Withings processes your data to help you improve your health, while taking care of the health of your data.
As a data controller, Withings (Withings SA, 2 rue Maurice Hartmann, Issy-les-Moulineaux, 92130 France, firstname.lastname@example.org) is committed to giving the utmost attention to the security and protection of your privacy. Withings processes your personal data in compliance with applicable privacy and personal data laws according to the new European General Data Protection Regulation (GDPR) which entered into force on May 25th 2018.
In order to easily identify the personal data used in the different cases, each type of data is illustrated by a pictogram.
Depending on the Product used, the way you use it or the way you acquired it, some of the data below will be collected by Withings:
Identity data mean data which can directly identify you, such as your email address, birth date, usernames, names and surnames, phone number, delivery address.
Activity data vary depending on the Products used. They correspond to the measure of your physical activities, such as number of steps, distance travelled, number of swimming strokes, number of calories burned, type of activity, level of activity, and sport session time. We also process data related to your body's activity. Depending on the Products used, it includes your weight, muscle, fat, water percentage, heart rate, blood pressure, electrocardiogram, heart sound, temperature, sleep cycles, snoring episodes.
Technical data necessary for the use of the Products and Services, such as Wi-Fi network, technical logs, date of Product activation, battery measurement, manufacturing ID, debug technical information, and website cookies. Your bank details are processed when you purchase Products on our website. They are solely used for audit purposes and are not stored.
The data collected through the Products and Services of Withings is processed by Withings for the following specific purposes. Different purposes may apply simultaneously.
Providing Products and Services. Personal data processed by Withings are stored on your Withings account and accessible on the application. Personal data may be indicated as raw data (number of steps, weight, etc.), or as a result of specific processing (heart rate, respiration, movement which produces your sleep patterns, etc.).
Accounts. Use of our Products and Services requires the creation of a Health Mate account. This account also allows you to manage your content and preferences as well as measurements collected by the Products. More information on Health Mate online dashboards.
Communicating with you. When you contact our customer support department to solve a problem that you have reported, our team members may be required to process your personal data to help you. They will not be able to view your identified personal health data such as your weight or blood pressure without your consent.
Marketing, research and recommendations Your personal data may be used to help us communicate with you, for example to offer you surveys, contests, coupons or events in which you are free to participate. We may provide you with information about our Products, such as alerts, changes, new features, sales offers from Withings or our partners, or to announce new Products to you. You may be invited to participate in the research by receiving questionnaires. Withings is constantly improving the accuracy of its measurements thanks to its community of participants, always ensuring that your consent is obtained. You can manage your notification preferences here.
Improving our Products and Services. We may use your anonymous personal data to improve our Products and Services, customers support, we may need to process certain data in order to correct or modify software settings. In addition, your health data might be anonymised, i.e not allowing to identify an individual or to be linked to an account to conduct studies and analyses in the field of health, in order to advance scientific research.
All Products manufactured by Withings are connected objects that require the use of an iOS or Android device. The creation of a Withings account via a device is therefore a prerequisite for the installation of our Products.
Our Products work via a wireless connection (Wifi, Bluetooth, 3G/4G), allowing the configuration of the Product as well as the transmission and synchronization of the data collected with your Withings account.
Some features are only accessible through the connection between your Product and the application. The personal data collected by the Products is stored and transmitted to our servers on your Withings account when you synchronize your Product with our mobile application, or when you connect your Product to your Wifi network. This synchronization on our servers located in France is necessary in order to allow:
For more information on how each of our Products works, we invite you to consult the corresponding user guide from our Help Center.
Your personal data will not be distributed, communicated, exchanged or transferred to third parties, on any medium whatsoever. Only the assumption of the purchase of Withings and its rights would allow the transmission of your data to the potential purchaser, who would in turn be bound by the same obligation to protect your data.
International transfer of personal data. Our Services are provided by hosts located in France and data are not transferred outside the European Union.
Mandatory disclosure. We may be compelled by the law to disclose your personal data to some authorities or other third parties, such as the the law enforcement or legal authorities.
If you use a ScanWatch in the United States, Withings may share some personal information (name, date of birth, email, address, phone number) with Heartbeat Health who provides you with services such as reviewing your request for a prescription necessary for the ECG functionality on the device; enabling virtual visits or communications with our health care professional partners; providing advice about your health; and connecting you with resources and other services.
We make every effort to ensure the security of your personal data.
How do we ensure the respect of children's privacy? Withings' Products and Services are made for the general public. Withings does not collect information from children under the age of 16 without the prior consent of their parents or legal guardians.
How do we ensure the quality of your data? We recommend you to regularly log on your Withings account and confirm that your personal data are accurate and up-to-date. If you have a doubt on the accuracy of data, please inform us and we will implement means to correct or erase inaccurate data.
What action do we take to protect your personal data? The protection of your privacy and security is crucial in the way we create and supply our Products and Services. We apply our Policy through a selection of appropriate activities such as the proactive management of risks and the Privacy Guide. We take appropriate measures to guarantee online safety, physical safety, remove risks of data loss. We limit the access to our database to employees that have a justified need to access this information.
What are your rights? You can unsubscribe from marketing and ask that we stop processing your data for marketing means. We will still be able to send you security critical alerts. You also have a right of access, rectification and erasure on each of your personal data. We can help you access or suppress your personal data via your account or customer support department. You will find the procedures for exercising the right to the portability of your data in our Help Center, in the section "Import and export of data". If you wish to exercise your rights before Withings or object to a processing operation carried out by Withings, the requests must be sent to Withings, 2 rue Maurice Hartmann, 92130 Issy-les-Moulineaux, France, to the attention of our Personal Data Protection Officer, or by e-mail to email@example.com with proof of identity. In the event that you exercise your rights before our company, Withings will provide a copy of the personal data being processed and may require payment of a reasonable fee based on administrative costs for any excessive request from the user.
Complaint before the CNIL. In the event of a dispute, you also have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) whose registered office is located at 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 7.
Modification of the present Policy. Withings may modify the present Policy with or without previous notice, block the access to the website, or change its access conditions. However, if the present Policy had to be largely modified, Withings would publish a notice on this page and its header to inform web users for a period of 30 days. We recommend you to frequently visit the present Policy in order to ensure that you are aware of any modification.
In order for you to use our Products and Services, your data is stored until you request its deletion.
If you wish to delete your data and your account, please refer to our dedicated page accessible here.
In the event of a deletion request, all your data will be permanently deleted within 30 days of your request.
However, if you have deleted your Withings account and wish to use our Products and Services again, simply create a new account.
Updated on 27 Oct 2021.