Information according to Art. 13, 14 and 21 General Data Protection Regulation (GDPR)
1. Contact Details of the Controller
HealthStream Taiwan Inc.
16—3 Zichiang 1st Road, Zhongli District,
2. Personal Data We Collect About You
a. Personal data we collect through
Each time you access the website, we automatically collect a series of personal data via server—logs. These are:
• User’s IP address
• Name of the requested website respectively the data file
• Date and time of the access
• Transferred data volume
• Report of successful retrieval
• Browser type and version
• User’s operating system
• The terminal deviced used by the user, including MAC address
• Referrer—URL (the previously visited website)
This data is not combined with any other personal data that you actively provide on the website. We collect server log files for the purpose of administering the website and to be able to recognize and prevent unauthorized access.
b. Personal Data You Provide To Us
Should you contact us by e—mail, register for our newsletter and updates, fill in the contact form or submit a request at the support platform, the following personal data might be processed:
• Telephone number
• E—mail address
• Copies of your correspondence an posts
• Date of your posts
• Date of your subscription to support platform
3. How And On What Legal Basis We Process Your Personal Data
We process your personal data for the following purposes:
• To carry out our agreement with you: When you enter into an agreement with us or are interested in doing so, we process your personal data for the purpose of performing the contract or handling your request. Such processing of personal data is based on Art. 6 (1) (b) GDPR.
• To communicate with you: When you contact us or submit a request, we use your contact details to communicate with you, provide you with information on your request, answer your questions or handle your complaints. Such processing of personal data is based on Art. 6 (1) (b) and (f) GDPR.
• To inform you: When you register for our newsletter and updates, we use your e—mail address to send you any kind of promotional emails (such as but not limited to newsletters, updates and publications) on a regular basis. Such processing of personal data is based on your consent, Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future. In order to do so you can click unsubscribe link in the e—mail we send.
• To comply with statutory obligations: We might be required to process your personal data in order to comply with any legal obligations of the European Union. Such processing of personal data is based on Art. 6 (1) (c) GDPR.
• To operate our website: We process your personal data in order to operate, secure and optimize our website. Such processing of personal data is based on Art. 6 (1) (f) GDPR.
4. Data Recipients
We utilize IT service providers to host the website. They may receive your personal data.
Moreover, for certain requests we might disclose your personal data to other entities of our group.
If you post a request at the support platform, such post will be visible for all users.
5. International Data Transfer
We are a globally acting group with entities in different countries. As such, your personal data might be transferred outside the country in which you use our website, including to countries outside the European Economic Area (“EEA”). In concrete terms, we might transfer your data to one of the following entities:
• Intenza Fitness GmbH, Germany
• Intenza Fitness Japan
• Healthstream Fitness USA LLC
• Intenza Fitness Singapore PTE LTD
• Health Stream Korea
We only transfer your data to other countries if adequate data protection is guaranteed for your personal data. This means that we only transfer your data if the EU Commission has decided on an appropriate level of data protection for the respective country (Art. 45 GDPR), if suitable guarantees are provided for the protection of your personal data (Art. 46 GDPR) or if there is a statutory authorization (Art. 49 GDPR). Suitable guarantees within the meaning of Art. 46 GDPR include the standard data protection clauses published by the EU Commission. You can request further information on this under the contact information mentioned above.
6. Storage Period
The log data is automatically deleted after 30 days. We reserve the right to store log data longer, if there are facts which suggest that an illegal access has taken place (such as the attempt of hacking or a so—called DOS—attack).
The personal data stored within the scope of establishing contact will be deleted once the request is completely clarified and it is also not to be expected that the matter will become relevant again in the future. We will retain data longer if that is required by law.
7. Your Rights
On request, you have the right to obtain free information on your stored personal data. Additionally, you have the right to obtain the rectification of inaccurate personal data, the right to obtain a restriction of excessively processing of personal data as well as the right to obtain the erasure of unlawful processed personal data or data which is stored too long (as far as there are no legal obligations to store the data). Furthermore you have the right to receive your personal data in a structured, commonly used and machine—readable format and to transmit those data to another controller (right to data portability), as far as you have handed over the data to us based on a declaration of consent or for the fulfillment of a contract.
In order to exercise your rights you can write an e—mail to firstname.lastname@example.org.
In addition, you have the right to lodge a complaint with a competent supervisory authority.
8. Voluntary Provision Of Data
The provision of your personal data on this website is generally neither required by law nor by contract. You are not obliged to disclose personal data on this website. However, the provision of the functions of this website requires the processing of your personal data.
Information On Your Right To Object According To Art. 21 GDPR
If your personal data is processed for the purposes of our legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you may object to this processing in accordance with the statutory provisions of Art. 21 GDPR. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.