CUSTOMER, APP, MARKETING, PROMOTIONS, EVENTS AND SOCIAL MEDIA PRIVACY NOTICE
WHY DO WE HAVE THIS PRIVACY NOTICE?
We are Twisted Gear, Inc., and treating individuals and their personal information with respect reflects our core values and the values of our brand(s). So, we want you to know as much as possible about what we do with your personal information. Also, you and your personal information are protected by various laws and guidance and Twisted Gear, Inc. is committed to upholding these and respecting your privacy, and keeping your information safe. So, whilst this privacy notice is quite long, we want you to be fully informed. In this privacy notice any reference to "us", "we", "our" or "ourselves" is a reference to Twisted Gear, Inc., and the particular part of the Twisted Gear, Inc. group that you have a relationship with and any reference to "you", "your" and "yourself" is a reference to you as an individual who has a relationship with us or is in contact with us.
This privacy notice applies to everyone who interacts with us as a customer who has purchased any of our products or services, a user of any apps we provide, anyone who has signed up to receive marketing materials from us, anyone who enters any of our promotions/competitions, anyone who applies to attend any of our events or who interacts on social media with us, except to the extent that the reason you interact with us is already covered by another of our privacy notice(s). For example, our Rest of the World privacy notice will apply to your general use of our website. Please note that we have a separate privacy notice that relates to personal information captured by our CCTV and Access Control systems. A copy can be found at https://www.twistedgearinc.com/pages/Twisted Gear, Inc.-privacy-notice.
We also have a separate privacy notice that applies generally to individuals who apply to work for us, a copy of which will be provided to you during the recruitment process. Finally, we have a separate Rest of the World privacy notice that applies to any other individual that may interact with us, a copy of which can be found at twistedgearinc.com/pages/RestoftheWorld
You should also read these privacy notices to the extent that they will apply to your activities as they may apply to you in addition to this privacy notice. This privacy notice provides details in accordance with data protection laws about how we collect and use personal information about you during and after your relationship with us. As this privacy notice covers a range of individuals and different types of relationships and interactions with us, not all aspects of this privacy notice may apply to you depending upon the nature of your relationship and interactions with us. If you are unsure then you can always ask us by contacting support@twistedswag.com.
THE CONTROLLER OF YOUR PERSONAL INFORMATION
For the purposes of data protection laws and this privacy notice, whichever part of the Twisted Gear, Inc. group is processing your personal information is the controller of your personal information for that processing of your personal information. This will usually be the part of the Twisted Gear, Inc. group that you interact with or have a relationship with. Being a controller of your personal information means that we are responsible for deciding how we hold and use your personal information. Our main entity is Twisted Gear, Inc. which is incorporated in the United States. If you are based in the USA then this company will be the controller of your personal information. Your personal information, any queries you have regarding your personal information will be dealt with by Twisted Gear, Inc, which can be contacted at support@twistedswag.com.
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period of your interactions with us.
WHAT IF YOU DO NOT PROVIDE PERSONAL INFORMATION?
Failing to provide some of the personal information we require may have an adverse impact on our ability to interact with you, for example, we may not be able to provide you with products or services you would like to receive. However, generally, you are not obliged to provide us with any of your personal information.
IF YOU HAVE QUERIES OR CONCERNS JUST ASK!
We have appointed a data protection officer (DPO) to oversee our compliance with the data protection laws. If you have any questions about this privacy notice or how we handle your personal information, please contact our DPO at support@twistedswag.com.
CHANGES TO THIS NOTICE
We keep our privacy notice under regular review and we may update this privacy notice at any time. The current version of this notice is available on our website at https://www.twistedgearinc.com/pages/Twisted Gear, Inc.- privacy-notice or by requesting a copy from support@twistedswag.com.
If there are any material changes to this privacy notice in the future, we will let you know, usually by updating the version on our website, and we may also email you to let you know or post a message to you via our apps.
DATA PROTECTION PRINCIPLES
We are committed to being transparent about how we collect and use your personal information and in meeting our data protection obligations. Data protection laws say that the personal information we hold about you must be:
• Used lawfully, fairly, and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely. To make sure this happens we are required under data protection laws to notify you of the information contained in this privacy notice.
It is important that you read this document before you begin interacting with us so that you understand how and why we will process your personal information.
WHAT PERSONAL INFORMATION DO WE COLLECT?
In connection with your relationship or interactions with us, we may collect and process a wide range of personal information about you.
This includes:
• Personal contact details such as name, title, address (including billing address and delivery address), email address, and telephone number(s).
• Information about your date of birth, age, gender, marital status, and the name of any delivery recipient.
• Details regarding or connected to products or services that you have ordered from us.
• Details of apps that you have licensed from us to use and usage information relating to those apps, where it was downloaded from, traffic and communications data, and resources accessed.
• Device data where you use our apps or website which may include information about the device you use and the unique device identifier for example your device’s IMEA number, the MAC address of the device’s wireless network interface, or the mobile phone used by the device, mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, the IP address, device type, usernames and account details, location data which may include your current location disclosed by your own software. However, we do not use separate location tracking software.
• Profile data including your username, purchase history, your interests, preferences, feedback and responses, and any inferences drawn from any of personal data to create a profile about you to reflect your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
• Content data which includes information stored on your device, including login information, videos, photographs, and audio recordings or other digital content, Facebook check-ins or the workout data that you input and upload and your social media handle, posts, and information about your followers that you tag us in.
• payment details, payment card details, bank account details, financial transactions, and refunds.
• Any terms and conditions relating to your relationship with us. • Any communications between ourselves and you.
• Your social media handles, social media posts, information about your social media followers, information about any product/services endorsements by you, and other aspects of your social media activity.
• Publicly available personal information, including any which you have shared via a public platform, online or on social media.
• Details of your sporting or athletic achievements and activity and related plans and progress where you tell us about them.
• Personal history and information including hobbies, interests, and your preferences.
• Responses and results of surveys.
• Fraud prevention-related information which may include details of other transactions you have been involved in.
• Applications to enter or attend competitions, promotions or events, attendance at events and promotions, and any results or other related personal information.
• How you use our website as we collect information about the pages you look at and how you use them, usernames, account details and passwords, entry and exit data when you look at or leave our website, details of products, events, and materials that may be interested to you, online subscription information, for example, when you subscribe to one of our updates, blogs or other materials, browser-related information, cookies that are set on your device by our website (for more details see our separate cookie policy at https://www.twistedgearinc.com/pages/cookie-policy.
• Your usage of the IT systems we make available to visitors to our premises such as any visitor internet facilities at our premises.
• IP address information which allows us to track your usage of our website.
