Approved: 15 June 2021
Published: 15 June 2021
Will be reviewed: 1 June 2022
Personal data that Sidekick collects and how that data is used
1. Information you provide when you create an account
We receive certain information from you when you create a Sidekick account. To create an account, you have four different options:
1.1. Traditional login
You can choose to create a new account directly by registering information about your name, email and password. You may optionally choose to provide information about your height, weight, age and gender, as well as upload a photo of yourself.
1.2. Login with Facebook
You can choose to use Facebook to create an account. Through this method, we collect information about your name, birthday, email address, gender, profile image and friends who also use Sidekick.
1.3. Login with Google
You can choose to use Google to create an account. Using this process, we collect information about your name, email address, gender and profile image.
1.4. Login with Apple ID
You can choose to use Apple ID to create an account. Using this process, we collect information about your email address. You may optionally choose to provide information about your height, weight, age and gender, as well as upload a photo of yourself.
1.5. Recipients and data retention regarding account registration
We use the Google Cloud SQL service to store account registration information. Google’s role is limited to storing information on our behalf; Google does not use the information for any other reason and acts as data processor on behalf of Sidekick.
Please also note that when you create an account, other users will be able to see some of your information, such as your name and your profile picture.
We store your information until you a) delete your Sidekick account or b) have not logged any activity in the application for a period of two years. The deletion involves removal of all personally identifiable data and your account is thereby anonymised.
2. Information you provide when you use the application
When you use the application you can choose to share certain information, including information related to your health. For example:
2.1. Information about your diet
You can choose to share information relating to your diet, such as the goals you want to achieve, as well as information and photos relating to the food you have eaten. Sidekick uses this information to allow you as a user to keep track of your dietary habits and progress.
2.2. Information about your physical activity
You can choose to share information about your physical activity, such as information about your workouts, as well as your location while you exercise (e.g., to measure distance travelled on a run). Sidekick uses this information to allow you as a user to keep track of your exercise routine.
2.3. Information about how you reduce stress
You can choose to share information about how you reduce stress, such as minutes spent completing relaxation exercises in the application. Sidekick uses this information to allow you as a user to keep track of your stress and energy levels, as well as mindfulness activities.
2.4. Information about the tests that you take
You can choose to take various tests in the application, such as a personality test. The results, for example whether you are an introvert or an extrovert, are based on the answers you provide to the test. Sidekick processes your answers and results purely to allow you, as a user, to keep track of your test results.
2.5. Information about your vital signs
You can choose to share information related to your vital signs, such as your blood pressure, pulse, weight and blood test results. Sidekick uses this information to allow you as a user to log your vital signs and keep track of changes in these measurements over time.
2.6. Information about your interest in participating in a lifestyle program
As a user, you can use the application to indicate your interest in participating in a lifestyle program. Sidekick uses that information to identify which Sidekick services are likely to fit you best and send you an email with information about these services.
2.7. Information relating to your participation in a lifestyle program
If you choose to partake in a lifestyle program, Sidekick will ask you to answer questions which are tailored to that specific lifestyle program. These questions can for example relate to your body weight, difficulties of daily activities and your general well-being. Sidekick uses your answers to motivate you and suggest lifestyle changes, where appropriate.
Where the lifestyle program you are active in allows for it, you have the choice of partaking in a community within that program, for example by posting content, commenting on or liking others posts. The content you post then becomes visible to other users. Our only goal is to allow you to interact with other users and we do not use your information for any other reason.
2.8. Information about your use of the application
We also use the information, specified in sections 2.1 to 2.5, that you choose to share with us, to inform, entertain and provide you with relevant Sidekick services if you have given consent for this communication.
2.9. Information about how you use the application
To improve the user experience of the application, we also collect information on how you use the application.
2.10. Personal profiling
The above-mentioned information leads to personal profiling of users. The logic used is simple: if you log activities on a bike the SidekickHealth application is more likely to suggest cycling as an exercise for you, than for example walking/running. There are no automatic decisions (as defined in Article 22 of GDPR) made within the SidekickHealth application.
2.11. Recipients of information and retention period of data due to the use of the application
To keep track of the information specified in sections 2.1. to 2.5. and 2.7.-2.9., we use the Google Cloud SQL service. Google’s role is limited to storing information on our behalf; Google does not use the information for any other reason and acts as data processor on behalf of Sidekick. We store your information using the Google Cloud SQL service until you delete your Sidekick account (see section 1.5.). If you do not log any activity in the application for a period of two years, we anonymise your account automatically. If you decide to participate in a lifestyle change program with a trainer or health coach, s/he will also have access to some of the above information.
3. Outgoing emails
3.1. Lost password
If you have lost or forgotten your account password, you can request a password reset. If we receive that kind of request from you, we will send an email with reset instructions to the email address you used to register for your Sidekick account.
3.2. Improving your experience with the application and Sidekick services
As described in section 2.9 we collect information about how you use the application in order to provide you with a better and more accurate service. We will send you an email with information about potentially relevant Sidekick services that we think may be of interest to you. It should be noted that you, as a user of the application, have the right to object to such email communications, by unsubscribing or sending an email to email@example.com.
3.3. Changes to Terms and Conditions
Our terms may change in the future. When we change them, we will send you information about those changes by email.
3.5. Recipients of information and the retention period for outgoing emails
We use a service from MailChimp to email you and to store information about our email communication with you. MailChimp’s role is limited to comply with our instructions on how the information should be used. MailChimp does not use the information for any other reason. MailChimp whose databases are located in the U.S. is subject to Standard Contractual Clauses and under that resource the movement of data away from the EEA Area is authorised.
- Email communications for lost passwords will be deleted as soon as an email has been received.
- Email communications for information about potentially relevant Sidekick services will be deleted after six months.
- Email communications due to changes in our Terms and Conditions and handling of your personal data will be stored as long as the company has use for the information.
4. Legal basis for processing personal data
The personal information referred to in sections 1.1. to 1.4. mentioned above is collected on the basis of your consent.
The contact information gathered through our websites is collected on the basis of your consent and will only be used for the relevant purposes of the collection.
The personal information referred to in sections 2.1. to 2.8. is also collected on the basis of your consent. The information in connection with your use of the application, referred to in section 2.9., is collected on the basis of your consent, we will only communicate this information to users who have consented to receiving such emails.
Emails regarding lost passwords, as described in section 3.1., will be sent to you on the basis of your consent. Emails regarding your experience of the application, referred to in section 3.2., will be sent on the basis of your consent, we will only communicate this information to users who have consented to receiving such emails.
Emails described in sections 3.3. and 3.4. will also be sent to you on the basis of our legitimate interest in demonstrating that the company has informed users about changes to our Terms and Conditions or to our handling of users´ personal information.
5. Protection of Personal Data
Sidekick takes precautions, including administrative, technical and physical measures, to safeguard your personal data against loss, theft and misuse, as well as against unauthorised access, disclosure, alteration and destruction. We store the personal data you provide encrypted on computer servers that are located in controlled facilities. We restrict access to personal data to our employees, contractors and agents who need access in order to operate, develop, or improve our services and the application.
When you enter sensitive personal data in the application we encrypt the transmission of such data using secure socket layer technology. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it.
6. Personal data transfers outside of the European Economic Area (EEA)
Where your personal data is transferred to a country outside of the EEA, and that country is not subject to an EU adequacy decision, we will ensure your data is protected by appropriate safeguards (e.g. via the use of EU-approved standard contractual clauses).
As detailed above, your registration data along with usage data is stored using Google Cloud SQL, whose databases are located in the EU. Images are stored on Google Cloud Storage, whose databases are located in multiple regions in the EU. It can however not be excluded that these databases are made accessible to other Google entities which are located outside the EEA. Google has EU Processor-to-Processor Standard Contractual Clauses in place for such transfers in order to ensure the security and integrity of the personal data transferred.
7. Your rights as a user of the application
If you have granted your consent for processing certain personal data, you are entitled to withdraw your consent at any time pursuant to data protection laws. However, that right does not affect the legitimacy of the processing of data carried out before you withdrew your consent. You also enjoy other rights, such as the right to access your data, the right to have wrong or misleading information about you to be rectified, the right to have your personal data deleted, the right to restrict that your personal data will be processed, the right to object and your right to data portability. Please note that some of your rights may be subject to certain conditions.
Users are never under any obligation to provide personal data. The consequences of not providing personal data are that the user will not be able to fully enjoy the application and what it has to offer.
Users can delete their account by going into Health > press the crank wheel > press “Other” > press “Delete Account” > write “Sidekick” in the text box and press “Delete account”. All personally identifiable data will be deleted.
8. Cookies (website only)
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. You can change your cookie preferences at any time by clicking on the ‘C’ icon. You can then adjust the available sliders to ‘Allow’ or ‘Deny’, then clicking ‘Save settings’. You may need to refresh your page for your settings to take effect.
8.1. Necessary cookies
Some cookies are required to provide core functionality. The website won’t function properly without these cookies and they are enabled by default.
8.2. Analytical cookies
Analytical cookies help us improve our website by collecting and reporting information on its usage.
8.3. Marketing cookies
Marketing cookies are used to track visitors across websites to allow publishers to display relevant ads.
9. Name and contact details of the controller
Org. no 680912-1490,
203 Kópavogur, Iceland.
10. Data Protection Officer
If you have further questions about how Sidekick handles your personal data, or if you want to exercise your rights, you may contact our data protection officer:
11. Right to file a complaint with the Data Protection Authority
If you have any concern that Sidekick handles your personal data legitimately, you have the right to file a complaint with the regulatory authority.