Privacy Policy

for the AIMO™ Technology

Privacy Policy

for the AIMO™ Technology

Privacy Policy

for the AIMO™ Technology

Privacy Policy

for the AIMO™ Technology

Privacy Policy

for the AIMO™ Technology

1. Your data is yours

AIMO takes the protection of customer data seriously. Basically, protecting your individual privacy and personal sphere is of the utmost importance to us. Therefore, it goes without saying that we comply with the legal provisions on data protection. This applies in particular to the AIMO™ technology (AIMO™ app) that we offer you.

In addition, it is important to us that you as our customer always know when we save which data and how we use it. Our principle is: "You decide which information you want to share – and with whom."

 

2. Data processing for the use of AIMO™ technology

AIMO gives you access to technology that can help you get information about your fitness status. In order to grant you this access, we need information from you.

  • Surname
  • Email address
  • Date of birth
  • Gender
  • Weight
  • Height
  • Profile picture
  • IP address
  • Usage data (such as various time stamps)
  • Occupation
  • Everyday work (physically active in%, sitting in%)
  • Sport
  • Pain (security question before and after the AIMO™ movement scan)

In addition, AIMO records videos of you to analyze your movements. AIMO is aware that this is all very personal and confidential information. We take organizational and technical measures to protect your data in the best possible way. These include the following technical and organizational measures:


Technical measures

  • Personal data, such as your name, your email address, or the date of birth are stored in an encrypted database so that only AIMO administrators can access them for maintenance purposes.
  • Your password never leaves your device and can therefore never be viewed by AIMO employees or attackers.
  • Your videos are stored encrypted on our servers, in addition, the entire memory in which the videos are stored is encrypted, so that they can only be viewed by the AIMO software and a very restricted group of administrators and researchers who must have the appropriate access authorization.
  • All data transmission between the AIMO ™ app and AIMO servers is encrypted end-to-end, which means that your data cannot be viewed or changed by anyone on their way through the Internet.
  • The server-internal data transmission is also encrypted end-to-end, so attackers cannot benefit from data streams within the AIMO server infrastructure, provided that they get there at all.
  • We have used three different types of firewalls on three different levels on our servers. This makes it significantly more difficult for attackers to gain access.
  • To log in to the AIMO™ app, you can activate Touch ID / Face ID to log in using a biometric factor that only you have.
  • Any change that could affect the ownership of your account, such as Changing your password or email address and deleting your account requires additional confirmation of the process via a second factor, i.e. via email. I.e. Even if someone gets your password, they cannot change the basic settings of your account as long as they do not have access to your emails.
  • Your AIMO™ app automatically logs out after 10 minutes of inactivity so that you do not accidentally grant access to unauthorized persons.
  • All data subject rights according to GDPR were implemented directly in the AIMO™ app and can therefore be used by yourself via the app without the AIMO support.

Organizational measures

  • Customer data is hosted within Germany in the Amazon data center in Frankfurt am Main.
  • Access rights to customer data are severely limited and can only be viewed by a few AIMO administrators trained in data protection for maintenance purposes if necessary.
  • In order to make it more difficult for attackers, personal data and health data are kept separate from each other on independent, encrypted databases and file stores.
  • Our deletion concept ensures that only the data is saved that is necessary for your use and our further development of the app.
  • Our backup concept ensures that we can restore your data in the shortest possible time should something go wrong.
  • Emergency management has been established to act as quickly as possible in a crisis situation.
  • A process for reporting data breaches is established and thus ensures that you, as well as the authorities, are informed about data breaches as quickly and as quickly as possible should the situation arise.

In order for you to be able to use AIMO™ technology, we need your consent to process the health data you have provided and to record and process videos. You make the following statement when you start the app:

"I hereby consent that AIMO GmbH, Quellenstraße 7a, 70376 Stuttgart may collect and process the personal data I have provided, my health data with motion videos and the results of the analysis for the purpose of operating the AIMO app. I am aware that I can revoke this consent at any time by sending an informal declaration to AIMO GmbH, Quellenstraße 7a, 70376 Stuttgart by email to support@aimo-fit.com or by writing to AIMO GmbH, Quellenstraße 7a, 70376 Stuttgart. "

AIMO™ technology uses your data to determine your personal AIMO™ movement score and to inform you. The AIMO™ movement score is determined automatically. The processing is based on your consent; Art. 6 para. 1 letter a) GDPR.

 

3. How is the AIMO™ movement score determined?

On the basis of movements such as an overhead deep squat, fitness experts can identify potential weak points in the movement sequences. These weak links can have different causes.

