Last update: 21 March 2024
We value your fundamental right to privacy. As a company based in the European Union, we comply with our obligations uner European data protection laws (GDPR). In this document, we show you how we use your personal data if you’re a consumer or an individual participant in our exercise activities.
For clarity, we have divided the privacy policy into two parts:
If you have any questions or concerns regarding the processing of your personal data at Hydrohex, please don’t hesitate to contact us:
Hydrohex Oy Ltd
Privacy team
[email protected]
We may update our privacy policies from time to time. The date of last update is shown above. Minor changes will be shown in this document, and we ask that you review it regularly. If we have your contact details, we’ll let you know by email or notification if we maked changes that significantly affect your data protection rights and freedoms.
If you are our customer or otherwise participate in our exercise activities, we often collect and process certain types of your personal data. These are:
Occasionally, we process certain additional types of your personal data. These are:
Also, if you purchase or sign up for our paid services, we process additional types of your personal data. These are:
Some categories of personal data are mandatory in the sense that without certain data, we cannot provide our services to you.
In Part 2 of the privacy policy, we have marked clearly which categories of personal data are mandatory for a given purpose.
We primarily process personal data that you give us, for instance when you sign up for our services or otherwise participate in our exercise activities.
However, in some cases we may receive personal data relating to you from other sources. These are:
As is our duty under European data protection laws, we only keep your personal data as long as necessary for the purposes that we describe more in detail below, and only as long as we have a legal basis set out in the GDPR to process the data.
As soon as no relevant purpose or legal basis applies, we will either destroy your personal data or anonymise it in an irreversible manner.
In Part 2 of the privacy policy, we have marked clearly all retention periods of your personal data for given purposes.
As a commercial service provider, we like most other companies have to outsource some of the processing of your data to trusted partners. Because of that, we transfer certain types of personal data to third parties.
We always make sure that all transfers are protected by a contractual arrangement between us and our trusted partners as required by the GDPR.
Our trusted partners can be categorised as follows:
Website, data storage and technical operations
Communications and deliveries
Financial service providers
Professional advisers
Customer and contract management
Public authorities
We normally process your personal data within the European Union and European Economic Area. In some cases, we or our trusted partners process your personal data outside these areas.
Because of that, some of your personal data are transferred to the following countries:
According to the GDPR, you have various rights as we process your personal data. These are:
If you request a copy of your data, we will send it to you electronically. In most cases we will be glad to accommodate your request, but if we receive repeated or manifestly unfounded requests from you, we may have to refuse or charge a reasonable administrative fee to process your request.
You may also ask us that we do not erase or otherwise process your personal data if you need the data e.g. in a legal dispute and the erasure or other processing would jeopardise your interests in that regard. We will aim to accommodate your request as well as possible.
If that happens, we will let you know about our reasons for not accommodating your request and inform you about your right to lodge a complaint with the relevant data protection authorities.
If we have contacted you for direct marketing purposes, you may also object to our processing of your personal data for that purpose. (In other words, you may prohibit us from contacting you for direct marketing purposes). We will accommodate your request without undue delay.
To exercice any of your above rights, please contact us using the contact details shown at the beginning of the document. We’ll be glad to assist you.
Like most other companies, we use cookies and similar technologies on our website, online services and in marketing. We will adhere to applicable laws regarding the requirements for the processing of your personal data in such ways.
We have described in detail the types of cookies and similar technologies we use as well as their purposes in our cookie policy.
If you sign up for our services or otherwise participate in our exercise activities, we process your personal data in certain ways in the context of our relationship.
Here we describe the purposes of processing your personal data together with the appropriate legal bases for the processing, as well as the categories of personal data processed together with their retention periods.
