Privacy Policy Agreement for the Mia Health Platform
Mia Health AS is a Norwegian limited company ("Mia Health", "We" or "Us") providing the Mia Health application ("Application"), as well as the Mia Insight portal ("Enterprise Portal"), collectively referred to as the "Mia Health Platform" or "Platform".
This privacy policy describes how Mia Health processes personal data that we collect or receive from you as a Business User (administrators, team leaders, and contributors) in the Mia Health Platform. For more information on how we process personal data about our users in the Application or on our websites, please refer to: https://miahealth.no/privacypolicy-app
Mia Health is the data controller for the processing of your personal data as a service provider. We comply with applicable Norwegian privacy laws and fulfill the requirements according to applicable laws. According to the Personal Data Act (Act on the Processing of Personal Data of 15 June 2018 no. 3) and the General Data Protection Regulation 2016/679 ("GDPR"), we are obliged to process personal data in a proper manner and in accordance with applicable laws and regulations.
As a Business User, you have the right to understandable information about what personal data we process, the purpose of the processing, the legal basis, and what rights you have. We encourage you to read this privacy policy carefully. We may make minor changes to this privacy policy from time to time to ensure that it accurately describes how we process personal data.
1. Which Personal Data Do We Collect About You and When Are We Data Controller?
When ordering and using the Mia Health Platform, Mia Health is the data controller for processing personal data about the company's Business Users. We process your personal data in the following cases:
User registration. To register as a Business User in the Mia Health Platform, you, as a representative of the company, must register a minimum of personal data. This includes personal data such as name, email, name and address of the company, and password in the Platform.
Communication with Mia Health. You can contact Mia Health by email, phone, and occasionally communicate directly with us. Mia Health may also contact you regarding our services. If we send emails to market our services, unsubscribe instructions will be included in each such promotional email from Mia Health. Please note that unsubscribe requests may take up to ten (10) business days to take effect. You cannot opt out of receiving messages in the Mia Health Platform about scheduled activities, payments, and similar matters.
Automatically collected information. We automatically collect certain information about your computer or device's hardware and software and your use of the Platform.
Surveys. We may conduct surveys. These surveys are voluntary and normally anonymous, but may also involve sharing contact information and other personal information with us. Depending on the individual survey, you may be asked to share information that can identify you personally. This may include age, gender, activity level, type of activity, your subjective interpretations of activity, exercise and fitness level, and your subjective interpretations of mental training and barriers. No sensitive data will be required to participate in our surveys.
Other personal data. All other personal data generated or otherwise processed in the Platform is the responsibility of the ordering company. This may include aggregated statistics, participation in events/competitions, dialogue and results related to competitions, etc. Information about the processing should be found in the company's internal privacy policy.
2. Legal Basis and Purpose of Processing
We collect, store, and process your personal data for several purposes and based on various legal grounds.
Legitimate interests. Mia Health processes personal data based on our legitimate interests, not overridden by your rights. The legal basis for handling your information is our legitimate interest for the following purposes:
- To provide you with access to the Platform.
- To process and respond to your inquiries and requests.
- To market, develop, and improve our services, products, and content.
- To inform you about new technology, functionality, terms, products, services, or promotions, special offers, special events, or other activities, and to plan and administer the foregoing.
- To ensure the technical functionality of the Platform.
- To prevent fraud and perform other security measures.
Contractual obligations. We process your personal data to fulfill our contractual obligations with you, which include the following purposes:
- To provide you with access to the Mia Health Platform.
Legal obligation. Mia Health must comply with applicable law and may therefore process your personal data. The basis for processing is legal obligations for the following purposes:
- Accounting.
Consent. In case the processing is not covered by our contractual obligations or legitimate interests, Mia Health will ensure to obtain your consent for such processing.
3. Disclosure of Personal Data to Third Parties and Subcontractors
3.1 Subcontractors and Third Parties
We use external subcontractors for technical support, security reasons, and accounting. Our subcontractors are mainly located within the EU/EEA, and all processing of personal data takes place within the EU/EEA.
In case of criminal proceedings or other matters against our customers, users, or suppliers, we may be required to disclose personal data to establish, exercise, or defend legal claims against us.
We may also use subcontractors outside the EU/EEA to provide support for our services. Any transfers will be made in accordance with the privacy regulations, including the rules for transfers to third countries under the GDPR Chapter V. Mia Health also conducts thorough Transfer Impact Assessments and risk assessments of our subcontractors and implements appropriate technical measures to ensure that personal data is processed properly.
We will never sell, transfer, or otherwise share personal data for purposes other than defined in this privacy policy unless required by law or with your explicit consent.
3.2 List of subcontractors:
To provide our services, we use the following subcontractors:
- Hubspot is used for customer service/support for our customers and users. https://legal.hubspot.com/privacy-policy
- Amazon Web Services is used as a cloud solution for our services. https://aws.amazon.com/privacy/
- Google Analytics is used for statistical analysis of traffic in our services. https://policies.google.com/privacy
- Firebase is used for distribution of our mobile applications and related technical analysis and usage analysis. https://firebase.google.com/support/privacy/
4. Support
Users of the Enterprise Portal can fill out the customer service form provided by Hubspot. The form can be used if there are issues with the Platform or you have other concerns, questions, or feedback. To reach us through the customer support service, you need to provide the following information: • Full name. • Email address. • Information about your concerns, questions, or feedback. • Upload any attachments regarding concerns, questions, or feedback.
5. Your Rights
Withdrawal of consent. If the processing of our personal data is based on your consent, you can withdraw your consent to our use of your personal data in your sharing center or by contacting us. If you withdraw your consent, we will stop processing.
Protests. You can object to the processing of your personal data based on legitimate interests and automatic processing of your personal data. You can also object to direct marketing.
Limitation. You may request that we temporarily or permanently limit the processing of your personal data. Please note that limitations regarding mandatory personal information may prevent Mia Health from providing the services.
Access and portability. You may request free access to the personal data we have collected at any time by contacting Mia Health. You can also request information about how we collect personal data. You will be granted access to the extent reasonable.
Copies. You may request copies of the personal data we have stored in a machine-readable format.
Deletion and correction. You may request that we delete and correct collected personal data about you at any time. Please note that if you wish to continue using the Platform, deletion may prevent or complicate the use of the Platform. If you terminate or close your Mia Health account, all information will be quarantined for 50 days. This quarantine period is in place to prevent fraudulent or erroneous termination or closure of accounts by unauthorized persons. After the expiration of the quarantine, all personal data will be deleted or anonymized. Mia Health may be required to continue processing some personal data for accounting purposes as required by law.
Complaints to the supervisory authority. Complaints about violations of privacy regulations can be sent to the Data Inspectorate.
4. Privacy Settings
Business users and Mia Health suppliers can manage their privacy settings at any time.
Enterprise Portal. Business users can choose which information to share in the Enterprise Portal and can manage sharing in the sharing center. Business users can opt-out of sharing anonymized data. Business users can also completely disconnect from access to the Enterprise Portal.
Deletion. Business users are free to delete information shared in chat, groups, and their own account.
Data Storage
All data shared or generated through the program is stored on servers in Frankfurt, Germany, provided by Amazon and their Amazon Web Services.
We retain your personal data for as long as necessary to fulfill the purpose of the processing, or otherwise, as required by applicable law.
We will delete personal data that is no longer necessary to fulfill the purposes for which it was collected. For example, if you withdraw your consent to receive newsletters from us, we will delete your email address.
Security
Only a limited number of employees at Mia Health and subcontractors have access to your personal data. We implement all necessary and reasonable technical and organizational measures to prevent unauthorized access or sharing of your personal information. These measures include both physical and technical measures, such as encryption, risk assessments, and procedures for handling data and responding to requests for access to and deletion of personal data. We store all personal information on secure servers in Frankfurt, Germany, provided by Amazon.
Changes to the Privacy Policy
To comply with any legal requirements or rectify errors, Mia Health may change the privacy policy. Changes will be posted in the Platform under "Privacy Policy" and will take effect immediately upon posting. When required by law, any significant changes in the way we process personally identifiable information will only apply to information collected after the revised privacy policy is posted, unless we notify you or obtain consent in accordance with applicable law.
Contact Information
If you have any questions or concerns about the processing of your personal data, or you wish to exercise one or more of your privacy rights, you can contact our customer service. Please note that we may ask you to confirm your identity before responding to such requests.