AIMO™ determines the movement skills using a specially developed artificial intelligence (AI), using a digitized method based on expert opinions and data models. AIMO™ evaluates the statistical deviation of your movement from an optimal movement. This optimal movement results from a combination of statistical data, the opinions of experts and established standards. When using the AIMO™ app, you will be asked to perform a movement, usually an overhead squat. This movement is recorded in a video. The artificial intelligence of AIMO™ analyzes this video and then determines evasive movements. Evasive movements in the sense of AIMO™ are your (greatest) deviations from the optimal movement during the execution of the movement. AIMO™ recognizes certain joints of your body during the entire time in which you carry out the movement. AIMO™ then translates the results into the understandable AIMO™ movement score. It is a weighted average of all deviations from an ideal movement. Some deviations are more important than others. For example, Deviations in the area of ​​the foot and knee are more serious, since they have an impact on the entire movement above the foot.

 

4. To what extent is there automated decision–making based on the AIMO™ movement score?

AIMO itself does not make any decisions based on your AIMO™ movement score determined by artificial intelligence. We only give automated suggestions for exercises that can help you to reduce any deviations. We also recommend experts with whom we work and who can help you achieve your goals. If you decide to share your data with one of these experts, you should know that these experts can make decisions based on the AIMO™ motion score. If you consent to make your data available to an expert, we ask that you inform yourself beforehand about whether and how the data will be used to make a decision.
 

5. What data are your everyday risks based on?

There is a feature in the AIMO™ app to display your everyday risks. This consists of the areas:

  • Age-related risks based on your age
  • Everyday risks based on your physical activity
  • Risks in sport based on your sport
  • Pain specified by yourself

Based on the information you provided during the registration process (work, physical activity, sport, age and pain) and the scan results from your motion scan, AIMO™ visualizes your “greatest risk” in everyday life.

Your information on everyday risks can:

  • give the personal trainer an indication of which exercises are suitable for you to what extent and in what intensity
  • give the insurance intermediary an indication of which insurance product is best suited for you and whether and at what price you can purchase insurance

 

6. How and when we share your personal information

In order to optimize your advice for you as much as possible, you have the option to share your data with your expert in advance. Basically you have the possibility to share the following data:

  • Your personal profile (year of birth, height, weight, profession, sport)
  • Your scan results (movement score, evasive movements)
  • Your everyday risks (see 5. above)

If you share your data with a fitness expert, AIMO points out that it makes sense to share further data on your current AIMO™ movement score with your expert. This is about questions that your expert asks you to avoid possible wrong advice.

In addition, AIMO can request the following additional information from you in connection with insurance advice:

  • Salary (gross, net) monthly expenses
  • Health insurance (statutory, private, voluntary)
  • Health insurance contribution (if private)
  • Everyday work (physically active in%, seated in%)
  • Personnel responsibility (none, 1-5, 6-10, 11-50, 51-100, 100+)
  • Profession (employed, self-employed, student, training)

These data are used by insurance intermediaries to better assess your insurability. AIMO itself does not use this data.

We only pass on your personal data on express request and with your consent. Before passing on the information, you actively submit your declaration of consent. This consent will be displayed in your AIMO™ app before data is shared.
 
You decide who can receive the data. Our partners are

  • Personal trainers and fitness experts
  • Insurance brokers (employed insurance broker, exclusive agent according to §84 HGB, multiple agent, insurance broker)
  • Life insurances

Our partners are responsible for the handling of the data that you give them and explain this in corresponding data protection declarations. Therefore, we cannot accept any responsibility for what happens to the data after you have passed it on. However, we will do everything to ensure that we only work with partners who have the same high level of care in handling personal data as we do.

 

7. The storage and security of your personal data

We take measures to ensure that your data is treated securely and in accordance with this privacy policy. We use suitable technical and organizational measures to ensure the highest possible level of security and continuously adapt it to improve the general security of our systems. We also ensure that our processors offer the same level of protection as is provided in this privacy policy.

We use Amazon Web Services as a host provider to store your personal data. The storage takes place in compliance with the GDPR with a very high level of protection and within Germany with servers in Frankfurt am Main. We ensure that the data is not transmitted and stored outside of the European Union ("EU") on third-party servers. You can find more information at

https://aws.amazon.com/de/compliance/gdpr-center/

Our software, apps and websites contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to one of these websites, please note that these websites have their own data protection declarations and we assume no responsibility or liability for them. Please read the relevant guidelines before you transfer personal data to such websites. This applies in particular if you make your health data available to a third party so that they can make you offers.


8. The storage period and anonymization of your personal data

We will only keep your data for as long as we are required to do so by applicable law and only as long as we have your consent.

After you have finished using our services, we save part of your data in an aggregated and anonymized format so that it cannot be related to you. This means that it is no longer personal data. We delete all data that can relate to you within 30 days (after 60 days from the backup) after you have canceled your user account. This applies in particular to the videos you have recorded. In order to effectively anonymize the data, we always form data groups according to age groups and do not save the data separately.
 
The anonymized data is explicitly the following:

  • Age group
  • Gender
  • Height
  • Weight
  • Occupdation
  • Everyday work (physically active in%, sitting in%)
  • Sport
  • Pain indicated before or after the motion scan
  • Calculated virtual measuring points of the body joints during the AIMO™ movement scan
  • Calculated result of the AIMO™ movement scan (AIMO™ movement score and evasive movements)

Please understand that, regardless of this, we store all personal data that we reasonably need to fulfill our legal obligations, to settle and assert legal disputes and to enforce our contracts.

