Last Updated on November 10, 2019
Please note that certain measurement data collected via the online service may be regarded as health related data under data protection laws in certain jurisdictions.
Hence, privacy matters.
At a high level, our approach to privacy is to leverage anonymized data where research outcomes are in the best interests of clients, but employ all efforts to safeguard personal information by using:
- https://www.cloudflare.com/ as a dedicated network security platform (Refer https://www.cloudflare.com/compliance/)
- https://auth0.com/ as a dedicated authentication & authorization platform (Refer https://auth0.com/security/)
- Microsoft Azure as a dedicated hosting platform (Refer https://docs.microsoft.com/en-us/azure/security/)
- Continuous improvement and all means available to avoid the risk of personal data being used against the best interests of clients
About this policy
- What personal data we collect when you use the Service
- How we store and process your data
- Your legal rights and how to exercise them
Our principles of data protection
Our approach to data protection is built around four key principles. They’re at the heart of everything we do relating to personal data.
Transparency: We take a human approach to how we process personal data by being open, honest and transparent.
Enablement: We enable connections and efficient use of personal data to empower productivity and growth.
Security: We champion industry leading approaches to securing the personal data entrusted to us.
Stewardship: We accept the responsibility that comes with processing personal data.
How does the Service Work?
The Service collects profile and symptom information in a cloud service and combines it with your wearables data (presently Oura and Omegawave) to calculate your interventions.
What Personal Data do we Process?
When registering an account on the online service or during your use of it, we process your e-mail address.
The Service tracks a further collection of profile, presentation and symptom information.
We also track and generate certain usage related and technical data:
- IP address and high-level location
- Metadata regarding online service use
Based on your inserted data and measurement data, the online service may calculate a variety of parameters.
This information is used to produce evaluation data regarding the quality of your sleep and performance.
Some of the data is received directly from you in connection with your registration and questionnaires.
Measurement data is collected automatically via the tracking functions of wearables e.g. Oura and Omegawave.
Data is also produced by combining the data listed above and calculating intervention data regarding quality of sleep, recovery and activity.
How we use your data
First and foremost, we use your personal data to operate our websites and provide you with any services you’ve requested, and to manage our relationship with you. We also use your personal data for other purposes, which may include the following:
To communicate with you. This may include:
- providing you with information you’ve requested from us (like training or education materials) or information we are required to send to you
- operational communications, like changes to our websites and services, security updates, or assistance with using our websites and services
- marketing communications (about the Service or another product or service we think you might be interested in) in accordance with your marketing preferences
- asking you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with)
To support you: This may include assisting with the resolution of technical support issues or other issues relating to the websites or services, whether by email, in-app support or otherwise.
To enhance our websites and services and develop new ones: For example, by tracking and monitoring your use of websites and services so we can keep improving, or by carrying out technical analysis of our websites and services so that we can optimize your user experience and provide you with more efficient tools.
To market to you: In addition to sending you marketing communications, we may also use your personal data to display targeted advertising to you online – through our own websites and services or through third party websites and their platforms.
To analyse, aggregate and report: We may use the personal data we collect about you and other users of our websites and services (whether obtained directly or from third parties) to produce aggregated and anonymized analytics and reports, which we may share publicly or with third parties.
Data transfers to countries
The Service stores the Users’ personal data primarily within Microsoft Azure in the US.
However, we may transfer personal data to, or access it in, jurisdictions outside the US or the User’s domicile.
We will take steps to ensure that the Users’ personal data receives an adequate level of protection in the jurisdictions in which it is processed.
Sharing your personal data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- other companies in the Service group of companies
- third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
- an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
- other people where we have your consent.
We may aggregate and anonymize data collected via the online service. Such data will be anonymous and cannot be connected to an individual User, therefore no longer qualifying as personal data. We may use this type of anonymous data for analytics, statistics, research, communications and PR purposes as well as for trend detection and for benchmark data.
HOW LONG DO WE KEEP YOUR DATA?
The Service does not store personal data longer than is legally permitted and necessary for the purposes specified above. The storage period generally depends on the duration an account lifecycle, unless data has been deleted upon request.
Backups are deleted as soon as reasonably possible, typically within 6 months.
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to [email protected].
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it
- object to our continued processing of your personal data
You can exercise these rights at any time by sending an email to [email protected].
If you’re not happy with how we are processing your personal data, please let us know by sending an email to [email protected]. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
Direct marketing and push notifications
Notwithstanding any consent granted beforehand for the purposes of direct marketing, you have the right to prohibit us from using your personal data for direct marketing purposes by contacting us or by using the unsubscribe possibility offered in connection with our newsletter.
We will ask your explicit consent if we wish to send you push notifications or to use any health related data for marketing purposes.
Data of Children
We do not knowingly process data of anyone under the age of 20. Please note that according to our terms and conditions we reserve the right to delete accounts of children.
Safeguarding your data
We do our best to keep your data safe and secure.
We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data.
We will take all reasonable precautions to ensure that our staff and employees who have been specifically granted access to information about you have received adequate training to ensure that they process that information only in accordance with this policy and with our obligations under applicable legislations.
Should despite the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.
Social media and public forums
The application may enable you to publish certain information from your application related to your Service experience or sleep data on social media sites such as Facebook, Instagram and Twitter, online blogs and forums.
Please think carefully before deciding what information you share, in connection with your User Content. Please note that we do not control who will have access to the information that you choose to make public in such forums, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on social media, online blogs or public forums – or what others do with information you share.
Lodging a complaint
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged via email [email protected].