Thank you for choosing COROS! The protection of personal data is important to us. We process personal data only in accordance with the applicable data protection requirements, including the EU General Data Protection Regulation (“GDPR”). In this Data Protection Information, you will find all information about the processing of your personal data in connection with your use of our websites, COROS watches, COROS helmets, COROS PODs and COROS app. Furthermore, you will find information on your data protection rights.
COROS Wearables, Inc.
Address: 41 Corporate Park Suite 205, Irvine, CA 92606, USA
Email: support@coros.com
Phone: +1 (855) 934-4411
Alec Duffield
Address: De Oude Veiling 79M, 1689 AD Zwaag, Netherlands
Email: support@coros.com
Phone: +1 (855) 934-4411
David Song
Address: 3 Peters Canyon Road Suite 100, Irvine, CA 92606, USA
Email: support@coros.com
Phone: +1 (855) 934-4411
When you visit our website, we process your personal data in order to provide you with the contents of our website, to safeguard the security of our IT infrastructure, and to send you our newsletter if you have signed up for it. We also use third-party plug-ins on our website.
You can find more detailed information about this below:
When you visit our website, data is temporarily processed on our web server in order to provide you with the requested content of the website.
For this purpose, we process HTTP Data.
The legal basis of the processing is our legitimate interest (Art. 6(1)(1)(f) GDPR). Our legitimate interest is the provision of the content of the website accessed by you.
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider.
When you visit our website, we temporarily store data in log files on our web server and evaluate them to ensure the security of the IT infrastructure used to provide the website, in particular to detect, eliminate and document faults (e.g. DDoS attacks) in an evidential manner.
For this purpose, we process HTTP Data.
The legal basis of the processing is our legitimate interest (Art. 6(1)(1)(f) DS-GVO). Our legitimate interest is to ensure the security of the IT infrastructure used for the provision of the website, in particular for the detection, elimination and evidentiary documentation of faults (e.g. DDoS attacks).
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider.
Third-party provider plug-ins are embedded in the website, allowing you to use functions on the website offered by third-party providers. The plug-ins are embedded in the website via a 2-click solution. With this solution, the relevant plug-in is not enabled directly when the website is accessed, but only once you click on the activation button provided for the relevant plug-in.
If you enable a third-party provider plug-in, you will use a function offered by the provider of that plug-in under their own responsibility, which is only visually embedded in our website. When you enable a plug-in, the provider of that plug-in may receive personal data from you. When you enable the plug-in, the provider of that plug-in may also use cookies.
We use the plug-in for the YouTube Player provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; for the store locator, we use the plug-in provided by Store Locator Widgets Technology, 270 Biscayne Blvd Way, Miami, FL 33131, USA; for map downloads, we use the plug-in provided by OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom.
If you request our newsletter and provide us with your email address, we will process your personal data to send you our newsletter.
For this purpose, we will process your Contact Data.
The legal basis of the processing is the consent given by you (Art. 6(1)(1)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@COROS.com.
As part of the processing, we transfer your data to the following categories of recipients: Email Service Provider.
Upon receiving your consent, we will use web analytics technologies on our website. This allows us to collect and evaluate information about your activities on our website. For this purpose, we create a profile that we assign to your device. When you visit our website again, we can recognize your device. The information obtained is used to improve our website and for other aims (e.g. improving our visibility on the internet). Moreover, we analyze our sales performance by processing personal data to understand how customers reach our website and what products they buy.
Below you will find more detailed information about this:
Upon receiving your consent, we will collect information about your use of our website by means of web analysis tools and store information in a profile related to you. This allows us to improve our website and pursue the aims of our website. In order to be able to assign this information to your device, we assign a unique ID to your device, which is linked to your profile. The data we collect is stored in cookies on your device and will be accessed by us when you visit our website. During your visit to our website, we can recognize your device based on the ID assigned to your device.
We use the web analysis tool “Google Analytics” to generate and store your web analysis profile. This includes information about your use of our website, in particular page views, frequency of page views and dwell time on accessed pages as well as the unique ID assigned to your device. The aim of the analysis is to investigate where the users of our website are from, which areas of our website they visit and how often and for how long they look at each page.
