B O D Y T R A C K E R 3 6 0

Effective as of March 17, 2020

This Privacy Policy explains how Smart Innovation Lab, S.C. (“Company”, “we” or “us”) with address at Avenue Patria, Number 2085, Interior Suite M00, Floor M, Suburb Puerta de Hierro, ZIP 45116, Zapopan, Jalisco, collects, stores, uses, transfers and discloses your personal data (“Owner”) when you use the website bodytracker360.com (“Site”), the servers used by the mobile application, the computer files stored on said servers and all related services, features and content offered by the Company (collectively, “App”). If you do not accept the terms of the Privacy Policy, we ask you to refrain from using the App.

1. Personal data we collect from the Owner

The categories of personal data that the Company collects, processes, uses and protects from the Owner are:

a. Identifying data;

b. Contact information;

c. Financial data; and

d. Location data.

Besides the personal data mentioned above, for the purposes reported in the Privacy Policy, we will use the following personal data considered sensitive, which requires special protection: diseases, allergies and medications, weight, height and digital body photographs.

The Owner will also have the option to allow us to import data from third-party services such as Apple HealthKit and Google Fit. Such imported information can include: sports activities, calories burned, heart rate, number of steps, distance traveled, and other information about your health and your physical condition.

Allowing us to access third-party information can help us to maximize your experience on the Application, and we will handle such third-party information according to this Privacy Policy.

Also, when you access or use the App, we may automatically collect the following information:
a. Device information: Including the hardware model, information about the operating system and its version, device identifiers and information about the mobile network;

b. Location information: IP address, time zone, and information about your mobile service provider, allowing us to infer your general location; and

c. Information collected by cookies and other tracking technologies: Frequency of App use, areas and features of our App you visit, and your general use of it.

We may use third-party tools such as Appsflyer that provide us with information about the Owner’s preferences to customize the App for him/her. We may also use such data for statistical and analytical purposes.

If the information described is aggregated anonymously so that it is no longer reasonably associated with an identified or identifiable natural person, we may use it for any commercial purpose. Similarly, we use pseudonymisation for certain types of personal data.

2. Collect of personal data

Personal data is collected directly from the Owner, through the App, email or phone call. In addition, the Company may obtain information about the Owner from other documentary sources or from commercially available or public information and from various sources allowed by law. As well as, in those other cases in which said information is provided by a duly authorized third party.

3. Purposes of the processing of personal data

The personal data that the Company collects from the Owner will be used for the following main purposes, which are necessary for the contractual relationship between the Company and the Owner:

a. Analyze, operate, maintain and improve the App;

b. Customize the content you see when you use the App;

c. Provide and deliver the products and services you request, process transactions, and send you related information;

d. Verify your identity;

e. Send notifications, updates, security alerts, and administrative and support messages;

f. Receive your payments and carry out your billing; and

g. Respond to your requests for consultation, claims, disagreements and complaints.

Also, the Company will use your personal data for secondary purposes that are not necessary for the contractual relationship between the Company and the Owner, but that allows a better service to the Owner:

a. Send you information related to the products and services of the App;

b. Generate statistics in order to improve the quality of products and services;

c. Work up internal studies on consumer habits for the development of new products and services;

d. Generate a profile of the Owner for marketing, advertising or commercial prospecting purposes. The information collected through Apple HealthKit and Google Fit will not be used for this purpose; and

e. Evaluation of the quality of the products and services used by the Owner.

By accepting the Privacy Policy, the Owner agrees with the processing of his/her personal data for the secondary purposes indicated above. In any case, the Owner has a period of 5 (five) business days to express his refusal to process his/her personal data regarding the purposes that are not necessary for the contractual relationship with the Company by email sent to the address dpo@bodytracker360.com. Notwithstanding, your rights to exercise the revocation of your consent remain safe.

The refusal to use your personal data for the secondary or accessory purposes described may not be a reason for the Company to prevent you from using the App.

The Company undertakes to observe and comply with the principles of legality, consent, information, quality, purpose, loyalty, proportionality and responsibility in the collection and processing of personal data, as well as all the principles and provisions established by national and international legislation regarding the protection of personal data.