• Identification information including your driving license and/or passport and background checks.
• Gym training records, professional details.
• Vehicle registration number make and model if you are driving to visit us at our premises or an event.
• Details of any queries, complaints, claims and cases involving both us and you including any related communications.
• CCTV footage and other information obtained through electronic means such as swipecard records and access control systems if you visit our premises (see our separate CCTV and Access Control privacy notice at https://www.twistedgearinc.com/pages/Twisted Gear, Inc.-privacy-notice.
• Photographs, video footage, audio recordings, and other content, for example, any created as part of our marketing or promotion campaigns, which are taken at events we hold, when you enter a competition, posts made on social media or when you are on our premises or which you provide to us.
• Any other personal information you provide to us. We may also in some cases collect and process more sensitive special category personal information including:
• Information about your health including any medical condition, health, and sickness records, including where you inform us about any ill-health, injury, or disability.
• In some cases, equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or beliefs. This will usually only be where it is relevant to events, promotions, campaigns, or other activities that may involve you. If you are providing us with details of any other individuals, for example, a friend of yours that you ask us to deliver our products to where you have ordered them as a present, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with them. They also have the same rights as set out in this privacy notice in relation to their personal information that we collect.
WE AIM NOT TO COLLECT PERSONAL INFORMATION ABOUT CHILDREN
Our supply of products or services, our apps, our website, events, promotions, social media, content, blogs, materials, and other services we provide are not intended for use by anyone under the age of 18 years and generally, we do not knowingly collect personal information relating to anyone under the age of 18 years old unless for some reason you provide it to us. However, we may in some cases collect limited personal information related to children if they are connected to someone who is 18 or older whom we have a relationship with, for example, a child who may attend an event or our premises when accompanied by a responsible adult who has won a competition or who is entitled to attend one of our events.
WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?
Twisted Gear, Inc. collects your personal information in a variety of ways and from a variety of sources as set out below:
• Most of your personal information is collected directly from you, for example through contact with you, through the information you input into your account on our website, through the information you input into our app, from orders placed by you, from correspondence with you, through your applications, entries to competitions/promotions, entries to events, attendance at events or promotions, subscriptions, memberships, from correspondence with you or through other interactions with us, when you visit our premises or other personal information you provide to us.
• From other individuals known to you who may have given us your personal information so that we can send you any of our products as a gift.
• From websites, the internet, social media, or other platforms including public sources of information.
• From our website, apps and information technology and communications systems, access control systems and CCTV and suppliers we use in connection with them.
• From third parties appointed by you, for example, any financial or legal advisors.
• From third parties appointed by us, for example, legal advisors appointed by us, identity or background check providers, fraud prevention organizations, data cleansing service providers, or market/data research and analysis service providers.
• From government or government-related bodies, regulators, the police, law enforcement authorities, or the security services.
WHAT ARE OUR BASES FOR PROCESSING YOUR PERSONAL INFORMATION?
We will only use your personal information when the law allows us to. This means we must have one or more legal bases to use your personal information. Most of these will be self-explanatory. The most common legal bases which will apply to our use of your personal information are set out below:
• Where we need to perform the contract, we have entered into with you which covers your relationship with us or to take steps to enter into that contract.
• Where we need to comply with a legal obligation which applies to us, for example complying with laws relating to the sale of products to consumers or complying with data protection laws.
• Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. We have set out in the section below how we use your personal information together with more details on our legitimate interests.
• You have given your consent. Generally, we do not rely on or need your consent for most uses we make of your personal information, but we will need your consent to directly market our products and services to you by electronic communications channels such as email or SMS/MMS. Where we are processing any sensitive special category personal information about you (for example personal information revealing racial or ethnic origin, religious or philosophical beliefs, or data concerning health) we also need to have one or more of the following legal bases for using your personal information.
• Where we have your explicit consent to do so.
• Where it is necessary for us to comply with our obligations and exercising our rights in the field of employment law, social security law, and social protection law, for example, processing your health information so we can ensure our app is tailored to you and your exercise regime should be safe for you to follow or making sure it is safe for you to participate in one of our events or promotions or making any adjustments necessary for you to attend our premises.
• Where we need to protect your vital interests (or someone else's vital interests).
• Where you have already made public the personal information.
• In establishing, exercising, or defending legal claims, whether those claims are against us or by us. • Where it is necessary for the public interest. In some cases, more than one legal basis may apply to our use of your personal information.
HOW WILL WE USE YOUR PERSONAL INFORMATION?
There are many ways we will need to use your personal information in the context of your relationship with us. We have set out the main uses below and indicated the main applicable legal bases of processing, but there may be other specific uses that are linked to or covered by the uses below.
• We will process your personal information to perform our relationship with you. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We may also in some limited cases rely on your consent.
• We will process your personal information to handle any order you (or an individual is known to you where the delivery is to be made to you) has placed with us and to pick, pack, dispatch, ship, and track that order to make sure it arrives safely. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We may also in some limited cases rely on your consent.
• We will process your personal information to provide any services you have asked to receive from us. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We may also in some limited cases rely on your consent.
• We will need to process your personal information to send to you any direct marketing materials about our products or services that you have asked to be sent to you. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We also need you to give consent if we are going to market to you by electronic channels such as email or SMS/MMS.
• We will process your personal information to build and develop a profile for you as a customer or potential customer of our products, services, apps and to aim to send or show you content, advertisements, or marketing materials that are most likely to be of interest to you. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We also need you to give consent if we are going to market to you by electronic channels such as email or SMS/MMS.
• We also need to monitor and manage our relationship with you, which may involve communications with you, decisions regarding your relationship with us, and in some cases meeting with you. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests.
• We may need to process your personal information in order to hold or conduct events, promotions, or campaigns. This will be in our legitimate interests, and in some cases, we may rely on your consent to do this, for example, if you provide us with a photograph to use.
• We may need to process your personal information to manage our social media or online relationship with you. This will be in our legitimate interests, and in some cases, we may rely on your consent to do this, for example, if you provide us with a video, photograph or content to use.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We use the Facebook Pixel, Conversion API. We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
• We may need to process your personal information in order to hold or conduct events, promotions, campaigns, and visits to our premises and manage your involvement in them. This may relate to the entry into or performance of a contract with you either directly or indirectly, it may also be in our legitimate interests or we may have a legal obligation to do so.
• We may need to process your personal information to help train our staff, and make sure they deliver the high standards expected in relation to our brand. This will be in our legitimate interests.
• In some cases, we may need to carry out the background, identity, fraud prevention, or other checks in relation to you to decide whether to enter into or to enforce a relationship we have with you. This will be in our legitimate interests, and in some cases, we may have a legal obligation to do so.