For this purpose, we process Web Analytics HTTP Data, Web Analytics Device Data and Web Analysis Profile Data. Your IP address is anonymized before storage. To document your consent, we store a unique ID assigned to you for the duration of your consent.
The legal basis of the processing is the consent given by you (Art. 6(1)(1)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@COROS.com.
As part of the processing, we transfer your data to the following categories of recipients: Web Analysis Tool Provider.
Upon receiving your consent, we will use the Facebook pixel. Cookies provided by Facebook are used for this purpose. The Facebook pixel enables Facebook to collect information about the activities of users of our website. The information gained is used to evaluate the effectiveness of our Facebook ads and to form target audiences for our Facebook ads. In addition, Facebook may use the information for its own purposes or for the purposes of third parties, for example for creating target groups for other advertisement clients.
Based on the information collected by the Facebook pixel, Facebook provides us with aggregated, anonymized measurement results for our ads. In particular, this tells us whether users who receive our Facebook advertisements perform certain actions on our website, such as making a purchase ("conversions"). In addition, Facebook will allow us to reach people who have visited our website or performed a specific action on our website on the basis of information collected by Facebook, again via Facebook, and to optimize our types of target groups ("audiences"). In addition, Facebook enables us to create similar target groups ("lookalike audiences") for us based on the information collected by Facebook in order to reach people with our Facebook advertisements who have similar characteristics to the users of our website.
Facebook provides us with evaluations or further information based on the collected data only in aggregated, anonymous form. We cannot associate the information provided to us with any natural person. Facebook is responsible for the collection and processing of personal data. We have no knowledge of the details of the processing of data in Facebook's area of responsibility. For information about Facebook's processing of personal information, please see Facebook's Privacy Policy: https://www.facebook.com/about/privacy/.
For this purpose, we process Pixel HTTP Data, Pixel Device Data, Pixel Event Data and Pixel Analysis Data.
The legal basis of the processing is the consent given by you (Art. 6(1)(1)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@COROS.com.
As part of the processing, we transfer your data to the following categories of recipients: Pixel Service Provider.
Upon receiving your consent, we collect information about your purchase by means of product sales tracking tools. This allows us to improve our product presentation and customer journey. In order to be able to assign this information to your device, we assign a unique ID to your device. The data we collect is stored in cookies on your device and will be accessed by us when you visit our website. During your visit to our online shop, we can recognize your device based on the ID assigned to your device.
We use the sales tracking tool “refersion” to generate such data. This includes information about how you reached our online shop as well as the unique ID assigned to your device. The aim of the analysis is to investigate where the users of our online shop come from and what they buy.
For this purpose, we process Sales Performance HTTP Data and Sales Performance Device Data. Your IP address is anonymized before storage. To document your consent, we store a unique ID assigned to you for the duration of your consent.
The legal basis of the processing is the consent given by you (Art. 6(1)(1)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@COROS.com.
As part of the processing, we transfer your data to the following categories of recipients: Sales Performance Tool Provider.
When you purchase a COROS product online, we use cookies to provide you with the shopping cart function. Moreover, we process your data to process your purchase, if necessary, to process your rescission of the purchase agreement in the event of a revocation or other reasons for withdrawal and to provide you with after-sales services. Moreover, we process your personal data if you send us product reviews.
We process your data for the purpose of providing you with the shopping cart function from strictly necessary cookies on our web services.
For this purpose, we process Shopping Cart Data and Shopping Cart Device Data.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
As part of the processing, we transfer your data to the following categories of recipients: Online Shop Tool Provider.
When you purchase product(s) from our website we process your data to fulfill our obligations under the purchase agreement, in particular to process your payment and for the shipping of the product(s). Furthermore, we will process data to send you transaction emails to inform you of the status of your order.
For this purpose, we process Order Data, Payment Data, Shopping Cart Data, Contact Data and Transaction Email Data.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
As part of the processing, we transfer your data to the following categories of recipients: Online Shop Tool Provider and Payment Service Provider.
If you withdraw from the purchase agreement with us we process your data to refund you the purchase price using the same payment method that you used for the payment of the purchase price. Furthermore, we will process your data to send you transaction emails to inform you of the refund process.
For this purpose, we process Order Data, Payment Data, Shopping Cart Data, Contract Data, Contact Data and Transaction Email Data.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider, your local store and Payment Service Provider.
We process your data to provide you with after-sales services, in particular to provide you with warranty services through our local agents.
For this purpose, we process Contact Data, Order Data and Contract Data.
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider and Your local store agent.
If you provide us with a review of a COROS product, we process your data to display your product review on your website.
For this purpose, we process Contact Data and Review Data.
The legal basis of the processing is our legitimate interest (Art. 6(1)(1)(f) DS-GVO). Our legitimate interest is to use your product review for advertisement purposes.
As part of the processing, we transfer your data to the following categories of recipients: Product Review Tool.
When you have concluded a contract with us, we process your data for the performance of the contract, to send you advertisements via email and if you contact our customer support.
We process our data to perform your contract with us with regard to any products you bought (e.g. the COROS watch, COROS helmet and COROS pod) and services you use (e.g. COROS App) for accounting purposes and in the event you assert any warranty claims.
For this purpose, we process Order Data and Contract Data.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider.
If you gave us your email address when you ordered a COROS product or service, we will use your email address to send you advertisements for our own similar goods and services. When we collected your email address, we clearly informed you that you can object to the use of your email address for advertising purposes at any time without incurring any costs other than the transmission costs according to the basic rates. In addition, we will inform you of your right to object in every email we send you for this purpose and give you a simple way to object to the further use of your email address for this purpose.
For this purpose, we process Contact Data and Contract Data.
The legal basis of the processing is our legitimate interest (Art. 6(1)(1)(f) DS-GVO). Our legitimate interest is to advertise our own similar products to our customers. You can object to this processing at any time.
As part of the processing, we transfer your data to the following categories of recipients: Email Service Provider.
When you contact our customer support we process your data to handle your inquiry, in particular to clarify any questions you might have about our products and services. If this is necessary to solve your inquiry COROS’s engineers will access the data that is relevant for your inquiry.
For this purpose, we process Contact Data, Contract Data, Log-In Data, End Device Data, Account Data, Health Data, Health Status Data, Training Data and Communication Data.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR) and, regarding access to health data, your explicit consent (Art. 6(1)(1)(a), 9(2)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@coros.com.
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider, Group Companies and Customer Support Tool Provider.
When you use our app and COROS wearables, we process your data (including health data) to install the app, to create a user account, to select the services that are available at your location, to pair your COROS wearables with the app, to provide you with daily insights, to provide analyses of your training performance, to process your feedback on system errors and to provide you with assessments on your health and fitness status. Furthermore, you may choose to share your data with your coach or third party platforms. If you save an emergency contact, we will contact him or her in an emergency.
When you install the COROS app on your device we will process your data to ensure the compatibility of the software with your device. In addition, we will identify the country/region you are in when you install the COROS app.
For this purpose, we process End Device Data.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider.
When you use our COROS app we will ask you to create a user account. In particular, we will ask you to choose login information and provide general information about yourself, and we will verify the email address you provide to us. The user account is necessary to use all functionalities of your COROS watch, COROS helmet and COROS pod. Furthermore, you may give us access to your end device’s camera and photos/images stored therein to choose a photo/images for your COROS user account. You may also use your WeChat or Facebook user account to create a user account with COROS.
For this purpose, we process Log-In Data, End Device Data, Account Data and photos/images (if you granted us access).
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
As part of the processing, we transfer your data to the following categories of recipients: Social Network Provider.
After you have installed the COROS app and created a user account we process your data to identify the country/region you were in when you installed the COROS app to provide you with the services available in that country.
For this purpose, we process Localization Data.
The legal basis of the processing is our legitimate interest (Art. 6(1)(1)(f) DS-GVO). Our legitimate interest is to offer you selected services based on your location.
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider.
If you want to track your training and make full use of our services you will have to pair your COROS watch, COROS pod and/or COROS helmet with the COROS app. To pair your device you will have to either enable the Bluetooth function on your end device to transmit the COROS Device ID or enable your camera on your end device and scan the QR code on the COROS devices.
For this purpose, we process the COROS Device ID.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider.
Upon receiving your consent, sensors on the COROS wearables collect data on your physical health and environment. The algorithm in the COROS wearables processes the data and the COROS wearables transmit such data via Bluetooth to the COROS app. The COROS app will upload the data to the COROS servers via an internet connection. We will process a limited set of data to provide you with daily insights into your body and health.
