Last version: 31st Jan, 2022
Details of how to contact us if you have any questions about privacy or data protection can be found in the Contact Details section below.
This policy explains what our lawful basis is in respect of each purpose for which we keep and use information about you. Generally, we are allowed to process your personal data where it is necessary by accessing our Website located at a domain or subdomain We own, using our products and services through the Website or our mobile applications, or otherwise providing us with Personal Information, where it is necessary in order for us to provide our service, to comply with our legal obligations, or where we have a legitimate interest to do so. We will consider whether your right to privacy overrides our interest when warranted.
How do We use your personal information?
Rosita exists to help our seniors live a more fulfilling and engaging aging process, creating healthy habits with physical, mental and social activities. This process requires data in order to be more personalized, relevant and contextual, and to provide the right activities and monitoring that help in such ageing process. Our Website’s server and management system routinely collects information about the origin and site navigation of visitors to our Website. This data might include technical information (e.g., your processor type, processor speed, operating system type, browser type, audio devices, modem devices, video cards, page views, and protocol address). Collected technical information is not linked to any of your personal identifying information. Company may use this information to manage or modify Website.
In application of the aforementioned regulations and commitment, Rosita and its members treat the data strictly necessary to satisfy their legitimate purposes, which include the following:
- The creation of a senior profile that aims to understand behavior and habits in order to provide more accurate and contextual activities and continue to improve our offering.
- The ability for the senior to decide and proactively share relevant information with other parties, including connected loved ones or institutions to which he/she is subscribed (e.g. local townhall) for their direct benefit (online caretaking, health monitoring, etc).
- The anonymized aggregation of data to show our seniors where they stand in their health indicators (like frailty and others) compared to other seniors their age.
- If you elect to receive information about Our programs, Services, or Content, to provide you with such information, including for our marketing and promotional materials.
- To improve the Website.
- To create a non-personal summary or aggregate data for business analysis, market analysis, communications management, research, planning, and other lawful purposes. We will never sell or lease your information.
You may opt out of communications from us. If you no longer wish to receive Our marketing or promotional communications, please contact us with your request. We will respect your wish to opt-out of our communications.
How do We collect your personal information?
Your personal data is obtained:
- From the users themselves through the Rosita app and forms.
- Through phone calls that Rosita's team might make to our customers to complement information that might be difficult for the senior to complete online
- Through the phone activity, from permissions provided to the Rosita application for the sole purpose of safety and monitoring.
- Quantitatively through the use of the product itself
Information We collect and treat
Personal data collected:
- Contact details: name, email address, telephone number and home address
- General wellbeing information, like age, weight and habits
- Correspondence and communications: personal info contained in your correspondence and communications with us, including survey responses.
- Subscription and participation in activities in the Rosita app
- Friends list, in order to help our seniors create social activities
- Marketing data, including marketing preferences
Information automatically collected:
- Identifiers and usage data: IP address, advertising identifiers, engagement metrics, info about your device, including model, version and operating system.
- Phone contacts: we will automatically connect you with contacts in your address book who also use Rosita (we do not store your address book and you can opt out of this using the setting function in the app).
- Transaction information: details of payments made (if any) and services purchased.
Information collected from other sources
- Third party apps, devices and wearables: (Apple Health)
- Third party payment processors: Rosita Prime subscription includes personal information about you from our payment processors, Apple Store Payments, including purchase details, username and transaction amount.
- Medical practitioner or other healthcare provider: if you choose to provide us with access to some or all of your medical records as part of Rosita, we obtain these records directly from your medical practitioner or healthcare provider through a secure network.
- Our third party lab partners:
Live coaching services
Our live coaching services are a platform for you to communicate with a live health, fitness, or wellness coach (“Live Coaching Services”). These services do not qualify as medical services as outlined in our Terms and Conditions of Use. Coaches may be provided by third parties, such as your employer or insurance company, or by our third-party coaching service providers. If you use our Live Coaching Services, we collect information about such use, including the plan, goals, and actions you record with your coach, your calendar events, communications with your coach, notes your coach records about you, and other information submitted by you or your coach.
- Rosita may use Personal Information and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access Rosita's Services or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. Anonymized or aggregated information is not Personal Information, and Rosita may use such information in a number of ways, including research, internal analysis, analytics and any other legally permissible purposes. We may share this information within Rosita and with third parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.
You can download all the data we hold about you on our Website, as specified below in this document.
Why we may collect data includes:
- To provide more contextual and intelligent activities for healthy habits:
- based on information you provide directly
- based on information you provide to us from third parties, like institutions and associations
- To provide a better user experience:
- To understand better what parts of the Rosita services work for our customers and not, so that we can improve our offering
- To connect with other parties:
- To provide interactive information the activity creators (hosts), including associations and institutions the senior subscribes to
- To provide monitoring information to the primary caretaker (selected by the senior upon signup)
We collect Personal Information so that we can carry out our business activities in a professional and efficient manner, in particular to:
- Most importantly, to provide a relevant service to you.
- Provide support services in respect of your Rosita account and Rosita app services.
- Communicate with you, including regular checkups with our specialists.
