Digitsole compliance center

Privacy policy for our Smart insoles

DIGITSOLE is committed to protecting your personal data.

Our priority is to guarantee real security of this data, and allow you permanent access to your personal data.

For residents of the European Union, DIGITSOLE is responsible for processing your personal data in accordance with the EU Data Protection Act. 

In order to provide our services, we must collect and use some of your personal data. For example, we cannot provide some of our services without collecting or using information about your location. However, we only use this data when you have consented to this treatment, which you may cancel at any time.

We use your data with the sole purpose of pursuing our legitimate interests, including:

-     Provision and improvement of our services,

-     The sustainable provision and development of innovative and personalized offers for the benefit of our members,

-     Maintaining the security of services.

The data collected by DIGITSOLE

We collect data about you, including personally identifiable information, only if you agree to share it with us. We collect basic data about your account such as your name, e-mail address, date of birth, gender, username and password that allows you to access our services.

On the other hand, we can collect health information from biometric data, including power, cadence, weight, or other indicators.

We also collect and process location information when you register and use our products. In fact, to record your activity and to provide you with statistics on your training, it is necessary to collect and record the location of your mobile device, as well as data such as the speed and direction of your movements. The processing of data on your location is essential to the services we provide and is a necessary part for the proper execution of the service we offer.

Finally, DIGITSOLE allows you to sign up and log in to its services through accounts you create from third-party products and services such as Facebook (hereinafter referred to as "third-party accounts"). If you choose this option when you sign in, we collect information that you have agreed to make available, such as your name, email address, information, and profile preferences of the relevant third-party account. This information is collected by the third party account provider and then provided to DIGITSOLE.

How do we use your data?

We use the data we collect and receive to administer and use the services we offer. For example, we use your health data to provide you with statistics and visualizations representing essential data such as the level of fatigue. We also use your data to analyse, develop and improve the services offered. We use your data to communicate with you about services, send you commercial communications (if opted in) or inform you of new features or updates to our terms of service.

How your data is shared ?

We share your data:

- if necessary for the performance of the services,

- at the request of a national authority,

- because of a court decision,

- if the law requires it,

- if necessary to investigate and defend against any claim or allegation of a third party,

- to exercise or protect the rights and safety of DIGITSOLE, our members, our personnel,

- if you have explicitly given your consent in advance.

We subcontract the processing of anonymous insole data with ZHOR-TECH SAS, a French company based in Nancy, France. This company is the producer of the insole electronic module and the use of their systems is required for our service to work. This company offers all the necessary guarantees to ensure the confidentiality and the security of your data .

We may process your data using one of our sub processors for which we listed their names, purpose and location of processing on our compliance website. These sub processors are required to comply with the terms of this Privacy Policy with respect to your data.

We may retain and share your data with third parties, including public or governmental bodies, at the direction of a judicial authority, inside or outside your country of residence, if such disclosure is prescribed by a law or regulation.

We may also retain or disclose your data to third-party professionals (such as our legal counsel and other consultants and third parties in relation to actual or potential litigation) if such disclosure is reasonably necessary to prevent or detect violations of our Terms of Service or any breaches of our Terms of Service, or to protect our operations or our property or other legal rights.

Finally, we anonymize certain data from our members to share them for commercial purposes.

Data retention period

We keep your data as long as you are registered as a user of our products. Beyond this, we store the data only if it is legally necessary (due to the guarantee, limitation periods or retention periods) or required for another justifiable reason. If you decide to delete your account, all the data we have about you will be deleted or anonymized, with the exception of the data required for the performance of contractual obligations to you (last delivery pending ...). In this case our legal obligation to delete your data will not be executed immediately, but delayed.

What are your rights?

To exercise your rights, please use our online data subject request form, send us an email request to dpo[at ]digitsole.com or write to us by post:

DIGITSOLE
1
3 Rue Héré – Place Stanislas
5
4000 Nancy
F
rance

You may at any time revoke your consent for the future processing of your data. However, this does not affect the lawfulness of the data processing prior to your revocation.

You have the right to receive confirmation that we are processing your data and, if so, more specific information about the data. This more specific information concerns, among other things, the purposes of the processing, the categories of data, the potential recipients and the storage period.

You have the right to obtain from us the rectification of inaccurate data concerning you. If the data we process is not correct, we will rectify it without delay and will inform you of this correction.

You have the right to delete the data we keep about you.

You have the right to obtain from us a limitation on the processing of your data if you wish to limit the processing of your data, without deleting them.

You have the right to receive a copy of your data in a structured, commonly used and readable format and to transmit this data to another controller without undue interference from DIGITSOLE.

