I. Preliminary information
- Download and use our mobile application, gateway/software collectively known as ‘the Platforms’ or any other application of ours that links to this privacy notice.
- Engage with us in other related ways, including sales, marketing or events.
- Health Practitioners who provide health care services as a business (either individually or as a legal entity), who access our Services and to whom we provide Services directly;
- Representatives of corporate Health Practitioners, such as employees or other staff, who access our Services on behalf of their employer to whom we provide services;
- Patients of a Health Practitioner who access our services as part of their treatment by a Health Practitioner; and
- Students of educational institutions that are part of the Physiotools’s academic discount program and who use Physiotools during their studies at their educational institution.
- Companies who provide services as a business and provide its customers access to our Services.
II. Who is the Controller of your personal data?
We may also function as a processor entity when we process your personal data on behalf of the controller. We may act as both a controller and processor of your personal data as described below.
Physiotools Oy with company number 0491074-9 whose address is Kehräsaari B, 5th Floor, 33200 Tampere, Finland (collectively referred to as “Physiotools”, “we”, “us” or “our”). Physiotools is committed to protecting and respecting your privacy so you can navigate and use the Platforms safely. We will process all personal and other data you provide to us in accordance with the European Union’s General Data Protection Regulation (EU) 2016/679 (‘GDPR’).
Name of the DPO: Michał Lewandowski
Full name of legal entity: Physiotools OY
Email address: firstname.lastname@example.org
III. Types of personal data
Physiotools may collect and process the following types of personally identifiable information provided by you through your use of the Platforms:
- Identity Data: Name (first and surname), title, job title.
- Contact Data: home or work address, email address, telephone number.
- Technical Data: IP address and other technology you use to access the Platforms.
- Transaction Data: includes details about payments to and from you and other details of services you have purchased from us.
- Usage Data: information about how you use the Platforms.
- Marketing and Communications Data: your preferences in receiving marketing from us.
IV. The data we collect about you as the processor
We may act as processor of Patients personal data not listed in section 3 above, including Special Category Personal Data such as information we receive from you and your Health Practitioner. Examples of this are which exercises have been assigned to you and your adherence to a particular exercise program. Our legal responsibilities as a processor are defined in the contract between us and the relevant data controller. Additionally, privacy obligations are mutually agreed upon between you and your Health Practitioner. With regards to retention and erasure, in accordance with data protection laws, the controller will be given the option to have the personal data either returned or deleted upon termination of the contract. If we do not hear from the controller on this point within 30 days of contract termination, we will permanently delete the personal data from our database in accordance with the Data Retention Policy (and from ‘back up’ within another 90 days) but may retain your data for longer periods when required under law or when agreed as otherwise in our contract with the data controller.
V. What information is collected and how is it processed?
We collect, transmit and process data you provide, for example from:
- completed contact us or trial request forms on our website
- completed e-newsletter request forms
- emails to us and other direct interactions with us
- details of any problems you report via our website regarding our service or site
- details you give when entering a competition or promotion run by us
- automated technologies or interactions.
If you complete a contact us or trial request form or send us an email the data you provide will be stored on the website temporarily. Information from these forms forwarded to us through email is in plain text.
We will enter this data in our customer relation management system and/or helpdesk tools in order to be able to process your request for fulfilling contractual obligations, such as technical support or to pursue our legitimate interest.
If you subscribe to our e-newsletter, the information you provide when completing the form will be forwarded to MailChimp which is our provider of email marketing services and is considered a third-party data processor by us.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. We may however, act as Data Processor of some Special Category of Personal Data such as information regarding which exercises have been assigned to a specific patient and adherence to a particular exercise program.
VI. Site visitation tracking and cookies
As you interact with our Platforms, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
VII. How do we use Personal Information and what are the Legal Grounds
Below we have listed the description of processing activities that we may perform on your Personal Information. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Do not hesitate to get in touch with us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
You may have opted in to receive our e-newsletter, if you want to avoid receiving this you can opt out of receiving such communications.
We do not pass on, sell, rent or lease any personal information provided by you to any third party for marketing purposes.
In some instances, Physiotools may transfer your data to a local Physiotools reseller to administer services in lieu of Physiotools.
VIII. Storage and security of your personal data
The data that we collect from you through this website may be transferred to, stored and processed at a destination outside the European Union/EEA. By submitting your personal data you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Statement. Further information about the measures we take to safeguard the transfer of your data to a country outside the European Union/EEA is available on request.
If you subscribe to our e-newsletter, the information you provide in the form will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for e-marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe link contained in all e-newsletters that we send you, or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
IX. Disclosure of information
Physiotools may disclose your information without notice to third parties such as:
- If we buy or sell any business or assets, in which case we may disclose your personal data to the seller or buyer of such business or assets.
- If we are under a duty to disclose or share your personal data to comply with any legal obligation. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
- Other companies within our Group, such as Physitrack PLC based in the United Kingdom.
- Authorised Physiotools resellers.
- Such third-party service providers.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
X. Security and data retention
The transfer of information via the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to and from our website; any transmission is at your own risk. Once we have received your information, we use strict procedures, security features and a secure server environment to prevent unauthorised access and protect your personal data against unlawful processing, destruction, alteration, loss and disclosure. We will retain your information for a reasonable period.
XI. Accuracy of information
You are responsible for informing us when your personal details have changed. Please note that notification of any change must be in writing to email@example.com. It is then our responsibility to update our records accordingly.
XII. Access to Information and your rights
You have certain rights in respect to your personal data, including the right to access, object to processing, restrict processing, portability, correct, and request the erasure or transfer of your personal data.
You also have the right to object to your personal data being used for certain purposes, including to send you marketing, such as our newsletter.
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request. To make any requests regarding your personal data, or if you have any questions or concerns regarding your personal data, you should contact us by emailing firstname.lastname@example.org.
You have the right to make a complaint to the Office of the Data Protection Ombudsman at any time. We would appreciate the opportunity to deal with your concerns before you approach them, so do not hesitate to contact us in the first instance.
XIII. Third-party data processors
The following third parties process data on our behalf:
- Google Analytics
- Microsoft Azure
- Armor defence
- The Rocket Science Group LLC
- Goodlife Technology Oy
- Physitrack PLC
- Amazon Web Services
For further information on the policies of our third-party data processors, please refer to their websites.
XIV. Contact us
For the purposes of this Statement, the data controller is Physiotools Oy, Kehräsaari B, 5th Floor, 33200 Tampere, Finland.
If you have any questions or comments about this Statement or if you wish to change any data about yourself, please email email@example.com.
XV. Changes to this Statement
Physiotools will occasionally update this Statement. We encourage you to review this Statement from time to time.
This Statement was last updated in February 2024.