- Comply with local legal obligations.
- Calculate anonymous, aggregate statistics, for product development and analytics purposes including for sharing with third parties on an anonymous and aggregated basis.
- Manage complaints and disputes.
If you provide us with your email address, you consent to receive unencrypted and unsecured email communications from us. You agree that any notices, agreements, disclosures, or other communications that we send you via email satisfy any legal communication requirements. Any information that you provide to Company by email may be misdirected or intercepted by unintended recipients. Therefore, email may not be a confidential means of communication. If you have confidentiality concerns, please do not transmit any sensitive or confidential information to us via email.
Your data is yours. We will not steal your data or make it difficult for you to use it elsewhere.
- We undertake to update the data processed, as soon as possible, in case of the deficiency or mistakes, as well as the secrecy and confidentiality of the information involved, not assuming in any way the possible damages arising from the falsity of the information provided by the interested users or parties.
- In application of the principle of transparency and information, will inform clearly and accurately to the interested parties, at the time of the collection of the data or later as the case may be, of the circumstances of treatment established in the EU General Data Protection Regulation, or particular European Country Law applies.
- We will not treat minors' data or special categories of data referring to ideology, religion, ethnic or racial origin, sexual orientation or criminal infractions.
- We will not sell or transfer personal data to third parties, outside of those cases authorized by the Law relating to the fulfilment of the obligations with the Social Security, the Treasury and other public entities, as well as the assignments or communications to collaborating entities that request their services.
- The realization, where appropriate, of international data transfer to third countries will be done in accordance with the Law, prior to the consent of the interested party, adequacy established, where appropriate by the Spanish Agency for Data Protection or compliance with the requirements established in the agreement between the US and the EU on the privacy shield. These transfers will be carried out to fulfil information storage purposes. The contracts with third parties for the management of personal data comply with the provisions of the EU General Data Protection Regulation, or particular European Country Law applies. We, verify the professionalism and preparation of said managers and including clauses in accordance with the Law in the corresponding contracts.
- We undertake to respect the exercise by the interested parties of the rights recognized by the EU General Data Protection Regulation, or particular European Country Law applies, to which it authorizes internal forms and procedures that facilitate said exercise to the interested parties.
- To facilitate the proper application of the above commitments, We committed to all procedures, resources, tools, applications and others that are intended or carry out the processing of personal data, are designed and implemented from a perspective of full respect to the regulations and principles of data protection. In this sense, in those cases in which there are several applicable options, We will apply the most respectful with those.
- In addition, We committed to implement all security, technical and organizational measures that are necessary to ensure the protection of personal data they treat and the privacy of their owners. These measures will be adapted to the level of risk anticipated, to the nature of the data and the treatments that are carried out and their purpose.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis for us to do so.
With whom do we share your personal information?
Sharing your information within our Company
The raw information that builds your profile is private. We might share your profile with our staff when it might be required for the purpose of customer service or providing services to you. We have the right, but not the obligation, to monitor all conduct on your Website. You will not use Website for any unlawful purpose, to solicit others to perform or participate in unlawful acts, for any obscene purpose, to violate any regulations, rules, law, or ordinances, to submit false or misleading information, to upload or transmit any viruses or any other type of malicious code that will be used in a way that will affect the functionality or operation of the Website, or to collect or track the personal information of others. We reserve the right to terminate your use of the Website for engaging in such conduct.
Sharing your information with third parties
We may share your data with selected third parties. For example, we may share your information with:
- Internet hosting providers to host the Website, related infrastructure, services and applications.
- To the institutions you are subscribed to, only when you provide the permission to do so (because you benefit directly from it, for example, to connect you with your townhall)
- Healthcare professionals
- Research partners
- With your primary caretaker or loved one, as selected by you upon signup or modified later
- Law enforcement, regulators, governmental authorities, if required under a valid and enforceable subpoena.
There are certain exceptional circumstances in which we must disclose your information to third parties. This would be where we believe that the disclosure is:
- Required by the law, or in order to comply with judicial proceedings, court orders or legal or regulatory proceedings.
- Necessary to protect the safety of our employees, our property, or the public.
- Proportionate as part of a merger, business or asset sale. In the event that this happens, we may share your information with the prospective seller or buyer involved.
Cross-border data transfers
We may transfer your Personal Information outside of the country where you are located, including to the US where we and certain of our service providers are based. Regardless of where your Personal Information is transferred, we shall ensure that relevant safeguards are in place to ensure adequate protection for your Personal Information (for example, by entering into standard contractual clauses with the recipients of your Personal Information). Further details regarding the relevant safeguards we implement can be obtained from us on request at email@example.com.
Privacy and Security
How long do We keep your personal information?
Because we do not store or transmit Protected Health Information (“PHI), as defined under the Health Insurance Portability and Accountability Act (“HIPAA”), our activities as they relate to Website do not comply with HIPAA. This means that unless expressly directed to do so through a secure HIPAA portal, do not use this Website to provide, transmit, store, or disclose any health information that constitutes PHI.
We will only store your personal information for as long as we need it for the purposes for which it was collected. Where we provide you with any service, we will retain any information you provide to us at least for as long as we continue to provide that service to you.
