This Privacy Notice describes how Oska Wellness collects, uses, and shares the information that you provide to us through your use of the Oska Wellness Products and Services.
The Data Controller
OSKA, Inc., with registered office in the United States, and which can be contacted at the following address 2725 Jefferson ST, Suite 15A, Carlsbad, CA 92008, +1.844.630.9932, www.oskawellness.com is the data controller of the processing of your personal information collected through the Oska Wellness Products and Services.
Information we collect
Personal information is information about an identifiable individual. This, however, does not include information which is anonymous, i.e., where the identifying data fields are removed. Generally, you can visit our Site without revealing your personal information. However, we can collect identifying data, such as name, surname, email address, residence and any other information that you voluntarily provide by communicating with us, such as by registering a device, downloading an application, creating an account, sending an email, submitting an online information request form or purchasing something from our store.
Additionally, we can collect any other personal information that you choose to provide to us through our Products and Services. This includes information you provide to us (or our service provider) to apply for a job. Other information provided through a job application may include, for example, your educational and employment background, your contact information, and immigration status. All personal information that you may provide to us is voluntary and you are, at no time, required or obliged to provide any information.
Oska Wellness Product Use Data
If you have downloaded the Software App used with Oska Wellness Products, with your consent, we collect data from the use of your Oska Wellness Product, such as number of hours used, pain levels and condition, as well as other sleep, activity and well-being information you provide (“Product Use Data”), and associate it with your User profile.
Please note that if you sign up for an online account via a Software App, we will also collect, if you voluntarily choose to do so, information such as pain records and daily reflections (time used, pain levels, sleep, activity, well-being); profile information (e.g. medications, pain conditions, name, birth date, height, weight, gender, place of residence); account information (e.g. user name, password, email address); application preferences; changelogs; cookies or other passive tracking mechanisms and tools to collect information in order to facilitate your use of the Software; and any other information that you may voluntarily supply to us (“Product Use Data”). In the offline mode, certain data elements will also be collected, such as error reporting, general usage statistics, device information, app version and time stamps.
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Your personal information may be collected, used, processed, transferred, and retained in multiple countries including Canada, the United States, and the European Economic Area which may be outside the region in which you are situated and may have different privacy or data protection legislation, and may therefore be subject to the laws of these countries. If you are a resident of the European Economic Area or a country which restricts data transfers outside of that jurisdiction or region without your consent, by using our Software, you consent to your personal information being transferred outside of the European Economic Area or your country for processing or storage by or on behalf of us.
Finally, regardless as to how and from whom we collected information, we will not sell nor share your personal information to any organization for any purpose unless you explicitly direct and authorize us to do so.
If there are any changes to our practice in the future, this will be reflected in an updated Privacy Notice.
What do we do with your information?
If you do voluntarily provide personal data through our Products or Services, we may use this information to provide you the business service or to respond to your requests (including to consider you for employment). For such extents, we may process personal data in order to fulfil legal obligations relevant to us. Furthermore, we may send you communications in order to provide other information that we think may be of interest to you. Please see below the "Marketing Communications" section for more information on your options for such communications.
We also use Product Use Data to improve your experience with a Product. You may request copies of your Product Use Data by executing the usage reports function available through your Oska Wellness application profile, which copies shall be made accessible to you for download in an encrypted format. We may collect and disclose aggregated non-personal information from all users of the Software Apps relating to, for example, pain records, age, geographic location, and gender. All such information will be stripped of all personal information so that it cannot be recompiled and individual users identified. We collect and aggregate this kind of information in order to determine how the Software App is being used, how it and other products and services can be improved, and to share the aggregated information to third parties so that they can use the information for improvements of their own products and services such as healthcare providers, insurance companies, pharmaceutical companies, and pain researchers.
To the extent permitted by applicable local law, we may provide your personal information to other entities - which can process your data as our processors or as autonomous controllers - as described in this section:
- We may provide your personal information to our partner entities that are not within our corporate family.
- In the United States, we may use your personal information to communicate with you via email or share with vendors and service agencies that we may engage to assist us in providing our Services to you. For example, we may provide your personal information to a marketing, research and/or advertising agency to send advertising to you on our behalf.
- We may release any information, including personal information, in response to court and governmental orders, civil subpoenas or discovery requests where permitted by applicable local law, and as otherwise required by law. We cooperate with law enforcement agencies in identifying those who may be using our servers or services for illegal activities. We also reserve the right to report any suspected illegal activity to law enforcement entities for investigation or prosecution.
- We may transfer your personal information to a successor entity in connection with a merger, acquisition, consolidation or other corporate reorganization in which Oska Wellness participates or to a purchaser of all or substantially all of Oska Wellness’s assets, including a sale in bankruptcy where permitted by applicable local law.
- We may also share your personal information with your consent, such as if we ask your permission to use your testimonial in our advertising. You can withdraw such consent at any time.
You may request for us to provide an accurate list of our processors by writing to the email contact below.
