We have been working hard to make sure that we are achieving a high standard of data and privacy protection. As a consumer, you have the right to the protection of your personal data. What personal data is collected, why it is collected and how Onewave ensures the protection of your data is described in this Privacy Policy. We may update this Privacy Policy, the latest version can be found on our website. We will notify active participants in case of major changes by email.

This Privacy Policy belongs to Onewave the Agency B.V., residing at Linnaeuskade 23-hs, 1098BG Amsterdam, The Netherlands and registered under Dutch Chamber of Commerce (KvK) number 71387447 (“Onewave”, “we”, “us”, “our”).

Website: www.onewave.agency
E-mail: info@onewave.agency or use our webform.

Last update: December 23, 2019.

Definitions

PERSONAL DATA

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, including encrypted data, also constitute personal data. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer.

USAGE OF PERSONAL DATA

Any operation or set of operations performed upon personal data, including in any case the collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, together, associate with each other as co blocking, erasure or destruction of data. In short, it means that the processing of personal data concerning any act or series of acts together.

DATA CONTROLLER

The data controller determines the purposes for which and the means by which personal data is processed. In other words, the company/organisation that decides ‘why’ and ‘how’ the personal data should be processed is the data controller. In the case of this Privacy Policy Onewave is the Data Controller.

SERVICE(S)

The products and services that are provided by Onewave.

CLIENT

“Client” is a person or organization who is in a contractual or otherwise transactional relationship with Onewave where Onewave is to produce the Service, using personal and measured information from the Subject(s). In a typical scenario the Client is an employer, whose employees are Subjects.

DATA SUBJECT

The “Data Subject” is the person, whose information is used by Onewave to produce and deliver its Services, using HRV measurement data and other personal information about the Subject. In this Policy we also refer to the Data Subject as “You” or “Your”.

FILE

Any structured set of personal data, whether or not this data is centralized or dispersed on a functional or geographical basis, which is accessible according to specific criteria and relates to different people.

DATA PROCESSOR (OR SERVICE PROVIDERS)

A natural person or legal entity that processes personal data on behalf of the controller is considered to be a data processor. A data processor works under the direct authority of the data Controller.

Personal Data Collection and Use

In this section, we have set out the different types of personal data that we may collect and use.

SERVICE DELIVERY DATA

We may process data that You provide to us for delivering our services (“service delivery data”). The Services that we provide typically have the aim to provide You with personalized and individual feedback on the effect of lifestyle factors on different aspects of well-being. The Service typically also includes direct personal feedback to You by a Onewave employee or contractor by telephone, or in person. The Subject’s personal qualities, characteristics and HRV analysis are examples of data that are used to provide the Service.

The Service may include an anonymized feedback report to the Client, regarding the general well-being of a group of Subjects (typically employees) as a whole, with the purpose to support the Client in creating a better work environment for its employees. These data will not be provided if the number of Subjects is so small, that individual data could be recognized from the averages. Personal data from or about individual Subject(s) will never be shared with the Client.

CUSTOMER RELATIONSHIP DATA

We may process data relating to transactions, including purchases of services, that You or the Client enters into with us (“transaction data”), data that allow us to be in contact with You as a customer or Client, including customer contact information (“customer relationship data”), data about inquiries You or the Client submits to us regarding our Services or the administrative execution of those Services (“inquiry data”) and/ or account data (“account data”).

INSIGHT AND USAGE DATA

We may process Your or the Clients personal data for statistical and academic analysis (“insight data”) or for analysis of the usage of our website and services (“usage data”). These types of data may be processed to improve our tools and services, to conduct anonymized scientific, marketing and other research including research to advance (scientific) knowledge in the field. The use of personal data for scientific or statistical analysis is anonymous, and thus handled in such a way that data from an individual Subject cannot be identified.

NOTIFICATION, TRACKING AND COOKIES DATA

We may use cookies and similar tracking technologies to track the activity on our Service and website (“tracking and cookies data”) and we may process information that You provide to us for the purpose of subscribing You to notifications and/or newsletters and updates (“notification data”).

Purpose of Data Usage

The purpose of collecting Your personal data is multifold:

  • To be able to deliver our Services to You;
  • To be able to operate our website and tools;
  • To ensure the security of our online tools;
  • To be able to improve our offering and Services;
  • To be able to do the administrative processing of invoices and payments;
  • To be able to communicate with You and deliver customer support;
  • To further the (scientific) knowledge in the field of vitality and energy management
  • To provide You with notifications, tips, and other content that might be relevant to You. You have the option to opt-out of this information.

 

Personal data may be used after the termination of the customer relationship in accordance with the
applicable legislation.

Our Main Data Sources

You are typically invited to register Yourself via the registration form on Onewave’s website, in order to ensure that You consent and sign-up out of free will. Alternatively You might contact us directly and subscribe Yourself using the registration, contact or newsletter form on Onewave’s website.

