Privacy Policy

Thank you for downloading our mobile BLACKROLL App (hereinafter referred to as the “App”) from the Apple and Google app stores. Welcome to this App and thanks again for your interest in our company and products. Protecting your privacy while you use our App is important to us.

We would like to inform you about the processing of your personal data and your rights as the individual concerned (“data subject”) in connection with your use of our App. We, i.e.,

BLACKROLL AG
Hauptstraße 17
CH-8598 Bottighofen
Switzerland

Telephone:+41 (0)715085779
E-mail:datenschutz@blackroll.com

(Legal notice)

(hereinafter referred to as “we” or “BLACKROLL”)

as the controller under data protection law and, simultaneously, the service provider, would like to provide you with the following information.

Your personal data will only be processed in accordance with the provisions of the Swiss data protection laws, taking the data protection laws of the European Union into account, in particular, the European General Data Protection Regulation (GDPR), and other statutory data protection provisions.

This Privacy Policy only refers to our App. It does not refer to our web shop (available at www.blackroll.com/shop) or other websites operated by us. Furthermore, it does not refer to any websites operated by third parties to which links from our App may point, including, but not limited to web shops of distributors of BLACKROLL products. We, therefore, ask you to read the privacy policy of that other website, if any. In some cases, we may provide other, additional privacy policy documents to you when we contact you or process your information, as the case may be, which you should also read, if applicable.

The subject matter of this Privacy Policy is your personal data. The term “personal data” covers any piece of information that refers to an identified or identifiable natural person (“data subject”). Consequently, your personal data comprises any piece of information that allow us or third-parties to identify you, such as your name, address, phone number, or your email account.

Generally, we process the following categories of personal data in connection with your identity:

• Master data, in particular, family name, first name, gender.
• Contact data, in particular, postal address, phone number, and e-mail.
• Information on personal interests, in particular, data that you provide to us within the scope of the Terms of Use, e.g., on sports disciplines, points of pain, etc.
• Usage data, in particular, the pages/screens of our App that you open, access times, and your IP address.
• Workout data, in particular, information on the type, date/time, and duration of your workout using the App.

Within the scope of our contract relationship, you need to provide such personal data that is required for performing the duties from the Terms of Use and for compliance with statutory duties. We will inform you in an appropriate manner as to which data is concerned in your particular case (e.g., by highlighting mandatory fields in forms).

In these cases, your personal data is data that you provided voluntarily, in particular, data you entered, and data gathered from your use of our App.

We will process your data only for a particular purpose and only to the extent permissible under an applicable statutory provision. We will process your data for the following purposes, based on the following legal grounds:

• Consent: We will process certain types of data solely based on your consent that you granted prior to such use and voluntarily. You may withdraw your consent at any time with effect for the future (see Art. 15 below).
• Contract performance and/or steps prior to entering a contract: Including, but not limited to the performance and management of the contract concluded between you and us subject to the Terms of Use.
• Compliance with a legal obligation: In addition, we process your personal data for meeting statutory duties, such as retention duties under commercial and/or tax law.
• Safeguarding legitimate interests: We will process certain types of data to safeguard our legitimate interests, e.g., for making this App available and for operating it.

Please refer to Art. 15, if you wish to find out how to object to such data processing and subject to which conditions we are required to discontinue and/or to restrict data processing.

Please note that this is not a complete or conclusive enumeration of the potential legal grounds, but that these are only some examples intended to make the legal framework for data protection more transparent. For further information on the legal grounds for the various types of processing in our App, please read the explanations in the Articles below.

Since our headquarters is located in Switzerland and our App is operated from Switzerland, the collection, processing, and use of your personal data generally occurs in Switzerland, unless otherwise provided in this Privacy Policy. Specifically, we collect, process, and use your personal data in the following cases described in the Articles below.

When downloading our App, the necessary information will be transmitted to the corresponding app store. This includes, in particular, the user name, e-mail account, date and time of download, and the unique device ID. However, this data collection is beyond our control, since it is handled by the operator of the corresponding app store. This data will not be stored on our servers in any other manner.

In connection herewith, please also refer to the relevant privacy policies of the app store operators:

• For the iOS App Store: Apple Inc., 1 Infinite Loop, Cupertino, CA 95014, USA, retrievable from www.apple.com/de/privacy/privacy-policy/, and
• For the Google Play Store: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, retrievable from policies.google.com/privacy?hl=de.

Generally, you may browse our App without disclosing any personal data. However, when you browse our App, the following information may be stored about your access and use:

• IP address of the requesting mobile device,
• Screens/videos retrieved,
• HTTP response status code, if applicable,
• The previous screen and/or the linked screen/page that you had accessed before (referrer/target URL),

• Date, time, duration, and time zone of the server request, and/or interaction (e.g., initial/last opening/closing of the App, last login, screens/videos watched, start/end of a workout, click on a call-to-action button),
• browser type and version,
• operating system of the requesting mobile device,
• App uninstall/update operations
• Your device model, international mobile equipment identity code (IMEI), name of mobile device, mobile device ID.

We will process this usage data based on our legitimate interests for the purpose of providing this App, for ensuring the technical operation, for recording the consent granted by you, and for the security of our IT systems. We pursue the interest of making our App available for use, of ensuring its functionality, and of maintaining the latter on a permanent basis. This data will be automatically processed when you access our App. You will not be able to use our App without sharing this information. In no event we will not use this data for the purpose of drawing conclusions regarding your identity.

You may not object to the processing of your usage data, because this data is mandatorily required for a trouble-free operation of the App. The App cannot be used without processing this information.

We use tracking technologies similar to cookies in order to enable the best possible App design. Among other things, these technologies allow us to provide certain functionality to make navigation easier and ensure a high degree of user-friendliness.

Non-cookie tracking technologies are based on identifiers which allow our web servers to recognize your mobile device, e.g., in order to determine whether your mobile device has communicated with us before. This way, they serve the purpose of enabling you to use our App, of making the use of our App more convenient for you, and of optimizing our service offering. The provisions below include detailed information on the type, function, purposes, and, if applicable, third party suppliers deployed in the use of non-cookie tracking technologies. The legal basis for the use of non-cookie tracking technologies is your consent that you grant when you first open the App.

You may revoke this consent at any time by preventing the storage of data using non-cookie tracking technologies by making the relevant settings in the App. In this case, you should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”.

Generally, you do not need to register to use the App. However, certain parts of our service offering in the App will not be available to you until you create a user account as a registered user.

Use without user account

In addition to the usage data listed in Art. 4, we will process your workout data, the country/language you selected, information on the consents granted by you, and the Terms of Use confirmed by you. We use this information (including in connection with non-cookie tracking technologies) in order to display customized recommendations and information on your workout program and matching BLACKROLL products and services to you via push messages and/or in-app messages. Push messages require an authorization via your device (see Art. 10 below). However, if you are not logged in as a registered user, we will not use this information to draw conclusions regarding your identity. In connection herewith, your data will also be used within the scope of the Google Firebase service (see Art. 7 below).

Without this type of processing, we are unable to provide the App in accordance with our Terms of Use. Processing for usage analysis and the use of non-cookie tracking technologies will only occur based on the consent that you granted for this purpose.

You should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”, if you wish to revoke your consent in this regard.

Use with user account (registered user)

Certain portions of the App’s service offering require a registration and/or login. The information to be entered in the fields that are marked as mandatory fields is required for compliance with the Terms of Use on our part. We will set up a password-protected App access for any user who properly registers him-/herself in order to allow access to his/her master/contact data, data on personal interests, and workout data stored on our servers (hereinafter referred to as the “User Account”). This is where you can look up data on your completed and recently performed exercises and manage your master/contact data. The legal basis for processing your personal data is, in particular, your consent that is a prerequisite for creating a user account. Your consent also applies to so-called sensitive data (e.g., information on your health).

