PRIVACY FAQ

What is EU GDPR?

Is there something I need to do?

Why do I have to verify my email address? What happens if I do not to do that?

What are the consents that I need to give?

What happens if I do not give the consents to use my personal data?

Where is my data stored? Can you tell me where your cloud service is located?

Is it safe to transfer data outside Europe?

How is the data protected? What do you do to protect the data?

How many registered Flow users are there?

Who can handle my data? Who has access to the users’ data? How many people have access to the users’ data? How is the data shared with third parties?

Is the password of my account encrypted, and what algorithms have been used?

What information do you have about me?

Why did I receive a newsletter about changes to the privacy policy despite the fact that I have not subscribed to it? I wish to cancel my subscription. Why did the newsletter I received not include an option to cancel the newsletter subscription?

How can I cancel the newsletter subscription?

How can I remove all my data from your database and close my account?

How do I review the data you have about me?

Is my data encrypted when it is stored and transferred? Do you support the Perfect Forward Secrecy protocol?

If I have selected the privacy setting “Private” for my profile/exercises/activity summaries, does this mean that the information that I have shared for example on Facebook is also private?

I do not accept your terms and conditions of use/privacy policy and wish to use only some of the services. Is this possible?

What kind of data is transferred outside the EU/EEA?

Has data been transferred outside the EU when the previous privacy policy was used?

If I request that my data is removed from Polar’s services, can you guarantee that it is removed from all places where it has been transferred from Polar’s services, including systems belonging to third parties?

What does data protection mean?

What do different protection techniques mean?

What are Polar’s subsidiaries and subcontractors?

Where can I find the contact information of the data protection authority in my county?

 

 

What is EU GDPR?

EU GDPR is an abbreviation of the words European Union General Data Protection Regulation. It refers to the data protection regulation of the European Union, which enters into force in May 2018. The purpose of the regulation is to harmonize the data protection practices of the EU countries and organizations operating in the EU and to improve data security for the citizens of the member states.

As the EU GDPR comes into effect, we as a company want to improve the transparency of our operations. We have renewed our Privacy Notice and Terms of Use in order to give you more information about how and for what purposes your user information is used.

 

Is there something I need to do?

There are three things that we will ask you to do during the spring of 2018.

  1. Please read the revised Privacy Notice and Terms of Use. Starting in May 2018, when you log in to Polar Flow, we will be asking you to confirm that you’ve read the new Privacy Notice and that you agree to the new Terms of Use.
  2. Verify your email address. We’ll send you an email with a verification link. We do this to make sure that your email address is not being misused and the person behind this email address really is you. When you get the email, open it and click the verification link.
  3. Give certain consents to use our services. These are needed to get your Polar account and our databases up to date. Read more about consents here.

You can change your consents through the Settings page in our service at any time.

 

Why do I have to verify my email address? What happens if I do not to do that?

By verifying your email address, we make sure that no-one else is using your email address behind your back and that it is really you who is using Polar services. User identification is also a requirement in data protection laws in many countries.

Once you receive the verification email, you have 30 days to verify your email address, after which your account will be locked and you can no longer log on to your account. However, you can still synchronize data from your Polar product to your account.

If you don’t receive the verification email, log on to Polar Flow or any other Polar service you’re using and request a new verification email. Make sure the message has not ended up in your spam folder. If you don’t receive the verification email even after requesting a new message, please contact our Customer Care.

If you do not verify your email address within 30 days of receiving the verification email, unfortunately your account will first be locked and later deleted if still unverified.

 

What are the consents that I need to give?

These consents are not only required in the data privacy standards of many countries, but they also help you understand how we use your data.

The consents are divided in two groups. Firstly there are the mandatory consents which are separated into smaller entities because of legal reasons. You need to give these consents to be able to use Polar services. You can also withdraw them at any time, but you should be aware that this will prevent you from using Polar services, and after six months your account and all your data will be deleted permanently. We will notify you by email two weeks before the deletion, and you still have a chance to give the consents and cancel the deletion.