You have the right to oppose your data processing at any time. Please note that if you object to the processing of your personal data, your experience with our products and services may be affected.

What is the legal basis of processing?

According to data protection laws, we are only allowed to collect and process your data if we have a legal basis for this treatment. The lawfulness of data processing are as following:

Processing activity

Data characteristics

Legal basis

Simple website or mobile app usage

Data of electronic identification : IP addresses, moments of connection, electronic signature;

Purpose:
Assure security and performance of our service

Data retention:
Full IP address only stored for max 7 days

Controller:
DIGITSOLE

Art. 6 para. 1 lit. f GDPR (Legitimate interest)

Cookie usage

Data of electronic identification: Cookies

Purpose:
– Necessary cookies*: Essential for our website to work
– Other cookies: Described in cookie manager

Data retention:
Detailed in the cookie manager per cookie

Controller:
DIGITSOLE

Necessary cookies – Art. 6 para. 1 lit. f GDPR (Legitimate interest)

Other cookies
– Art. 6 para. 1 lit. a GDPR (User consent)

Authentication data

Data of electronic identification : Username, (hashed) password, IP addresses, email and/or mobile number, moments of connection, electronic signature;

Purpose: For security abuse prevention (Two factor authentication) and in order to uniquely authenticate users and link them to their profile data.

Data retention Until the account is removed or when there is no account activity for more than 5 years

Controller:
DIGITSOLE

Art. 6 para. 1 lit. b GDPR (Contractual requirement)

End user profile

Personal data of identification Name, Phone, Email
User characteristics: Gender, Age, Shoe size, Height, Weight, Language, Location, Time zone,

Purpose For personalisation in our applications, and to allow our algorithms to take user characteristics into account during its calculations

Data retention: Until the account is removed or when there is no account activity for more than 5 years

Controller:
DIGITSOLE

Art. 6 para. 1 lit. b GDPR (Contractual requirement)

Anonymous insole raw data

Binary data: Unprocessed raw data coming from the sensors in our insoles

User characteristics : Anonymous user characteristic data from user profile that can be linked to the binary data

Purpose: Used by our algorithms to generate anonymous algorithm output data. Can be used to debug our services and improve our algorithms.
Commercialisation by Zhor-Tech and Digitsole.

Data retention

This data is generally not removed as it is processed and stored in an anonymous form

Controller:
DIGITSOLE

Art. 6 para. 1 lit. b GDPR (Contractual requirement)

Anonymous algorithm output data

Biomechanical data: steps, step length, pace, cadence, contact time, swing time, speed, usage time, propulsion (contact, swing, double flight), distance, stride height, prosupi, foot progression, propulsion angle, stride angle, twist, propulsion stride, impact force, leg stiffness, cushioning, cleat, fatigue, stability, balance, calories, elevation, incident detection

Geolocation data: GPS track information

Purpose

This is the data that can be calculated by our algorithms and presented to the end user or used for further calculations.
Can be used to debug our services and improve our algorithms. Commercialisation by Zhor-Tech and Digitsole.

Data retention

This data is generally not removed as it is processed and stored in an anonymous form

Controller:
DIGITSOLE

Art. 6 para. 1 lit. b GDPR (Contractual requirement)

Communication

Personal data of identificationName, Phone, Email

Purpose: 

As part of our applications sometimes we need to communicate directly with you regarding your account (e.g. account creation, password reset, security related issues)

Data retentionUntil the account is removed or when there is no account activity for more than 5 years

Controller:
DIGITSOLE

Art. 6 para. 1 lit. f GDPR (Legitimate interest)

Newsletters/Marketing

Personal data of identification Name, Phone, Email

Purpose:  After explicit consent from the user, our marketing department can use this data to communicate with the user regarding existing or new products (e.g. email, push notifications, sms)

Data retentionUntil the account is removed or when there is no account activity for more than 5 years

Controller:
DIGITSOLE

Art. 9 para. 2 lit. a GDPR (Expli cit consent)

 

Security measures

We are committed to protect your data and implementing appropriate technical and organizational security measures to protect against unauthorized or unlawful processing and against accidental loss, destruction or damage. These security measures are constantly reviewed and tested.

Access data and hosting

You can visit our websites without giving any personal information. Each time a website is accessed, the web server only automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the retrieval, the amount of data transferred and the requesting provider (access data) and documents the retrieval. This access data is evaluated exclusively for the purpose of ensuring trouble-free operation of the site and the improvement of our offer. In accordance with Art. 6 sec. 1 lit. f GDPR, this serves to safeguard our overriding legitimate interests in the correct presentation of our offer in the context of a balancing of interests. All access data will be deleted no later than seven days after the end of your page visit.