For this purpose, we process Training Data and Health Data.
The legal basis of the processing is your explicit consent (Art. 6(1)(1)(a), 9(2)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@coros.com.
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider.
When you do sports or any other exercises you may start the training performance tracking. Then, sensors in your COROS wearable will collect data on your training and we will process such data to provide you with training performance analyses. Specifically, during your exercise, we will process your location data and automatically generate a sporting trail thumbnail image (if it is applicable for your exercise), and upload the sporting trail thumbnail image to the COROS servers so that your movement path during your exercise can be displayed simultaneously on your exercise summary page within the COROS app.
For this purpose, we process Health Status Data, Training Data, Health Data and Location Data.
The legal basis of the processing is your explicit consent (Art. 6(1)(1)(a), 9(2)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@coros.com.
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider and Third Party Platforms Provider (if you have consented to the transfer).
We will collect and use your device information, images/videos uploaded by yourself about the system errors, and app logs for diagnostic and troubleshooting purposes to improve our services. If you provide your email address along with your feedback we may contact you for further information.
For this purpose, we process End Device Characteristics, App Log File Data and Contact Data, and photos/images/videos uploaded by yourself (if you granted us access).
The legal basis of the processing is the consent given by you (Art. 6(1)(1)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@coros.com.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR) and, regarding access to health data and the transfer of personal data to the country or region where the after-sales engineer is located, your consent (Art. 6(1)(1)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@coros.com.
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider and Group Companies.
Upon receiving your consent, we collect information on your physical fitness and analyze such data and your training records to provide you with assessments of your health and fitness status.
For this purpose, we process Health Status Data, Training Data and Health Data.
The legal basis of the processing is your explicit consent (Art. 6(1)(1)(a), 9(2)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@coros.com.
As part of the processing, we transfer your data to the following categories of recipients: Hosting Provider.
COROS may certify coaches. Such coaches will be granted a coach account on the COROS platform and may invite you to join a training group. You may share your training records with such coaches.
For this purpose, we process Training Data, Health Data and Location Data.
The legal basis of the processing is your explicit consent (Art. 6(1)(1)(a), 9(2)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@coros.com.
As part of the processing, we transfer your data to the following categories of recipients: Your coach and Third Party Platform Provider.
Upon receiving your consent, we will transmit your training records to third-party platforms as chosen by you.
For this purpose, we process Training Data, Health Data and Location Data.
The legal basis of the processing is your explicit consent (Art. 6(1)(1)(a), 9(2)(a) GDPR). You may revoke your consent at any time, e.g. by email to support@coros.com.
As part of the processing, we transfer your data to the following categories of recipients: Third Party Platform Data Provider.
You may save an emergency contact in your account. If you use the COROS helmet and the helmet detects an emergency we will send an SMS to your emergency contact. We will inform your emergency contact that you have had an emergency and tell them your location.
For this purpose, we process Emergency Contact Data and Location Data.
The legal basis of the processing is the performance of a contract to which you are a party or taking steps at your request prior to entering into a contract (Art. 6(1)(1)(b) GDPR).
As part of the processing, we transfer your data to the following categories of recipients: Your emergency contact and Hosting Provider.
When you login to and use the COROS Training Hub, you may check Data Protection Information for COROS Training Hub for more details regarding how we process your personal data (including health data) additionally to the purposes listed above in order to provide the Training Hub services.
You are not obliged to provide your data. Provision is neither legally nor contractually required. However, if you do not provide the data, you may not be able to use all of our services. Providing data which is marked as mandatory data in our online shop checkout process is required to enter into a contract via our online shop.
While we strongly recommend that users use the app with an internet connection because certain features and functions are delivered via the internet, COROS watches can be used without pairing with the COROS app. The COROS app and watch can also be used without any internet connection for a limited duration such as a hiking trip due to the lack of cellular services. In that case, the data will be synced from the watch and saved on the user’s phone.
We do not use automated decision-making, including profiling, on the basis of your personal data in accordance with Art. 22(1) and (4) of the GDPR.
COROS products and services are provided worldwide. To offer our products, apps, and services, we may need to transfer your personal data to COROS Group Companies (see definition below), to perform processing activities such as those described in this Privacy Policy in connection with your use of COROS products and services.
