Kick AI Ltd Oy (Kick.AI) is a Finnish company working on data-driven sports solutions to martial arts. Your privacy is very important to us at Kick.AI which is why we are committed to process your personal data carefully and in compliance with applicable data protection laws. As a company based in Finland, when processing your personal data, we comply with the requirements of the EU General Data Protection Regulation (2016/679).
1. Controller and Contact Details
2. Types of Personal Data we Process
3. Purposes for which We Use the Data
4. Sharing and Disclosure of Your Personal Data
5. Place of Processing and Cross-Border Transfers
6. Your Rights as the Data Subject
7. Data Retention
9. Data Security Principles
10. Changes to This Policy
1. Controller and Contact Details
Kick AI Ltd Oy
Mikonkatu 17 A, 00100 Helsinki, Finland
Please note that in relation to requests concerning the exercise of your rights as the data subject you should always send your request in writing by email.
2. Types of Personal Data we Process
We only collect and process personal data in directly identifiable form when it is necessary for the intended purposes, meaning that if direct identification is not required, we will process that data in an aggregated or otherwise anonymous form in a way that it cannot be linked to a particular individual.
Typically we receive the personal data either directly from you or our service providers, or through your use of the Kick.ai device and the Kick.ai App. When requesting your data we endeavour to let you know what data you are required to give, for example, in order to enter into an agreement for our products and services.
We typically process:
Basic information. When you order the Kick.ai kit, we process your contact and shipping details, such as your name, email address and physical address, invoicing, and your order history information, such as the products ordered, subscription details and times of purchase.
Account and profile information. When you first sign in to the Kick.ai App you are requested to create an account to use the Kick.ai App. In relation to your account we process your account and profile information, such as your name, date of birth, email address, marketing and advertising related permissions and bans, and time of creation of the account; your physiological attributes, such as your height, weight and gender; and your experience information, such as your rank in the art. In addition, we provide you with the opportunity to authenticate with your social media or other similar account for third party services (for example Facebook and Google accounts). When you authenticate with such an account we will receive certain of your account data from that service provider, such as your name and other information in that account, as authorised by that service. You can terminate the connection between your Kick.ai account and the third-party service at any time.
Data generated by using the Kick.ai App. We further process certain data that is generated by you using the Kick.AI device and App. This data typically includes training data, such as kick data and relating statistics (velocity, hits, misses etc.) and simulations completed; and social activity within the Kick.ai App, such as your interactions with other users of the Kick.ai App (challenges, comments etc.).
3. Purposes for which we use the data
We use your personal data only for predetermined purposes, as further described below:
Performance of agreement and management of customer relationship. We use your personal data to perform and enforce the agreement between you and Kick.AI, such as to fulfil your order for the Kick.ai kit and to provide you the Kick.ai App pursuant to the Kick.ai EULA, invoicing and debt collection, to assess and process possible warranty and other claims and complaints, to provide you with customer service and support and otherwise manage the customer relationship between us (such as sending you newsletters and otherwise communicate with you). The processing of your personal data is in these cases based on an agreement or necessary to take steps prior to entering into such agreement, and relation to communications with you relating to the agreement(s), on Kick.AI’s legitimate interest.
Marketing, tailoring content and profiling. We can use your basic and profile information to send you direct marketing. When required under applicable data protection laws, we will ask your permission prior to sending you direct marketing by electronic means. Based on your interactions with Kick.AI’s services and content, we can also tailor and customise the content we provide you with (such as newsletters and marketing messages) in order to serve you with more relevant content. Further, based on your preferences and interactions with our services and content, we can create profiles and user segments to provide you with targeted marketing. You can always opt out of receiving direct marketing and object to profiling at any time. Processing of your personal data for marketing, tailoring content and profiling is based on Kick.AI’s legitimate interest or your consent.
In addition, an essential feature of the Kick.ai App is a specific algorithm which is designed to learn from your training. Based on your training the algorithm will automatically analyse your performance and generate a tailored feed for you to further support your training. This information is for your convenience only and we will not use this information for any marketing or profiling purposes. We may, however, use that data to create aggregated reference data, as explained below.
Creation of aggregated reference data; analysis and development. Based on profile and usage data we compile aggregated and anonymous statistical and user data to provide the users of the Kick.ai App reference data on aggregated training results of users with similar attributes to further support the training. We further process your personal data as well as the data we collect automatically to analyse and develop our products, services and business, and to better understand how our services are used. We will not use your information in an identifiable form if it is not necessary for the abovementioned purposes. We process the data for these purposes based on our legitimate interest.
Processing based on a legal obligation. We may be obligated to process certain of your personal data based on a legal obligation under the Finnish accounting and other mandatory laws, also after the customer relationship has ended. In these cases, the processing is based on that legal obligation.
4. Sharing and Disclosure of your personal data
Kick.AI does not sell or otherwise disclose your personal data to third parties, whether for advertising purposes or otherwise, except in situations explained below.
