Effective Date: 05 June 2020
WHO WE ARE
WHAT DATA ABOUT ME IS COLLECTED AND HOW IS IT USED?
Which Personal Data we Collect
Personal Data is information that identifies you or can be used to identify or contact you (“Per-sonal Data”). Such Personal Data may include your name, address, email address, telephone number, birth date (primarily for eligibility purposes) and billing and credit card information. Personal Data may also include health related data, such as your weight history.
How we Collect and Use Your Personal Data
If You Use Our Internet Products
We collect information, some of which contains Personal Data, that you provide directly to us when you choose to use our Internet Products (available either for free or on a subscription basis) such as the “My Favourites” feature, the online “SmartPoints™ Tracker” tool, and the “Weight Tracker” tool. We also collect data that you provide directly to us through responses to special Internet Products such as surveys, questionnaires, self-assessment quizzes, contests and the like. We use this data to personalise our Internet Products and to optimize your customer experience when using our Website.
Moreover, we automatically collect information including Personal Data when you browse our Website or use our Internet Products, such as your IP address, browser type, operating system, error logs, and other similar information. Such aggregated in-formation does not allow us to identify you and is used by us to analyse trends, to administer the Website, to monitor our Website’s use, and to gather general information about the use of our Website.
The legal basis for such processing of your Personal Data are our legitimate interests (Art. 6(1)(f) GDPR) in customizing the content of our services in line with user prefer-ences and in further improving our Internet Products.
Some of our Internet Products require the processing of your health related data, like information on your weight history. We will only process such data with your prior con-sent according to Art. 9(2)(a) GDPR, except where permitted or required by applicable law.
Please note that you are not legally required to provide us with your Personal Data. However, without your Personal Data we will not be able to provide you with the full range of our Internet Products.
If You Become A Community User Or Subscriber
In order to access certain Internet Products on our Website, such as our message boards, weight loss tools and food database or if you create an account for our web shop, you must first complete certain steps to become either a community user or a subscriber or to open an account for our web shop. During these steps, you will be re-quired to provide us with Personal Data such as your name, postcode and email ad-dress, and, if you subscribe to one of our Internet Products or open an account for our web shop, credit card and billing information as well as for certain Internet Products health-related information like your weight history and other data. This data is used to provide you with the requested Internet Products or for subscription billing purposes.
Such processing of your Personal Data is necessary for the performance of our ser-vices. The legal basis for such processing of your Personal Data is therefore Art. 6(1)(b) GDPR. As regards health-related information, we will only process such da-ta with your prior consent according to Art. 9(2)(a) GDPR, except where permitted or required by applicable law. You are contractually required to provide us with such in-formation and without such information we are not able perform the services as de-scribed above.
It is optional for you to provide demographic information (such as profession and number of children), but providing this information will enable us to provide a more personalised experience on our Website. The legal basis for such processing of your Personal Data are our legitimate interests (Art. 6(1)(f) GDPR) in customizing the content of our services in line with user preferences and in further improving our Internet Products.
If you Purchase from our Web Shop
If you place an order in our web shop without opening an account, you will be asked to provide your name, postal address, billing address, payment details, email address and (optional) your telephone number.
We will use your name and email address to send you an order confirmation email and a shipping confirmation email. We will also use your payment details to process pay-ment for your order and your mail address and other contact details to ship your order to you. Such processing of your Personal Data is necessary to process your order; the legal basis for such processing of your Personal Data is therefore Art. 6(1)(b) GDPR. Please note that you are contractually required to provide us with such Personal Data and that without such Personal Data we will not be able to send you order-related communications or to fulfil your order.
If we Send you Service Updates
We use your Personal Data to send you important service announcements and up-dates regarding our Website or Internet Products or, if you are a subscriber, about your billing account status. When you become a community user or when you subscribe to our Internet Products, we will send emails to provide transactional information about your subscription or to verify your username and password. Such service announcements and updates contain important information relevant to your use of our Website and/or our Internet Products.