According to the GDPR, all processing of personal data must be justified using a legal basis found in the law. We use the following legal bases for our processing:
Here is a complete overview of our purposes of processing and the corresponding legal bases:
Purpose | Legal basis | Examples |
Performing services | Contract | As we perform our services to you as we have agreed, we need to process some of your personal data. |
Consent | In the specific case that we process your health data or similar sensitive data as part of our services, we only do so with your consent. | |
Legitimate interest | As we perform our services to you, we have a justified interest in processing some of your personal data, e.g. to improve our services. | |
Maintaining and developing our customer relationship | Contract | Apart from performing our services, we do a number of things to maintain our contractual relationship with you. We may for instance take notes of how you use our services. |
Legitimate interest | To improve our services to you, we may conduct case studies about our customer relationship. | |
Billing and debt collection | Contract | As we perform our paid services to you, we bill you as agreed in our contract. To send an invoice, we need to process some of your personal data. |
Legal obligation | We have legal duties to keep records of our business transactions. For instance, our invoices must contain certain information which may be your personal data. | |
Accounting and taxation | Contract | To keep records of our sales and business transactions, we store and retain information about any paid services that you may have purchased. |
Legal obligation | We have a legal duty to keep records of our business transactions. For instance, we must store and retain our invoices for a number of years. | |
Risk management and protecting interests | Contract | To manage customer relationship with you and to protect the interest of you and us, we need to keep records of our contractual relationship and our services to you. |
Legal obligation | In some cases, we have to process certain background information as a legal duty. For instance, we may have to monitor your payment activity for fraudulent transactions. | |
Legitimate interest | To manage risks and to protect our company, we process certain types of personal data as our legitimate interest. For instance, we keep records of our contractual relationship, services and purchases with you for a number of years in case a legal dispute arises. Also, we keep records of the usage of our intellectual property by our customers. | |
Communications | Contract | As part of our customer relationship with you, we often have discussions and correspondence with you. We store and retain these if they are relevant to our contractual relationship. |
Consent | In some cases, for instance if you contact us using a medium that processes certain technical identifiers, we may ask for your consent for processing the identifiers. Also, we may ask for your consent to use our communications with you for a purpose not described here, such as as a customer testimonial on our website. | |
Legal obligation | In some cases, we have a legal obligation to store and retain our communications with you. This may be the case for instance if we suspect fraudulent activity with your payment activity. | |
Legitimate interest | In some cases, we store and retain our communications for various legitimate interests such as improving our customer service and training our staff. | |
Sales and marketing | Consent | In some cases, to process your personal data for sales and marketing purposes, we ask for your consent. This is case for instance when we use cookies and similar technologies for such purposes. |
Legitimate interest | As a commercial service provider, we have a justified reason for instance to send you marketing messages related to your previous purchases. In those cases, we process your personal data as part of our legitimate interesta. | |
Technical functioning and security | Contract | Some of the services that we provide to you under our contract require processing your personal data for technical reasons. For instance, to offer you our online services, we need to ensure the proper technical functioning and security of the platform. This often includes processing of personal data such as necessary technical identifiers. |
Consent | In some cases we offer you technical functions that do not strictly relate to our contractual relationship. This is for instance if you access our website for unrelated reasons. In those cases we process personal data for the technical functioning of the services. If the processing is not necessary for that purpose (e.g. in case of cookies used to improve the visual appeal of our website), we will ask for your consent to process the data. | |
Legitimate interest | In some cases we have a justified reason to ensure the proper functioning and security of our services and systems. In those cases we process certain technical personal data as part of our legitimate interests. |
Below is a list of our retention times for different types of personal data under a given purpose. Once a specific retention period runs out, we will destroy the relevant personal data or anonymise it irreversibly, unless a different purpose with a longer retention period applies.
For instance, we keep personal data for the purposes of communications (like e-mails containing your name and e-mail address) for 1 year. Once the retention period runs out, we will destroy the relevant data unless we need to keep it for the purposes of risk management for 3 years. If so, we will continue to retain the data until the 3-year retention period runs out.
Purpose | Category of personal data | Retention period(s) | Examples |
Performing services | Name and contact details | 1 year from the end of performance | To perform and deliver our services to you, we need to process these types of personal data. We will keep data in your file for 1 year in case there are for instance immediate issues that have to be fixed. |
Messages and correspondence | |||
Video and sound recordings, photographs | |||
Age, gender, physical characteristics | |||
Technical identifiers | |||
Consents and prohibitions | |||
Health data | 3 years from collection and storage | We will keep a record of your exercise-related health data for 3 years so that you will have access to your exercise history and other relevant information. | |
Preferences and activity | 5 years from collection and storage | We will keep a record of your preferences and exercise activity for 5 years so that you will have access to your exercise history and other relevant information. | |
Maintaining and developing our customer relationship | Name and contact details | 1 year from the end of customer relationship, or 5 years from collection and storage, whichever is sooner | To maintain and develop our active relationship, we will process your personal data. We will store these types of data in your file, and if the customer relationship ends, we will retain the data for a safety period of 1 year. |
Messages and correspondence | |||
Preferences and activity | |||
Technical identifiers | |||
Billing and debt collection | Name and contact details | 1 year from the end of the current financial year | As we bill you for any of our paid services, we process your personal data on invoices and in transaction records. We will retain that information for the current financial year and 1 year after that in order to keep our business records up to date. |
Financial information and public records | |||
Payment information and payment history | |||
Accounting and taxation | Name and contact details | 1 year after the current financial year (except legally prescribed information) 6 years after the current financial year (legally prescribed information) | As part of our annual accounting, we store and retain relevant personal data for the current financial year and 1 year after it. Some information, such as invoices and receipts, must be retained for a legally prescribed period, which is 6 years. During that period, we will only retain personal data which is necessary for that purpose. |
Messages and correspondence | |||
Financial information and public records | |||
Payment information and payment history | |||
Risk management and protecting interests | Name and contact details | 3 years from collection and storage | To protect your and our legitimate interests, we retain personal data for 1 to 3 years from their collection and storage (except in case of cookies and similar technologies, whose retention periods are stated in our cookie policy). We do so so that for instance in case of a legal dispute about our contract or service, any critical evidence will not have been destroyed. |
Messages and correspondence | |||
Financial information and public records | |||
Payment information and payment history | |||
Video and sound recordings and photographs | |||
Technical identifiers | 1 year from collection and storage (except as stated in cookie policy) | ||
Social media content and other public information | 1 year from collection and storage | ||
Communications | Name and contact details | 1 year from the communication | We retain personal data from our communications with you for 1 year in case we want to continue the discussion at a later time. |
Messages and correspondence | |||
Technical identifiers | |||
Social media content and other public information | |||
Consents and prohibitions | |||
Sales and marketing | Name and contact details | For the time being | As we have a legitimate interest in sending you marketing messages related to your previous services, we keep your name, contact details and position on file for the time being. This means we may contact you some time in the future unless you prohibit us from doing so. |
Messages and correspondence | 3 years from collecting and storing | If we have collected and stored these types of personal data, we’ll erase or anonymise them unless we continue to retain them under another purpose. | |
Video and sound recordings and photographs | |||
Preferences and activity | |||
Technical identifiers | |||
Social media content and other public information | |||
Consents and prohibitions | If you have prohibited us from approaching you for sales and marketing purposes, we’ll make a note of it and retain it indefinitely (or until you instruct us otherwise). | ||
Technical functioning and security | Name and contact details | Immediately | We’ll destroy or anonymise this type of personal data immediately once they aren’t needed for the relevant purpose. Note however that our cookie management system stores cookies (which may include your personal data) in accordance with our cookie policy. |
Technical identifiers | 1 year from collection and storage | We keep technical identifiers for 1 year from the last active processing (unless stated otherwise in our cookie policy) in case we need to investigate a technical or security issue in the future. | |
Consents and prohibitions | If you have prohibited us from processing your personal data for non-necessary technical purposes, we’ll make a note of it and retain it indefinitely (until you instruct us otherwise). Note however that our cookie management system stores your cookie and tracking preferences in accordance with our cookie policy. |
Hydrohex Oy Ltd
2705400-9
Yliopistonkatu 23 A 4
20100 Turku
Finland
Copyright © Hydrohex Oy Ltd 2024