Privacy Policy for Withings Products and Services
Withings processes your data to help you improve your health, while taking care of the health of your data.
As a data controller, Withings (Withings SA, 2 rue Maurice Hartmann, Issy-les-Moulineaux, 92130 France, privacy@withings.com) is committed to giving the utmost attention to the security and protection of your privacy. Withings processes your personal data in compliance with applicable privacy and personal data laws according to the new European General Data Protection Regulation (GDPR) which entered into force on May 25th 2018.
Our Privacy Policy explains how we process your personal data when you use our Products and Services. The products and services are composed of various software applications (including mobile and web applications, Product software, cloud-based Services), and connected Products that gather, store and process data to provide you insights and services to help you lead a healthier life (the "Products" and "Services").
What information do we collect and when?
In order to easily identify the personal data used in the different cases, each type of data is illustrated by a pictogram.
What information?
Depending on the Product used, the way you use it or the way you acquired it, some of the data below will be collected by Withings:
Identity data mean data which can directly identify you, such as your email address, birth date, usernames, names and surnames, phone number, delivery address.
Activity data vary depending on the Products used. They correspond to the measure of your physical activities, such as number of steps, distance travelled, number of swimming strokes, number of calories burned, type of activity, level of activity, and sport session time.
Physiological or health data mean data which correspond to a measurement of your physical features and your body activity. Depending on the Products used, it includes your weight, muscle, fat, water percentage, heart rate, blood pressure, electrocardiogram, heart sound, temperature, sleep cycles, snoring episodes.
Environmental data correspond to your environment or surroundings such as noise level, light level, temperature level, CO2 concentration, IP address and geo-location.
Technical data necessary for the use of the Products and Services, such as Wi-Fi network, technical logs, date of Product activation, battery measurement, manufacturing ID, debug technical information, and website cookies. Your bank details are processed when you purchase Products on our website. They are solely used for audit purposes and are not stored.
When?
-
When you create a Withings account, you provide certain personal data. Your Withings account is the core component of Products and Services, it allows you to access and control your personal data.
-
When you use our applications, some personal data is registered on your Withings account. This is the case when you set an alarm, share information, measure steps, fill in a field in the Application, install and synchronize your Product and Application, and when you activate certain optional features such as geolocation in the settings of your phone. All your personal data collected when using our applications are stored under your Withings account.
-
When you use our Products and Services, your personal data is collected to help you monitor your health. Each Product requires collection and processing of specific personal data. For example, our scales collect your weight or fat mass whereas our blood pressure monitors do not collect this type of data. From our Help Center, you can consult the user guide for each Product, containing all information specific to the personal data processed by the Product, in particular the way it is configured. You can find more information on data collection and processing by your Product in Withings Privacy-User Guide.
-
When you choose to share your Withings data with other applications, we exchange data with partners via API (Application Programming Interface). You may discontinue this connection at any time by logging in and managing the sharing preferences under your Withings account.
-
When you contact our customer support, some of your personal data under your Withings account are temporarily available to our teams until the problem is solved.
How do we use your Personal data?
The data collected through the Products and Services of Withings is
processed by Withings for the following specific purposes. Different
purposes may apply simultaneously.
-
Providing Products and Services. Personal data processed by Withings are stored on your Withings account and accessible on the application. Personal data may be indicated as raw data (number of steps, weight, etc.), or as a result of specific processing (heart rate, respiration, movement which produces your sleep patterns, etc.).
-
Accounts. Use of our Products and Services requires the creation of a Health Mate account. This account also allows you to manage your content and preferences as well as measurements collected by the Products. More information on Health Mate online dashboards.
-
Communicating with you. When you contact our customer support department to solve a problem that you have reported, our team members may be required to process your personal data to help you. They will not be able to view your identified personal health data such as your weight or blood pressure without your consent.
-
Marketing, advertising and recommendations
Your personal data may be used to offer surveys, competitions, discount coupons or events in which you are free to participate. We may provide you with information on our Products, such as new features, sales offers from Withings or our partners, or to announce new Products. You may opt out of marketing offers by logging into your Withings account and managing your notification preferences here.
Each of these purposes has as its legal basis your consent to this Privacy Policy, collected when you created your account.
-
Improving our Products and Services. We may use your anonymous personal data to improve our Products and Services, customers support, we may need to process certain data in order to correct or modify software settings. In addition, your health data might be anonymised, i.e not allowing to identify an individual or to be linked to an account and used by our teams at Withings Health Institute to conduct studies and analyses in the field of health, in order to advance scientific research.
How do our Products work and how do they process your personal data?
All Products manufactured by Withings are connected objects that require the use of an iOS or Android device. The creation of a Withings account via a device is therefore a prerequisite for the installation of our Products.
Our Products work via a wireless connection (Wifi, Bluetooth, 3G/4G), allowing the configuration of the Product as well as the transmission and synchronization of the data collected with your Withings account.
Some features are only accessible through the connection between your Product and the application. The personal data collected by the Products is stored and transmitted to our servers on your Withings account when you synchronize your Product with our mobile application, or when you connect your Product to your Wifi network. This synchronization on our servers located in France is necessary in order to allow:
-
the detection of anomalies on our Products, via the remote diagnostic service that you can use as part of customer service;
-
updating the software of our Products to fix bugs, add new features or apply changes made necessary by legal and regulatory evolutions in the field of data;
-
the backup of your data: in the event of loss or theft of an iOS or Android device on which our application is installed, you will be able to recover all your data;
-
the taking of measurements without being in the vicinity of your iOS or Android device on which our application is installed;
-
the Sharing of your data on several devices: you have access to your updated measurements via your personal Withings account, and on any device on which our application is installed.
For more information on how each of our Products works, we invite you to
consult the corresponding user guide from our Help
Center.
Do we share your Personal data?
Your personal data will not be distributed, communicated, exchanged or transferred to third parties, on any medium whatsoever. Only the assumption of the purchase of Withings and its rights would allow the transmission of your data to the potential purchaser, who would in turn be bound by the same obligation to protect your data.
In order to guarantee you high quality experience, we may disclose some data in very strictly defined cases.
Withings' companies and authorized third parties. We may communicate your data to Withings' affiliates, as well as authorised third parties complying with GDPR and this Privacy Policy, such as for the delivery of your purchases, the customer support, the verification of banking data.
International transfer of personal data. Our Services may be supplied thanks to hosting services provider located in France. Thus, your data may be transferred out of the country where you use our services, including countries out of the European Economic Area (EEA) that do not have specific laws for the protection of data. In these cases, we ensure the existence of a judicial ground during this transfer, as well as an adequate level of protection for your data, agreements approved by competent authorities, and by requiring the use of other measures allowing the protection of data.
Mandatory disclosure. We may be compelled by the law to disclose your personal data to some authorities or other third parties, such as the the law enforcement or legal authorities.
How do we protect your Personal data?
We make every effort to ensure the security of your personal data.
-
How do we ensure the respect of children's privacy? Withings' Products and Services are made for the general public.
-
How do we ensure the quality of your data? We recommend you to regularly log on your Withings account and confirm that your personal data are accurate and up-to-date. If you have a doubt on the accuracy of data, please inform us and we will implement means to correct or erase inaccurate data.
-
What action do we take to protect your personal data? The protection of your privacy and security is crucial in the way we create and supply our Products and Services. We apply our Policy through a selection of appropriate activities such as the proactive management of risks and the Privacy Guide. We take appropriate measures to guarantee online safety, physical safety, remove risks of data loss. We limit the access to our database to employees that have a justified need to access this information.
-
How do we use cookies and web beacons? Withings uses cookies, web beacons, and other similar technologies to run and improve our website. We also use cookies to personalize and display advertisement. For more information on the way Withings uses cookies and on their deactivation through your browser's settings, see our Cookie Policy.
-
What are your rights? You can unsubscribe from marketing and ask that we stop processing your data for marketing means. We will still be able to send you security critical alerts.
You also have a right of access, rectification and erasure on each of your personal data. We can help you access or suppress your personal data via your account or customer support department. You will find the procedures for exercising the right to the portability of your data in our Help Center, in the section "Import and export of data". If you wish to exercise your rights before Withings or object to a processing operation carried out by Withings, the requests must be sent to Withings, 2 rue Maurice Hartmann, 92130 Issy-les-Moulineaux, France, to the attention of our Personal Data Protection Officer, or by e-mail to privacy@withings.com with proof of identity. In the event that you exercise your rights before our company, Withings will provide a copy of the personal data being processed and may require payment of a reasonable fee based on administrative costs for any excessive request from the user.
Complaint before the CNIL. In the event of a dispute, you also have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) whose registered office is located at 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 7.
- Modification of the present Policy. Withings may modify the present Policy with or without previous notice, block the access to the website, or change its access conditions. However, if the present Policy had to be largely modified, Withings would publish a notice on this page and its header to inform web users for a period of 30 days. We recommend you to frequently visit the present Policy in order to ensure that you are aware of any modification.
How long do we keep your personal data?
In order for you to use our Products and Services, your data is stored until you request its deletion.
If you wish to delete your data and your account, please refer to our dedicated page accessible here.
In the event of a deletion request, all your data will be permanently deleted within 30 days of your request.
However, if you have deleted your Withings account and wish to use our Products and Services again, simply create a new account.
Updated on 16 Dec 2020.