In this Privacy Policy (“Policy”) we describe the information that is collected by ATO-GEAR (“ATO”, “we”, “us”, “our”) from visitors to and users of our website (“Website”), our application (“App”), our blog and our online product and services (collectively, “Services”). By visiting our Website or using any of our Services, you agree that your personal information will be handled as described in this Policy, which is incorporated by reference into the ATO Terms of Service, available at www.arion.run/terms. This Policy may be supplemented by additional privacy terms or notices set forth on certain areas of the Services. Should you have any questions after reading this Policy, or would like to exercise your rights as described in this Policy, please contact us through the contact details stated in article 1.1.

1 Introduction

1.1 This Policy is used by ATO-gear B.V., a company with limited liability under the laws of the Netherlands, having its registered office in Eindhoven, the Netherlands, and its principle place of business at Schimmelt 28, 5611 ZX Eindhoven, the Netherlands, and registered at the Chamber of Commerce under registration number 63392445. ATO can be reached by e-mailing us at info@ato-gear.com

1.2 Our Data Protection Officer, Rachel Wright, is registered with the Dutch Data Protection Authority, de Autoriteit Persoonsgegevens, You can contact her directly via info@ato-gear.com

1.3 The Policy applies to all processing of data that identifies you or may be used to identify you with (“Personal Data”) by ATO as performed via or generated by the App made available by ATO via application stores, the Website located at arion.run and the Services ATO makes available through it, including but not limited to purchasing ‘ARION’-gear (“Products”) from our webshop and the delivery of these Products to you.

1.4 We may amend the Policy from time to time. In case the Policy is amended we will make the new policy available through our website.

2 Processing of Personal Data

2.1 Identity of the Data Controller
When we process your Personal Data throughout the Website to perform our Services to you or deliver the Products you purchased or through our App to make sure you are able to use the App to track your physical progress, health and well-being, ATO is responsible for determining the purpose and the means of this processing and is therefore referred to as a data controller.

2.2 Legal bases for processing
To enter into a contract regarding the purchase of Products and/or make use of the App particular information that we collect directly from you is necessary (See 2.5). When you fail to provide the mandatory Personal Data, we cannot enter into a contract regarding the purchase of Products or the use of the App with you. We process the above stated Personal Data as this is necessary for the performance of the contract.

We may also process some data in line with our legitimate interests in improving our products and providing extra services to existing customers, or research in the interests of public health..

2.3 Special category data
We process Personal Data concerning your exercise and fitness which is considered ‘health data’, so we need your explicit consent to process this Personal Data. When you create an account for the use of the App you are asked to explicitly agree to the processing of such Personal Data by accepting this policy.

Please note that if you withhold consent for collecting and processing this data, we are not be able to offer our App the way it is intended, and you will find essential functionality of the App unavailable to you. Processing this Personal Data is a core function of the App.

2.4 Persons under 16 years of age
When you are aged 16 or below you need the permission of your parent or legal guardian to use our Website and Services and to make use of the App. Should you not have such permission, you cannot provide your Personal Data to us to purchase Products or use the App. When ordering Products or creating your account within the App, we will ask you whether you are aged 16 or above, to which question you are to answer truthfully.

2.5 We collect Personal Data by asking you to provide us directly with them. We may also collect Personal Data automatically. We collect and process the following Personal Data:

Information We Collect Directly From You
For the performance of Services and ordering Products:
i) Name and surname;
ii) Residential and Delivery Address;
iii) E-mail address;
iv) Telephone number;
v) Your bank account number, name of the account holder and other payment details that entail Personal Data.

