If I request that my data is removed from Polar’s services, can you guarantee that it is removed from all places where it has been transferred from Polar’s services, including systems belonging to third parties?
EU GDPR is an abbreviation of the words European Union General Data Protection Regulation. It refers to the data protection regulation of the European Union, which comes into force in May 2018. The purpose of the regulation is to harmonise the data protection practices of the EU countries and organisations operating in the EU, and to improve data security for the citizens of the member states.
There are three things that we will ask you to do during the autumn of 2018.
You can change your consents through the Settings page in our service at any time.
By verifying your email address, we make sure that no one else is using your email address behind your back and that it is really you who is using Polar services. User identification is also a requirement in data protection laws in many countries.
Once you receive the verification email, you have 30 days to verify your email address, after which your account will be locked and you can no longer sign in to your account. However, you can still synchronise data from your Polar product to your account.
If you don’t receive the verification email, sing in to Polar Flow or any other Polar service you are using and request a new verification email. Make sure the message has not ended up in your spam folder. If you don’t receive the verification email even after requesting a new message, please contact our Customer Care team.
If you don't verify your email address within 30 days of receiving the verification email, your account will unfortunately first be locked and later deleted if still unverified.
These kinds of consent are not only required in the data privacy standards of many countries, but they also help you understand how we use your data.
The types of consent are divided into two groups. First, there are the mandatory consents, which are separated into smaller entities for legal reasons. You need to give these consents to be able to use Polar services. You can also withdraw them at any time, but you should be aware that this will prevent you from using Polar services, and after six months your account and all your data will be deleted permanently. We will notify you by email two weeks before the deletion, and you still have a chance to give the consents and cancel the deletion.
The following are the mandatory consents:
Second, there is one voluntary consent for marketing communication. If you choose to not give this consent, it will not affect your use of Polar products and services:
If you withhold any of the mandatory consents, you won’t be able to use our services anymore, and your account and data will be deleted after six months. We will notify you by email two weeks before the deletion, and you still have a chance to give the consents and cancel the deletion.
If you want to withdraw any of the consents once you have given them, you can always do so on the Settings page in Polar Flow or at account.polar.com. However, please note that this will prevent you from using our services.
The consent to receive marketing messages is voluntary, and it does not affect your use of our products or services.
The information in your Polar account and all of your Polar Flow exercise and activity data is saved in the Polar Flow ecosystem. The data is stored in databases owned by service providers located in the EU (e.g. Finland, Ireland) and outside the EU (e.g. USA). Some of the monitoring and ancillary activities of the ecosystem (e.g. sending automatic messages) are conducted from outside the EU, which means that your data may be transferred outside the EU. The term “transfer” also covers remote use of data, so it is possible that your data that is stored in the EU is also handled from outside the EU. If your data is stored or handled outside the EU, protection mechanisms approved by the EU, such as the EU-U.S. Privacy Shield or EU’s model contractual clauses, are always applied.
If Polar transfers data outside the EU and EEA, the transfer is protected with protection mechanisms approved by the EU. These are:
The actual physical data transfer is always encrypted and conducted over a secure connection.
Polar protects the data by using technical, physical and administrative security measures designed to prevent unauthorised access to Polar systems. Polar uses, for example, encryption techniques, pseudonymisation/anonymisation and other security technologies. Our servers are protected by firewalls.
Unfortunately, we cannot disclose this information, as it is covered by corporate security.
Only persons who need to handle user data in their work (e.g. customer care) have access to user data. Legally speaking, handling is a broad term which also covers the storage of data, access to data (directly or remotely), data transfer, etc. On a large scale, user data is also handled by third parties to which we refer in our Privacy Notice. These third parties include, for example, the bodies we use to produce the Flow platform and to store data. To some extent, we also use subcontractors in our planning and development work. We have strict confidentiality agreements with them, and they rarely have access to actual user data. In other words, we only share data with third parties for maintenance, monitoring and development purposes and do not allow them access to actual user data.
For security reasons, we don't disclose what encryption methods we use.
You can review your data directly in the Polar Flow service (https://flow.polar.com). Your account information and all data concerning your Polar products and use of the services come directly from you. We store the information you have provided (e.g. when creating your Polar account or editing your information) and data that we obtain from your registered Polar devices. When you synchronise a registered device with the Flow service, the data on the device is stored. You can also add and edit your information in the Flow service and the Flow mobile application. If you don't want to use the Flow service, you can ask our Customer Care team to send your account information to you.
If you would like to review any other information we may have about you (such as your polarpersonaltrainer.com data, purchase history, Customer Care contact history, or service history), contact our Customer Care.
An option to cancel the newsletter subscription is provided at the end of all newsletters from Polar. You can also refuse marketing messages in the settings of the Polar Flow service or at account.polar.com. You can do this (or check whether this setting is already active) by logging into the Flow service. Click on your name to edit your profile. Select Settings – Privacy and check that Newsletter is not selected.
Please contact our Customer Care so that we can initiate the deletion process. Here’s how it works:
Your training data will be automatically deleted from Polar Flow. You will get an automated notification when the final deletion is about to happen, and you still have two weeks to cancel the deletion. If you don’t cancel the deletion, your account and all your training data will be deleted permanently after six months.
All your other data, such as your purchase history, your device’s service history or your polarpersonaltrainer.com data, will be deleted separately unless an applicable law requires us to retain it. We will notify you when this data has been deleted.
Please note that the Polar Flow service and some of the features of your Polar product will be unavailable to you after we have closed your account. You will not be able to synchronise your data with our service or update the firmware version of your device.
You can review your data directly in our web services at https://flow.polar.com or polarpersonaltrainer.com. To review any other information (such as your purchase history, Customer Care contact history, or service history), contact Customer Care.
Some of the data is encrypted when it is stored, but not all. All data is encrypted when it is transferred, for example, when your synchronise data from your wrist device to the Flow mobile app or through FlowSync to the Flow service. Perfect Forward Secrecy is not supported at the moment, but we are planning to support it in the future.
The “Private” setting only affects your Flow account and prevents Flow from sharing your data with third parties. If you yourself share information in third-party applications or, for example, write something in the club-specific discussion section of the Club application, other users will be able to see this information even if your privacy setting in Flow is “Private”.
All data in our databases can be backed up to servers located outside the EU if necessary. If Polar transfers data outside the EU and EEA, the transfer is always protected using protection mechanisms approved by the EU. These are:
The actual physical data transfer is always encrypted and conducted over a secure connection.
Polar has detailed processes for deleting data in order to ensure that the data is deleted from all places where it may be stored. However, Polar does not have access to systems belonging to third parties where you yourself have shared your data (e.g. Strava), so you will have to contact them yourself to request that the data is removed.
Personal data protection is a basic right that protects your privacy. Personal information includes your name, email address, telephone number and all other information through which you can directly or indirectly be identified. Data protection includes methods and processes for keeping this data safe. Data protection must always be taken into account when handling personal information.
Protection techniques refer to software and methods used to protect data. For security reasons, Polar does not specify what software is used. Protection techniques also include methods for handling data, rules concerning who can handle data, ensuring safety and reliability when cooperating with a third party, etc.
The Polar Group includes many different companies around the world, but mostly within the EU. With the help of the subsidiaries, Polar can, for example, work more comprehensively in different language areas. All of Polar’s subsidiaries work together with Polar for the benefit of our customers. Polar also uses subcontractors to some extent, for example to produce services, service infrastructure, etc. We only use trusted partners who are bound by confidentiality.
For EU countries, this information can be found on the website of the EU: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm).