KIESER PRIVACY POLICY
Kieser is committed to protecting the privacy and personal information we may collect of our clients and members and complies with the Australian Privacy Act 1988 (Cth), the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA), in each case, as applicable.
This Privacy Policy (the Policy) explains how we may collect, use, disclose and otherwise handle personal data, including sensitive personal data collected from you.
- «Personal data» means any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- «sensitive personal data» is a subset of personal data and revealing e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, health data or data concerning a natural person's sex life or sexual orientation.
Providing personal data is an act of trust and it is taken seriously. Unless given consent to do otherwise, Kieser will only collect and use personal data as prescribed below.
Data Controller and Contact
The controller for the processing of your personal data when you visit this App is: Kieser-Training Pty Ltd (ACN 117 602 230), hereinafter “Kieser”, “Kieser Australia”, “we”, “us” or “our”.
You may contact us regarding data protection matters and to exercise your rights at: dataprotection@kieser.com.au
Special provisions when you use our App in Switzerland
Other Controllers involved when you use our App in Switzerland
When you are a client or employee of Kieser Training Schweiz AG in Switzerland, you may use this App as provided for under your agreement with Kieser Training Schweiz AG. In such case, Kieser Training Schweiz AG, will be responsible for the processing of your data as a separate controller. You can contact Kieser Training Schweiz AG (“Kieser Switzerland”) at:
Kieser Training Schweiz AG
Hardstrasse 223
8005 Zurich
Switzerland
Email: kontakt.datenschutz@kieser-training.com
Please check the Privacy Policy of Kieser Training Schweiz AG for further information.
Sharing of data between Kieser Switzerland and Kieser Australia and cross-border disclosure
When you use our App in Switzerland, you acknowledge that your data is shared between Kieser Switzerland and Kieser Australia for providing the services of our app to you according to our Terms of Use and as agreed between you and Kieser Switzerland. Kieser Switzerland will be responsible for the processing of your data as provided for in your agreement with Kieser Switzerland and we will be responsible for the processing of your data as provided for under our Terms of Use and this Privacy Policy, whereby Kieser Switzerland and Kieser Australia will act as separate controller.
You also acknowledge that your data will be transferred from Switzerland to Australia and vice versa, and that the recipient country might not be considered to provide an adequate level of data protection from the perspective of the country of origin. However, such disclosure is required for the performance of the contracts with you and therefore legitimate.
Data processing by app stores
Before you can install our App, you may need to enter into a user agreement with an app store operator (e.g. Google, Apple) in order to gain access to their portal (e.g. Google Play, App Store). As the controller of such portal, the app store operator will collect and process data in connection with your use of the app store, such as your username, email address and individual device ID. We are not a party to the user agreement with the app store operator and have no control over this data processing. Please note, that in this respect, the privacy policy of the respective app store operator applies.
Using our App – Technical Data
When you use our App, we collect technical data automatically transmitted by your system in order to provide our services to you. This technical data includes:
- the IP address and information about the operating system of your device
- name and URL of any visited page
- the date and time of access, GMT time difference
- information, whether the access was successful (access status/http status code)
- amount of data transferred
- websites that are accessed via our website
- website from which any access takes place (so-called referrer URL)
- the type of browser that you use to access our online offerings
- name of your internet provider
- browser type and version used, and other information provided by the browser (such as geographical origin, language setting, add-ons used, screen resolution, etc.).
- logs that are created in our systems (e.g. the log of user logins to our website) and possibly the number of clicks.
User account and Registration Data
When you wish to use our App you need to register and set-up a user account. Such data includes:
- information you provide when you create an account in our App (for example username, password, name, e-mail)
- contact details when you subscribe to our newsletter.
Communication Data
When you get in contact with us via contact form, e-mail, telephone, chat, or by letter or other means of communication, we collect the data exchanged between you and us for communication purposes. We might also contact you in order to receive feedback to our services.
Communication data includes
- your name and contact details,
- the means, place and time of communication and usually also its contents (i.e. the contents of e-mails, letters, chats, etc.). This data may also include information about third parties. For identification purposes, we may also process your ID document number or a password set by you.
Master Data
Master data is the basic data that we need, including data we collect in relation with the conclusion or performance of the contract with you, other business relationships or for marketing and promotional purposes, such as name and contact details, and information about, for example, your role and function, your bank details, your date of birth, client history, powers of attorney, signature authorizations and declarations of consent. We process your master data if you are a client or other business contact or work for one (for example as a contact person of the business partner), or because we wish to address you for our own purposes or for the purposes of a contractual partner (for example as part of marketing and advertising, for invitations to events, for vouchers, newsletters, etc.). We receive master data from you (for example when you register at our App or use functions of our app), from parties you work for, or from third parties such as contractual partners, associations and address brokers, and from public sources such as public registers or the internet (websites, social media, etc.) if legally permissible.
Master data is not comprehensively collected for all contact. Rather, the collection of master data depends on the individual case and purpose of the processing. In general, it may include:
- Your name
- Address
- e-mail address
- telephone number and other contact details
- gender
- date of birth
- nationality
- data about related persons
- membership information
- strength Test and training Information
- health information
- social media profiles
- photos and videos
- copies of ID cards
- details of your relationship with us (e.g. customer, supplier, visitor, service provider or service recipient, etc.)
- details of your status, allocations, classifications and mailing lists
- details of interactions with you
- reports
- payment information (e.g. bank details, account number and credit card data)
- declarations of consent and opt-out information
- As regards clients, suppliers and partners, master data also includes information about the role or function in the company, qualifications and information about superiors, co-workers and information about interactions with these persons.
Use of Cookies
Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.). When you visit our App, we only use necessary cookies. Necessary cookies are necessary for the functioning of the App or for certain features. They make the use of our App more pleasant for you. For example, they help make an App usable by enabling basic functions such as navigation and access to secure areas of the App. They also ensure that you can move between pages without losing information that was entered in a form and that you stay logged in. These cookies exist temporarily only («session cookies»). The session cookies are automatically deleted after leaving our App. If you block them, the App may not work properly. Other cookies are necessary for the server to store options or information (which you have entered) beyond a session (i.e. a visit to the App) if you use this function (for example language settings, consents, automatic login functionality, etc.).
Legal Basis for Processing your Data
Where we asked for your consent, we process your data based on such consent. You may withdraw your consent at any time with effect for the future by providing us written notice (e-mail sufficient), see our contact details above. Withdrawal of your consent does not affect the lawfulness of the processing that we have carried out prior to your withdrawal, nor does it affect the processing of your data based on other processing grounds.
Where we did not ask for your consent, we process your data on other legal grounds, such as
- a contractual obligation
- a legal obligation
- a vital interest of the data subject or of another natural person
- to perform a public task
- a legitimate interest, which includes compliance with applicable law and the marketing of our products and services, the interest in better understanding our markets and in managing and further developing our company, including its operations, safely and efficiently.
Profiling and Automated Decision Taking
We might analyse aspects of your individual’s fitness, personality, behaviour, interest and habits, make predictions or decisions about them for the purposes laid out in this Privacy Policy, e.g to perform statistical analysis or to prevent misuse and security risks. This analysis identifies correlations between different behaviours and characteristics to create profiles for individuals. For example, we may use profiling to determine your fitness level or to find out in which products or services you might be interested in. We do not use profiling that can produce legal effects concerning you or similarly significantly affect you without human review.
In certain circumstances, automated decision taking might be necessary for reasons of efficiency and consistency. In such cases, we will inform you accordingly and take the measures required by applicable law.
Disclosure of Data to Third Parties
In order to perform our contracts, fulfil our legal obligations, protect our legitimate interest and the other purposes and legal grounds set out above, we may disclose your data to third parties, in particular to the following categories of recipients:
Kieser Group and Franchisees
Please find a list of our Kieser Group Companies and Franchisees here [pls add a link to the list]. If you are a member of a different Kieser Group Company or a franchisee, we will share your data with such company or franchisee in order to provide our services to you. Please note that such company or franchisee will process your data based on your agreement with such company or franchisee and will be considered a separate controller, acting according to its own Privacy Policy.
Offerings of Third Parties
Our App may contain third-party offerings. If you click on such an offer, we will transfer data to the respective third party to the extent necessary (e.g. the information that you found this offer on our website or App and, if applicable, further information that you provided for this purpose on our App). We have no control over, do not review and cannot be responsible for these third-party websites or their content. Please be aware that the terms of this Privacy Notice do not apply to these third-party websites or their content, or to any collection of your data after you click on links to such third-party websites. We encourage you to read the privacy policies of every website you visit. Any links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, or websites.
Service Providers
We may share your information with service providers and business partners around the world with whom we collaborate to fulfil the above purposes (e.g. IT provider, shipping companies, advertising service provider, security companies, banks, insurance companies, telecommunication companies, credit information agencies, address verification provider, lawyers) or who we engage to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only.
Contractual Partners Including Clients
In case required under the respective contract we share your data with other contractual partners. If we sell or buy any business or assets, we may disclose your data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
Legal Authorities
If legally obliged or entitled to make disclosures or if it appears necessary to protect our interests, we may disclose your data to courts, law enforcement authorities, regulators, government officials or other legal authorities in Australia, Switzerland or any other country in the world, e.g. in criminal investigations and legal proceedings including alternative dispute resolution as well as to prevent and combat money laundering and terrorist financing (e.g. duties in the event of a suspicion of money laundering) or due to further reporting duties.
Transfer of Data Abroad
Your data is processed in Australia, in the European Economic Area (EEA), in Switzerland and in exceptional circumstances also in other countries outside the EEA and around the world, which includes countries that do not provide the same level of data protection as Australia, Switzerland or the EEA and are not recognized as providing an adequate level of data protection from the perspective of the respective country of origin. We only transfer data to these countries when it is necessary for the performance of a contract or for the exercise or defence of legal claims, or if such transfer is based on your explicit consent or subject to safeguards that assure the protection of your data, such as the European Commission approved standard contractual clauses.