For the use of the App:
i) Name and surname;
ii) Email address;
iii) Personal Data concerning your health, physical wellbeing, height, weight, energy levels, exercise, heart rate, progress, and all other Personal Data to make sure we can offer you useful reports to support exercise, activity and/or a healthy lifestyle;
iv) Personal Data concerning your health, physical wellbeing, height, weight, energy levels, exercise, heart rate, progress, and all other Personal Data to make sure we can offer you useful reports to support exercise, activity and/or a healthy lifestyle;
v) Account Information for our Sites. You may browse our Sites and Applications without creating an online account or providing us with your information, but to use certain features, provide your own services or to register for an Event, you may need to create an account or otherwise provide us with information. When you create an account with us or register for access to certain features, to provide your own services or for Events, we may ask you to provide the following:

• Your first and last name;
• Your email address and your desired password;
• Your display name (this is the name other people will see when you post items to one of our Sites or engage in other similar activities on our site);
• Your date of birth;
• Your subscription preferences (whether and what types of information you would like us to send you);
• Information about your activities and interests;
• Other profile data, such as contact information, occupation, gender, height, weight, photo, qualification times, personal bests, average times, relevant qualifications (e.g. coaching certificates), experience level, and other relevant data;
• Your physical activities or similar health related information (how long you exercised, caloric intake or weight lost);
• The contact information of a friend, other members of your team, or Clients customers (when inviting them to visit the Site or when you are allowed to set up an account for them); and
• Payment information, such as credit card or financial account numbers (if applicable).

Log in and Location Information for our Mobile Applications.
When you first visit any of our Applications, you may have the option of creating a user ID and password for subsequent visits. When you log into certain of our Applications, we will request your permission to obtain your current location (so-called “geolocation” information) so that we can identify routes, maps, events and potential connections to other users near you or to provide other location-related services. In the “settings” function on your phone, you will have the ability to manually permit or preclude us from recording your geolocation information for certain Applications or features of Applications, for example, so that we can track your running route, or help you to find a local event, club or store.

User Profiles, Comments and Posts.
Some of our Sites and Applications allow users to create or post content, such as comments, profiles, blogs, and messages. If you provide content to our Sites, we may collect and use that information as described in this Policy. Please note that such information may be viewed, collected or used by other registered users and public visitors to our Sites. Once posted, we cannot prevent such information from being used in a manner that may violate this Policy, the law or your personal privacy. Your profile, however, may offer privacy settings within your account to help you manage how your content is displayed.

Information We Collect from Facebook.
We may provide you with the opportunity to connect via Facebook, through our Sites or Applications. For example, you can indicate that you are going to participate in an Event and invite your Facebook friends to join that Event. If you log into Facebook through our Sites or Applications, we will request permission to (i) access your basic information, which includes your name, profile picture, gender, networks, Facebook user ID, list of friends and any other information that you have made public on Facebook; and (ii) manage your participation in Events (so that ATO-GEAR and/or ARION may RSVP on your behalf). For information about how Facebook may disclose your information, including any information you make public, please consult the Facebook Data Use Policy. We have no control over how Facebook uses or discloses the personal information you provide to it. We store the information that we receive from Facebook along with other information that we collect from you or receive about you.

Information We Collect About You From Third Parties.
We also may collect information, including personally identifiable information, about you from our affiliates and non-affiliated third parties. For example, if you register for an event by clicking through our Sites, the sponsor of the race may provide us with your name and contact information; and, when the race is over, we also may obtain your race time.

Information We Collect Automatically:
The Personal Data as generated by the App, based on your performances and the result of the analyses of performances. We may use cookies, web beacons, tags, scripts, and other automated devices to collect information, including personally identifiable information, about you when you visit our Sites and receive emails from us. Specifically, we may collect the following information about your use of our Sites via these technologies: your browser type and operating system; web pages you view; links you click; your Internet Protocol (“IP”) address; your approximate geographic location; your interaction with the Website; length of time you are logged in to our Website; and websites visited before or after our Website. In some of our email messages, we use a “click-through URL” linked to content on the ATO-GEAR website. When Consumers click one of these URLs, they pass through a separate web server before arriving at the destination page on our Website. We track this click-through data to help us determine interest in particular topics and measure the effectiveness of our Consumer communications. If you prefer not to be tracked in this way, you should not click text or graphic links in the email messages. We also collect non-personal data (including, without limitation, of the type set forth above) from third parties. The information we collect from third parties may be combined with the information we collect. This information also may be associated with your username and combined with other information, including personally identifiable information that we collect about you. For more detailed information on our use of cookies and other tracking technologies, please see our cookie policy here: www.arion.run/cookies

Please note that when you fail to provide the above stated Personal Data, we are not be able to offer our Services the way they are intended. For example, you may not be able to keep Products in your shopping chart while proceeding to the check-out, due to the absence of a cookie that provides that functionality.

