Approved: 15 June 2021
Published: 15 June 2021
Will be reviewed: 1 June 2022
Personal data that Sidekick Health collects and how that data is used
1. Information you provide when you create an account
We receive certain information from you when you create a Sidekick account. To create an account, you have three different options:
1.1. Traditional login
You can choose to create a new account directly by registering information about your name, email and password. You may optionally choose to provide information about your height, weight, age and gender, as well as upload a photo of yourself.
1.2. Login with Facebook
You can choose to use Facebook to create an account. Through this method, we collect information about your name, birthday, email address, gender, profile image and friends who also use Sidekick.
1.3. Login with Google
You can choose to use Google to create an account. Using this process, we collect information about your name, email address, gender and profile image.
1.4. Login with Apple ID
You can choose to use Apple ID to create an account. Using this process, we collect information about your email address. You may optionally choose to provide information about your height, weight, age and gender, as well as upload a photo of yourself.
1.5. Recipients and data retention regarding account registration
We use the Google Cloud SQL service to store account registration information. Google’s role is limited to storing information on our behalf; Google does not use the information for any other reason. Please also note that when you create an account, other users will be able to see some of your information, such as your name and your profile picture.
We store your information using the Google Cloud SQL service until you delete your Sidekick account. This deletion involves only personally identifiable data, which includes for example (username, password, all images, GPS data and entered programs).
If you do not log any activity in the application for a period of two years, we remove all personal data and thereby anonymise your account automatically. This removal of personal data includes all personally identifiable information, that includes for example (username, password, all images, GPS data and entered programs).
The registration data along with usage data is stored using Google Cloud SQL whose databases are located in the EU. Images are stored on Google Cloud Storage, whose databases are located in multiple regions in the EU.
2. Information you provide when you use the application
When you use the application you can choose to share certain information, including information related to your health. For example:
2.1. Information about your diet
You can choose to share information relating to your diet, such as the goals you want to achieve, as well as information and photos relating to the food you have eaten. Sidekick Health uses this information to allow you as a user to keep track of your dietary habits and progress.
2.2. Information about your physical activity
You can choose to share information about your physical activity, such as information about your workouts, as well as your location while you exercise (e.g., to measure distance traveled on a run). Sidekick Health uses this information to allow you as a user to keep track of your exercise routine.
2.3. Information about how you reduce stress
You can choose to share information about how you reduce stress, such as minutes spent completing relaxation exercises in the application. Sidekick Health uses this information to allow you as a user to keep track of your stress and energy levels, as well as mindfulness activities.
2.4. Information about the tests that you take
You can choose to take various tests in the application, such as questionnaires to check your risk for diabetes or work-related stress, as well as a personality test. The results of these tests are based on the information you provide. Sidekick Health uses this information to allow you as a user to keep track of your test results.
2.5. Information about your vital signs
You can choose to share information related to your vital signs, such as your blood pressure, pulse, weight and blood test results. Sidekick Health uses this information to allow you as a user to log your vital signs and keep track of changes in these measurements over time.
2.6. Information about your use of the application
We also use the information, specified in sections 2.1 to 2.5, that you choose to share with us, to inform, entertain and provide you with relevant Sidekick services if you have given consent for this communication.
2.7. Community activities
As a user of the application, you can partake in a community, if the lifestyle program you are active in allows for it, for example by posting on the feed, commenting on or liking others posts. Our only goal is to allow you to interact with other users and we do not use your information for any other reason.
2.8. Information about your interest in participating in a lifestyle program
As a user, you can use the application to indicate your interest in participating in a lifestyle program. Sidekick Health uses that information to identify which Sidekick services are likely to fit you best and send you an email with information about these services.
2.9. Information about how you use the application
To improve the user experience of the application, we also collect information on how you use the application.
2.10. Personal profiling
The above-mentioned information leads to personal profiling of users. The logic used is simple: if you log activities on a bike the SidekickHealth application is more likely to suggest cycling as an exercise for you, than for example walking/running. There are no automatic decisions (as defined in Article 22 of GDPR) made within the SidekickHealth application.
2.11. Recipients of information and retention period of data due to the use of the application
To keep track of the information specified in sections 2.1. to 2.7. and 2.9., we use the Google Cloud SQL service. Google’s role is limited to storing information on our behalf; Google does not use the information for any other reason. We store your information using the Google Cloud SQL service until you delete your Sidekick account (see section 1.5.). If you do not log any activity in the application for a period of two years, we anonymise your account automatically. If you decide to participate in a lifestyle change program with a trainer or health coach, s/he will also have access to some of the above information.
3. Outgoing emails
3.1. Lost password
If you have lost or forgotten your account password, you can request a password reset. If we receive that kind of request from you, we will send an email with reset instructions to the email address you used to register for your Sidekick account.
