest App access are stored for a maximum of 30 days, unless they are overwritten by data from a "new" last app access.
Pseudonymous data collected using the analytics services described under section 6 of this data protection information will be stored for a maximum of 9 months.
VII. Your data protection rights
In accordance with applicable data protection laws, you have following rights concerning your Personal Data processed by us:
- Right of access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (“Right to be forgotten”) (Art. 17 GDPR),
- Right to restriction of Processing (Art. 18 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to object against processing activities carried out on the legal base of article 6 para. 1 lit. f GDPR (Art. 21 GDPR),
Most of these rights can be exercised directly in the account settings of the App itself or in the relevant settings of the end device used. In other cases, please direct your requests to exercise the respective right by email to firstname.lastname@example.org. To process your request and for authentication purposes, we process in turn certain Personal Data from you (legal base: article 6 para. 1 lit. c) GDPR).
Besides, you have the right to lodge a complaint with our supervisory authority (article 77 GDPR).
Status: 28 December 2021