If there is a contract or information has been provided, the personal data will be kept for a period of five (5) years from its formalization, to guarantee the existence of a probative document during the period of prescription of debts. This term will be extended until the term of existence and claim of the debt ends, in the event that it has been interrupted.
In all other circumstances, we will keep your information until you have exhausted any funds on your account, all claims and legal disputes have been settled, there is no direct risk of fraudulent activity from erasing the data and that your account can be determined to be permanently dormant.
You indemnify us against damages from sharing your PHI.
What rights do you have in respect of your personal information?
You have the right to be informed
You have the right to access your personal data
You have the right to ask us to confirm whether or not we hold any of your personal information. If we do, you have the right to have a copy of your information and to be informed of the following:
- Why we have been using your information
- What categories of information we were using
- With whom we have shared the information
- How long we envisage holding your information
In order to maintain the security of your information, we will have to verify your identity before we provide you with a copy of the information we hold.
The first copy of your information that you request from us will be provided free of charge. If you require further copies, we may charge you an administrative fee to cover our costs.
If you need to download or delete your data, please email firstname.lastname@example.org or call us.
You have the right to correct any inaccurate or incomplete personal data
Where you have requested a copy of the information we hold about you, you may notice that there are inaccuracies in the records, or that certain parts are incomplete. If this is the case, you can contact us so that we can correct our records.
You have the right to be forgotten
There may be times where it is no longer necessary for us to hold personal information about you. This could be if:
- The information is no longer needed for the original purpose for which we collected it;
- You withdraw your consent for us to use the information and we have no other legal obligation to keep using it;
- You object to us using your information and we have no overriding reason, such as reliance, to keep using it;
- We have used your information unlawfully; or
- We are subject to a legal requirement to delete your information.
In the above situations, you have the right to have your personal data deleted. If you believe one of these situations applies to you, please email email@example.com.
You have the right to have a copy of your data transferred to you or a third party in a compatible format
Also known as data portability, you have the right to obtain a copy of your personal data for your own purposes. This right allows you to move, copy or transfer your personal data more easily from one IT system to another in a safe and secure way.
If you would like us to transfer a copy of your data to you or another organization in a structured, commonly use and machine-readable format, please contact us. There is no charge for you exercising this right.
You have the right to object to direct marketing
You can tell us at any time that you would prefer that we do not use your information for direct marketing purposes. If you would not like to receive any direct marketing from us, please contact us or use the links provided in any of our marketing communications, and we will stop sending direct marketing materials immediately.
You have the right to object to us using your information for our own legitimate interests
Sometimes, we use your personal information to achieve goals that will help us as well as you. This includes:
- When we tell you about products or services that are similar to ones that you have already bought;
- When we use your information to help us make our business better; or
- When we contact you to interact, communicate, or let you know about forthcoming Website changes.
We aim to always ensure that your rights and information are properly protected. If you believe that the way we are using your data is not justified due to its impact on you or your rights, you have the right to object. Unless we have a compelling reason to continue in our sole discretion, we must stop using your personal data for these purposes.
In order to exercise your right to object to our use of your data for the purposes above, please contact us via email at firstname.lastname@example.org.
You have the right to restrict how we use your personal data
You have the right to ask us to stop using your personal data in any way other than simply keeping a copy of it. This right is available where:
- You have informed us that the information we hold about you is inaccurate, and we have not yet been able to verify the inaccuracy;
- You have objected to us using your information for our own legitimate interests and we are in the process of considering your objection;
- We have used your information in an unlawful way as determined by a court of competent jurisdiction, but you do not want us to delete your data; or
- We no longer need to use the information, but you need it for a legal claim.
If you believe any of these situations apply, please contact us via email at email@example.com.
You have rights related to automated-decision making and profiling
Any automated decision-making or profiling we undertake is solely for the purpose of tailoring the information which we provide to you. We will not use automated decision-making or profiling to make any decisions which will have a legal effect upon you or otherwise significantly affect you, and you have the right not to be subject to such decisions. If you have any concerns or questions about this right, please contact us via email at firstname.lastname@example.org.
On occasion, we may gather information about your computer for our services and to provide statistical information regarding the use of our Website.
Such information is statistical data about our visitors and their use of our Website.
We may gather information about your general internet use by using a cookie file. Cookies are small data text files that are sent from a server computer to your computer during a web browsing session. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer as cookies contain information that is transferred to your computer's hard drive. They help us to improve our Website and the service that we provide to you. Some browsers automatically accept cookies, but you may be able to prevent cookies by changing your browser’s settings. If you disable cookies, it may impair your ability to use some features of our Website.
Everything is described in detail in our Cookies Policy.
This version was last updated in January 2022, and historic versions can be obtained by contacting us.
If you wish to make a complaint about our collection or use of your personal data, please contact us so that we may seek to resolve your complaint.
You have the right to lodge a complaint with the Spain Information Commissioner: Agencia Española de Protección de Datos.
Our Data Protection Officer is Juan Cartagena, who can be contacted at the address below.
Post: Balneario, Cofrentes, 46625, Spain