For customers residing in a country in the European Economic Area ("EEA") and United Kingdom ("U.K."), your personal data that we collect from you will be collected and stored on servers in the EEA. For customers outside of EEA, U.K, and China, your personal data that we collect from you will be collected and stored on servers in the U.S.
Personal data relating to individuals in the EEA and the U.K. are controlled by COROS Wearables, Inc. Upon receiving your explicit consent (cf. Art. 49(1)(1)(a) GDPR), we will transfer personal data to countries where our Group Companies locate outside the EU that may not provide for an adequate level of data protection to provide with you customer support upon your request. This entails the risk that personal data may also be accessed and processed for the purposes of authorities and/or third parties without your knowledge and that there may be no efficient legal protection against such access and processing.
Please contact us if you want further information about how COROS transfers your personal data.
As a matter of principle, we store personal data only for as long as is necessary to achieve the above-mentioned purposes. Depending on the type of data, there may be statutory retention obligations that make it necessary to retain the data even if the actual processing purpose for which we collected the data has already been fulfilled. For documents relevant to commercial and tax law, statutory retention periods apply.
As a data subject, you have the right under Art. 21(1) GDPR to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms as a data subject, or for the assertion, exercise or defense of legal claims.
If personal data is processed for direct marketing purposes, you as the data subject have the right to object at any time pursuant to Art. 21(2) GDPR to processing of personal data concerning you for such marketing; this also applies to profiling insofar as it is related to such direct marketing.
In the event of an objection, we will no longer process the personal data for direct marketing purposes.
As a data subject, you also have the following rights in relation to the processing of your personal data:
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their own direct marketing purposes in the preceding calendar year. Please contact us to obtain this information. We do not share your personal information with third parties for those third parties’ direct marketing purposes.
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of information about them, as well as rights to know/access, delete, and limit disclosure of personal information. You have the right to be free from discrimination based on your exercise of your CCPA rights. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.
You have the right to receive notice of the categories of personal information we collect and the purposes for which we use personal information. The following table summarizes the categories of personal information we collect, the categories of sources of that information, and whether we disclose or sell that information to service providers or third parties, respectively. The categories we use to describe personal information are those enumerated in the CCPA. We collect this personal information for the purposes described under “How do we process your personal data?” above.
Category | Information Type | Source | We Disclose To: | We Sell To: |
Identifiers | - Contact information or personal characteristics - Social media handles | - You - Our social media pages - Third party subscription service providers | Service providers | Not sold |
Health Information | - Health information (heart rate, calories burned, steps taken, sleep information) | - You | Service providers | Not sold |
Financial Information | - Payment card data - Bank account information | - You | Service providers | Not sold |
Protected Classifications and Other Sensitive Data | - Date of Birth - Gender | - You | Service providers | Not sold |
Geolocation information | - Precise (information that describes location with more precision than ZIP code, e.g., GPS data) - Coarse (information that describes location at ZIP code-level or less precision) | - You - Our analytics and advertising partners | Service providers | Analytics and advertising partners (coarse location only) |
Internet or Electronic Network Activity Information | - IP address - Device identifier (e.g., MAC) - Unique identifiers (such as those assigned in cookies) | - You - Our analytics and advertising partners | Service providers | Analytics and advertising partners |
Commercial Information | - Transaction information - Billing and payment records - Order history | - You | Service providers | Not sold |
Professional or Employment-Related Information | - Current employer - Job title | - You | Service providers | Not sold |
Education Information | - Education history - Level of education | - You | Service providers | Not sold |
Entities to whom we disclose information for business purposes are service providers, which are companies that we engage to conduct activities on our behalf. We restrict service providers from using personal information for any purpose that is not related to our engagement.
Entities to whom we “sell” information are third parties. Under the CCPA, a business “sells” personal information when it discloses personal information to a company for monetary or other benefit. A company may be considered a third party either because we disclose personal information to the company for something other than an enumerated business purpose under California law, or because its contract does not restrict it from using personal information for purposes unrelated to the service it provides to us.
Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to third parties. Currently, we do not engage in such sales. If you are a Nevada resident and would like more information about our data sharing practices, please contact us.
The terms used in this Data Protection Information generally have the meaning used in the General Data Protection Regulation. In addition, we use other terms which are explained below: