MammaMage
Privacy Policy
Valid from June 1st, 2022
Version 2.1
English Svenska
This Privacy Policy describes how Empowered Health ("Empowered", "we" or "us") with corporate identity number 559093-0722 and address Bytaregatan 22, 222 21 Lund, Sweden, processes your personal data in this mobile application MammaMage (the "Application") and related technical systems (the "Systems").
We encourage you to read this Privacy Policy carefully before using the Application to better understand how we process your personal data. Your consent to the processing of your personal data is a prerequisite for the use of certain parts of the Application.
Your integrity is important to us, and we take it very seriously. We protect your personal data and ensure that our processing of it is done in an accurate and lawful manner. In this Privacy Policy, we explain the types of personal data we may process and the purposes for which we process them. We also explain what choices and rights you have in relation to the processing.
Please note that this Privacy Policy relates to the processing of personal data for which Empowered is the personal data controller. It also means that you should address any questions or comments directly to us, or if you wish to enforce any of the rights you have in relation to our processing of your personal data.
Throughout this information text, the term "processing" is used, which includes all operations involving Personal Data, including, without limitation, the collection, processing, storage, sharing, access, use, transfer, and erasure of Personal Data.
"Applicable data protection legislation" means, from time to time, applicable laws, regulations and rules, including those issued by the relevant supervisory authorities, relating to the protection of the fundamental rights and freedoms of natural persons and, in particular, the right to the protection of their Personal Data when processing Personal Data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") as well as legislation, regulations and rules supplementing the GDPR.
"Personal data" means any information relating to an identifiable or identified natural person.
How does the application work?
The aim of the MammaMage app is to
Help you calmly get started at home with re-training your body.
Strengthen your body from the inside out with non-strenuous training. Strengthen the pelvic floor, stomach and anything structurally affected to create a stable basis for more exercise, such as weight training, cycling and jogging.
Provide information and advice on re-training after pregnancy.
Provide background information for a better understanding of how the body can be affected by pregnancy.
Allow you to communicate with an expert and consult on your training via chat and/or video meeting in the app.
Schematically, the use of the Application is as follows:
Surveys about your background and health are made available and answered in the Application.
The Application is used continuously to train according to the training programmes in the app.
Individual advice on the appropriate level of training is given, based on survey responses and Focus Scale ratings.
Contact between the MammaMage team and users can take place in the application via chat or video meeting.
Using and answering questions in the Application is voluntary.
Where do we collect personal data from?
We collect Personal Data from:
Yourself, through the answers and data you provide in the Application, e.g., when you create your account, follow your training programme, when answering surveys, when request support (UDID, device type, operating system, etc.) and when communicating with the expert in the App
When and why do we process personal data?
Administration of user accounts in the Application
We process your personal data so we can set up and manage your user account in the Application. This includes, for example, identifying you at login and collecting health data.
Categories of personal data
Name
Personal identity number
Email
Mobile number
Login details
Legal basis
The processing is necessary for the performance of providing the Application to you (Article 6(1)(e) and 9(2)(h) GDPR) (see Terms of Use of the Application).
Compliance with the training programme
We process your personal data when you use digital training programs in the Application. Processing is done so that we can see your compliance and progress through participation in the training programme.
Categories of personal data
Answers are given by you to questions, e.g., on perceived health development
Email
Communication in the Application between You and Us
Legal basis
The processing is necessary for the performance of providing the Application to you (Article 6(1)(e) and 9(2)(h) GDPR) (see Terms of Use of the Application).
How long do we keep your personal data (deletion)
Aggregated data that can no longer be attributed to a specific person will be stored indefinitely. Your user account information is retained for as long as your account is active (i.e., 1 year after you were last active on the Application) while individual responses and other health information are retained on the Application until (i) we cease to provide the Application to you or (ii) you request to terminate your account on the Application.
Transfer and disclosure of personal data
We strive to protect and limit access to your Personal Data. Only persons who have a specific need considering their position within Empowered Health will have access to your Personal Data.
Security
We will ensure that access to your Personal Data is adequately protected through the application of appropriate security measures and considering the latest developments, the cost of implementation and the nature, scope, circumstances and purposes of the processing and the risk. To enforce this guarantee, we have also implemented appropriate technical, physical, and organisational measures to protect your Personal Data against unauthorised or accidental destruction, alteration or disclosure, misuse, damage, theft or accidental loss or unauthorised access. Personal data is only stored within the EU/EEA.
Your rights
Rights in relation to your Personal Data
Access
You may request confirmation as to whether your Personal Data is being processed and, if it is being processed, request access to your Personal Data and further information, such as the purpose of the processing. You also have the right to obtain a copy of the Personal Data being processed. If the request is made electronically, the information will also be provided in a commonly used electronic format, unless you request otherwise.
Correction
If you discover that Personal Data relating to you is inaccurate, incomplete, or incorrect, you have the right to have your Personal Data rectified.
Object to specific processing of Personal Data
You may object to the processing of your Personal Data based on legitimate interest or a public interest.
Erasure
You may have your Personal Data erased in certain circumstances, for example when the Personal Data is no longer needed to achieve the purpose for which the Personal Data was collected.
You can ask us to restrict the processing of your Personal Data to the retention of your Personal Data only in specific circumstances, for example, when the retention is under judicial review, but you do not want your Personal Data to be erased.
Withdraw consent
You always have the right to withdraw your consent to the processing of Personal Data to the extent that the processing is based on your consent.
Data portability
You have the right to request a machine-readable copy of the Personal Data processed on the basis of your consent or where the processing is necessary for the performance of a contract with you and where Personal Data has been obtained from you (data portability) and to request the transfer of the information to another controller (where possible) subject to any restrictions that may follow from the law (e.g., the Patient Data Act).
Complaints to the supervisory authority
You can contact us with complaints or comments regarding the processing of your Personal Data to the Swedish Authority for Privacy Protection (www.imy.se).
Contact us
If you have any questions relating to the processing of your personal data, or if you want to exercise any of your rights in accordance with applicable data legislation, please contact Empowered using the contact details below.
Data controller
dpo@empowered.healthBytaregatan 22
222 21 Lund
Sverige
Org nr. 559093-0722
© 2022 Empowered Health