How Long We Keep your Personal Data
We only process your data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of complying with legal retention requirements and where required to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. Upon expiry of the applicable retention period we will securely destroy your data in accordance with applicable laws and regulations.
Security of your Personal Data
We take appropriate organisational and technical security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
However, we and your personal data can still become victims of cyber-attacks, cybercrime, brute force, hacker attacks and further fraudulent and malicious activity including but not limited to viruses, forgeries, malfunctions and interruptions which is out of our control and responsibility.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your Rights
You have various rights in relation with our processing of your personal data, depending on the applicable data protection law:
Right of Access
You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.
Right to Rectification
We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up to date.
Right to Erasure
You have the right to require us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
Right to Restriction
You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Right to Data Portability
You have the right to ask that we transfer the personal information you gave us to another controller or to you, in certain circumstances.
Right to Withdraw Consent
Where we process data based on your consent, you have the right to withdraw your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there is another legal ground for the processing.
Complaints
If you believe that your data protection rights might have been breached, please contact Kieser by emailing at dataprotection@kieser.com.au or contact the applicable supervisory authority.
If you are residing in Australia this would be:
Office of the Australian Information Commissioner
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Online: www.oaic.gov.au
If you are residing in the European Union, you have the right to complain to your local data protection supervisory authority according to applicable law. You can find some contact details of the respective authorities of the Member States of the European Union here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
If you are residing in Switzerland, the Federal Data Protection and Information Commissioner is the competent data protection authority according to applicable law. The contact details are available here: www.edoeb.admin.ch.
Right to Object
Under applicable data protection law, you have the right to object at any time to the processing of personal data pertaining to you under certain circumstances, in particular where your data is processed in the public interest, on the basis of a balance of interests or for direct marketing purposes.
If you like to exercise the above-mentioned rights, please contact us at dataprotection@kieser.com.au or the contact details provided above unless otherwise specified or agreed. Please note that we need to identify you to prevent misuse, e.g. by means of a copy of your ID card or passport, unless identification is possible otherwise.
Newsletter
If you subscribe to one of our newsletters offered, you may cancel the subscription at any time by using the option to unsubscribe contained in the newsletter.
Who is a client?
For the purpose of this Policy a client may include patients, members and suppliers, or prospective clients of Kieser.
Additional information for individuals residing in Australia
If you are residing in Australia, in addition to what is set out in this Privacy Policy above, please be aware of the following additional information about our personal data handling practices.
Purposes for which we process your data
As detailed in the ‘Legal Basis for Processing Your Data’ section, where we asked for your consent, we process your data based on such consent. Accordingly, where we have asked for your consent, we may also process your de-identified personal data to:
- inform Kieser clinical practices and improve the products and services we provide, including our physiotherapy, exercise physiology, rehabilitation and strength training treatments and programs;
- gain insights about our business, products and services and membership base, including so we can assess the performance and outcomes of our programs, market our products and services and inform member retention and engagement strategies;
- share data and statistics about the outcomes of our services with health insurance providers who fund, or are interested in funding, our programs and treatments for their members; and
- for internal research purposes, including where this research is supported or undertaken by a third-party researcher.
You may withdraw your consent at any time – please refer to the ‘Legal Basis for Processing Your Data’ section above for further information.
Disclosure of Data to Third Parties
In addition to the details set out in the ‘Disclosure of Data to Third Parties’ section above, we may also share your personal data with health professionals involved in your healthcare, for example your General Practitioner or other doctor where you have given your consent for us to contact them and / or where this health professional has given you a referral for one of our services.
Further, where we have asked for your consent, we may also:
- share your personal data with your health insurance provider to facilitate the funding (or partial funding) by your health insurance provider of our services to you; or
- disclose personal data that has been de-identified to:
- third party research providers (such as Universities or medical professionals), to enable Kieser and / or the third party to undertake research;
- share data and statistics about the outcomes of our Services with health insurance providers who fund, or are interested in funding, our programs and treatments for their members; and
- other entities in the Kieser group (including franchisees), including group entities or franchisees located in Switzerland.
You may withdraw your consent at any time with effect for the future by providing us written notice (e-mail sufficient), see our contact details above. Withdrawal of your consent does not affect the lawfulness of any disclosures that we have carried out prior to your withdrawal, nor does it affect the disclosures of your data based on other legal grounds.
Security of your Personal Data
If you are residing in Australia, we store your personal data in an AWS data centre located in Australia.
Your Rights
As detailed in the ‘Your Rights’ section above, you have various rights in relation to our processing of your personal data, depending on the applicable data protection law. If you are residing in Australia, you have the Right of Access, Right of Rectification and Right to Withdraw Consent (as further detailed above).
If you believe that the data we hold about you is incorrect or you would like to make an access request, please contact Kieser by emailing at dataprotection@kieser.com.au with the details of your request to access or rectify your personal data.
Version and Updates
Kieser reserves the right to review, amend, update and change this Policy from time to time to reflect its practices and obligations. Our current Policy can be found at our App and website (https://www.kieser.com.au/privacy-policy). This Privacy Policy was last updated on 28 June 2024.