2.4 Please note that the Personal Data as generated by our App allows for “profiling”, which is hereby understood to mean the automated processing of Personal Data consisting of the use of Personal Data to evaluate your health and to analyse or predict aspects regarding your health. We do this only to make sure the reports that are generated by our App allow for the most accurate data to guide you in your healthy lifestyle. Therefore, we do not subject you to any decisions by us that are based solely on automated processing or profiling. In addition, these activities do not produce any legal effects concerning you nor do they similarly affect you.

2.5 Retention policy
We store your Personal Data for as long as necessary to perform the purposes of processing as stated in article 3 of the Policy. This means that we store your Personal Data at least for the period as is necessary to perform the Services you requested, such as the purchase of Products or make use of the App. [

2.6 We may choose to pseudonymise the Personal Data, which means we transform the Personal Data into data that can no longer be attributed to you without the use of additional information. We call this data ‘Non Personal Data’. We hereby reserve the right to store Non Personal Data for the purposes as referred to in article 3 of the Policy and as long as we find to be necessary.

3 How do we use your information?

3.1 We may use the information we gather about you for the following purposes in line with the aforementioned legal bases of performing our contract with you and our legitimate interests:

• Identifying you to perform the Services you requested or use the App;
• Generating reports and information on your exercise for you, based on your own results;
• Collecting feedback on the App;
• Collecting feedback on our Services;
• Performing the Services that you requested;
• When you order any Products, invoicing you when applicable;
• When you order any Products, delivering these Products to you;
• Contacting you in case of any questions or comments you may have;
• Promoting the use of our Products and Services;
• Promoting the use of the App and promoting ATO-GEAR and/or ARION;
• Analysing Personal Data to improve the Services of ATO-GEAR and/or ARION;
• Analysing the market for our Services and Products;
• Analysing Personal Data to promote the use of ATO-GEAR and/or ARION, such as use in advertisements and promotions;
• Building the community for our Services;
• Building the community for our App users;
• Improving products and services.
• To improve our Sites and Services by providing personalized experiences, location customization, personalized help, and instructions;
• For marketing and advertising purposes; for example, we may use your information to display targeted advertisements to you on our Sites and to assist us in advertising our Services on third party websites;
• To send you email, news and newsletters, promotions, and/or invitations to visit the Website; and
• To better understand how users access and use our Sites and Services, both on an aggregated and individualized basis, and for other research purposes.

4 E-mails

4.1 The electronic contact details you choose to provide us with, such as your e-mail address, are used to make sure the Services are performed for you in the most optimal way and the App will provide you with the best possible information and data. Therefore, some e-mails are strictly necessary. We may, for example, contact you to inform you on the process of the delivery of your Product.

4.2 Further to the above stated e-mails, we may contact you to further promote or inform you about our Products, the Services, ATO-GEAR, ARION, affiliated companies or any of our future services and / or products. For these e-mails you have indicated your consent either through the app pop-up, when registering for an account to use the App, or when you requested our Services. Should you wish to withdraw your permission, please do so by making use of the opt-out provided to you in every e-mail we send you, or using the feedback form on the website.

5 Recipients of Personal Data

5.1 We may transfer your Personal Data to third parties, being:

Suppliers: When this is necessary in order to perform our Services to you, we may transfer your Personal Data to our suppliers, such as but not limited to, the company that hosts the Website, the company that makes sure your Product is delivered to you and the company that hosts the applications as necessary for our Services. Suppliers shall always act and process the Personal Data on behalf of ATO-GEAR and the instructions we provide them with. ATO-GEAR will remain the Data Controller with regard to your Personal Data.

We may also transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation).

5.2 Please note that we may transfer your Personal Data to a third country or organization. We only transfer your data where there is an adequate level of protection, according to the applicable law and regulations.

6 Security

6.1 We highly value the security of your Personal Data. Therefore, ATO-GEAR will apply technical and organizational measures to protect your Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. To keep your Personal Data safe, we take the following steps:
i) Encrypt the transfers of data via the Website;
ii) Protect the servers on which your Personal Data is stored with passwords and appropriate security measures;
iii) Block search engines from indexing the Personal Data.

6.2 Should any Personal Data breach occur and result in a high risk to your rights and freedoms, we will communicate this to you without undue delay.

7 Your rights

7.1 Applicable data protection laws and regulations guarantee you the following rights:

Objection: Depending on the situation and the Personal Data that is processed, you have the right to consent or object to the processing of your Personal Data and the conditions under which this processing takes place.

Access: You have the right to obtain from us a confirmation as to whether or not Personal Data concerning you are being processed, and, when such is the case, access to the Personal Data and the following information:

• The purposes of the processing;
• the categories of Personal Data concerned;
• the recipients or categories of recipient to whom the Personal Data is or will be disclosed, in particular recipients in third countries or international organisations;
• where possible, the envisaged period for which the Personal Data is or will be stored, or, if not possible, the criteria used to determine that period;
• the existence of the right to request from the us rectification or erasure of Personal Data or restriction of processing of Personal Data concerning you or to object to such processing;
• the right to lodge a complaint with a supervisory authority, such as the Autoriteit Persoonsgegevens;
• in the event that the collected Personal Data are not originating from you, any available information as to its source;
• the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

In the event that Personal Data are transferred to a third country or to an international organization, you also have the right to be informed of the appropriate safeguards as applied. We will provide to you a copy of the Personal Data undergoing processing. For any further copies as requested by you, we may charge a reasonable fee based on administrative costs.

7.2 Rectification, erasure, blocking or deletion:

You have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

You have the right to obtain from us the erasure of Personal Data concerning you without undue delay and we shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies:
i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
ii) you withdraw consent, in case the processing of such is based on your permission, and where there is no other legal ground for the processing;
iii) you object to the processing pursuant and there are no overriding legitimate grounds for the processing;
iv) the Personal Data is unlawfully processed;
v) the Personal Data is to be erased for compliance with a legal obligation in the European Union or a Member State of such Union law to which we are subject;
vi) the Personal data have been collected for the performance of a contract to purchase Products while you are not aged 16 or above.

When we have made the Personal Data public and we are obliged to erase the Personal Data, we shall take all reasonable steps, taking account the available technology and the costs, to inform other controllers which may process your Personal Data that you have requested the erasure of Personal Data.

Notification: You have the right to a notification to third parties to whom your Personal Data has been disclosed, when you have been granted any rectification, erasure, blocking or deletion as stated above, unless such notification proves to be impossible or requires a disproportionate effort from us.

Data Portability: You have the right to receive the Personal Data you have provided to us yourself, in a structured, commonly used and machine-readable format and you have the right to transmit the Personal Data to another controller.

Complaint: You have the right to lodge a complaint with the supervisory authority, such as the Autoriteit Persoonsgegevens.

Right to restriction of processing: You have the right to obtain restriction of processing when:
i) you contest the accuracy of the Personal Data, for a period enabling us to verify the accuracy of your Personal Data;
ii) the processing is unlawful and you oppose the erasure of this Personal Data and request the restriction of this use instead;
iii) when we no longer need your Personal Data for the purposes of the processing.

7.3 In order to fulfil your possible requests pursuant to the rights as stated above, we might request specific additional information of you to identify you with. We only collect and process such specific Personal Data for the purpose of executing your above stated rights.

7.4 Please be informed that when you exercise your right to objection, we are no longer able to provide the App or perform the Services to you and you should refrain from using the App, the Services and the Website.

8 Questions

8.1 Should you have any questions after reading the Policy, or would like to exercise any right as stated in the Policy, please do not hesitate to contact us with the details provided to you in the Policy or e-mail us at info@ato-gear.com.