Privacy statement

Last Updated: 2023-03-27

Intro

Mia Health is a software service consisting of mobile and web applications owned, operated and developed by Mia Health AS (org.nr. 918343814), a Norwegian limited liability company. We take your privacy seriously. We will make sure to keep your personal data private and secure. We will ensure that your privacy rights are safeguarded.

This Privacy Policy describes how Mia Health handles information that our service collects or receives from you through the use of our web and mobile application services.

Mia Health is the data controller for the processing of your personal data, as a service provider. We comply with applicable Norwegian data protection laws and meet the requirements of applicable laws and regulations in the EU/EEA, such as the General Data Protection Regulation, also referred to as «GDPR».

It is important that you read this Privacy Policy and understand how we collect, store and otherwise process your personal information as described in this Privacy Policy. You are advised to periodically review this Privacy Notice for any changes.

 

We request and use your personal information only to be able to provide our services in their entirety and improve them.

• We store information you provide that is collected when the apps are in use.
• We use this information to provide you with estimates of your physical condition and evaluate your performance.
• We share anonymized and pseudonymized information with our sub-processors to improve our products, for analytics purposes and to provide customer support to our users.
• If you choose to link your account with an organization, we may ask you to share personal data. for statistical purposes (anonymised). In each case, we will inform you about what data is shared and ask for your consent.
• If you choose to link your account to a processor, we may ask you to share personal data. In each case, we will inform you about what data is shared and ask for your consent.
• We only allow our third-party service providers to use information we share with them for what is strictly necessary to perform the service they provide to us.
• Your activity data and estimated health risks can be included in anonymised statistics. This is used to document the effect of our services.

Beyond that, we will not share, publish, sell or otherwise hand over any of your personal data to any third parties without you specifically asking us to do so.

 

What information we collect and why

Account information when registering and using our services

To register as a user of our services, you must register a minimum of information that can identify you. These are your name, email address and password.

Physiological data

Using the data you share, Mia Health will be able to calculate different parameters and insights about your health and activity level.

When you register, you as a user must fill in the following information:

• Date of birth, gender, height and weight: We store your date of birth and gender in order to provide personalized calculations about the required activity level, as well as to estimate your health risk
• Resting heart rate and maximum heart rate: We store this information in order to provide an estimate of your ongoing development in fitness, health risks and required activity level. You can either enter this information manually, or it is retrieved from one of your connected devices

Health data

We collect, process and store information from our users that constitutes medical/health data, defined as special category of data under applicable data protection laws and regulations, as further described in this section. This also includes medical/health data such as maximal oxygen uptake and fitness age estimates derived from a combination of collected data from connected devices, physiological data you have provided to us, and manually recorded activities. Health information processed by us through this service may include the following:

• VO2max: Using data you share with us, we will calculate your maximum oxygen uptake. We use it to determine your fitness age, as well as give you tips and advice on health and lifestyle.
• Fitness age: This parameter is used as a reference to your physical fitness in relation to health risks.

Device data

Some actions taken in the app such as login and upgrade to paid version trigger the collection of data about your device. This includes information such as the type and model of your device, and the software version you are using. We use this information to improve our products and to provide better customer support to our users.

Technical information and log data

When you use our portal solutions, we will collect data that your computer / mobile / tablet or browser sends us. This may include your IP address, device information, browser information, as well as information about which pages you visit, time and duration of visits, and other statistics.

Connected devices

When you choose to connect a heart rate monitor or other sensor to our service, we will collect information from these devices into your account with us. This data will be processed for the same purposes as those you manually provide in our product

Communication

We follow applicable law, as well as consent you give, to use your personal information to contact you with important information, newsletters, marketing or other information.

Cookies

We collect personal information through our own and third-party cookies found on the Sites. Cookies are small amounts of data that may include a unique identifier that may be stored on your device. Some of these cookies are persistent, which means that they will still be stored on your electronic device for a limited period of time after you have left our website. Session cookies are deleted as soon as you leave the website.

We use cookies to collect information and control access to our services. We use both necessary and functional cookies for these purposes. You can set your device to reject our use of cookies, but please note that you may lose access to parts of our services where we use necessary or functional cookies.

 

Data storage and how we share and disclose information

Data processors

Our subcontractors are mainly located within the EU/EEA. We use external subcontractors for technical support, security and accounting.

In the event of criminal prosecution or other cases against our customers, users or suppliers, we may be obliged to entrust personal data and use this data for the establishment, exercise or defence of legal claims.

We may also use subcontractors outside the EU/EEA for the processing of personal data for data storage, data analysis, marketing, payment, webinar and live chat solutions.

We will never sell, transfer or otherwise share personal data for any reason other than defined in this Privacy Policy, unless required by law or with your explicit consent.

• Hubspot is used for customer service/support for our customers and users.
  https://legal.hubspot.com/privacy-policy
• Amazon Web Services is used as a cloud solution for our services.
  https://aws.amazon.com/privacy/
• Google Analytics is used for statistical analysis of traffic in our services
  https://policies.google.com/privacy
• Firebase is used for the deployment of our mobile applications and related technical analysis, and usage analysis.
  https://firebase.google.com/support/privacy/

Affiliation with a company or organization

If you are invited by a company or organization to participate in their campaign at Mia Health, you will be asked to share personal data. We will then inform you about what data is shared and how it is used, and you will need to give your consent before data is shared. You can stop sharing data at any time in the Share Center of the mobile application.

Affiliation with the therapist

If you are invited by a therapist, coach or other person who provides personal follow-up to participate in their follow-up service at Mia Health, you will be asked to share personal data. We will then inform you about what data is shared and how it is used, and you will need to give your consent before data is shared. You can stop sharing data at any time in the Share Center of the mobile application.

Connection to research projects

If you are invited by a research project to participate in their studies administered via Mia Health’s platform, you will be asked to share personal data. We will then inform you about what data is shared and how it is used, and you will need to give your consent before data is shared. Depending on the specific course of study, you may also need to sign separate agreements directly with the research institution in advance of your invitation to Mia Health’s platform. For data sharing via Mia Health, you can stop sharing this at any time in the sharing center of the mobile application.

 

Your rights

Access and data portability

Collected information is used to offer you insight and understanding, and most of the collected information stored is available to you on our Services. Should you want further access, or want the data exported, you can contact us via support@miahealth.no.

Rectification, erasure and restriction of processing

• You can delete your Mia Health account in our mobile application. Mia Health will then delete or anonymize your data when there are no longer contractual or legal obligations that prevent it.
• If you find errors or omissions in your personal data that are incorrect or incomplete in your account with Mia Health, you are entitled to have this corrected.
• If you wish to temporarily suspend our processing of your data, you must disconnect your data sources and withdraw your consent to data sharing.
• Contact support@miahealth.no if you need assistance with correction, deletion and limited processing.

 

Enforcement and the right to complain

In accordance with the GDPR, we undertake to address complaints regarding your privacy and our collection and use of your personal data. Inquiries or complaints regarding this Privacy Policy should first be directed to us (see contact details below).

If you have reservations or grounds to complain about our processing of your personal data, you can also lodge a complaint with your country’s data protection authority (https://edpb.europa.eu/about-edpb/about-edpb/members_en).

 

Inquiries

If you have any questions or concerns regarding the processing of your personal data, or if you wish to exercise one or more of your data protection rights, please contact our Data Protection Officer. Please note that we may ask you to verify your identity before responding to such requests.

privacy@miahealth.no