Data Privacy Policy

Published by : SYNERGY

Last updated : 6-8-2024 (D-M-Y)

We take the protection of your personal data very seriously and want you to feel secure when using our app and products. The protection of your privacy when processing personal data is an important concern for us that we also take into account in all our business processes.

Personal data are collected, processed and used exclusively in accordance with legal regulations and in good faith. As far as possible, we design our business processes in such a way that the data protection requirements are already taken into account during the development of the products and service offers and to the extent possible, personal data is pseudonymized.

Information we collect

As part of our business relationships, we process personal data that we have received directly from you. In addition, we process personal data which we legitimately obtain from publicly accessible sources or which is legitimately transmitted to us by other third parties, insofar as this data is necessary for the provision of relevant services we provide to you and/or within the scope of the Purposes as set forth below.

Purposes of processing (“Purposes”) and legal basis

Your personal data will be processed in accordance with the provisions of the GDPR and for the following purposes.

For the fulfillment of contractual obligations (Art. 6 Para. 1 b GDPR):

The processing of personal data takes place in the context of trade with products and services in the field of consumer electronics. The Purposes of data processing depend primarily on the specific product and its software applications. Further details on this data processing purpose can be found in the accompanying operating instructions, manuals and other terms and conditions at the purchase of such specific products.

Within the framework of the balancing of interests (Art. 6 para. 1 f GDPR):

If necessary, we process your data beyond the actual performance of the contract to protect the legitimate interests of us; for the purpose of the assertion of legal claims and defense in legal disputes; the guarantee of IT security and the maintenance of our IT infrastructure and operation; the prevention and clarification of criminal offences; and for business management purposes and the development of services and products.

On the basis of your consent (Art. 6 Par. 1 a GDPR):

If we have your consent to the processing of personal data for specific purposes (e.g., forwarding of data within the Group or evaluation of data for marketing purposes), the legality of such processing is given on the basis of your consent. The given consent can be revoked at any time at the App (Settings Withdraw Consent). The revocation of the consent does not affect the legality of the data processed until the revocation.

Special data protection at our fitness trackers and smart devices

We use your data to make the use of the fitness tracker / smart device as pleasant as possible for you and so that you can benefit optimally from your fitness program. At the same time, this information will improve our Service.

The application stores and processes the following data: User Name, Gender, Birthday, Weight, Height, Steps, sleeping hours, heart rates (if available), distances, calorie consumption, goals, successes and challenge.

The application also stores and processes Cycle Tracking data such as length of menstrual period, cycle history, and pregnancy data, which belongs to Art.9 of the GDPR.

All of your data is stored only locally on your smartphone or device.

In the App -> Settings -> FAQ & Feedback: The FAQ section provides a list of common questions. No personal data is collected in the FAQ.

You can also provide feedback or report a problem to us. This will help us identify and fix issues when something is not working properly. Feedback and problem reports will be sent via email to our designated secure customer service mailbox.

All of the information you provide will be deleted immediately after the reported issue is resolved.

In order to ensure the compatibility of your fitness tracker / smart device with your smartphone, our fitness tracker / smart device and our application access the following functions of your phone:

Android

  1. Read caller list
  2. Taking picture and videos
  3. Reading contacts
  4. Receive SMS
  5. Read SMS or MMS
  6. Read the contents of your shared memory
  7. Changing or deleting the contents of your shared memory
  8. Only access the exact location when running in the foreground
  9. Access the approximate location (network-based) only when running in the foreground
  10. Accept calls
  11. Retrieve phone status and identity
  12. Retrieve network connections
  13. Battery performance optimisations
  14. Perform linking with Bluetooth devices
  15. Execute foreground service
  16. Access Bluetooth settings
  17. Control vibration alarm
  18. Access to all networks
  19. Deactivate idle state
  20. BIND_GET_INSTALL_REFERRER_SERVICE
  21. BLUETOOTH (Android <= 11)
  22. BLUETOOTH_ADMIN (Android <= 11)
  23. DEVICE_POWER
  24. BLUETOOTH_CONNECT (Android 12+)
  25. BLUETOOTH_SCAN (Android 12+)
  26. Android_ID
  27. Device Serial Numbers
  28. External data storage (Android <= 12)
  29. Health Connect read-write access
  30. READ_MEDIA_IMAGES (Android 13+)
  31. POST_NOTIFICATIONS (Android 13+)
  32. SCHEDULE_EXACT_ALARM (Android 14+)
  33. ACTION_NOTIFICATION_LISTENER_SETTINGS
  34. MEDIA_CONTENT_CONTROL
  35. SEND_SMS
  36. WAKE_LOCK
  37. BLUETOOTH_ADVERTISE (Android 12+)
  38. RECEIVE_BOOT_COMPLETED
  39. com.google.android.c2dm.permission.RECEIVE
  40. READ_MEDIA_VISUAL_USER_SELECTED (Android 14+)
  41. FOREGROUND_SERVICE_CONNECTED_DEVICE (Android 14+)
  42. FOREGROUND_SERVICE_REMOTE_MESSAGING (Android 14+)
  43. ACCESS_MEDIA_LOCATION (Android 10+) if applicable
  44. DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION

iOS

  1. Location
  2. Photos
  3. Bluetooth
  4. Camera
  5. Local network
  6. Microphone
  7. Siri & search
  8. Messages
  9. Mobile data
  10. Contacts

App permissions

In order to provide you with the functionalities of the app, the app must be able to access various functions and data of your mobile device. To do this, it is technically imperative that you grant the app selected access authorizations.

Otherwise the app cannot be used for technical reasons. Before using the app for the first time, we will explicitly inform you of the requested access rights. Usually the authorizations are as follows:

Location: This permission is required to determine your current location for location-based services. This permission allows your phone to access your GPS data, WLAN identifiers and/or Bluetooth, depending on which of them you have enabled, to locate your location.

Push notifications: Push notifications are messages(e.g: WhatsApp) that are sent from the app to your device and are prioritized there. This app uses push notifications on delivery, provided the user has consented during the installation of the app or the first use. End user has to accept the enable notifications for first time installation. Also, The reception of push notifications can be deactivated at any time in the settings of the app.

Access smartphone contacts: This permission is required to show caller’s name when user received a call notification.

User behavior: Within the framework of legal regulations, user can provide Name, Avatar, Gender, Birthday, Weight, Height and Stride. User also can click “skip” to not provide these information. The data are stored locally on the smartphone and is not linked to any further information about the user.

Device information: In addition to protocol data, we may also collect information about the device on which the app is used. These include device type, operating system used, device settings, unique device identifiers and crash data. Whether some or all of this information is collected depends on the type of device used and its settings. This allows error messages and system crashes to be analyzed in order to improve future operation. You can find out from
https://www.gstatic.com/policies/privacy/pdf/20210701/7yn50xee/google_privacy_policy_en.pdf how the information are processed and protected.

Data Protection and Limited Use Disclosure

All data transfer and storage are encrypted to protect this App against unauthorized or unlawful access, destruction, loss, alteration, or disclosure.

Health Connect: The use of information received from Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements.
https://support.google.com/googleplay/android-developer/answer/9888170?sjid=13972659535113455728-AP#ahp

Google Maps: The purpose of using Google Maps is to provide the latitude and longitude information from our GPS Smartwatch and to the App, then the App invokes Google Map to display user activity trajectory on app which is a major function of our GPS Smartwatch.

Google APIs: The App's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes

Social Media: If you connect to this app via third party social media sites (such as Facebook, Twitter, Instagram or Google+), you may be subject to the data policy of such third-party social media sites. We do not have access to any of your personal data stored on such third-party social media sites.

Weather: The purpose of using weather service is that Weather is a major function of our fitness tracker / smart device. We make use of the device's longitude and latitude information to enquire of weather data for that location. The location information being collected is not linked to your identity and will not be stored or used for any other purposes. The usage of weather service and its data storage duration are subject to their privacy policy:
https://openweather.co.uk/privacy-policy

We are distributing the App via Apple App Store and Google Play Store. We have also incorporated Google Maps (for Android devices), Firebase Crashlytics, and Google Analytics in the App. GPS related sport activities and Google Maps require Location Permissions. Firebase Crashlytics and Google Analytics collect crash data that are not linked to any of your identity. Analytics automatically logs some events and user properties. Details of events and user properties can be found from Google website:

All the data being collected are ANONYMOUS statistics. The purpose of using Firebase Crashlytics is to collect crash data in order to help track, prioritize, and fix stability issues that erode our app quality.

The legal basis for the collecting of the crash data is Article 6(1) point f) GDPR. Our legitimate interest arises from the purposes of the data collecting listed above.

Google Analytics helps to measure and provide insight on the App usage and user engagement. Analytics integrates across Firebase features and provides unlimited reporting of up to 500 distinct events that you can define using the Firebase SDK. Analytics reports help you understand users behave, which can help to optimize app performance.

The purpose of using Firebase Crashlytics is to collect crash data in order to help track, prioritize, and fix stability issues that erode our app quality. Crashlytics saves our troubleshooting time by intelligently grouping crashes and highlighting the circumstances that resulted. Find out if a particular crash is impacting a lot of users. Get alerts when an issue suddenly increases in severity. Figure out which lines of code are causing crashes.