Sharing your data with other users of the Kick.ai App. The Kick.ai App features an option to connect with other users of the Kick.ai App for challenges and leaderboards showing rankings of the users of the Kick.ai App for different available activities. This means that some of your profile details (such as user name, profile photo (optional), gender, height and weight and nationality) as well as your performance and achievements recorded with the Kick.ai App (such as best score/best average, leaderboard rankings etc.) will be visible to other users in those connections within the Kick.ai App. You can, however, choose to make your profile private in the settings menu of the Kick.ai App, in which case the information will not be visible to others, and you will not be shown in any leaderboards.
Local agents and representatives. We may transfer your personal data to our local agents and other representatives who we have appointed to your territory to offer you a local contact point and local service.
Authorities. We may disclose your information to authorities when we have a legal obligation or other legitimate interest to do so pursuant to applicable law.
Consent. Based on your consent we may disclose your information within the limits of the specific consent we have requested, and which you have given. Information on revoking your consent is provided below.
Business transactions. We may disclose your personal data in connection with a business transaction (such as a transfer of undertaking) to the other party/parties of the transaction, if and to the extent necessary.
Our legitimate interests. We may disclose your personal data if it is necessary in order to protect or defend our legitimate rights and interests, or those of our other customers, employees, directors or shareholders, and/or to ensure the safety and security of our services.
5. Place of processing and cross-border transfers
Your personal data will be stored within the EU/EEA on the servers of our hosting service provider, and the principal place of processing of your personal data is in the EU/EEA. If you are residing in a country outside the EU/EEA, your personal data may be transferred to the EU/EEA and will be subject to the EU data protection laws.
In certain occasions we may use service providers located outside the EU/EEA in the provision and technical implementation of our services, in which case your personal data may be transferred outside the EU/EEA. In case we transfer your personal data outside the EU/EEA we have ensured that your personal data is afforded adequate level of protection by way of contractual obligations or by using other safeguards available under the EU data protection laws.
6. Your rights as the data subject
As the data subject, you have the following rights you can exercise in relation to the processing of your personal data:
Right of access, rectification and erasure. You can access and update your personal data relating to your Kick.ai App account at any time through the functions of the application or by contacting us. At your request we will also rectify any inaccurate, incomplete or outdated personal data relating to you. You also have the right to request your personal data to be erased (right to be forgotten) in accordance with applicable law. Please note that erasure of personal data is not possible in so far you are still using the Kick.ai App and have an existing agreement with us
Right to object to direct marketing (including related profiling). In case you do not want to receive further marketing or other updates from us or wish to opt out of profiling we do to offer you tailored direct marketing, you have the right to object to processing of your personal data for those purposes. Should you use your right to object, you will no longer receive direct marketing from us. You can use your right to object either through the functions of the Kick.ai App by contacting us or through the unsubscribe link on electronic messages we send you.
Right to object to data processing and right of restriction. You have the right to object to processing we carry out based on legitimate interest on grounds relating to your particular situation, unless we have compelling legitimate interests for the processing which override those interests. You also have the right to request the restriction of the processing of your personal data, for example, in case you object to processing as described above or contest the accuracy of your personal data.
Revocation of consent. You may revoke a consent you have given at any time by contacting us or through the functions of the Kick.ai App. Please note that revoking your consent does not affect the legality of the processing we have carried out prior to the revocation.
Data portability. You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller when we process your data automatically and based on an agreement or your consent.
7. Data retention
Kick.AI will only retain your personal data in identifiable form as long as is necessary to fulfil the abovementioned purposes or as long as we have a statutory obligation to keep your information, after which it will be deleted or anonymised.
We retain the personal data of our customers for at least the time they are current, and the customer relationship exists. After the customer relationship ends, the retention period depends on the data and its purpose of use. For example, we retain your personal data for direct marketing purposes until you have objected to it and retain invoicing and payment information for 7 years after the customer relationship has ended. We comply with any statutory obligations in retaining data that may apply.
If you have exercised your right to object to direct marketing, we may still keep certain information about you to comply with that request.
A “cookie” is a small data file containing a string of characters that is sent to your device when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. A cookie does not harm your device, and we do not get any information that is directly related to you (such as your name or email address) merely through cookies. The duration of how long a cookie will stay on your device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your device until they expire or until you delete them.
Most web browsers allow you to control and block cookies through their settings. Please note that if you limit the ability of our website to set cookies or block them entirely, the entire contents of our website may not be available and some of the features might not function properly. Below You can learn about how to control cookie settings on most common web browsers:
To prevent your data from being used by Google Analytics you can install a browser plug-in from Google which is available here.
If you would like more information about cookies, please visit www.allaboutcookies.org. More information about interest-based advertising, including how to opt-out of these cookies, can be found at www.youronlinechoices.com.
9. Data security principles
We employ sufficient technical and organizational measures to protect your personal data against accidental and/or unlawful access, alteration, destruction or other processing (including unauthorized disclosure and transfer). These measures include proactive and reactive risk management, use of firewalls, encryption and pseudonymisation techniques and secure IT areas as well as access control and security systems, security planning, controlled granting and monitoring of access/user rights, ensuring skills through training for personnel involved in processing personal data and through assessments as well as careful selection of subcontractors and other suppliers. We continuously update our in-house practices and guidelines in an appropriate manner.
10. Changes to this policy