Your Rights and Responsibilities
- In general, you are entitled to at any time access your personal information. You have the right to request rectifying, erasing, transferring some of this information to other organizations or restricting its processing. You may also have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. These rights may be limited in some situations – for example, where fulfilling your request would reveal personal information about another person or where we can demonstrate that we have a legal requirement to process your data. In some instances, this may mean that we are able to retain data even if you withdraw your consent. If you would like information about any limitations of your rights please contact our Privacy Team. In more detail:
- You may update your registration and ordering information (information you are required to provide in order to register with us when you register in connection with Oska Wellness Products or Services or ordering the same) at any time by logging into your account on our Website (including through any web or Oska Wellness Product Software Apps), and you agree to keep your registration and ordering information current at all times while your account is active.
- Through your User account, you can review, update and delete certain personal information, and by terminating your User Account you can terminate your use of a Software App that requires a Software App by removing the Software App from your computer, phone or other device on which it is installed. You may also review, correct, update, suppress, or delete your personal information or withdraw your consent previously provided to us by contacting us at firstname.lastname@example.org. We will try to comply with your request as soon as reasonably practicable. Please note that we may need to retain certain information for record keeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion. There may also be residual information, including aggregated on-personal information, that will remain within our databases and other records, which will not be removed.
- Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage the relationship, or to meet obligations placed on us. In all other cases, provision of requested personal information is optional.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, including location services, at any time, by contacting us at email@example.com or mailing us at:
300 Carlsbad Village Drive, Suite #111A, Carlsbad, CA 92008
In jurisdictions that require prior consent for marketing communications, we may send you promotional e-mails if you have consented to receiving such communication. At any time, you may revoke your consent for the receipt of communications that Oska Wellness sends to you by following the unsubscribe process or contacting us at firstname.lastname@example.org. Please follow the instructions in our emails to unsubscribe from receiving future marketing communications from us.
Please note that even if you unsubscribe from newsletters and promotional emails, we may still need to contact you with important transactional information about your account or your equipment.
Legal Basis for the Processing
The processing of your personal data is necessary to permit us to provide you the Product or Service required, respond to your requests, and fulfill our related obligations. The processing of personal data is also necessary for us to fulfill our legal obligations according to law or other regulations. If you do not provide us with your information, we will not be able to provide you with the service or respond to your requests.
On the other hand, the provision of your data for marketing purposes is not necessary to provide you the Product or Service required and we may only process your data with your prior consent.
Data Retention Period
Oska Wellness will keep your personal data for as long as is reasonably necessary for the business purpose related to the provisions of service, such as provide you with the feedback or information that you may request.
In the case of legal obligations, personal data is stored for such period as is necessary in order to comply with each legal obligation.
Purpose Limitation and Data Integrity
Oska Wellness will only process personal information in a way that is compatible with and relevant to the purpose for which it was collected or authorized for by the individual. Oska Wellness will take reasonable steps to ensure that personal information is accurate, complete, current, and reliable for its intended use.
Residents of the European Economic Area
Oska Wellness respects your right to access and correct your personal information.
Furthermore, EEA users have additional rights relating to the processing of their personal data, and in particular the right:
- To request confirmation whether your personal data is being processed;
- To request access to your personal data;
- To request correction of inaccurate personal data relating to you;
- To object to Oska Wellness's processing of your personal data for direct marketing;
- To oppose processing based on our legitimate interest for reasons relating to your particular situation. We may continue to process your personal data, even if you have opposed to the processing, if we have compelling legitimate grounds for the processing which overrides your privacy interest;
- To request (under certain circumstances) the deletion of your personal data. This does not apply if we, for example, are required under law to retain your data;
- To request (under certain circumstances) the restriction of the processing of your personal data; and
- To receive a copy of the personal data concerning you in a structured format and, if technically feasible, transfer the data to another data controller (data portability). Please note that the right to data portability only includes data which you have provided yourself and which we process based on certain legal grounds, e.g. the agreement with you (the terms).
- To lodge a complaint with a Data Protection Authority if you have concerns about our practices concerning the processing of personal data.
You may request to review, correct, update, or delete your personal information at any time by contacting us via email at email@example.com.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
Links to Third Party Sites
We employ procedural and technological security measures that are reasonably designed to help protect your personally identifiable information from loss, unauthorized access, disclosure, alteration or destruction. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Users Outside of United States
If you are visiting our Site or using a Product or Service from locations outside of the United States, please note that any information you provide to us through your use of the Oska Wellness Products or Services may be transferred to and processed in countries other than the country from which you accessed Product or Service, including the United States where our computer systems are currently based.
Please be aware that your personal data may also reside on servers in other countries. Your data may be transferred to the United States and other countries, which may not offer an equivalent level of protection as that in your country. For visitors from the European Union, note that Oska Wellness adopts the Standard Contractual Clauses approved by the European Commission in order to ensure that an adequate level of data protection is provided according to local standards. Upon request, we will make a copy of these clauses available to you.
We do not knowingly permit children under age 13 (in the United States) or age 16 (in the EEA) to register for any content, product or Service. We do not knowingly collect, use or disclose personal information about users under age 13 (in the United States) or age 16 (in the EEA), except as permitted by law.
Privacy Notice Updates
Oska Wellness may need to update this Privacy Notice on occasion. If we update this Privacy Notice, we will post the updated Privacy Notice on our Site and update the effective date at the top of the notice. We encourage you to regularly visit this Privacy Notice to ensure that you are aware of our current practices with respect to any information that you provide to us through the Site.
If you have any questions regarding this Privacy Notice, please contact us via email at firstname.lastname@example.org.
Effective Date: 11/30/2018