The App includes the OpenTelemetry (OpenCensus OpenTracking) library, which is a part of the original Google library. However, we do not utilize the functionality of OpenTelemetry in our app. We have kept the OpenTelemetry-related library in the App to maintain the integrity of the Google library.

As a result, usage of our apps are also subject to the following privacy policies:

Data Safety

As part of the App functionality, this App may collect the following data and upload it to your smartwatch in accordance with your instructions and permissions. The collected data is processed ephemerally and will not be shared with third parties.

  1. Contact List
  2. Image
  3. Media
  4. Notifications
  5. SMS

Data transfer to third countries or international organization

The App is using 3rd party European based server to provide firmware update service. Data are transmitted to offices in countries inside the European Union.

No data will be transferred to third countries or international organization outside the European Union.

According to Article 45 GDPR, transmission is permissible if the European Commission has decided that an adequate level of protection exists in a third country. In the absence of such a decision, we or the Service Provider may only transfer personal data to a third country or to an international organization if appropriate safeguards are provided (e.g. standard data protection clauses adopted by the Commission or the Supervisory Authority in a particular procedure) and enforceable rights and effective remedies are available.

We have agreed contracts with these service providers for so-called order processing, which stipulate that the principles of data protection are always concluded with their contractual partners in compliance with the European data protection level.

Personal data and Measurement data recorded & processed

User Name, Gender, Birthday, Weight, Height, Steps, Sleeping hours, Heart rate (if available), Running distance, Calorie consumption, Goals, Successes and Challenges.

Cycle Tracking data such as length of menstrual period, cycle, history date, and pregnancy data which belongs to Art.9 of the GDPR.

Storage period

Your data is only stored on your smartphone or device. Once the App is uninstalled, all personal data will be removed from your smartphone or device and none of the data will be retained.

The retention period of data transmitted to third-party providers are subject to the data policy of such third-party social media sites.

We will not actively transfer your data to any third party. The data that has been successfully transferred to a third party (e.g.: Apple Health, Google Fit or Strava (if available)) with your permission will follow the third-party platform and its privacy policy. You can turn off third-party authorization the setting at any time and the data will no longer be transmitted.

For firmware update, the data stored in the European servers will be stored during your use of the App. You can contact us to delete. Once you make a deletion request, we will delete or anonymize your information as soon as possible, and no later than 90 days from the date of your deletion request. The data will be stored around six months until a further new update is available if a deletion request is not made.

Delete data from the App

If you would like to delete your data from the App, please open the App and go to Settings >>> Withdraw Consent and Delete User Profile. Press “OK” and all of your data will be deleted from the App.

Affected rights

Any person concerned by the processing of personal data has the right to:

  1. Information (Art. 15 GDPR),
  2. Corrigendum (Art. 16 GDPR),
  3. Cancellation (Art. 17 GDPR),
  4. Restriction on processing (Art. 18 GDPR),
  5. Data transferability (Art. 20 GDPR) and
  6. Opposition (Art. 21 GDPR).

There is a right of appeal to a competent data protection supervisory authority (Art. 77 GDPR). You also have the right to lodge a complaint with the responsible data protection supervisory authority at any time. You can contact the responsible data protection supervisory authority located in your country or state.

You can revoke your consent to the processing of personal data at any time. You can uninstall the App anytime if you would like to revoke this consent. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this.

Automated decision making

In principle, we do not use fully automated decision making according to Art. 22 GDPR for the establishment and implementation of the business relationship.

Information about your right of objection according to Art. 21 Basic Data Protection Ordinance (GDPR)

Right of objection in individual cases

You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you, which is based on Art. 6 para. 1 e GDPR (data processing in the public interest); this also applies to profiling based on this provision within the meaning of Art. 4 no. 4 GDPR.

If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The App cannot be used if you revoke consent.

Withdraw your consent

If you have given consent under this privacy policy to the processing of your data by the App, you can withdraw consent from App (Settings -> Withdraw Consent-Press “OK”) and none of the data will be retained

Points of Contact

Data Protection Controller

If you have further questions regarding the processing of your data or wish to exercise any of your rights under the GDPR or pursuant to this policy, you can contact our data protection controller:

Synergy Innovations Group Limited
Attn: Data Privacy Officer
Room 1003, Tower 1, Lippo Centre,
89 Queensway, Admiralty, Hong Kong.
dataprivacy.synergy@mailo.com

European Representative:

If you are based in Europe, you may also direct your inquiry to the data protection officer of our European representative:

A6 Europe s.a
Attn: Data Privacy Officer
127-129 Rue Colonel Bourg,
1140 Brussels, Belgium.
dataprivacy1.synergy@mailo.com