1.1 Below is a description of how Aasa Health AB, org. no. 559116-7936, with address Pilgatan 10, apt 1002, 90331 Umeå ("Vitala," "us," or "we"), processes personal data in relation to you as a user of Vitala, and you as a visitor to our website www.vitala.health ("the Website").
1.2 We value personal privacy and take your privacy very seriously. It is therefore important for us to protect your personal data and ensure that our processing of them is done in a correct and lawful manner.
2. Processed Personal Data - Users
2.1 Personal data refers to information that can be attributed to you. We may process the following personal data that can be attributed to you as a user of Vitala:
(a) contact information (name, email address, address, and phone number);
(b) health information for research purposes;
(c) cookies; and
(d) IP address.
2.2 Please note that providing your personal data is a requirement for entering into an agreement with us regarding the Vitala service.
3. Purposes of Processing and Legal Grounds - Users
3.1 Since Vitala is a training service where all the personal data listed in point 2.1 can be attributed to your health, these personal data are considered sensitive and are a prerequisite for us to provide you with the Vitala service. Therefore, when you register for the Vitala service, you are considered to have consented to our processing of these data as described below.
3.2 We process your contact information (point 2.1(a)) in order to handle our communication with you as a user of Vitala.
3.3 We process your contact information (point 2.1(a)) and health information for research purposes (point 2.1(b)) in order to conduct research on how Vitala’s exercise generator can be further improved and optimized through the analysis of results and behavior based on our exercises.
3.4 We process cookies and your IP address (point 2.1(c) - 2.1(d)) to develop Vitala and improve the user experience.
4. Processed Personal Data - Website Visitors
4.1 We may process the following personal data that can be attributed to you
as a visitor of the Website:
(d) email address;
(e) phone number; and
(f) IP address.
4.2 Please note that the data mentioned in points 4.1(b) - 4.1(f) above are
only processed in relation to visitors of the Website who register for more
information on the Website.
5. Purposes of Processing and Legal Grounds - Website Visitors
5.2 We process the data in points 4.1(b) - 4.1(f) in order to develop our services and the Website, and to market our services to you. This is done based on our legitimate interest as the legal basis.
6. Storage of Personal Data
6.1 We store your personal data for as long as you use Vitala.
6.2 If you cease to be a user of Vitala, we will delete the personal data listed in points 2.1(a) - 2.1(d) within three months after you have ceased to be a user. However, we may continue to process your contact information (point 2.1(a)) and health information (point 2.1(b)) during the period of ongoing research.
6.3 Cookies (point 2.1(c) and 4.1(a)) are deleted no later than one year after the cookie is created. For more detailed information about our cookies and their usage, please refer to our Cookie Notice on our website: www.vitala.health.
6.4 We retain the information of visitors who have registered for more information (points 4.1(b) - 4.1(f)) for a maximum of two years after the registration has been made.
7.1 We may disclose your personal data to our data processors, such as companies that provide IT and cloud services or payment administration services.
7.2 In case of suspected illegal activities or violation of our terms and conditions, we may disclose your personal data to law enforcement authorities, as well as to our legal advisors.
7.4 We process as much of your personal data as possible within the EU/EEA. If personal data is transferred to a supplier or subcontractor outside the EU/EEA for processing, the recipient has always entered into contractual agreements with Vitala that ensure the recipient maintains a level of protection comparable to the EU/EEA, in accordance with the requirements of Chapter Vof the GDPR.
8. Information Security
8.1 As the data controller, we have implemented appropriate technical and organisational measures to protect your processed personal data. We have specific internal guidelines and processes to address information security matters and to prevent and detect breaches.
8.2 If your personal data is involved in a security incident (referred to as a "personal data breach"), we may contact you.
9. Your Rights
9.1 You have the right to receive confirmation as to whether we process
personal data concerning you, and if so, access to that personal data, as well
as information about the data and our handling of it. You can do this by
sending an email to email@example.com.
9.2 You have the right to have incorrect personal data concerning you rectified
by us without undue delay. Taking into account the purposes of the training,
you also have the right in certain cases to have incomplete personal data
completed. You can do this by sending an email to firstname.lastname@example.org.
9.3 You have the right to withdraw your consent to our processing of your
personal data at any time. Please note that this affects our ability to provide
you with our Vitala service. You can do this in the ways described in sections
3.5 or 4.1 above.
9.4 You have the right to object to our processing of your personal data for
direct marketing purposes. If you make such an objection, we will no longer
process your personal data for that purpose. You can do this by sending an
email to email@example.com.
9.5 You have the right, under certain circumstances, to have your personal
data erased by us, for example, if the data is no longer necessary for the
purposes for which it was collected, or if the data has been unlawfully
processed. You can do this by sending an email to firstname.lastname@example.org.
9.6 You have the right to request that we restrict the processing of your
personal data in certain cases. For example, if you dispute the accuracy of the
personal data, you can request that we restrict the processing of the data
while we verify its accuracy. You can do this by sending an email to
9.7 If you have any concerns about our processing of your personal data, you
are welcome to contact us. You also have the right to lodge a complaint
regarding the processing of your personal data with the Swedish Data
Protection Authority (IMY). For more information about IMY, please visit their
website - www.imy.se.
10. Additions and Amendments
11. Contact Us
If you have any questions regarding our processing of your personal data, please feel free to contact us at email@example.com or by mail at:
Aasa Health AB
Attention: Data Protection
Pilgatan 10, Apt 1002