Get the latest news!

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

Privacy policy

LAST UPDATED:  10/04/2023

Circular and its subsidiaries and affiliates, (collectively, “we”, “our” or “us”) respect the privacy of our participants (“you” or “user”). This Privacy Policy (“Policy”) describes how we collect and further process personal Information we collect from or about you in connection with your participation in the Circular surveys and/or the Circular mobile application and/or Circular wearables and connected websites at https://circular.xyz, (“Circular”). It also tells you about your rights and choices with respect to your Personal Information, and how you can contact us if you have any questions or concerns.

Please read this Policy carefully. If you do not agree with this Policy or any part thereof, you should not access or use any part of Circular, or otherwise
provide us with your Personal Information.

SECURITY AUDITS

In an effort to always have the most secure infrastructures and services as possible, Circular has missioned auditors to establish security reports between July of 2021 and January of 2022. These third parties are expert providers for application security and penetration testing services. WiLDSECOPS SAS performed a whitebox assessment and code review against the Circular Backend API and the Circular Ring Firmware to identify any weaknesses. To this day, all concerns have been corrected and no other weakness has been reported..

WSO reviewed the components of the “Circular Backend '' which are involved in handling authentication of the user, user registration; ring registration, upload of ring data as they are considered sensitive. Additionally the data uploaded by the ring is considered health information and may be subject to HIPAA regulation.

All missioned subcontractors are contractually obligated to align with the same rules and regulations and in particular with GDPR compliance as WSO and Circular are also required to.

Circular has also passed CASA tier 2 certification.

1 - PERSONAL INFORMATION WE COLLECT

In this Policy, “Personal Information” means any information related to an identified or identifiable individual and does not include data whereby personally identifiable information has been removed (such as anonymous data).

We collect Personal Information from you through your interaction with Circular. We collect Personal Information about you from different sources listed below.

We collect the following Personal Information when you complete Circular surveys (“Survey Information”):

Registration information. When you fill Circular surveys, you provide us with Personal Information, such as your name, email address, telephone number, country, postcode, your date of birth, your gender and information about your mobile device and fitness wearables.

Survey responses. You provide us with health-related Personal Information when you complete Circular surveys such as information relating to your diet, smoking, drinking, fitness regime, height and weight, and possible health-related or medical information.

We collect the following Personal Information as part of your further interaction with Circular (“Circular Information”):

Information Collected from you:

Registration information. When you register for Circular, you provide us with Personal Information, including contact information such as your name, email address, telephone number and home address, and basic profile information such as demographic information including date of birth, sex, device information, username and password.

Onboarding information. When you complete your Onboarding in Circular apps, you provide us with Personal Information, including health-related information such as your lifestyle, diet, smoking, drinking, fitness regime, height and weight, and other possible health-related information.

Location Data. On an ongoing basis we will, with your consent, collect your location based on your GPS. You can turn off this function at any time in your device settings.

Health data. On an ongoing basis you provide us with information, relating to your health, lifestyle and fitness via your profile on Circular, including exercise regime, health, lifestyle and wellbeing updates, diet, calorie intake, sleep patterns, body metrics and goals.

Correspondence and other communications. When you communicate with us via Circular's website, email, chat or otherwise, you provide us with Personal Information, such as your name, email address, telephone number and the contents and nature of your correspondence with us, including complaints, queries and feedback on your use of the survey.

Identifiers and usage. When you use Circular, we will automatically collect your IP address, advertising identifiers, engagement metrics and potentially non-personal information about your device including model, version and operating system.

Transaction information. When you pay for products or services on Circular, we collect information on the purchases you have made, including details of payments made, products or services purchased and the timings of such payments.

Information Collected from Other Sources

Information from third party services. When you choose to connect Circular with a third-party health and fitness related application, including Apple Health kit, Google Fit or Health Connect, we will receive additional health and lifestyle data from the third-party providers of those services to provide or improve the application’s use case or features.

Information from third party payment processors. We obtain Personal Information about you from the third parties we work with to process your payments via Circular, such as our payment processors Stripe, Apple App Store Payments or Google Pay. This information includes purchase details, username and transaction amount.

Medical records. When you choose to provide us with access to some or all of your medical records as part of Circular, we obtain these records directly from your medical practitioner or from a third-party partner. However, we do not share Personal Information with these third parties and your sample is only connected to an anonymous order number in their database.

We also collect, use and share aggregated data such as statistical or demographic data for our purposes. Aggregated data may be derived from your Personal Information but is not Personal Information as this data will not directly or indirectly reveal your identity. For example, we may aggregate data about your use of Circular to calculate the percentage of users accessing a specific feature. However, if we combine or connect aggregated data with your Personal Information so that it can directly or indirectly identify you, we will treat the combined data as Personal Information which will be used in accordance with this Policy.

2 - HOW WE USE PERSONAL INFORMATION

We will use your Personal Information for one or more of the following purposes:

Registering to use Circular. We use your Personal Information to perform our contractual obligation towards you to allow you to create an account. The Personal Information we process when doing so includes your registration information.

Analyzing your data. We use your Personal Information, with your explicit consent, on an ongoing basis, assess health status, which may include the use of machine learning. To do this we use your onboarding Information, wearables tracked metrics as well as Circular Information including health data journal, periodic survey responses, medical records and information from third party app, devices and wearables.

Providing wellness recommendation. We use your Personal Information, with your explicit consent, on an ongoing basis, assess health status, which may include the use of machine learning. To do this we use your onboarding Information, wearables tracked metrics as well as Circular Information including health data journal, periodic survey responses, medical records and information from third party app, devices and wearables.

The use of information received from Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements.

Allowing you to make purchases in Circular. We use your Personal Information to perform our contractual obligation towards you to allow you to purchase content within Circular and to maintain a record of such purchases.The Personal Information we process when doing so includes your registration, contact and transaction information.

Improving Circular. We use your Circular Information, with your explicit consent, as part of Circular to analyze the efficacy of Circular and to improve the machine learning models. For this purpose, we use all of the Personal Information set out above as part of Circular.

Providing you with support and to respond to your requests and complaints, and to otherwise communicate with you. If you reach out to us for support regarding Circular, we will perform our contractual obligation towards you by using your Personal Information to respond and resolve your queries and facilitate support. It is also in our legitimate interests to otherwise communicate with you regarding your participation in Circular, and to alert you to information regarding your account and purchases, and to provide you with reminders and updates on your participation. We will communicate with you via phone, email, text message, push notification and/or the Circular website and mobile app. The Personal Information we process when doing so includes your correspondence with us, your name, contact details, device information and, to the extent applicable to your query or complaint, or our communication, usage and interaction information.

Improving or monitoring usage of Circular. It is in our legitimate interests to ensure the efficient operation of Circular, which includes conducting troubleshooting, testing and research and to keep Circular secure. When doing so we may use Personal Information that we automatically collect about you, such as identifiers, information on use and location data.

Monitoring and analyzing trends and use of Circular. It is in our legitimate interests to analyze the use of Circular. When doing so, we will process Personal Information that we automatically collect about you or that is generated about you when you use Circular.

Enforcing the Circular Terms of Service, complying with legal obligations and defending Circular against legal claims or disputes. It is in our legitimate interests to enforce our terms and policies, to ensure the integrity of Circular and to defend ourselves against legal claims or disputes. Where we do so, we will use the Personal Information relevant to such a case. Some processing may also be necessary to comply with a legal obligation placed on us.

3 - WHO WE SHARE YOUR INFORMATION WITH

We disclose Personal Information about you with the following recipients and in the following circumstances:

We rely on vendors and service providers for Circular, such as:

Cloud service providers who we rely on for data storage, disaster recovery and to provide Circular, such as Amazon Web Services located in the Paris region (France);

Cloud service providers providing cloud-based offerings that will be hosted and implemented by Circular;

Analytics providers who help us to understand our user base and how Circular is used, such as Google Analytics.

Integration providers as fitness and health applications or devices you choose to integrate.You may integrate third party applications and devices with Circular who will share data with us to track your fitness and health activity, including Apple Health kit or Google fit or Health Connect. We share certain integration information with these third parties, including username, device information and ID.

Circular’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Health data can only be transferred to third parties to provide or improve the application’s use case or features. Data won't be used for any other purpose, including transfer to advertising platforms, data brokers, or information resellers.

Providers of online communication functionality, who we use to facilitate our Circular surveys and other periodic surveys as part of Circular, and to otherwise communicate with you including Typeform located in Europe and the US, and Klaviyo located in the US.

Pursuant to Art. 6 par. 1 lit. a DSGVO that your personal data (surname and first name, telephone number, messenger ID, IP address, profile picture as well as the message history) are stored, processed and used in the context of the use of the respective WhatsApp, SMS or Messenger service in order to transmit messages. An active account with the respective provider is required to use the messenger service. Circular uses chatarmin.com GmbH, A-3400 Klosterneuburg, as a technical service provider and order processor to provide WhatsApp, SMS or Messenger services. Your consent to the processing of your personal data can always be freely revoked; a corresponding notification to the website or Chatarmin is sufficient for this purpose. Further information can be found in the respective privacy policies of the website and the messenger services of chatarmin.com GmbH.