Hosting services provided by a third party

As part of processing on our behalf, a third party provides us with the services for hosting and displaying the website. This serves to safeguard our overriding legitimate interests in the correct presentation of our offer in the context of a balancing of interests. All data collected in connection with the use of this website or in forms provided for this purpose in the online shop as described below will be processed on its servers. Processing on other servers takes place only within the framework described here.

This service provider is located within a country of the European Union or the European Economic Area.

Data collection and use for contract processing, contact

We collect personal data if you voluntarily provide it to us as part of your order or when you contact us (e.g. via contact form or e-mail). Mandatory fields are marked as such, as in these cases we absolutely need the data for the execution of the contract or for the processing of your contact and you cannot send the order or the contact without their indication. The data collected can be seen from the respective input forms. We use the data provided by you in accordance with Art. 6 sec. 1 p. 1 lit. b GDPR for the processing of the contract and the processing of your enquiries. Insofar as you have given your consent in accordance with Art. 6 sec. 1 lit. a GDPR by deciding to open a customer account, we will use your data for the purpose of opening the customer account. After the complete execution of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the tax and commercial retention periods, unless you have expressly consented to further use of your data or we reserve the right to use any further data, which is permitted by law and about which we inform you in this declaration. The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.

Data transfer

In order to fulfil the contract in accordance with Art. 6 sec. 1 lit. b GDPR, we may pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if necessary, to the payment service provider commissioned by us, or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the data protection declaration of the respective payment service provider applies.

We also use an external merchandise management system for order and contract processing. The data transfer or processing that takes place in this respect is based on order processing.

We use payment service providers and shipping service providers based in a country outside the European Union. The transfer of personal data to these companies is only within the scope of the need to fulfil the contract.

Data transfer to shipping service providers

If you have given us your express consent to this during or after your order, we will pass on your e-mail address and telephone number to the selected shipping service provider in accordance with Art. 6 sec. 1 lit. a GDPR, so that the latter can contact you before delivery for the purpose of announcing or coordinating the delivery. Consent can be revoked at any time by sending a message to the contact option described below or directly to the shipping service provider at the contact address listed below. Upon revocation, we will delete your data provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use any further data, which is permitted by law and about which we inform you in this declaration.

 

Transfer of data to debt collection companies

For the performance of the contract in accordance with Art. 6 sec. 1 p. 1 lit. b GDPR, we pass on your data to a commissioned collection company, insofar as our payment claim has not been settled despite the previous reminder. In this case, the claim is collected directly by the debt collection company. In addition, the transfer serves to safeguard our overriding legitimate interests in the context of a balancing of interests in an effective assertion or enforcement of our payment claim in accordance with Art. 6 sec. 1 p. 1 lit. f GDPR.

Cookies and web analysis

In order to make the visit to our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use so-called cookies on various pages, insofar as you have given your consent in accordance with Art. 6 sec. 1 lit. a GDPR.

Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser the next time you visit (persistent cookies). The duration of storage can be found in the overview in the cookie settings of your web browser. You can set your browser so that you are informed about the setting of cookies and decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. These can be found for their respective browsers at the following links:
Microsoft Edge™:
https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
Safari™:
  https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
Chrome™:
  https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Firefox™
  https://support.mozilla.org/de/products/firefox/protect-your-privacy/cookies
Opera™ :
  https://help.opera.com/de/latest/web-preferences/#cookies

In addition, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy.

Use of Google (Universal) Analytics for web analysis
Insofar as you have given your consent in accordance with Art. 6 sec. 1 lit. a GDPR, this website uses Google (Universal) Analytics for the purpose of website analysis. The web analytics service is an offer of Google Ireland Limited, a company registered and operated under Irish law with its registered office in Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). Google (Universal) Analytics uses methods that enable an analysis of your use of the website, such as cookies. The automatically collected information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating the IP anonymization on this website, the IP address is shortened before transmission within the Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The anonymized IP address transmitted by your browser within the scope of Google Analytics will not be merged with other data from Google. After our use of Google Analytics has been used for purpose and the end of the use of Google Analytics, the data collected in this connection will be deleted. Insofar as information is transferred to and stored on Google's servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can
be viewed
here.  As a result of this agreement between the US and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield. You can revoke your consent at any time with effect for the future by downloading and installing the browser plug-in available at the following link:  
https://tools.google.com/dlpage/gaoptout?hl=de . This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google. As an alternative to the browser plug-in, you can click
this link to prevent the collection by Google Analytics on this website in the future. An opt-out cookie is stored on your device. If you delete your cookies, you will be asked to give your consent again.

Google reCAPTCHA
For the purpose of protecting against misuse of our web forms as well as against spam, we use the Google reCAPTCHA service as part of some forms on this website. Google reCAPTCHA is an offer of Google Ireland Limited, a company registered and operated under Irish law with registered office in Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de) By checking a manual input, this service prevents automated software (so-called bots) from performing abusive activities on the site. In accordance with Art. 6 sec. 1 lit. f GDPR, this serves to safeguard our overriding legitimate interests in the protection of our website against misuse as well as in an uninterrupted presentation of our online presence.Google uses reCAPTCHA by means of a code integrated in the website, a so-called JavaScript, in the context of the verification methods, which enable an analysis of the use of the website by you, such as cookies. The automatically collected information about your use of this website, including your IP address, is usually transmitted to a Google server in the USA and stored there. In addition, other cookies stored in your browser by Google Services are evaluated by Google reCAPTCHA. A reading or storage of personal data from the input fields of the respective form does not take place. Insofar as information is transferred to and stored on Google's servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can
be viewed here.  As a result of this agreement between the US and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield. You can prevent the collection of data generated by the JavaScript or the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by preventing the execution of JavaScripts or the setting of cookies in your browser settings. Please note that this may limit the functionality of our website for your use. More information on Google's privacy policy can be found   here .

Google Fonts
On this website the script code "Google Fonts" is integrated. Google Fonts is an offer of Google Ireland Limited, a company registered and operated under Irish law with registered office in Gordon House, Barrow Street, Dublin 4, Ireland. (www.google.de). This serves to safeguard our overriding legitimate interests in a uniform presentation of the contents on our website in accordance with Art. 6 sec. 1 lit. f) GDPR. This is a connection between the browser you are using and Google's servers. This will make Google aware that our website has been accessed via your IP address. Insofar as information is transferred to and stored on Google's servers in the USA, the American company Google LLC is certified under the EU-US Privacy Shield. A current certificate can
be viewed here.  As a result of this agreement between the US and the European Commission, the latter has established an appropriate level of data protection for companies certified under the Privacy Shield. Further information about data processing by Google can be found in Google's privacy policy   Google .

Our online presence on Facebook, Google, Instagram, Xing, LinkedIn
Our presence on social networks and platforms serves to improve, active communication with our customers and prospects.
We inform you about our products and ongoing promotions there. When visiting our online presences on social media, your data can be automatically collected and stored for market research and advertising purposes. From this data, so-called user profiles are created using pseudonyms. These can be used, for example, to display advertisements inside and outside the platforms that are presumed to be in your interests. For this purpose, cookies are usually used on your device. These cookies store the visitor's behaviour and the interests of users. In accordance with Art. 6 sec. 1 lit. f. GDPR, this serves to safeguard our overriding legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties. If you are asked by the respective social media platform operators for consent (consent) to the data processing, e.g. with the help of a checkbox, the legal basis of the data processing is Art. 6 sec. 1 lit. a GDPR. To the extent that the aforementioned social media platforms are headquartered in the USA, the following applies: the US has a recommendation from the European Commission. This goes back to the EU-US Privacy Shield. An up-to-date certificate for the respective company can be viewed here.  The detailed information on the processing and use of the data by the providers on their pages as well as a contact option and your rights in this regard and setting options for the protection of your privacy, in particular opt-out, can be found in the data protection notices of the providers linked below. If you still need help with this, you can contact us. Facebook:   https://www.facebook.com/about/privacy/

The data processing is carried out on the basis of an agreement between joint controllers in accordance with Article 26 GDPR, which you can view here:
https://www.facebook.com/legal/terms/page_controller_addendum

Google/YouTube:  https://policies.google.com/privacy
Instagram:  https://help.instagram.com/519522125107875
LinkedIn:  https://www.linkedin.com/legal/privacy-policy
Xing:  https://privacy.xing.com/de/datenschutzerklaerung

Right of appeal (Opt-Out):Facebook: 
https://www.facebook.com/settings?tab=ads
Google/ YouTube:  https://adssettings.google.com/authenticated
Instagram:  https://help.instagram.com/519522125107875
LinkedIn:  https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Xing:  https://privacy.xing.com/de/datenschutzerklaerung/welche-rechte-koennen-sie-geltend-machen/widerspruchsrecht


If you have any questions or comments about this privacy policy, please contact us by mail on dpo[at]digitsole.com, using our data subject request form or per post on the following address:

DIGITSOLE
13 Rue Héré – Place Stanislas
54000 Nancy
France

 

 

Last updated on 14th October 2020