*Grant express consent in the processing of your personal financial data, as well as for secondary purposes.

4. The owner’s rights

4.1. The owner’s rights

As the Owner of personal data, you have the following rights (hereinafter, “ARCO rights”):

AccessAccess your personal data held by the Company, as well as know the Privacy Policy to which the treatment is subject.
RectificationRectify your personal data when they are inaccurate or incomplete.
CancelCancel your personal data. The cancellation will cause a blocking period after which the data will be deleted. The Company may keep personal data exclusively for the purposes of responsibilities arising from the treatment. The blocking period will be equivalent to the limitation period of the actions derived from the legal relationship that founds the treatment.
OppositionOppose the processing of your data, at any time and for legitimate reasons.

4.2. GDPR

The Owner who resides in the European Union also has rights in relation to their personal data established by the General Data Protection Regulation (hereinafter, the “GDPR”):

AccessObtaining from the Company, the confirmation of whether personal data concerning you is being processed and, in such cases, the right of access to personal data.
RectificationObtaining without undue delay from the Company, the rectification of inaccurate personal data that concerns you. The Owner will have the right to complete incomplete personal data.
SuppressionObtaining without undue delay from the Company the deletion of personal data concerning him/her.
Limitation of treatmentObtaining from the Company the limitation of the treatment. Where appropriate, said data may only be processed, except its conservation, with the consent of the interested party or for the formulation or defense of claims, to protect the rights of another person or for reasons of public interest.
PortabilityRight of the Owner to receive the personal data that concern him/her, in a structured format, of common use and mechanical reading, and to transmit them to another person in charge of the treatment.
OppositionRight to the Owner to object at any time, for reasons related to his/her particular situation, to which personal data concerning is subject to treatment, including profiling. The Company will stop processing personal data, unless it proves compelling legitimate reasons for the treatment that prevail over the interests, rights and freedoms of the Owner, or for the formulation, exercise or defense of claims.

4.3. Common provisions

For the exercise of any of their ARCO rights or, where appropriate, those granted by the GDPR, the Owner must submit the respective request to the Data Protection Delegate, sending an email to dpo@bodytracker360.com.

The request must meet the following requirements:

a. Submitted in writing, scanned and signed;

b. Name of the Owner;

c. Email and phone number;

d. Attach ID of the Owner. In the event of acting through your legal representative, you must also attach his/her ID and a copy of the public instrument in which said legal representation is recorded;

e. Attach a digital photograph showing the Owner holding his/her ID;

f. Express mention of the rights that the Owner want to exercise. In the case of requests for rectification of personal data, you must also indicate the modifications to be made; and

g. Clear and precise description of the personal data with respect to which you want to exercise the aforementioned rights.

In case of not complying with the indicated requirements, the Company will consider that your request has not been presented, leaving a record of it within a maximum period of 5 (five) business days from the date the request was received, by email sent to the address indicated by the Owner, which will indicate the omissions that he/she has incurred. Notwithstanding, the rights of the Owner to submit a new request will remain.

If your request covers all the requirements above, the Data Protection Officer will acknowledge the receipt through an email that will be sent to the address indicated by the Owner within a maximum period of 5 (five) business days counted from the date the request was received.

The Company has a maximum period of 20 (twenty) business days from the date the request was received to respond to it at the email address indicated by the Owner, so that, if appropriate, this becomes effective within 15 (fifteen) business days after the response is communicated. It is important that you bear in mind that not in all cases we will be able to give you a favorable response, because may due to some legal obligation we must continue to process your personal data.

The delivery of personal data will be free, it will only have to cover justified shipping costs or the cost of reproduction in simple copies or electronic documents.

To have more information or clarify any questions regarding the exercise of your ARCO rights or, where appropriate, those granted by the GDPR, you can contact the Data Protection Delegate directly through the email dpo@bodytracker360.com and by phone at the number 33 2154 9618, during business hours from 9:00 to 18:00 Monday through Friday.