Payment processors. We use payment processors such as Stripe, Shopify, Paypal (on web) and Apple App Store Payments and Google Pay (on your mobile device) in order to receive payment for the use of Circular.

We also use Klarna for differed payment options on our website. In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.

The Circular group. We share Personal Information about you with our branches and subsidiaries within the Circular group.

Legal. Information about our users, including Personal Information, will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or our safety, or the safety of our users, a third party, or the public.

Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale or other transaction, we may disclose your Personal Information as part of that transaction.

4 - YOUR RIGHTS AND CHOICES

If you are located in Europe, in certain circumstances, you have the following rights in relation to your Personal Information that we hold.

Withdrawal of consent.   Where we rely on consent for the processing of our Personal Information, you have the right to withdraw your consent at any time:

If you wish to withdraw your consent for the processing of your health data, please email us at support@circular.xyz.

If you wish to withdraw your consent for the sharing of your health data by integrated third party applications, you can do so in the settings of your app.

Access. You have the right to access the Personal Information we hold about you, and to receive an explanation of how we use it and who we share it with.

Correction. You have the right to correct any Personal Information we hold about you that is inaccurate or incomplete.

Erasure. You have the right to request your Personal Information be erased or deleted.

Object to processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest or if we are processing your Personal Information for direct marketing purposes.

Restrict processing. You have a right in certain circumstances to stop us processing your Personal Information other than for storage purposes.

Portability. You have the right to receive, in a structured, commonly used and machine-readable format, Personal Information that you have provided to us if we process it on the basis of our contract with you, or with your consent, or to request that we transfer such Personal Information to a third party. 

Please note that, prior to any response to the exercise of such rights, we will require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. For more information on or to exercise your rights, please email support@circular.xyz.

5 - CROSS-BORDER DATA TRANSFERS

We may transfer your Personal Information outside of the country where you are located and the European Economic Area, including to the US and the UK.Regardless of where your Personal Information is transferred, we shall ensure that relevant safeguards are in place to afford adequate protection for your Personal Information. Further details regarding the relevant safeguards can be obtained from us on request.

6 - CHILDREN’S PRIVACY

Neither the Circular surveys, or any aspect of Circular are directed to children, and we do not knowingly collect Personal Information from anyone under the age of 18. If you learn that a child has provided us with Personal Information in violation of this Policy, please contact us as indicated below.

7 - DATA RETENTION

We store all Personal Information for as long as necessary to fulfil the purposes set out in this Policy, or for as long as we are required to do so bylaw or in order to comply with regulatory obligation.

When deleting Personal Information, we will take measures to render such Personal Information irrecoverable or irreproducible, and the electronic files which contain Personal Information will be permanently deleted. Alternatively, we ensure that it is only kept by us in an anonymized form.

8 - DATA SECURITY AND PROTECTION

We use certain physical, managerial, and technical safeguards that are designed to improve the integrity and security of Personal Information that we collect and maintain.

At Circular, we take the protection of sensitive data seriously. We employ data protection mechanisms, including anonymization, to safeguard all sensitive information collected and stored on our platform. Your data is anonymized both in transit and at rest, ensuring that it remains confidential and secure.

Our commitment to the security and privacy of your sensitive data is unwavering, and we continually invest to maintain the integrity of your information.

However, the transfer of Personal Information through the internet will carry its own inherent risks and we do not guarantee the security of your data transmitted through the internet. You make any such transfer at your own risk.

Circular may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such websites or services and is subject to those operators’ policies governing privacy and security, even if accessed via Circular. We are not responsible for the content or privacy and security practices and policies of third parties to which links or access are provided through Circular. We encourage you to learn about third parties’ privacy and security policies before providing them with your Personal Information.

9 - CHANGES TO THIS POLICY

We will notify you of any material changes so that you have time to review the changes. 

10 - COMPLAINTS

If you wish to lodge a complaint about how we process your Personal Information, please contact us at support@circular.xyz. We will endeavor to respond to your complaint as soon as possible. You may also lodge a claim with the Information Commissioner’s Office in France or the data protection supervisory authority in the EU country in which you live or work, where you believe we have infringed data protection laws.

11 - OUR CONTACT INFORMATION

Circular is the entity responsible for the processing of your Personal Information, and for the purpose of the European Union’s General Data Protection Regulation, is the data controller in respect of the processing of your Personal Information. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact us by email at support@circular.xyz.