The processing of your Personal Data for such purposes is necessary for the perfor-mance of our services. The legal basis for such processing of your Personal Data is therefore Art. 6(1)(b) GDPR. Please note that you are contractually required to provide us with such Personal Data and that without such Personal Data we will not be able to send you service-related communication.
If you Contact our Customer Service
If you contact our customer service, we will communicate with you in response to your inquiries, to provide the services you request, and to manage your subscription. We will communicate with you by email or telephone, in accordance with your preferences.
Such processing of your Personal Data is necessary for the performance of our ser-vices; the legal basis for such processing of your Personal Data is therefore Art. 6(1)(b) GDPR. Please note that you are contractually required to provide us with such Personal Data and that without such Personal Data we will not be able to send you customer service related communications.
If you Subscribe to Newsletters and other Marketing Communications
When subscribing to our Internet Products or elsewhere on our Website you have the option to consent to receiving newsletters and other information on our products and services. If you “opt-in” we will send you promotional newsletters and inform you about offers, events and surveys via e-mail and through social media platforms. The legal basis for such processing of your data is your consent (Art. 6(1)(a) GDPR) or – if you are an existing customer or subscriber – our legitimate interest (Art. 6(1)(f) GDPR) in providing you with relevant marketing information. Please note that you are not legally required to provide us with your Personal Data. However, without your Personal Data we will not be able to send you our newsletters and other information as described above. You have the option to opt-out of these types of communication at any time by following the respective instructions in such communication.
If you Use our Social Features
Our Website features public forums such as message boards, bulletin boards, recipe swaps or similar activities where you and other users of our Website can communicate with one another. In addition, we offer the “Public Profile” feature of our Website to permit you to share information about yourself (including, if you elect, Personal Data) with others (together “Social Features”).
If you use these Social Features, please be aware that we cannot control how other users of our Website might use your data. We also cannot prevent you receiving un-wanted messages from other users. If you wish that a specific content generated by you shall be removed from the Social Features on our Website, please contact us at the contact details as mentioned below.
Any Personal Data posted via the Social Features are processed in order to provide you with the respective service and the legal basis is therefore Art. 6(1)(b) GDPR. Please note that you are not legally required to provide us with your Personal Data, but that you will not be able to use our Social Features without providing your data.
To the extent certain third-party website features are available on our Website, the following terms apply:
We use plug-ins of the social networks Facebook, Pinterest, Twitter, Instagram and YouTube to enable our Website users to easily share content found on our Website and connect with their friends via such social networks. Whenever you view a page of our Website containing such plug-in, your browser establishes a direct connection to the servers operated by provider of the social network. As a result, the content of the social plug-in is transferred by the network provider directly to your browser and embedded in our Website being shown. If you visit our Website whilst signed into your social network user account, information concerning your visit will be transferred to the network provider and the provider of the social network can assign your visit to our Website to your account with the social network. Please note that a data transfer is triggered already when you visit our Website, irrespective whether you interact with the plug-in. To prevent this you must log out of your social network account before visiting our Website. Please refer to the privacy policies of Facebook, Pinterest, Twitter, Instagram and YouTube for more information on the purpose and scope of data collection and data analysis undertaken by the social network as well as your options to modify settings and how to protect your privacy.
We provide our subscribers the ability to sync with Apple’s HealthKit framework, which provides the ability to access your health and fitness data to help you keep track of your activity in the WW app on your iPhone and Apple Watch if you so choose. (For more information click here). We do not use information gained through the HealthKit framework for advertising or similar services. You can always stop WW from accessing your data by changing the settings of your mobile device.
HOW WE SHARE AND DISCLOSE PERSONAL DATA
We will not share, sell, transfer or otherwise disseminate your Personal Data to third parties, unless required by law according to Art. 6(1)(c) GDPR, unless required for the purpose of your contract according to Art. 6(1)(b) GDPR, unless the third party acts as a data processor on our behalf according to Art. 28 GDPR or you have given us express consent to do so according to Art. 6(1)(a) GDPR.
We share some of your Personal Data with another Weight Watchers company located in the United States to provide hosting services to us.
We also use third-party service providers to offer or facilitate services on our behalf and share your Personal Data with such providers to the extent necessary for such providers to perform their services on our behalf. In particular, we use a mailing company to dispatch email market-ing messages, payment service providers to bill you for goods and services and for credit card processing, specialist providers for payment collection and fraud screening, a shipping company to fulfil orders, a call centre provider to facilitate customer service, social media and other agencies to manage our social media and other advertising campaigns, a cloud provider for our CRM system and an external provider for the hosting of our web shop.
Some of the companies we share your Personal Data with as described above are located outside of the European Economic Area.
In order to grant sufficient protection of your Personal Data in this context, we use standard data protection clauses adopted by the European Commission according to Art. 46(2)(c) GDPR with such companies or certifications of such companies under the EU-U.S. Privacy Shield according to Art. 45(1) GDPR. You can request further details by contacting us at the contact details as mentioned below.
We may also be required to disclose your Personal Data to government or law enforcement officials in response to a lawful request by a public authority or if we have to do so to comply with a legal obligation, including to meet national security or law enforcement requirements according to Art. 6(1)(c) GDPR. We can also disclose your information in order to pursue our legitimate interest in applying or enforcing our terms and conditions or in responding to any claims, in protecting our rights or the rights of a third party, in protecting the safety of any person or in preventing any illegal activity (including for the purposes of fraud protection and credit risk reduction) according to Art. 6(1)(f) GDPR.
If required under applicable data protection laws, we will collect your prior consent before shar-ing your Personal Data with other companies. In such cases, the legal basis is Art. 6(1)(a) GDPR.
IS MY PERSONAL DATA USED FOR ANY OTHER PURPOSES?
WHAT RIGHTS DO I HAVE?
You have the following rights:
Right of access (Art. 15 GDPR):
You have the right to request confirmation as to whether we process your Per-sonal Data and where that is the case, to request access to the Personal Data we hold about you.
Right to rectification (Art. 16 GDPR):
You have the right to request the correction of inaccurate Personal Data.
Right to erasure (Art. 17 GDPR):
You have the right to request erasure of Personal Data without undue delay un-der certain circumstances, e.g. if your Personal Data is no longer necessary for the purposes for which it was collected or if you withdraw consent on which our processing is based according to Art. 6(1)(a) GDPR and where there is no other legal ground for processing.
Right to restriction of processing (Art. 18 GDPR):
You have the right to request us to restrict the processing of your Personal Data under certain circumstances, e.g. if you think that the Personal Data we process about you is incorrect or unlawful.
Right to data portability (Art. 20 GDPR):
Under certain circumstances, you have the right to receive your Personal Data you have provided us with, in a structured, commonly used and machine-readable format and you have the right to transmit that information to another controller without hindrance or ask us to do so.
Right to object (Art. 21 GDPR):
You have the right to object to the processing of your Personal Data under certain circum-stances, in particular if we process your Personal Data on the legal basis of legitimate interests (Art. 6(1)(f) GDPR) or if we use your Personal Data for marketing purposes.
You can assert your abovementioned rights by contacting us at the contact details mentioned below.
RIGHT TO LODGE A COMPLAINT BEFORE THE DATA PROTECTION AUTHORITY
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or place of the alleged infringement if you consider that our processing of your Personal Data infringes the applicable data protection laws. Please contact us at the contact details mentioned below and we will assist you to identify the respective competent supervisory authority.
We store your Personal Data and other information for as long as necessary to enable you to use our Website and our Internet Products, to provide our services to you, to comply with applicable laws (including those regarding document retention), to resolve disputes with any parties and otherwise as necessary to allow us to conduct our business. If you have a question about a specific retention period for certain types of Personal Data we process about you, please contact us at the contact details mentioned below.
AUTOMATED INDIVIDUAL DECISION-MAKING
We do not use your Personal Data to make decisions with legal or similar effects for you based on the automated processing of your Personal Data only.
WHO DO I CONTACT IF I HAVE ANY PRIVACY QUESTIONS?