In broad terms, the term “personal data” means any information that relates to you and that can be used to identify you, directly or indirectly. This information includes your name, email address, phone number, location data and information about your health.
If you have any requests concerning your personal data or any queries with regard to our processing of your personal data, please contact us at DPO@qumata.com.
We are Qumata Group Ltd, a company incorporated and registered in England and Wales with company number 10964467 and our registered office is at 14 Dufferin Street EC1Y 8PD, London, England (Qumata, we, us or our). We provide Internet and mobile app-based services.
3.Lawful basis for processing your personal data
Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are set out below.
4.How we use your personal data:
4.1 The DataKonect App and Website services cannot be provided without an individual providing us with their personal data. We therefore need your personal data to provide the services of the DataKonect App and Website.
4.2 The aim of the DataKonect App and Website is to provide a DataKonect Profile to the corresponding client of Qumata from which the user is requesting a service. The DataKonect Profile is a combination of collated, declared and calculated data from the user.
4.3 For each user (described below), Qumata collates and processes his/her personal data with the aim of providing the DataKonect App and Website services to the user and the corresponding client (described below).
4.4. We also use aggregated, anonymized and non-personal data for research activities, primarily to improve our wellness model. We store this anonymized data indefinitely. You will not be identifiable from this data.
4.6 We may process your personal data to provide customer services to you, including to respond to your inquiries or to fulfill any of your requests for information.
4.7 We may process your personal data to personalize your experience on the DataKonect App and Website, such as by providing tailored content and recommendations.
4.8 We may process your personal data to understand and analyze how you use the DataKonect App and Website and develop new products, services, features, and functionality.
4.9 We may process your personal data to find and prevent fraud, and respond to trust and safety issues that may arise.
4.11 We may process your personal data for other purposes for which we provide specific notice at the time the information is collected.
4.12 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
5.What data we may collect from or about you
Details of the personal data that we may collect from or about you are set out below.
Information about your health, ethnicity origin. We require this information to provide the services of the DataKonect App and Website.
The consent that you grant to us to enable us to collect your data from different sources.
Information extracted from your smart devices including (but not limited to) gender, age, weight, pre-existing conditions, walking and running distance, cycling distance, heart rate (and related information), weight and BMI.
Activity information and bio-markers made available from your smart devices.
Information that you provide to us through your user profile which you create.
Email address and telephone numbers.
Your feedback and survey responses.
Information about how you use the DataKonect App and Website and our other products and services.
6.How we collect information on you
We collect your personal data in a number of ways.
Directly. This includes information such as your contact details, health details and all data which you directly provide to us when you fill in online forms or correspond with us in any way, for example when you:
create your account on the DataKonect App and/or Website;
submit a query;
request or consent to marketing materials being sent to you; or
provide us with feedback.
Automatically. As you use the DataKonect App and Website, we may collect certain information relating to your browsing patterns and technical data about the equipment you are using to access the DataKonect App and Website.
Indirectly from our Client, sending us over a list of information.
7.Security and international transfers
7.1. In order to protect your personal data, we have appropriate organizational and technical security measures. We make reasonable efforts to protect your information by using physical and electronic safeguards designed to improve the security of the information we maintain. However, as no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information.
7.4. In case of a detected security flaw, a patch will be provided by the partners to secure a state of the art encryption and security infrastructure.
7.5. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.
8.Transfer of your data
Transfers to members of our group
We may share your data with other members of our Group.
Transfers to third parties
In addition to our data scientists and a Qumata client (as referred to in section 4 above), there may be circumstances in which we may also need to share your personal data with certain third parties, including third parties located outside of the EEA.
We may access, preserve, and disclose your data if we believe doing so is required or appropriate to: (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.
Other third parties to which we may transfer your personal data include:
calling agents used by us for the purpose of providing customer support to you in relation to the services that we provide; and
third party vendors and service providers (e.g. e-mail providers) which we use to provide our services.
The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:
you have expressly consented to your data being shared with specific third parties;
the third party needs to access the personal data for the purposes of us providing our services to you;
the third party has agreed to comply with our instructions, required data security standards, policies, and procedures and put adequate security measures in place;
the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and
a fully executed written contract that contains suitable obligations and protections has been entered into between the parties.
As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:
only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission;
where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA; or
where your data will be transferred to the US, ensuring that the third party to which we are transferring your data is part of the Privacy Shield.
For more information on the safeguards used when we transfer personal data to third parties, please contact us at DPO@qumata.com
9.Retention of your data
9.1. Unless we are required by law to retain your personal data for a longer period, we will do so for a maximum of ninety days following the last time the data is processed. Thereafter, your personal data will be securely deleted automatically and cannot be restored.
9.2. For more details about our retention periods, please contact us at DPO@qumata.com.
9.3. We retain anonymized data. This may remain stored and used by us with no time limits. This data is no longer associable to any user and is therefore not personal data.
10.Rights in relation to your personal information
10.1. You have certain rights in relation to the personal data we process and hold about you. These include:
Right of access: you have the right to request access to personal data that we may process about you.
Right to rectification: you have the right to require us to correct any inaccuracies in your data.
Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements.
Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data.
Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.
Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.
Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal data (to the extent processing is based on consent and consent is the only permissible basis for processing).
10.2. If you are not able to complete the above via the Qumata App and Website, please write to us DPO@qumata.com specifying the right you wish to exercise.
10.3. Unless we are permitted to do so by applicable law, we will not charge a fee for you to exercise any of the rights listed above.
10.4. In case you have given your consent to let the DataKonect App and Website access your personal data from a given third party source such as Garmin or Apple Health, you can always revoke your consent from those sources directly or ask us to revoke this consent manually by sending a request to DPO@qumata.com
It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us.
Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at DPO@qumata.com or using the link provided in an email. We will process your request to be opted-out of marketing within 10 days of receipt.
We will ensure that we obtain your consent before we share your personal data with any company outside of our Group for marketing purposes.
Where you opt out of receiving marketing communications from us, we may still process your personal data for other required purposes, as specified in section 4 above.
13.Third party links
The DataKonect App and Website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.
16.Closing your DataKonect profile
17.1. You should also be aware that you have the right to raise any concerns in relation to how we process your personal data with the Information Commissioner's Office in the UK (the ICO).
Email address: DPO@qumata.com
Post: Data Protection Officer, Qumata Group Ltd, 14 Dufferin Street EC1Y 8PD, London, England.
17.3 We will respond to requests and questions addressed to DPO@qumata.com within 15 to 30 calendar days.