In connection herewith, we will process the following information:

• family name, first name, gender,

• e-mail account,
• password (encrypted),
• information on personal interests (e.g., details on sports disciplines, points of pain, body parts, and BLACKROLL products used),
• workout data (e.g., type of exercises done, workout category, data/time/duration of workout, selected filters).

We use this information in order to provide our App to you and to analyze, optimize, and customize our App’s usage by means of Google Firebase. To this end, we may also create usage profiles, in order to provide you with an enhanced workout program, and to display recommendations and information on your workout program and on matching BLACKROLL products and services via push messages and/or in-app messages. We reserve the right to combine this information with other of your customer data that is stored by BLACKROLL (e.g., in connection with orders from the web shop). The reach and purpose are specified in the consent form by which you granted your consent.

You grant your consent on a voluntary basis and may revoke the same at any time, in whole or in part, with effect for the future without giving reasons, e.g., by e-mail to datenschutz@blackroll.com. Please note, however, that we may be obligated to delete your user account in this case for legal reasons and that you would only be able to use the remaining part of our service offering that is accessible without user account.

We will not disclose your personal data to third parties. Not even distributors of BLACKROLL products will receive personal data from us, but they may obtain it directly from you when you browse their website, or place order in their web shops. Push messages require your prior authorization by making the corresponding settings in your device (see Art. 10 below).

You may delete your user account and the related data at any time via the function “Delete user account” in the menu “Settings > Privacy”.

This App uses Google Firebase, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Firebase uses non-cookie tracking technologies, i.e., identifiers which allow Google servers to recognize your mobile device, e.g., in order to determine whether your mobile device has communicated with us before. Generally, the information generated this way on your use of our App (including your IP address and the other types of usage data listed in Art. 4, workout data, and, if applicable, data on your user account) will be transmitted to a Google server in the U.S. and stored on that server. The Google parent entity Google LLC has been certified under the EU-U.S. Privacy Shield and, thus, offers a guaranty that the European data protection law (see www.privacyshield.gov/participant?id=a2zt000000001L5AAI will be complied with.

Within the scope of functions and purposes described below, Google will engage in activities on our behalf under a Commissioned Processing Agreement as instructed by us:

• to provide our App and enable key functionality (e.g., performance and storage of workouts),
• to allow the use of the user account (see details in Art. 6, lit. b. above),
• to ensure the stability of our App and allow trouble-shooting upon crashes,

• to provide push messages and in-app messages (see details in Art. 10 below),
• to evaluate and analyze the usage of our App and to compile reports on App activities.

The legal basis for all activities listed above is that they are a prerequisite for performing the agreement, since the processing of the transmitted data is required for performing our duties under the Terms of Use agreed upon by you and us. In addition, we process data based on our legitimate interests in the economically sound/trouble-free operation and optimization (in particular, user-friendliness) of our App and in providing premium services which may be used at the user’s option.

Processing for usage analysis and the use of non-cookie tracking technologies will only occur based on the consent that you granted for this purpose. You may revoke this consent at any time by preventing the usage analysis by Google Firebase by making the relevant settings in the App. In this case, you should disable the function “Allow non-cookie tracking technologies and usage analysis” in the menu “Settings > Privacy”.

Within the scope of this usage analysis, Google will also estimate from which country you access the App, your age, and your gender.

For further information on the use of data by Google and on data protection in connection with Google Firebase please click on the following links:

• policies.google.com/technologies/partner-sites?hl=de (“How Google uses information from sites or apps that use our services“),
• policies.google.com/privacy?hl=de (“Google Privacy Policy”),
• firebase.google.com.

If you are registered and logged in to our app, we offer you the motion analysis function. This function enables you to record videos of a certain movement sequence with the help of the camera of your own smartphone, which are then analysed by means of artificial intelligence and evaluated by us. As a result of this evaluation, we can show you deviations of your movement sequence from our reference model. You will then receive an individually tailored training plan that can help you improve your mobility and stability.

Within the scope of your use of the movement analysis, we process your data for the purpose of being able to provide you with the function itself as well as evaluations and recommendations for your personal training.

In particular, the following data is processed:

• User ID
• General physical characteristics as shown in the videos (e.g. height, hair colour, eye colour etc.)
• Health data
  • Deviations from our reference model based on the analysis of the positions of a number of joints (e.g. knee, hip, shoulder) in the videos
  • Compensation pattern incl. results
  • Matching training plan to the compensation pattern (compensation pattern of the movements you made)

• Technical meta-data, such as technical error messages (e.g. error in the camera, error in the recording), recording duration and time until recognition of the recording time, number of times the movement analysis was performed

The use of the motion analysis and the related processing operations, including the processing of health data, is voluntary and based on the explicit consent given by you. You can revoke your consent in this regard at any time, e.g. by emailing datenschutz@blackroll.com. Please note that you will then no longer be able to use the movement analysis until you give your consent again. Of course, you can also use the other functions of our app without the motion analysis.

In addition, our app requires the device's consent to access the camera and microphone of your smartphone for the motion analysis (see section 10 below).

We will only transfer your data to external recipients within the scope of the aforementioned purposes and only if we are authorised or legally obliged to do so.

For movement analysis, we use an external service provider whom we have contracted as a processor and who only processes your data on our instructions for the aforementioned purposes. Your data is processed in a German data processing centre. No data is transferred to countries or bodies outside the EU or the EEA. All data transfers from our systems to the systems of our service provider take place via a technically end-to-end encrypted connection.

We store the videos recorded by you for a period of up to 6 months before they are automatically deleted by us. Apart from that, we only store your data for as long as is necessary to fulfil the above-mentioned purposes, subject to any statutory retention periods.

For reasons of transparency, we would also like to point out that we may use the videos after the analysis for the purpose of further developing the movement analysis and the technologies used. For this purpose, we anonymise the videos (e.g. by making you and the background completely unrecognisable) so that no reference to you can be made.

In the app, you yourself have the option to delete your user account and all related personal data at any time. You will find the corresponding option in the menu "Settings > Privacy > My data" under "Delete the account and all data".

Translated with www.DeepL.com/Translator (free version)

The newsletter is mailed using the so-called double opt-in procedure, i.e., we will not send you a newsletter by email, unless you have expressly confirmed that you wish us to activate the newsletter service. We will then send you an email confirmation and ask you to confirm by clicking on the link contained in that e-mail that you wish to receive our newsletter. Upon completion of this separate double opt-in procedure, you have granted your consent to receiving the newsletter.

In the event the newsletter is subscribed to from within a user account, we may omit the renewed double opt-in, since your e-mail account was verified by a confirmation link during the activation of your customer account. In this case, a simple opt-in (by clicking a check box) in the user account is sufficient.

Within the meaning of this Art. 9, we will not send you newsletters without your prior registration, i.e., based on your consent. In the event that the content of a newsletter is accurately described during the registration process, this information will govern the reach of your consent. Apart from this, our newsletters include information on our products, offers, promotional campaigns, events, and our business.

In the event you should decide at a later date that you do not wish to receive our newsletter any more, you may revoke your consent at any time. A notice in text form (e.g., e-mail, letter) directed to the address in the contact data set forth in in Art. 16 or to datenschutz@blackroll.com shall suffice. Of course, you will find an unsubscribe link in every newsletter.

The newsletter is mailed using MailChimp, a newsletter mailing platform operated by the U.S. provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, U.S. In this context, data will be processed on our behalf subject to a Data Processing Agreement (Auftragsverarbeitungsvertrag) that we have concluded with MailChimp. In that agreement, MailChimp agrees to protect the personal data of our users, to process it only on our behalf, and, in particular, not to disclose it to any third party

The email accounts of our newsletter recipients and any other data referred to in this Privacy Policy will be stored on the U.S. based servers of MailChimp. MailChimp will use this information for mailing and analyzing the newsletters on our behalf. Furthermore, according to MailChimp, it may use this data to optimize or improve its own services, e.g., for technical optimization of newsletter mailings, the appearance of the newsletter, or for economic purposes in order to determine in which countries the recipients are based. However, MailChimp will neither use the data of our newsletter recipients to contact them on its own behalf nor disclose this data to third parties.

We trust in the reliability, IT security, and data protection of MailChimp. MailChimp has been certified in accordance with the EU-U.S. Privacy Shield and, thus, promises to comply with the EU data protection requirements (see www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.

To review the privacy policy of MailChimp please go to: mailchimp.com/legal/privacy/. In addition, MailChimp uses the Google Analytics tool and may integrate it into the newsletters. For further information on Google Analytics please refer to the relevant section of our website’s general Privacy Policy: www.blackroll.com/de/datenschutzerklaerung.

We would like to draw your attention to the fact that following the mailing of the newsletter your user behavior regarding our newsletter will be analyzed on our behalf. This analysis is based on so-called web beacons, also known as tracking pixels, that are included in the e-mail messages, and links encoded using this technology. Web beacons are one-pixel image files that are linked with our website and, thus, allow us – in combination with encoded links, to analyze your user behavior with regard to our newsletter (so-called open and/or click tracking). This is achieved by collecting technical information, e.g., on your browser, your system, your IP address, and the time of downloading the mail and/or the link via web beacons and encoded links, that is matched with your e-mail account and assigned a unique ID.

The so-called open tracking using web beacons is not possible, if you have disabled the display of images by default in your e-mail browser. However, in that case, the newsletter will not be fully displayed and you may not be able to use all of its features. If you allow the display of images on a case by case basis, this will trigger the tracking described above. The only way to prevent the so-called click tracking is not to click on the links in the corresponding e-mail.

The App supports the display of messages (so-called push messages) on the start/home screen of your mobile device and within the App (so-called in-app messages) via the Firebase Cloud Messaging feature of the Google Firebase service (cf. Art. 7 above). Therefore, the App may ask you to grant the corresponding device authorizations. Granting the authorization is optional. However, if you wish to receive push messages, the authorization should to be granted, since otherwise you would not be able to use this function. We need this authorization in order to provide you with the requested services in accordance with our Terms of Use.

We use the Google Firebase technology (for further details please refer to Art. 7 of this Privacy Policy) in order to send you push messages or in-app messages. Your mobile device will be assigned a pseudonymized push reference number that also stores details on when and how long a certain push message or in-app-message, respectively, was read. This reference number serves as the target for push messages and/or in-app messages and will enable us to display push messages and/or in-app messages on your mobile device.

Your personal data will not be transmitted to distributors, including in those cases where push messages or in-app messages, respectively, contain third-party contents from distributors of BLACKROLL products.

The authorization will remain activated until you disable it in your mobile device. Push messages can be disabled and re-enabled at any time. For example, on an Android mobile device go to “System settings” > Apps > BLACKROLL App > authorizations“; on an iOS mobile device go to “System settings > BLACKROLL App > messages“.

We will only pass on your personal data to external recipients if this is required for providing the App, if you have granted your consent, or on another kind of statutory authorization.

External recipients may include, but are not limited to:

• Processors: This term refers to service providers that we use for providing services, e.g., in the areas of technical infrastructure and maintenance of our App. We will carefully select such processors and audit them at regular intervals, in order to ensure that your privacy is safeguarded. They shall use the data exclusively for the purposes indicated by us and in accordance with our instructions. Provided that the statutory provisions are complied with, we have the right to retain such processors.
• Public entities: This term refers to public authorities, government institutions, and other public-law entities, e.g., supervisory authorities, courts, public prosecutors, or fiscal authorities. Personal data will be transmitted to such public entities only for compelling statutory reasons.
• Private entities: Service providers and auxiliaries (Hilfspersonen) to whom data is transmitted for providing the App in compliance with a legal obligation, or for safeguarding legitimate interests, such as attorneys-at-law, tax advisors, or tax auditors.