These are the mandatory consents:

  • Consent to use your personal information: email, age and location. This is information that you give us when creating a Polar account. We use it to provide you with accurate personal calculations such as burnt calories and Training Benefit feedback.
  • Consent to handle your sensitive personal data. Together with personal information sensitive personal data makes up the fuel that the algorithms need to provide you with individual service. In Polar’s case sensitive personal data refers to heart rate data, activity data and sleep data, in other words health data that our products and services collect from you.
  • Consent to transfer your data outside your home country. Polar is a global company that offers and supports services all over the world. Most of our customer data is hosted on servers located in the EU (e.g. Finland). However, some monitoring and remote work is done elsewhere. We use highly reputable and secure world class data storage platforms. All the partners involved in providing Polar services to our customers are chosen carefully.
  • Consent from the guardian of a young person (under 13 years of age). Customers who are under 13 years of age need consent from their guardian to use Polar services. 
  • Secondly there is one voluntary consent for marketing communication. If you choose to not give this consent, it will not affect your use of Polar products and services:

  • Consent to send marketing messages. We want to bring to your attention new features, system enhancements, updates and ways to get the most out of your Polar product, as well as inform you about new Polar products and exclusive offers to Polar customers. You can withdraw this consent at any time and this will have no impact on your Polar product and Polar account use.

 

What happens if I do not give the consents to use my personal data?

If you withhold any of the mandatory consents, you won’t be able to use our services anymore, and your account and data will be deleted after six months. We will notify you by email two weeks before the deletion, and you still have a chance to give the consents and cancel the deletion.

If you want to withdraw any of the consents once you have given them, you can always do so on the Settings page in Polar Flow or at account.polar.com. However, please note that this will prevent you from using our services.

The consent to receive marketing messages is voluntary, and it does not affect your use of our products or services.

 

Where is my data stored? Can you tell me where your cloud service is located?

The information in your Polar account and all of your Polar Flow exercise and activity data is saved in the Polar Flow ecosystem. The data is stored in databases owned by service providers located in the EU (e.g. Finland, Ireland) and outside the EU (e.g. USA). Some of the monitoring and ancillary activities of the ecosystem (e.g. sending automatic messages) are conducted from outside the EU, which means that your data may be transferred outside the EU. The term “transfer” also covers remote use of data, so it is possible that your data that is stored in the EU is also handled from outside the EU. If your data is stored or handled outside the EU, protection mechanisms approved by the EU, such as the EU-U.S. Privacy Shield or EU’s model contractual clauses, are always applied.

 

Is it safe to transfer data outside Europe?

If Polar transfers data outside the EU and EEA, the transfer is protected with protection mechanisms approved by the EU. These are:

The actual physical data transfer is always encrypted and conducted over a secure connection.

 

How is the data protected? What do you do to protect the data?

Polar protects the data by using technical, physical and administrative security measures designed to prevent unauthorized access to Polar systems. Polar uses, for example, encryption techniques, pseudonymization/anonymization, and other security technologies. Our servers are protected by firewalls.

 

How many registered Flow users are there?

Unfortunately, we cannot disclose this information as it is covered by corporate security.

 

Who can handle my data? Who has access to the users’ data? How many people have access to the users’ data? How is the data shared with third parties?

Only persons who need to handle user data in their work (e.g. customer care) have access to user data. Handling is legally a broad term which also covers the storage of data, access to data (directly or remotely), data transfer etc. On a large scale, user data is also handled by third parties to which we refer in our Privacy Notice. These third parties include, for example, the bodies we use to produce the Flow platform and to store data. We also use subcontractors in our planning and development work, to some extent. We have strict confidentiality agreements with them, and they rarely have access to actual user data. In other words, we only share data with third parties for maintenance, monitoring and development purposes and do not allow them access to actual user data.

 

Is the password of my account encrypted, and what algorithms have been used?

For security reasons, we do not disclose what encryption methods we use.

 

What information do you have about me?

You can review your data directly in the Polar Flow service (https://flow.polar.com). Your account information and all data concerning your Polar products and use of the services come directly from you. We store the information you have provided (e.g. when creating your Polar account or editing your information) and data that we obtain from your registered Polar devices. When you synchronize a registered device with the Flow service, the data in the device is stored. You can also add and edit your information in the Flow service and the Flow mobile application. If you do not want to use the Flow service, you can ask our customer care to send your account information to you.

If you would like to review any other information we may have about you (such as your polarpersonaltrainer.com data, purchase history, Customer Care contact history, or service history), contact our Customer Care.

 

Why did I receive a newsletter about changes to the Privacy Notice despite the fact that I have not subscribed to it? I wish to cancel my subscription. Why did the newsletter I received not include an option to cancel the newsletter subscription?

The message you received is not a newsletter. In some situations, Polar has a legal obligation to inform all users of changes to, for example, our Terms of Use or our Privacy Notice. These messages are sent to all users, not only those who have subscribed to our newsletter.

 

How can I cancel my newsletter subscription?

An option to cancel the newsletter subscription is provided at the end of all newsletters from Polar. You can also refuse marketing messages in the settings of the Polar Flow service or at account.polar.com. You can do this (or check whether this setting is already active) by logging into the Flow service. Click on your name to edit your profile. Select Settings – Privacy and check that Newsletter is not selected.

 

How can I remove all my data from your database and close my account?

Please contact our Customer Care so that we can initiate the deletion process. Here’s how it works:

Your training data will be automatically deleted from Polar Flow. You will get an automated notification when the final deletion is about to happen, and you still have two weeks to cancel the deletion. If you don’t cancel the deletion, your account and all your training data will be deleted permanently after six months.

All your other data, such as your purchase history, your device’s service history or your polarpersonaltrainer.com data, will be deleted separately unless an applicable law requires us to retain it. We will notify you when this data has been deleted.

Please note that the Polar Flow service and some of the features of your Polar product will be unavailable to you after we have closed your account. You will not be able to synchronize your data with our service or update the firmware version of your device.

 

How do I review the data you have about me?

You can review your data directly in our web services at https://flow.polar.com or polarpersonaltrainer.com. To review any other information (such as your purchase history, Customer Care contact history, or service history), contact Customer Care.

 

Is my data encrypted when it is stored and transferred? Do you support the Perfect Forward Secrecy protocol?

Some of the data is encrypted when it is stored, but not all. All data is encrypted when it is transferred, for example when your synchronize data from your wrist device to the Flow mobile app or through FlowSync to the Flow service. Perfect Forward Secrecy is not supported at the moment, but we are planning to support it in the future.

 

If I have selected the privacy setting “Private” for my profile/exercises/activity summaries, does this mean that information that I have shared for example on Facebook is also private?

The “Private” setting only affects your Flow account and prevents Flow from sharing your data with third parties. If you yourself share information in third party applications or, for example, write something in the club-specific discussion section of the Club application, other users will be able to see this information normally even if your privacy setting in Flow is “Private”.

 

I do not accept your Terms of Use/Privacy Notice and wish to use only some of the services. Is this possible?

Unfortunately, it is not possible to use Polar Flow or polarpersonaltrainer.com without accepting the Terms of Use and/or Privacy Notice. Some of our devices can also be used without Polar Flow or polarpersonaltrainer.com, but in that case, some of the features will not be available. You will also not be able to synchronize your data with our service or update the firmware version of your device.

 

What kind of data is transferred outside the EU/EEA?

All data in our databases can be backed up to servers located outside the EU if necessary. If Polar transfers data outside the EU and EEA, the transfer is always protected using protection mechanisms approved by the EU. These are:

The actual physical data transfer is always encrypted and conducted over a secure connection.

 

Has data been transferred outside the EU when the previous privacy policy was used?

The possibility for data transfer is mentioned in the previous privacy policy as well, but it has been described in more detail in the new policy. The new version also describes the protection mechanisms used in the transfer in more detail.

 

If I request that my data is removed from Polar’s services, can you guarantee that it is removed from all places where it has been transferred from Polar’s services, including systems belonging to third parties?

Polar has detailed processes for deleting data in order to ensure that the data is deleted from all places where it may be stored. However, Polar does not have access to systems belonging to third parties where you yourself have shared your data (e.g. Strava), so you will have to contact them yourself to request that the data is removed.

 

What does data protection mean?

Personal data protection is a basic right that protects your privacy. Personal information includes your name, e-mail address, telephone number and all other information through which you can directly or indirectly be identified. Data protection includes methods and processes for keeping this data safe. Data protection must always be taken into account when handling personal information.

 

What do different protection techniques mean?

Protection techniques refer to software and methods used to protect data. For security reasons, Polar does not specify what software is used. Protection techniques also include methods for handling data, rules concerning who can handle data, ensuring safety and reliability when cooperating with a third party etc.

 

What are Polar’s subsidiaries and subcontractors?

The Polar Group includes many different companies around the world, but mostly within the EU. With the help of the subsidiaries, Polar can, for example, work more comprehensively in different language areas. All of Polar’s subsidiaries work together with Polar for the benefit of the customers. Polar also uses subcontractors to some extent, for example to produce services, service infrastructure etc. We only use trusted partners who are bound by confidentiality.

 

Where can I find the contact information of the data protection authority in my country?

For EU countries, this information can be found on the website of the EU: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).