9. How we share your personal information with research

For the further development of AIMO™ technology, we would like to make your data available to research institutions that work on behalf of AIMO to improve the analysis methods (research partner). For this, the research partners receive secure access to your data. We pass on your personal data without name, date of birth and email address to our research partners.

We will only work with research partners who have the same high level of care in handling personal data as we do. The research partners receive secure access to your data. We log each of these accesses. In principle, these facilities are themselves responsible for compliance with data protection and IT security. However, we make sure that our partners' data protection requirements meet AIMO's strict data protection requirements. In particular, the research partners must delete the data within 3 days of access.

The research partners we work with currently include: 

  • Linnaeus University, 351 95 Växjö, 391 82 Kalmar, Sweden


10. Which of your personal data we pass on to research

The research data are explicitly the following:

  • Gender
  • Height
  • Weight
  • Age group
  • Sport
  • Occupation
  • Everyday work (physically active in%, seated in%)
  • Pain indicated before or after the motion scan
  • Video of the AIMO ™ movement scan
  • Calculated virtual measuring points of the body joints during the AIMO ™ motion scan
  • Calculated result of the AIMO ™ movement scan (AIMO ™ movement score and evasive movements)
  • Answers to health issues

We process the processing of your personal data in special categories within the meaning of Art. 9 Para. 1 GDPR, insofar as this is necessary to carry out the aforementioned purpose on the basis of Art. 9 Para. 2 Letter j GDPR in conjunction with § 27 BDSG.

If you would like us to no longer use the data for research purposes, please contact: datenschutz@aimo-fit.com Keyword: data protection

After you have objected to the use, we will mark your data so that our research partners can no longer access it. Please understand that your objection can only relate to the future use of the data. The use of your data before your objection is not affected. Scientific results and procedures that were developed based on your data before the objection are also not affected.

 

11. Your data protection rights as a customer and contact details

You can obtain information from us about your stored personal data at any time (Art. 15 GDPR), its correction (Art. 16 GDPR), deletion (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) as well as your right to Assert data portability (Art. 20 GDPR). In addition, you can change or revoke the declaration of consent at any time without giving reasons with effect for the future (Art. 21 GDPR). Please note that data processing that was carried out before the revocation is not affected by this. Your under a., B., D. and f. The rights listed can be restricted if the exercise of the rights is likely to make it impossible or seriously impair the achievement of the research or statistical purposes and the restriction is necessary for the fulfillment of the research or statistical purposes. For the details, we have listed everything again in detail below:

a. Right to information according to Art. 15 GDPR

You can request information according to Art. 15 GDPR about the personal data that we process.

b. Right to rectification according to Art. 16 GDPR

If the information concerning you is no longer correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request completion.

c. Right to deletion according to Art. 17 GDPR

According to Art. 17 GDPR, you can request the deletion of your personal data.

d. Right to restriction of processing according to Art. 18 GDPR

According to Art. 18 GDPR you have the right to request a restriction of the processing of your personal data.

e. Right to data portability according to Art. 20 Para. 1 GDPR

In the event that the requirements of Art. 20 Para. 1 GDPR are met, you have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to third parties.

f. Right to object according to Art. 21 Para. 1 GDPR

You have the right to object at any time to the processing of your personal data based on Article 6 (1) (f) GDPR for reasons that arise from your particular situation. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

G. Right to lodge a complaint in accordance with Art. 77 (1) GDPR

If you believe that the processing of your personal data violates data protection law, you have, according to Ar. 77 (1) GDPR, you have the right to complain to a data protection supervisory authority of your own choice. This also includes the data protection supervisory authority responsible for us: State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Postfach 10 29 32, 70025 Stuttgart, 0711 / 615541-0, Poststelle@lfd.bwl.de.

Right to withdraw the data protection declaration of consent

You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent will affect the legality, which will not affect processing based on your consent prior to your withdrawal.

For the aforementioned purposes, please contact one of the following contact addresses:

Responsible for data processing
AIMO GmbH
Managing Director: Danny Dressler
Quellenstrasse 7a
70376 Stuttgart
Germany
Phone: +49 151 7585 7153
Email: danny.dressler (at) aimo-fit.com

Data protection officer / data protection officer
Fabian Henkel
Diplom-Betriebswirt (FH)
Certified data protection officer
DSB external data protection officer Stuttgart
Kantstrasse 14
71277 Rutesheim
Germany

Phone: +49 7152 564 773
Fax: +49 7152 564 771
Email: info (at) external-datenschutzbeauftragter-stuttgart.de

Furthermore, according to Art. 77 GDPR gives you the right to complain to a supervisory authority.


Anschrift

AIMO GmbH
Quellenstraße 7a
70376 Stuttgart
Deutschland

© 2020 AIMO Group AB