3.2. Improving your experience with the application and Sidekick services
As described in section 2.9 we collect information about how you use the application in order to provide you with a better and more accurate service. We will send you an email with information about potentially relevant Sidekick services that we think may be of interest to you. It should be noted that you, as a user of the application, have the right to object to such email communications, by unsubscribing or sending an email to email@example.com.
3.3. Changes to Terms and Conditions
Our terms may change in the future. When we change them, we will send you information about those changes by email.
3.5. Recipients of information and the retention period for outgoing emails
We use a service from MailChimp to email you and to store information about our email communication with you. MailChimp’s role is limited to comply with our instructions on how the information should be used. MailChimp does not use the information for any other reason. MailChimp whose databases are located in the U.S. is subject to Standard Contractual Clauses and under that resource the movement of data away from the EEA Area is authorised.
- Email communications for lost passwords will be deleted as soon as an email has been received.
- Email communications for information about potentially relevant Sidekick services will be deleted after six months.
- Email communications due to changes in our Terms and Conditions and handling of your personal data will be stored as long as the company has use for the information.
4. Legal basis for processing personal data
The personal information referred to in sections 1.1. to 1.3. mentioned above is collected on the basis of your consent.
The personal information referred to in sections 2.1. to 2.8. is also collected on the basis of your consent. The information in connection with your use of the application, referred to in section 2.9., is collected on the basis of your consent, we will only communicate this information to users who have consented to receiving such emails.
Emails regarding lost passwords, as described in section 3.1., will be sent to you on the basis of your consent. Emails regarding your experience of the application, referred to in section 3.2., will be sent on the basis of your consent, we will only communicate this information to users who have consented to receiving such emails.
Emails described in sections 3.3. and 3.4. will also be sent to you on the basis of our legitimate interest in demonstrating that the company has informed users about changes to our Terms and Conditions or to our handling of users´ personal information.
The personal information provided by users is used to ensure the quality of the Sidekick Health application as a Medical Device through research. This is done on the basis of Article 9(2)i of GDPR. We do take measures to safeguard the rights and freedoms of the data subject, these involve researchers having signed and being bound by confidential statement. The research done with user data will never be published with any personally identifiable data. The purpose of this is to increase the quality of lifestyle programs on offer and to gather information through research to support clinical evaluation of SidekickHealth as a medical device.
5. Protection of Personal Data
Sidekick Health takes precautions, including administrative, technical and physical measures, to safeguard your personal data against loss, theft and misuse, as well as against unauthorised access, disclosure, alteration and destruction. We store the personal data you provide encrypted on computer servers that are located in controlled facilities. We restrict access to personal data to our employees, contractors and agents who need access in order to operate, develop, or improve our services and the application.
When you enter sensitive personal data in the application we encrypt the transmission of such data using secure socket layer technology. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it.
6. Personal data transfers outside of the European Economic Area (EEA)
Where your personal data is transferred to a country outside of the EEA, and that country is not subject to an EU adequacy decision, we will ensure your data is protected by appropriate safeguards (e.g., EU-approved standard contractual clauses or Binding Corporate Rules).
7. Your rights as a user of the application
If you have granted your consent for processing certain personal data, you are entitled to withdraw your consent at any time pursuant to data protection laws. However, that right does not affect the legitimacy of the processing of data carried out before you withdrew your consent. You also enjoy other rights, such as the right to access your data, the right to have wrong or misleading information about you to be rectified, the right to have your personal data deleted, the right to restrict that your personal data will be processed, the right to object and your right to data portability. Please note that some of your rights may be subject to certain conditions.
Users are never under any obligation to provide personal data. The consequences of not providing personal data are that the user will not be able to fully enjoy the application and what it has to offer.
8. Cookies (website only)
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. You can change your cookie preferences at any time by clicking on the ‘C’ icon. You can then adjust the available sliders to ‘Allow’ or ‘Deny’, then clicking ‘Save settings. You may need to refresh your page for your settings to take effect.
8.1. Necessary cookies
Some cookies are required to provide core functionality. The website won’t function properly without these cookies and they are enabled by default.
8.2. Analytical cookies
Analytical cookies help us improve our website by collecting and reporting information on its usage.
8.3. Marketing cookies
Marketing cookies are used to track visitors across websites to allow publishers to display relevant ads.
9. Name and contact details of the controller
Org. no 680912-1490,
10. Data Protection Officer
If you have further questions about how Sidekick Health handles your personal data, or if you want to exercise your rights, you may contact our data protection officer:
11. Right to file a complaint with the Data Protection Authority
If you have any concern that Sidekick Health handles your personal data legitimately, you have the right to file a complaint with the regulatory authority.