• As a business we may have many legal obligations connected to our relationship with you or connected to visiting our premises which we need to comply with, for example, to comply with consumer protection laws or to comply with data protection laws or to comply with health and safety laws so we can ensure it is safe for you to visit our premises.
• We will also need to keep and maintain proper records relating to your relationship with us and information about you which is relevant to that relationship. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests, and we may also have legal obligations to do this.
• In some cases, we may need to process your personal information to prevent, detect or prosecute criminal activity. This will also be in our legitimate interests; we may also have legal obligations or be exercising a legal right to do this, and it will also be in the public interest.
• You may have contacted us about a query, complaint or inquiry and we need to be able to respond to you and deal with the points you have raised. This will also be in our legitimate interests; we may also have legal obligations or be exercising a legal right to do this.
• We may need to gather evidence for and be involved in possible legal cases. As well as relating to the entry into of a contract with you either directly or indirectly, this will also be in our legitimate interests, we may also have legal obligations or be exercising a legal right to do this and it may also be needed to establish, bring or defend legal claims.
• To manage and keep a record of our relationship with you and any associated information It may relate to the entry into or performance of a contract with you either directly or indirectly, it will also be in our legitimate interests, and we may also have legal obligations or be exercising a legal right to do this.
• To ensure effective general business administration and to manage our business. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests, and we may also have legal obligations or be exercising a legal right to do this.
• To monitor any use, you make of our website, apps and information and communication systems and social media accounts to ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution and also to protect your personal information. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests, and we may also have legal obligations or be exercising a legal right to do this. In relation to social media, you may also have already made personal information public.
• To conduct data analytics and analysis studies to review and better understand trends and improve our business, use of our website, apps, and social media which relates to us, and those same things in relation to our competitors. This will also be in our legitimate interests, and we may also have legal obligations or be exercising a legal right to do this. We may sometimes anonymize and aggregate personal information for insight and research purposes, but this information will not identify you.
• We may be carrying our market and/or product research, for example, so that we can improve our offering and range of products or improve our use of our website, apps, or social media. This will be in our legitimate interests. We always aim to use your personal information in an ethical and non-intrusive way. You are a customer or potential customer of ours and your happiness as a customer or potential customer is very important to us. We will not use your personal data to target, segment, or profile individuals based on their health (including pregnancy), negative financial status or condition, political affiliation or beliefs, racial or ethnic origin, religious or philosophical affiliation or beliefs, sex life or sexual orientation, data relating to an alleged or actual commission of a crime, for any unlawful or discriminatory purpose or in any other manner that would be inconsistent with your reasonable expectation of privacy.
CHANGING MARKETING PREFERENCES,
You have the right to opt-out of receiving marketing communications from us at any time by:
• Updating your preferences in the App settings or in your account on our website.
• Informing us that you wish to change your marketing preferences by contacting our customer support team at support@twistedswag.com.
• Making use of the simple “unsubscribe” link in emails or any other electronic marketing materials we send to you.
• Contacting us via email at support@twistedswag.com or by post to My Data Queries, GSHQ, 15203 N. Cave Creek Rd., Phoenix, Arizona 85032. This will not stop service messages such as order updates and other non-marketing communications from us. It will also not affect advertising that may appear on our website, other websites or our apps.
Please see the below section entitled 'Automated Decision Making' for more information on how we use cookies to advertise to you.
You can opt-out of targeted advertising by:
FACEBOOK - https://www.facebook.com/settings/?tab=ads
GOOGLE - https://www.google.com/settings/ads/anonymous
BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]
Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at http://optout.aboutads.info/.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you by updating this privacy notice on our website, so please check back regularly for any updates. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. We will rarely need to rely on your consent to process any of your personal information.
AUTOMATED DECISION-MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision about that person without any human intervention which produces legal effects concerning them or similarly significantly affects them. We do not currently use this type of automated decision making in our business in relation to you. You will not be subject to decisions that will have a significant impact on you based solely on automated decision making unless we have a lawful basis for doing so and we have notified you. However, we do use automated processing so that we can show you personalized advertisements whilst browsing our website or those of other companies and to build a customer profile for you. Any advertisements you see may relate to your browsing activity on our website from your computer or other devices. These advertisements are provided by us via external market leading specialist providers using techniques such as pixels, web beacons, ad tags, mobile identifiers, and ‘cookies’ placed on your computer or other devices. For further information on the use of cookies, or for details of how you can remove or disable cookies at any time - see our Cookie Policy - https://www.twistedgearinc.com/pages/cookie-policy.
We may analyze you’re browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to decide what advertisements are suitable for you and to ensure that we draw to your attention products, services, events, and offers that are tailored and relevant to you. To do so, we use software and other technology for automated processing. This allows us to provide more personalized services and experience.
We may review the personal information held about you by external social media platform providers, such as the personal information available on social media platforms such as Twitter, Instagram, YouTube, Twitter, and Facebook. We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process personal data by profiling and segmenting, identifying what our customers like, and ensuring advertisements we show you are more relevant based on demographics, interests, purchase behavior, online web browsing activity, and engagement with previous communications.
WHO HAS INTERNAL ACCESS TO YOUR PERSONAL INFORMATION?
Your personal information may be shared internally with our staff, including with our customer support, order fulfillment, loyalty and retention, customer relationship management, media, insights, events, campaign, technical and legal teams where access to your personal information is necessary for the performance of their roles. We only provide access to your personal information to those of our staff who need to have access to your personal information.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH EXTERNALLY?
When using your personal information, we may share it with third parties, but we will only do so when it is appropriate, and we have a legal basis for doing so. Third parties that we may share your personal information with include:
• Any third party approved by you.
• Service or product providers to our business, for example, information technology services suppliers, logistics and warehousing providers, delivery and shipping providers, fraud prevention organizations, marketing and public relations service providers, market research and analysis providers, data cleansing providers.
• Third parties that process personal information on our behalf and in accordance with our instructions.
• Another company within our group of companies, especially if you have a relationship with that part of our group. • Purchasers, investors, funders, and their advisers if we sell all or part of our business, assets, or shares or restructure whether by merger, re-organization, or in another way.
• Our legal and other professional advisers, including our auditors or any professional advisors appointed by you, for example, a legal advisor.
• Social media and other online platforms where relevant to our relationship with you.
• Governmental bodies, HMRC, regulators, police, law enforcement agencies, security services, courts/tribunals.
We also use Google Analytics which sets cookies to collect information about how visitors use our website. See our Cookie Policy at https://www.twistedgearinc.com/pages/cookie-policy.
We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from, and the pages they visited. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
INTERNATIONAL TRANSFERS
It is sometimes necessary to share your personal information outside of the USA and the European Economic Area (the EEA) or it will be collected outside of the USA and the EEA. This will typically occur when service providers to our business are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. The same applies to any transfer of personal information to another part of our group of companies based outside of the USA and the EEA. We also apply the same standards to any transfer of personal information between members of our group, regardless of where the group company is based. If we transfer your personal information outside of the USA and the EEA, we will ensure that the transfer will be compliant with data protection laws and all personal information will be secure.
Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are to be taken as regards the personal Information in the overseas location; alternatively, we use standard data protection clauses. This means that when a transfer such as this takes place, you can expect a similar degree of protection in respect of your personal information. Our directors and other key staff working for us may in limited circumstances access personal information from outside of the USA and EEA if they are on holiday abroad outside of the USA or EEA. If they do so they will be using our security measures and the same legal protections will apply that would apply to accessing personal information from our premises. In limited circumstances, the people to whom we may disclose personal information may be located outside of the USA and EEA and we will not have an existing relationship with them, for example, a foreign police force.
In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed. Also, if you are based outside of the USA and EEA, then your personal data may be held and used outside of the USA and EEA anyway, but in most cases, as described at the start the controller of your personal information will be Twisted Gear, Inc. in the USA. If you would like any more details about how we protect your personal information in relation to international transfers then please contact our DPO at support@twistedswag.com.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We are committed to keeping your personal information safe and secure and so we have numerous security measures in place to protect against the loss, misuse, and alteration of the information under our control. We will always aim to use best in class security systems implemented across our networks and hardware to ensure access and information are protected. Our security measures include:
• Encryption of personal information where appropriate.
• Regular cybersecurity assessments of all service providers who may handle your personal information.
• Regular planning and assessments to ensure we are ready to respond to cybersecurity attacks and data security incidents.
• Regular penetration testing of systems.
• security controls that protect our information technology systems infrastructure and our premises from external attack and unauthorized access.
• Regular backups of information technology systems data with functionality to correct errors or accidental deletion/modification to data.
• Internal policies setting out our information security rules for our staff.
• Regular training for our staff to ensure staff understands the appropriate use and processing of personal information.
• Where we engage third parties to process personal information on our behalf, they do so on the basis of our written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of personal information. We take information security very seriously and will use all reasonable endeavors to protect the integrity and security of the personal information we collect about you.
FOR HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We will hold your personal information for the duration of your relationship with us and then usually for a further period. If you are a customer this will usually be for up to 6 years after you last purchased or ordered any products or services from us or last used our apps. However, if you have only signed up to receive marketing, and you have never ordered or purchased anything from us, then we would not generally retain your personal information for that long, and usually we will only retain it for 2 years after you last used any account you have with us or confirmed you wish to continue to receive direct marketing from us.
Whichever time period normally applies, in some cases we may need to keep your personal information for longer, for example, if it is still relevant to a dispute or legal case or claim. We will not retain your personal information for longer than necessary for the purposes for which it was collected, and it is being used. We do not guarantee to retain your personal information for the whole of the periods set out above; they are usually the maximum period, and in some cases, we may keep your personal information for a much shorter period. For more information, please see our Data Retention Policy which can be obtained from our DPO at support@twistedswag.com.
YOUR RIGHTS
As an individual whose personal information we collect and process, you have a number of rights. You may:
• Withdraw any consent you have given to us, although this will only be relevant where we are relying on your consent as a basis to use your personal information, it is an absolute right. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose or purposes for which you originally gave your consent, unless we have another legal basis for doing so.
• Request details about how your personal information is being used. This right is linked with the right of access mentioned below.
• Request access and obtain details of your personal information that we hold (this is commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
• Request erasure of your personal information. This means that you can ask us to delete or stop processing your personal information, for example where we no longer have a reason to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (set out below). The right to have data erased does not apply in all circumstances.
• Object to the processing of your personal information where we are relying on a legitimate interest (ours or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Object to direct marketing where we are processing your personal information for direct marketing purposes, for example contacting you about products that might interest you. This is an absolute right. • Request the restriction of processing of your personal information. This enables you to ask us to stop processing your personal information for a period if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data.
• Request the transfer of your personal information to another party in certain circumstances.
• Object to certain automated decision-making processes using your personal information. You should note that some of these rights, for example, the right to require us to transfer your personal information to another service provider or the right to object to automated decision making, may not always apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. Also, for example, we do not use automated decision making in relation to your personal information which has legal or other significant effects for you, but we do use automated processing to show you relevant advertisements.
However, some of your rights have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights. If you would like to exercise any of these rights, please contact our DPO at support@twistedswag.com We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
This is another appropriate security measure to ensure that personal information is not disclosed to any person or dealt with by a person who has no right to do so. Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a complex area of law. More information about your legal rights can be found on the ICO’s website at https://ico.org.uk/for-the-public/.
COMPLAINTS
We hope you don’t have any reason to complain, and we will always try to resolve any issues you have, but you always have the right to make a complaint at any time to the ICO if you are based in the USA about how we deal with your personal information or your rights in relation to your personal information. You can make a complaint in writing to the ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom or you can go to https://ico.org.uk/make-a-complaint/. or
Through this website, you may also have the option to send information and/or complaints directly to the national advertising Self-Regulatory Organisation in your home country (see here to identify the relevant Self-Regulatory Organisation). Such information may contain Personal Data which is then sent directly to that organization in order to provide you with the complaint/information handling purposes, as per your request.
We advise you to review the Privacy Policies of these Self-Regulatory Organisations if opting to use this functionality. In all cases, you will be informed exactly which entity your data would be sent to when using this optional online form (e.g. in Germany: https://www.youronlinechoices.com/de/beschwerde/; e.g. in UK: https://www.youronlinechoices.com/uk/make-a-complaint)
Twisted Gear, Inc. does not disclose or share any personal data about you collected on this site with other entities (except in some exceptional cases and only with your previous explicit consent), without prejudice to any statutory obligation to do so by law, official or court orders.
CONTACTING US
If you have any queries regarding our use of your personal information or this privacy notice then please contact our DPO at support@twistedswag.com or write to DPO, Twisted Gear, Inc., 15203 N Cave Creek Rd., Phoenix, Arizona 85032. Dated: January 2021
We are Twisted Gear, Inc., and treating individuals and their personal information with respect reflects our core values and the values of our brand(s). So, we want you to know as much as possible about what we do with your personal information. Also, you and your personal information are protected by various laws and guidance and Twisted Gear, Inc. is committed to upholding these and respecting your privacy, and keeping your information safe. So, whilst this privacy notice is quite long, we want you to be fully informed. In this privacy notice any reference to "us", "we", "our" or "ourselves" is a reference to Twisted Gear, Inc., and the particular part of the Twisted Gear, Inc. group that you have a relationship with and any reference to "you", "your" and "yourself" is a reference to you as an individual who has a relationship with us or is in contact with us.
This privacy notice applies to everyone who interacts with us as a customer who has purchased any of our products or services, a user of any apps we provide, anyone who has signed up to receive marketing materials from us, anyone who enters any of our promotions/competitions, anyone who applies to attend any of our events or who interacts on social media with us, except to the extent that the reason you interact with us is already covered by another of our privacy notice(s). For example, our Rest of the World privacy notice will apply to your general use of our website. Please note that we have a separate privacy notice that relates to personal information captured by our CCTV and Access Control systems. A copy can be found at https://www.twistedgearinc.com/pages/Twisted Gear, Inc.-privacy-notice.
We also have a separate privacy notice that applies generally to individuals who apply to work for us, a copy of which will be provided to you during the recruitment process. Finally, we have a separate Rest of the World privacy notice that applies to any other individual that may interact with us, a copy of which can be found at twistedgearinc.com/pages/RestoftheWorld
You should also read these privacy notices to the extent that they will apply to your activities as they may apply to you in addition to this privacy notice. This privacy notice provides details in accordance with data protection laws about how we collect and use personal information about you during and after your relationship with us. As this privacy notice covers a range of individuals and different types of relationships and interactions with us, not all aspects of this privacy notice may apply to you depending upon the nature of your relationship and interactions with us. If you are unsure then you can always ask us by contacting support@twistedswag.com.
THE CONTROLLER OF YOUR PERSONAL INFORMATION
For the purposes of data protection laws and this privacy notice, whichever part of the Twisted Gear, Inc. group is processing your personal information is the controller of your personal information for that processing of your personal information. This will usually be the part of the Twisted Gear, Inc. group that you interact with or have a relationship with. Being a controller of your personal information means that we are responsible for deciding how we hold and use your personal information. Our main entity is Twisted Gear, Inc. which is incorporated in the United States. If you are based in the USA then this company will be the controller of your personal information. Your personal information, any queries you have regarding your personal information will be dealt with by Twisted Gear, Inc, which can be contacted at support@twistedswag.com.
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period of your interactions with us.
WHAT IF YOU DO NOT PROVIDE PERSONAL INFORMATION?
Failing to provide some of the personal information we require may have an adverse impact on our ability to interact with you, for example, we may not be able to provide you with products or services you would like to receive. However, generally, you are not obliged to provide us with any of your personal information.
IF YOU HAVE QUERIES OR CONCERNS JUST ASK!
We have appointed a data protection officer (DPO) to oversee our compliance with the data protection laws. If you have any questions about this privacy notice or how we handle your personal information, please contact our DPO at support@twistedswag.com.
CHANGES TO THIS NOTICE
We keep our privacy notice under regular review and we may update this privacy notice at any time. The current version of this notice is available on our website at https://www.twistedgearinc.com/pages/Twisted Gear, Inc.- privacy-notice or by requesting a copy from support@twistedswag.com.
If there are any material changes to this privacy notice in the future, we will let you know, usually by updating the version on our website, and we may also email you to let you know or post a message to you via our apps.
DATA PROTECTION PRINCIPLES
We are committed to being transparent about how we collect and use your personal information and in meeting our data protection obligations. Data protection laws say that the personal information we hold about you must be:
• Used lawfully, fairly, and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely. To make sure this happens we are required under data protection laws to notify you of the information contained in this privacy notice.
It is important that you read this document before you begin interacting with us so that you understand how and why we will process your personal information.
WHAT PERSONAL INFORMATION DO WE COLLECT?
In connection with your relationship or interactions with us, we may collect and process a wide range of personal information about you.
This includes:
• Personal contact details such as name, title, address (including billing address and delivery address), email address, and telephone number(s).
• Information about your date of birth, age, gender, marital status, and the name of any delivery recipient.
• Details regarding or connected to products or services that you have ordered from us.
• Details of apps that you have licensed from us to use and usage information relating to those apps, where it was downloaded from, traffic and communications data, and resources accessed.
• Device data where you use our apps or website which may include information about the device you use and the unique device identifier for example your device’s IMEA number, the MAC address of the device’s wireless network interface, or the mobile phone used by the device, mobile network information, your mobile operating system, the type of mobile browser you use, time zone setting, the IP address, device type, usernames and account details, location data which may include your current location disclosed by your own software. However, we do not use separate location tracking software.
• Profile data including your username, purchase history, your interests, preferences, feedback and responses, and any inferences drawn from any of personal data to create a profile about you to reflect your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
• Content data which includes information stored on your device, including login information, videos, photographs, and audio recordings or other digital content, Facebook check-ins or the workout data that you input and upload and your social media handle, posts, and information about your followers that you tag us in.
• payment details, payment card details, bank account details, financial transactions, and refunds.
• Any terms and conditions relating to your relationship with us. • Any communications between ourselves and you.
• Your social media handles, social media posts, information about your social media followers, information about any product/services endorsements by you, and other aspects of your social media activity.
• Publicly available personal information, including any which you have shared via a public platform, online or on social media.
• Details of your sporting or athletic achievements and activity and related plans and progress where you tell us about them.
• Personal history and information including hobbies, interests, and your preferences.
• Responses and results of surveys.
• Fraud prevention-related information which may include details of other transactions you have been involved in.
• Applications to enter or attend competitions, promotions or events, attendance at events and promotions, and any results or other related personal information.
• How you use our website as we collect information about the pages you look at and how you use them, usernames, account details and passwords, entry and exit data when you look at or leave our website, details of products, events, and materials that may be interested to you, online subscription information, for example, when you subscribe to one of our updates, blogs or other materials, browser-related information, cookies that are set on your device by our website (for more details see our separate cookie policy at https://www.twistedgearinc.com/pages/cookie-policy.
• Your usage of the IT systems we make available to visitors to our premises such as any visitor internet facilities at our premises.
• IP address information which allows us to track your usage of our website.
• Identification information including your driving license and/or passport and background checks.
• Gym training records, professional details.
• Vehicle registration number make and model if you are driving to visit us at our premises or an event.
• Details of any queries, complaints, claims and cases involving both us and you including any related communications.
• CCTV footage and other information obtained through electronic means such as swipecard records and access control systems if you visit our premises (see our separate CCTV and Access Control privacy notice at https://www.twistedgearinc.com/pages/Twisted Gear, Inc.-privacy-notice.
• Photographs, video footage, audio recordings, and other content, for example, any created as part of our marketing or promotion campaigns, which are taken at events we hold, when you enter a competition, posts made on social media or when you are on our premises or which you provide to us.
• Any other personal information you provide to us. We may also in some cases collect and process more sensitive special category personal information including:
• Information about your health including any medical condition, health, and sickness records, including where you inform us about any ill-health, injury, or disability.
• In some cases, equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health, and religion or beliefs. This will usually only be where it is relevant to events, promotions, campaigns, or other activities that may involve you. If you are providing us with details of any other individuals, for example, a friend of yours that you ask us to deliver our products to where you have ordered them as a present, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this privacy notice with them. They also have the same rights as set out in this privacy notice in relation to their personal information that we collect.
WE AIM NOT TO COLLECT PERSONAL INFORMATION ABOUT CHILDREN
Our supply of products or services, our apps, our website, events, promotions, social media, content, blogs, materials, and other services we provide are not intended for use by anyone under the age of 18 years and generally, we do not knowingly collect personal information relating to anyone under the age of 18 years old unless for some reason you provide it to us. However, we may in some cases collect limited personal information related to children if they are connected to someone who is 18 or older whom we have a relationship with, for example, a child who may attend an event or our premises when accompanied by a responsible adult who has won a competition or who is entitled to attend one of our events.
WHERE DO WE COLLECT YOUR PERSONAL INFORMATION FROM?
Twisted Gear, Inc. collects your personal information in a variety of ways and from a variety of sources as set out below:
• Most of your personal information is collected directly from you, for example through contact with you, through the information you input into your account on our website, through the information you input into our app, from orders placed by you, from correspondence with you, through your applications, entries to competitions/promotions, entries to events, attendance at events or promotions, subscriptions, memberships, from correspondence with you or through other interactions with us, when you visit our premises or other personal information you provide to us.
• From other individuals known to you who may have given us your personal information so that we can send you any of our products as a gift.
• From websites, the internet, social media, or other platforms including public sources of information.
• From our website, apps and information technology and communications systems, access control systems and CCTV and suppliers we use in connection with them.
• From third parties appointed by you, for example, any financial or legal advisors.
• From third parties appointed by us, for example, legal advisors appointed by us, identity or background check providers, fraud prevention organizations, data cleansing service providers, or market/data research and analysis service providers.
• From government or government-related bodies, regulators, the police, law enforcement authorities, or the security services.
WHAT ARE OUR BASES FOR PROCESSING YOUR PERSONAL INFORMATION?
We will only use your personal information when the law allows us to. This means we must have one or more legal bases to use your personal information. Most of these will be self-explanatory. The most common legal bases which will apply to our use of your personal information are set out below:
• Where we need to perform the contract, we have entered into with you which covers your relationship with us or to take steps to enter into that contract.
• Where we need to comply with a legal obligation which applies to us, for example complying with laws relating to the sale of products to consumers or complying with data protection laws.
• Where it is necessary for legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. We have set out in the section below how we use your personal information together with more details on our legitimate interests.
• You have given your consent. Generally, we do not rely on or need your consent for most uses we make of your personal information, but we will need your consent to directly market our products and services to you by electronic communications channels such as email or SMS/MMS. Where we are processing any sensitive special category personal information about you (for example personal information revealing racial or ethnic origin, religious or philosophical beliefs, or data concerning health) we also need to have one or more of the following legal bases for using your personal information.
• Where we have your explicit consent to do so.
• Where it is necessary for us to comply with our obligations and exercising our rights in the field of employment law, social security law, and social protection law, for example, processing your health information so we can ensure our app is tailored to you and your exercise regime should be safe for you to follow or making sure it is safe for you to participate in one of our events or promotions or making any adjustments necessary for you to attend our premises.
• Where we need to protect your vital interests (or someone else's vital interests).
• Where you have already made public the personal information.
• In establishing, exercising, or defending legal claims, whether those claims are against us or by us. • Where it is necessary for the public interest. In some cases, more than one legal basis may apply to our use of your personal information.
HOW WILL WE USE YOUR PERSONAL INFORMATION?
There are many ways we will need to use your personal information in the context of your relationship with us. We have set out the main uses below and indicated the main applicable legal bases of processing, but there may be other specific uses that are linked to or covered by the uses below.
• We will process your personal information to perform our relationship with you. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We may also in some limited cases rely on your consent.
• We will process your personal information to handle any order you (or an individual is known to you where the delivery is to be made to you) has placed with us and to pick, pack, dispatch, ship, and track that order to make sure it arrives safely. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We may also in some limited cases rely on your consent.
• We will process your personal information to provide any services you have asked to receive from us. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We may also in some limited cases rely on your consent.
• We will need to process your personal information to send to you any direct marketing materials about our products or services that you have asked to be sent to you. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We also need you to give consent if we are going to market to you by electronic channels such as email or SMS/MMS.
• We will process your personal information to build and develop a profile for you as a customer or potential customer of our products, services, apps and to aim to send or show you content, advertisements, or marketing materials that are most likely to be of interest to you. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests. We also need you to give consent if we are going to market to you by electronic channels such as email or SMS/MMS.
• We also need to monitor and manage our relationship with you, which may involve communications with you, decisions regarding your relationship with us, and in some cases meeting with you. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests.
• We may need to process your personal information in order to hold or conduct events, promotions, or campaigns. This will be in our legitimate interests, and in some cases, we may rely on your consent to do this, for example, if you provide us with a photograph to use.
• We may need to process your personal information to manage our social media or online relationship with you. This will be in our legitimate interests, and in some cases, we may rely on your consent to do this, for example, if you provide us with a video, photograph or content to use.
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
We use the Facebook Pixel, Conversion API. We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
• We may need to process your personal information in order to hold or conduct events, promotions, campaigns, and visits to our premises and manage your involvement in them. This may relate to the entry into or performance of a contract with you either directly or indirectly, it may also be in our legitimate interests or we may have a legal obligation to do so.
• We may need to process your personal information to help train our staff, and make sure they deliver the high standards expected in relation to our brand. This will be in our legitimate interests.
• In some cases, we may need to carry out the background, identity, fraud prevention, or other checks in relation to you to decide whether to enter into or to enforce a relationship we have with you. This will be in our legitimate interests, and in some cases, we may have a legal obligation to do so.
• As a business we may have many legal obligations connected to our relationship with you or connected to visiting our premises which we need to comply with, for example, to comply with consumer protection laws or to comply with data protection laws or to comply with health and safety laws so we can ensure it is safe for you to visit our premises.
• We will also need to keep and maintain proper records relating to your relationship with us and information about you which is relevant to that relationship. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests, and we may also have legal obligations to do this.
• In some cases, we may need to process your personal information to prevent, detect or prosecute criminal activity. This will also be in our legitimate interests; we may also have legal obligations or be exercising a legal right to do this, and it will also be in the public interest.
• You may have contacted us about a query, complaint or inquiry and we need to be able to respond to you and deal with the points you have raised. This will also be in our legitimate interests; we may also have legal obligations or be exercising a legal right to do this.
• We may need to gather evidence for and be involved in possible legal cases. As well as relating to the entry into of a contract with you either directly or indirectly, this will also be in our legitimate interests, we may also have legal obligations or be exercising a legal right to do this and it may also be needed to establish, bring or defend legal claims.
• To manage and keep a record of our relationship with you and any associated information It may relate to the entry into or performance of a contract with you either directly or indirectly, it will also be in our legitimate interests, and we may also have legal obligations or be exercising a legal right to do this.
• To ensure effective general business administration and to manage our business. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests, and we may also have legal obligations or be exercising a legal right to do this.
• To monitor any use, you make of our website, apps and information and communication systems and social media accounts to ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution and also to protect your personal information. As well as relating to the entry into or performance of a contract with you either directly or indirectly, this will also be in our legitimate interests, and we may also have legal obligations or be exercising a legal right to do this. In relation to social media, you may also have already made personal information public.
• To conduct data analytics and analysis studies to review and better understand trends and improve our business, use of our website, apps, and social media which relates to us, and those same things in relation to our competitors. This will also be in our legitimate interests, and we may also have legal obligations or be exercising a legal right to do this. We may sometimes anonymize and aggregate personal information for insight and research purposes, but this information will not identify you.
• We may be carrying our market and/or product research, for example, so that we can improve our offering and range of products or improve our use of our website, apps, or social media. This will be in our legitimate interests. We always aim to use your personal information in an ethical and non-intrusive way. You are a customer or potential customer of ours and your happiness as a customer or potential customer is very important to us. We will not use your personal data to target, segment, or profile individuals based on their health (including pregnancy), negative financial status or condition, political affiliation or beliefs, racial or ethnic origin, religious or philosophical affiliation or beliefs, sex life or sexual orientation, data relating to an alleged or actual commission of a crime, for any unlawful or discriminatory purpose or in any other manner that would be inconsistent with your reasonable expectation of privacy.
CHANGING MARKETING PREFERENCES,
You have the right to opt-out of receiving marketing communications from us at any time by:
• Updating your preferences in the App settings or in your account on our website.
• Informing us that you wish to change your marketing preferences by contacting our customer support team at support@twistedswag.com.
• Making use of the simple “unsubscribe” link in emails or any other electronic marketing materials we send to you.
• Contacting us via email at support@twistedswag.com or by post to My Data Queries, GSHQ, 15203 N. Cave Creek Rd., Phoenix, Arizona 85032. This will not stop service messages such as order updates and other non-marketing communications from us. It will also not affect advertising that may appear on our website, other websites or our apps.
Please see the below section entitled 'Automated Decision Making' for more information on how we use cookies to advertise to you.
You can opt-out of targeted advertising by:
FACEBOOK - https://www.facebook.com/settings/?tab=ads
GOOGLE - https://www.google.com/settings/ads/anonymous
BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]
Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at http://optout.aboutads.info/.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you by updating this privacy notice on our website, so please check back regularly for any updates. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. We will rarely need to rely on your consent to process any of your personal information.
AUTOMATED DECISION-MAKING
Automated decision-making takes place when an electronic system uses personal information to make a decision about that person without any human intervention which produces legal effects concerning them or similarly significantly affects them. We do not currently use this type of automated decision making in our business in relation to you. You will not be subject to decisions that will have a significant impact on you based solely on automated decision making unless we have a lawful basis for doing so and we have notified you. However, we do use automated processing so that we can show you personalized advertisements whilst browsing our website or those of other companies and to build a customer profile for you. Any advertisements you see may relate to your browsing activity on our website from your computer or other devices. These advertisements are provided by us via external market leading specialist providers using techniques such as pixels, web beacons, ad tags, mobile identifiers, and ‘cookies’ placed on your computer or other devices. For further information on the use of cookies, or for details of how you can remove or disable cookies at any time - see our Cookie Policy - https://www.twistedgearinc.com/pages/cookie-policy.
We may analyze you’re browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to decide what advertisements are suitable for you and to ensure that we draw to your attention products, services, events, and offers that are tailored and relevant to you. To do so, we use software and other technology for automated processing. This allows us to provide more personalized services and experience.
We may review the personal information held about you by external social media platform providers, such as the personal information available on social media platforms such as Twitter, Instagram, YouTube, Twitter, and Facebook. We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process personal data by profiling and segmenting, identifying what our customers like, and ensuring advertisements we show you are more relevant based on demographics, interests, purchase behavior, online web browsing activity, and engagement with previous communications.
WHO HAS INTERNAL ACCESS TO YOUR PERSONAL INFORMATION?
Your personal information may be shared internally with our staff, including with our customer support, order fulfillment, loyalty and retention, customer relationship management, media, insights, events, campaign, technical and legal teams where access to your personal information is necessary for the performance of their roles. We only provide access to your personal information to those of our staff who need to have access to your personal information.
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH EXTERNALLY?
When using your personal information, we may share it with third parties, but we will only do so when it is appropriate, and we have a legal basis for doing so. Third parties that we may share your personal information with include:
• Any third party approved by you.
• Service or product providers to our business, for example, information technology services suppliers, logistics and warehousing providers, delivery and shipping providers, fraud prevention organizations, marketing and public relations service providers, market research and analysis providers, data cleansing providers.
• Third parties that process personal information on our behalf and in accordance with our instructions.
• Another company within our group of companies, especially if you have a relationship with that part of our group. • Purchasers, investors, funders, and their advisers if we sell all or part of our business, assets, or shares or restructure whether by merger, re-organization, or in another way.
• Our legal and other professional advisers, including our auditors or any professional advisors appointed by you, for example, a legal advisor.
• Social media and other online platforms where relevant to our relationship with you.
• Governmental bodies, HMRC, regulators, police, law enforcement agencies, security services, courts/tribunals.
We also use Google Analytics which sets cookies to collect information about how visitors use our website. See our Cookie Policy at https://www.twistedgearinc.com/pages/cookie-policy.
We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from, and the pages they visited. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
INTERNATIONAL TRANSFERS
It is sometimes necessary to share your personal information outside of the USA and the European Economic Area (the EEA) or it will be collected outside of the USA and the EEA. This will typically occur when service providers to our business are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. The same applies to any transfer of personal information to another part of our group of companies based outside of the USA and the EEA. We also apply the same standards to any transfer of personal information between members of our group, regardless of where the group company is based. If we transfer your personal information outside of the USA and the EEA, we will ensure that the transfer will be compliant with data protection laws and all personal information will be secure.
Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are to be taken as regards the personal Information in the overseas location; alternatively, we use standard data protection clauses. This means that when a transfer such as this takes place, you can expect a similar degree of protection in respect of your personal information. Our directors and other key staff working for us may in limited circumstances access personal information from outside of the USA and EEA if they are on holiday abroad outside of the USA or EEA. If they do so they will be using our security measures and the same legal protections will apply that would apply to accessing personal information from our premises. In limited circumstances, the people to whom we may disclose personal information may be located outside of the USA and EEA and we will not have an existing relationship with them, for example, a foreign police force.
In these cases, we will impose any legally required protections to the personal information as required by law before it is disclosed. Also, if you are based outside of the USA and EEA, then your personal data may be held and used outside of the USA and EEA anyway, but in most cases, as described at the start the controller of your personal information will be Twisted Gear, Inc. in the USA. If you would like any more details about how we protect your personal information in relation to international transfers then please contact our DPO at support@twistedswag.com.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We are committed to keeping your personal information safe and secure and so we have numerous security measures in place to protect against the loss, misuse, and alteration of the information under our control. We will always aim to use best in class security systems implemented across our networks and hardware to ensure access and information are protected. Our security measures include:
• Encryption of personal information where appropriate.
• Regular cybersecurity assessments of all service providers who may handle your personal information.
• Regular planning and assessments to ensure we are ready to respond to cybersecurity attacks and data security incidents.
• Regular penetration testing of systems.
• security controls that protect our information technology systems infrastructure and our premises from external attack and unauthorized access.
• Regular backups of information technology systems data with functionality to correct errors or accidental deletion/modification to data.
• Internal policies setting out our information security rules for our staff.
• Regular training for our staff to ensure staff understands the appropriate use and processing of personal information.
• Where we engage third parties to process personal information on our behalf, they do so on the basis of our written instructions, they are under a duty of confidentiality and are obliged to implement appropriate technical and organizational measures to ensure the security of personal information. We take information security very seriously and will use all reasonable endeavors to protect the integrity and security of the personal information we collect about you.
FOR HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We will hold your personal information for the duration of your relationship with us and then usually for a further period. If you are a customer this will usually be for up to 6 years after you last purchased or ordered any products or services from us or last used our apps. However, if you have only signed up to receive marketing, and you have never ordered or purchased anything from us, then we would not generally retain your personal information for that long, and usually we will only retain it for 2 years after you last used any account you have with us or confirmed you wish to continue to receive direct marketing from us.
Whichever time period normally applies, in some cases we may need to keep your personal information for longer, for example, if it is still relevant to a dispute or legal case or claim. We will not retain your personal information for longer than necessary for the purposes for which it was collected, and it is being used. We do not guarantee to retain your personal information for the whole of the periods set out above; they are usually the maximum period, and in some cases, we may keep your personal information for a much shorter period. For more information, please see our Data Retention Policy which can be obtained from our DPO at support@twistedswag.com.
YOUR RIGHTS
As an individual whose personal information we collect and process, you have a number of rights. You may:
• Withdraw any consent you have given to us, although this will only be relevant where we are relying on your consent as a basis to use your personal information, it is an absolute right. Once we have received notification that you have withdrawn your consent, we will no longer process your personal information for the purpose or purposes for which you originally gave your consent, unless we have another legal basis for doing so.
• Request details about how your personal information is being used. This right is linked with the right of access mentioned below.
• Request access and obtain details of your personal information that we hold (this is commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
• Request erasure of your personal information. This means that you can ask us to delete or stop processing your personal information, for example where we no longer have a reason to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (set out below). The right to have data erased does not apply in all circumstances.
• Object to the processing of your personal information where we are relying on a legitimate interest (ours or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
• Object to direct marketing where we are processing your personal information for direct marketing purposes, for example contacting you about products that might interest you. This is an absolute right. • Request the restriction of processing of your personal information. This enables you to ask us to stop processing your personal information for a period if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data.
• Request the transfer of your personal information to another party in certain circumstances.
• Object to certain automated decision-making processes using your personal information. You should note that some of these rights, for example, the right to require us to transfer your personal information to another service provider or the right to object to automated decision making, may not always apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. Also, for example, we do not use automated decision making in relation to your personal information which has legal or other significant effects for you, but we do use automated processing to show you relevant advertisements.
However, some of your rights have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights. If you would like to exercise any of these rights, please contact our DPO at support@twistedswag.com We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights).
This is another appropriate security measure to ensure that personal information is not disclosed to any person or dealt with by a person who has no right to do so. Whilst this privacy notice sets out a general summary of your legal rights in respect of personal information, this is a complex area of law. More information about your legal rights can be found on the ICO’s website at https://ico.org.uk/for-the-public/.
COMPLAINTS
We hope you don’t have any reason to complain, and we will always try to resolve any issues you have, but you always have the right to make a complaint at any time to the ICO if you are based in the USA about how we deal with your personal information or your rights in relation to your personal information. You can make a complaint in writing to the ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom or you can go to https://ico.org.uk/make-a-complaint/. or
Through this website, you may also have the option to send information and/or complaints directly to the national advertising Self-Regulatory Organisation in your home country (see here to identify the relevant Self-Regulatory Organisation). Such information may contain Personal Data which is then sent directly to that organization in order to provide you with the complaint/information handling purposes, as per your request.
We advise you to review the Privacy Policies of these Self-Regulatory Organisations if opting to use this functionality. In all cases, you will be informed exactly which entity your data would be sent to when using this optional online form (e.g. in Germany: https://www.youronlinechoices.com/de/beschwerde/; e.g. in UK: https://www.youronlinechoices.com/uk/make-a-complaint)
Twisted Gear, Inc. does not disclose or share any personal data about you collected on this site with other entities (except in some exceptional cases and only with your previous explicit consent), without prejudice to any statutory obligation to do so by law, official or court orders.
CONTACTING US
If you have any queries regarding our use of your personal information or this privacy notice then please contact our DPO at support@twistedswag.com or write to DPO, Twisted Gear, Inc., 15203 N Cave Creek Rd., Phoenix, Arizona 85032. Dated: January 2021