Generally, we will not process your data outside Switzerland and the European Union (EU) or the European Economic Area (EEA). In the event that we should transmit your data to third countries outside the EU and/or the EEA in an individual case, we will ensure prior to passing on your data that this is either a legally permissible exception, or that the recipient either offers an adequate protection of personal data, or that you grant your consent to this data transmission. For example, an adequate protection of personal data is warranted by the recipient’s certification under the EU-U.S. Privacy Shield, the acceptance of EU Standard Contractual Clauses, or the existence of Binding Corporate Rules (BCR) by or at the recipient’s organization. Please contact us at datenschutz@blackroll.com, if you wish to receive a copy of the specific precautions regarding the transmission of your data to third countries. The EU Commission has passed a decision on the adequate protection of personal data provided in Switzerland (eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32000D0518).

We take technical and organizational precautions to protect your personal data against coincidental or willful manipulation, loss, destruction, or access of unauthorized parties. Our data processing systems and our precautions and security measures will be continuously improved based on the then-current state of the art.

In particular, we will secure the transmission of any personal data transmitted in connection with your user account by data encryption. This applies to the registration as well as to the log-in.

We use the encryption protocol Transport Layer Security (TLS), more commonly known by the name of its precursor Secure Sockets Layer (SSL).

Please note that we are unable to promise, in particular with regard to communication via the contact feature and e-mail, absolute data security. In particular, when confidential information is concerned, we recommend using a safe communication channel, e.g., postal mail.

Our employees are bound to privacy protection rules and regulations.

We will store your personal data only as long as required for meeting the purposes or – if a consent was granted – as long as you do not withdraw your consent. In the event of a withdrawal, we will no longer process your personal data, unless its continued processing is permitted in accordance with the applicable statutory provisions, or even compellingly required (e.g., due to retention periods under commercial or tax law). We will also erase your personal data if we are obligated to do so subject statutory requirements.

For further details on the storage periods that apply to your personal data please refer to the above Articles.

As a data subject, you have numerous rights. In particular, these are:

• Right of access: You have the right to obtain access to the personal data stored about you.
• Right to rectification and erasure: You have the right to demand the rectification of inaccurate data and – if the statutory preconditions are met – the erasure of your data.
• Right to restriction of processing: In the event that the statutory preconditions are met, you may request that we restrict the processing of your data (e.g., by means of blocking).
• Right to data portability: If you have provided data to us under a contract or based on a consent and if the statutory preconditions are met, you may demand to receive the information submitted by you in a structured and commonly used format, or that we transmit this information to another controller.
• Right to object to data processing based on legitimate interests: If reasons exist that are based on grounds relating to your particular situation, you may object at any time to the processing of personal data by us, to the extent that this is based on your legitimate interest. Should you exercise your right to object, we will discontinue the processing of your data, unless we are able to show that there are compelling reasons that permit the continued data processing and override your rights, or if data processing serves the purpose of enforcing, exercising, or defending rights.

• Withdrawal of consent: If you have granted your consent to the processing of your data you may withdraw this consent at any time with effect for the future without giving any reasons. The legitimacy of the processing of your data until the date of your withdrawal remains unaffected.
• Right to lodge complaints with the supervisory authority: Furthermore, you have the right to lodge a complaint with the competent supervisory authority, if you consider that the processing of your personal data violates the applicable statutory provisions, rules, and regulations. In particular, you may contact the data protection authority (DPA) at your habitual residence, your place of work, or the place of the alleged infringement, or the supervisory authority having competence at our place of business.

If you should have any questions regarding the processing of your personal data, your rights as a data subject, any consents that you may have granted, please do not hesitate to contact us via any of the other communication channels specified in Art. 16. Please contact us directly if you wish to exercise any of your rights as a data subject.

If you should have question on data protection or wish to exercise your rights as a data subject please contact us:

BLACKROLL AG
Hauptstraße 17
CH-8598 Bottighofen
Switzerland

fax: ...
e-mail: datenschutz@blackroll.com

From time to time it may become necessary to modify, review, or amend the content of this Privacy Policy. We, therefore, reserve the right to modify, review, or amend it at any time. We recommend you read the most current version of this Privacy Policy next time you browse or use our App. We will publish the revised version of this Privacy Policy in the same place.

Last revised: October 2022