5. Transfers of personal data

We inform you that your personal data is shared within and outside the country with the following people, companies, organizations and authorities for the purposes described below:

ReceiverPurpose
Government authorities of a federal, state or municipal nature.To comply with the obligations established in the applicable legislation, as well as to meet the requirements of the competent authorities.
Individuals or legal entities in the payment services sector, credit/debit card verification, fraud prevention and billing.To carry out the receipt of payments for the payment functions of the App and their billing.
Individuals or legal entities in the cloud storage and technology development services sector.For the administration and operation of the App.
Individuals or legal entities in the communication services sector.For communication with the users of the App, as well as to conduct surveys, send newsletters and notification campaigns.
Individuals or legal entities in the marketing, sales and social media services sector.For the management and administration of marketing strategies. (*)

PLEASE NOTE THAT WE WILL NEVER SHARE YOUR EXACT AGE OR ANY INFORMATION RELATED TO YOUR HEALTH WITH THIRD PARTIES.

*Grant authorization regarding transfers indicated with an asterisk (*)

The App presents the option that users can share information in the Body Tracker 360° Community, which is open to the public and should not be considered private.

Any information (including personal data) that the Owner shares in any area of the Body Tracker 360° Community is open to the public and is not private. Therefore, the Owner accepts that he must consider before publishing personal data in any public forum, because what he/she publishes can be seen, disclosed or collected by third parties and may be used by them in ways that the Company cannot control.

If the Owner publishes personal data in our areas of the Body Tracker 360° Community by mistake and wishes to have it deleted, they can send us an email to dpo@bodytracker360.com to request that we delete it.

Finally, the Owner can instruct us to share personal data with third parties. For example, you can allow us to share data with other health applications and services such as Google Drive, Google Fit, and Apple HealthKit. Once the Owner instructs us to share their data with a third party, that third party will have its privacy policy and we do not control how the third party uses or handles the information. You can revoke your consent to share information with a third party at any time in your App Account settings.

6. Revocation of consent

We inform you that you can revoke the consent that you have given us for the processing of your personal data. However, it is important that you bear in mind that not in all cases we will be able to respond to your request or terminate the use immediately, because may due to some legal obligation the Company may need to continue treating your personal data. Likewise, the Owner must consider that for certain purposes, the revocation of his/her consent will imply that we cannot continue to provide the contracted service, or the conclusion of out legal relationship.

To revoke your consent, we put our Data Protection Officer at your disposal, by sending an email to dpo@bodytracker360.com.

The request must meet the following requirements:

a. Submitted in writing, scanned and signed;

b. Name of the Owner;

c. Email and phone number;

d. Attach ID of the Owner. In the event of acting through your legal representative, you must also attach his/her ID and a copy of the public instrument in which said legal representation is recorded; and

e. Attach a digital photograph showing the Owner holding his/her ID.

In case of not complying with the indicated requirements, the Company will consider that your request has not been presented, leaving a record of it within a maximum period of 5 (five) business days from the date the request was received, by email sent to the address indicated by the Owner, which will indicate the omissions that he/she has incurred. Notwithstanding, the rights of the Owner to submit a new request will remain.

If your request covers all the requirements above, the Data Protection Officer will acknowledge the receipt through an email that will be sent to the address indicated by the Owner within a maximum period of 5 (five) business days counted from the date the request was received.

The Company has a maximum period of 20 (twenty) business days from the date the request was received to respond to it at the email address indicated by the Owner, so that, if appropriate, this becomes effective within 15 (fifteen) business days after the response is communicated.

7. Security politics

The Company takes all reasonable and appropriate measures to protect all personal data collected against loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the personal data we process and the risks associated with special categories of personal data. Among others, we use the following information security measures to protect your personal data:

a. Pseudominization and tokenization of certain categories of personal data, including sensitive personal data;

b. Encryption of your personal data in transit and at rest;

c. Systematic vulnerability analysis;

d. Protection of data integrity;

e. Organizational and legal measures; and

f. Periodic evaluations of the impact of data protection to ensure that the App fully adheres to the principles established in the Privacy Policy.

In addition, the Owner can help keep your information safe by choosing and protecting his/her password appropriately, without sharing his/her password and preventing third parties from using his/her mobile device.

8. Limitation of the use or disclosure of personal data

To limit the use and disclosure of personal data, the Company offers the following options:

  • Your registration in the Public Registry to Avoid Advertising, which is in charge of the Federal Consumer Prosecutor’s Office (hereinafter, “PROFECO”), in order that your personal data is not used to receive advertising or promotions, the Owner can consult the PROFECO website at https://repep.profeco.gob.mx/
  • Your registration in the Company’s Exclusion List, so that your personal data is not processed for marketing, advertising or commercial prospecting purposes on our part. For more information about registering in our Exclusion List, you can contact our Data Protection Delegate, by sending an email to dpo@bodytracker360.com and by phone at the number 33 2154 9618, during business hours from 9:00 to 18:00 Monday to Friday.

9. Cookies and web beacons

We inform you that on our App we use cookies, web beacons and other technologies through which it is possible to monitor your behavior as an Internet user, provide you with a better service and experience when browsing our App, as well as offer you new products and services based on your preferences.

The personal data that we obtain from the Owner, through these tracking technologies, are the following: browsing hours, browsing time, consulted sections, source IP address, Internet browser, operating system, and email address.

The personal data may be shared by the Company with individuals and legal entities in the marketing and sales services sector, for the management and administration of marketing strategies.

The Owner may disable the storage of cookies, web beacons and other technologies, as follows:

  • Denying the authorization requested by our App when accessing it. For more information and support regarding this authorization, you can contact our Data Protection Officer, by sending an email to dpo@bodytracker360.com and by phone at the number 33 2154 9618, from Monday to Friday from 9:00 to 18:00.
  • Adjusting the settings of your Internet browser, in order to activate or deactivate this function. For instructions regarding this preference setting, you should consult your browser’s support website.

10. Changes to the privacy policy

The Company may make modifications or updates to the Privacy Policy, derived from new legal requirements, specific needs of the services we offer, changes in our privacy practices or variations in our business model.

Therefore, we will keep the Owner informed about the changes, by email and publication made on our Site, both within 10 (ten) business days before the respective modification or update being effective, retaining the Owner the right to revoke his/her consent regarding the processing of his/her personal data according to the established procedure. Your continued use of the App after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the Privacy Policy as modified.

Although the App may contain links to third-party websites or services, the Company is not responsible for the privacy policies on those third-party websites or services. This Privacy Policy applies only to the information that we collect from the Owner through the App.

11. Complaints and dispute resolution

The Company undertakes to resolve complaints about the processing of the Owner’s personal data, so you can contact our Data Protection Delegate by sending an email to dpo@bodytracker360.com and by phone to the number 33 2154 9618, at a time of attention from 9:00 to 18:00 from Monday to Friday.

Likewise, if the Owner considers that their right to the protection of their personal data has been injured by any conduct or omission of the Company, they may file their disagreement or complaint with the National Institute of Transparency, Access to Information and Protection of Personal Data (hereinafter “INAI”). For more information, we suggest you visit their website at www.inai.org.mx

12. Jurisdiction and applicable law

Any dispute arising out of this Privacy Policy will be governed by the laws of the United Mexican States. THE SOLE AND EXCLUSIVE JURISDICTION FOR ANY ACTION OR PROCEEDING THAT ARISES OR IS RELATED TO THIS AGREEMENT WILL BE IN A COMPETENT COURT OF THE STATE OF JALISCO, SO YOU WAIVE ANY OTHER JURISDICTION.

Any cause of action that you may have regarding your use of the App must be initiated within 1 (one) year after the claim or cause of action arises.

Below are the boxes that you must accept:

*I grant my consent for the processing of my financial data for the purposes described in the Privacy Policy.

*I grant my consent for the processing of my personal data for the secondary purposes described in the Privacy Policy.

*I grant my authorization regarding the transfer of my personal data to individuals and legal entities in the marketing and sales services sector for the secondary purposes described in the Privacy Policy.

Start your fitness journey today and stay motivated with BodyTracker360

Connect

Email: info@bodytracker360.com