If You continue with our Program additional personal data is provided by You via a web interface. Onewave works together with Service Providers to gather insights via (HRV) measurements, questionnaires and other tools. Data is further collected through Your use of our measuring devices.

A representative of Onewave may additionally gather information from You while providing the Service, for example during the personal coaching and feedback sessions.

Sharing of Your Data

We do not sell Your personal data. Your personal data will also not be given to, nor shared with our Client (which is in most cases Your employer).

To be able to provide You our Clients with our services, and to run our business, we do share data with service providers in the following categories:

  • Service Providers such as coaches and experts that work with us to provide You with feedback on Your wellbeing and to help You to identify improvements. We only share the information with the coaches and experts that actually work with You or our Client;
  • Service Providers that we collaborate with to provide us with data on Your wellbeing by using their software, reports or tools. Typically these providers don’t access Your data directly but provide us with their (technical) Services;
  • Service Providers which provide professional services such as cloud platforms, email services, marketing agencies and bookkeepers. These Service Providers will not have access to Your personal health data, but might be able to access Your Customer Relationship Data;
  • Law enforcement and other government authorities such as the taxation office;

 

We require of our Service Providers that they work in accordance with GDPR and other legal requirements and standards for protecting Your personal data. We ensure that a data processing agreement is in place and we limit the data that they can access where possible to what is required for them to be able to do their work.

Retention of Data

We will keep Your personal data only for as long as necessary for the purposes as described in this Privacy Policy and to the extent that it is necessary to comply with our legal and administrative obligations.

We will remove Your measurement data latest 6 months after ending the Service with us. You can always request us to delete Your data earlier and we can also help You to remove data from the measurement tools that we use.

Transfer of Personal Data

Personal data may not be transferred without the data Subject’s consent outside Onewave or its subsidiary companies and authorized Service Providers in a manner that the data could be identified, except in the following exceptional circumstances:

  • If required by any ruling of a governmental or regulatory authority, court, or by mandatory law; or if it is otherwise necessary for the purposes of preventing, or investigating, any breach of law, user terms or good practices or to protect the rights of Onewave or a service provider.

 

Personal data acquired by Onewave’s on its own systems and on service provider software tool for its (HRV) measurements is primarily stored on servers located in the EU. Data may be transferred or maintained outside the EU or the EEA, such as when sending service related information to Your email address, which is located on a foreign email server or when our employees are travelling while accessing Your data. The Subject may also use the Service with a device outside the EU or the EEA, and in such cases, the data is visible on that device while using the Service.

We will take all steps that can be reasonably expected of us to ensure that Your data is treated securely and in accordance with this Privacy Policy and that adequate controls are in place to secure Your personal data.

Disclosure of Your Data

Disclosure of data may happen if required by any ruling of a governmental or regulatory authority, court, or by mandatory law; or if it is otherwise necessary for the purposes of preventing, or investigating, any breach of law, user terms or good practices or to protect the rights of Onewave or a service provider.

Security of Your Data

Onewave will protect the data file so that only authorized personnel defined by Onewave, who are bound by a confidentiality agreement, have access to the file and only for purposes related to their work. Onewave authorized personnel may be employees or Service Providers (subcontractors).

Onewave ensures that all data systems and computer equipment are sufficiently protected with appropriate technical methods, including passwords and personal user IDs.

If Onewave uses Service Providers for support functions, Onewave will ensure that the Service Provider can and will protect the registered data as required in accordance with applicable data policies.

Your Rights

You have the following rights:

  • The right to be informed: this means we must inform You about how we use Your data. We do this in this Privacy Policy. If You have any remaining questions please contact us at info@onewave.agency.
  • The right of access: You have the right to access Your personal data that we hold. We must respond to Your request within a month. To request access to Your data please mail info@onewave.agency.
  • The right to rectify: if You believe we have incorrect information on You then please let us know so that we can put it right. We will do so, provided that the request is reasonable.
  • The right to be forgotten: You can request us to delete the personal information that we have of You. We will do so, provided that the request is reasonable and that there is no legal obligation to keep (part of) Your information.
  • The right to restrict processing: You can request a change in Your communication preferences, thereby restricting how we communicate with You.
  • The right to data portability: You can obtain and reuse Your personal data for Your own purposes. To request this please email info@onewave.agency.
  • The right to object: You have the right to object, for example to the way we process Your data.
  • You have rights in relation to automated decision making and profiling.

 

You have the right to inspect Your personal information and to change or delete Your information, where that is legally allowed. Any requests to inspect or to subsequently modify information shall be indicated in person, or by a signed letter or similarly verified document to the data controller in charge of the data file. In this way Onewave can confirm the requestor has the right to make such a request.

You have the right to opt-out of the use of Your information for the purpose of direct marketing of Onewave services. You can make an electronic or written request to Onewave for this purpose.