Stint Privacy Policy

Last updated/Effective date December 9, 2022

This privacy notice for Stint AS describes how and why we collect, store, use, share and process your information when you use our services, such as when you:

Download and use our mobile application «Stint”, or any other application of ours that links to this privacy notice
Use our web application «Stint Challenge”, or any other application of ours that links to this privacy notice
Engage with us in other related ways, including any sales, marketing, or events

Questions or concerns? If you do not agree with our policies and practices, please do not use our Services. If you any questions, please contact us at support@stint.no.

SUMMARY

Personal information

We collect the personal information you provide us.

We do not sell any information from any of our platforms.

Sharing of any data with third party: NO

Keep data as long as you keep an account open: YES

Delete data when you request account deletion: YES

Keep anonymized aggregated data: YES, for internal use only, not selling

Health related data: By consent (details below)

Privacy

Stint App:

For current version, stint app is a place where your profile is viewable by you and nobody else.

Stint Challenge:

By nature, Stint Challenge is a Company service where employees of a company see some default account and workout activity data of each other. No privacy controls, but may have individual company modifications. (Details below)

Tracking

Analytics

For StintChallenge.com:

We track number of website users only.

Cookies: Yes

For Stint App:

We do not track any Usage Analytics

Communication

We will notice by mail when the Privacy Policy change

No marketing mails as of now

No push or text messages as of now.

WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

Personal Information Provided by You.

email address
display name
first name
last name
password
profile picture (will be stored on a public share)

Sensitive Information / Health data.

Stint is a health motivation app, to give better feedback on your exercise goals we have provided integration with third party Strava. More integrations will come later and follow the same pattern. Bear in mind to read up on Strava’s or other third party’s privacy policies as we do not control them. On integrating with Strava you will accept that we collect Strava Profile and Strava Workout data.

In specific, we collect these optional health data on your request:

Profile
- Maximum heart rate
- Age (to calculate max heart rate)
- Daily Workout goal
Workouts
- Average Heart rate
- Length
- Duration (moving time)
- Activity type
- Gpx track or location if any (abbreviated, full track on your request)

In addition, we automatically receive information about your computer and browser, including your IP address, software and hardware, as well as the page you request. These logs are not aggregated or sold. Logs are cleaned by default platform standards (Microsoft azure).

Application Data. If you use our applications, we also may collect the following information if you choose to provide us with access or permission:

Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile applications, to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.

On you request we may request access or permission to certain features from your mobile device, specifically your mobile device’s camera and photo storage. If you wish to change our access or permissions, you may do so in your device’s settings.

HOW DO WE PROCESS YOUR INFORMATION?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation and authentication and otherwise manage user accounts. We process your information so you can create and log in to your account, as well as keep your account in working order.
To facilitate a user profile, we process display name, email, profile picture (optional), max heartrate (optional), age (optional)
To calculate health benefits from exercises we process length, duration, activity type, average heart rate (optional), gpx track from exercise (third party or built-in tracker – optional)

For Stint Challenge:

We process and aggregate data of Which company you are an employee and optionally in what department. We also process your workout contribution (calculated into “Stint points”) to the group in which you belong. This consent is made by your employer, but the consent to join the platform (Stint) at all is made by you individually.

Activity data will be used in a compilation of the company’s overall activity. After the end of the campaign, everyone will information is anonymised and only stored in connection with the company’s profile. Anonymised data can not be linked to person, but is data used to calculate progress; activity type, duration, intensity and date.

LEGAL BASES TO PROCESS YOUR INFORMATION.

We only process your personal information when it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.

Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

SHARING OF PERSONAL INFORMATION.

In Stint, no information is shared with any third party.

Information is shared between Stint and Stint Challenge if and only if you are a registered customer in both products. Stint and Stint Challenge is in fact “the same product” whilst Stint is for private market, Stint Challenge is for Businesses. The synchronization will happen only if the user register with the same email account both products.

For Stint Challenge weekly reports with aggregated data (anonymized) are shared with the purchaser/organizer of the buying company. In rare occasions a purchasing company agrees with another company to see each other’s top-level aggregation (total stint points). This is done by mutual written agreement between Stint and the competing companies.

HOW LONG DO WE KEEP YOUR INFORMATION?

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than four (4) months past the termination of the user’s account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

HOW DO WE KEEP YOUR INFORMATION SAFE?

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

For Stint and Stint Challenge all data and data processing and web site hosting is done in Microsoft Azure, specifically Norway East data center. No geo-redundancy. All traffic is done by https. For our landing page, stint.no, Norway based company Syse AS is hosting our web site on Norwegian soil. We always strive to keep our frameworks updated to give our customers a safe journey. Our tech stack is currently Sql server, .NET Web API, Angular and React Native which is in our opinion all considered mature and safe frameworks.

The servers that host Stint is only accessible of limited trusted employees at Bergstiger AS. No consultants or other external parts are accessing servers or maintaining codebase.

7. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area (EEA) and United Kingdom (UK), you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA and UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us at support@stint.no.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you are located in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us at support@stint.no.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

If you have questions or comments about your privacy rights, you may email us at support@stint.no.

8. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at support@stint.no or by post to:

Bergstiger AS

Strandgata 106

6300 Åndalsnes

Norway

9. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please visit: support@stint.no.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_wpfuuid	11 years	This cookie is used by the WPForms WordPress plugin. The cookie is used to allows the paid version of the plugin to connect entries by the same user and is used for some additional features like the Form Abandonment addon.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
messagesUtk	5 months 27 days	HubSpot sets this cookie to recognize visitors who chat via the chatflows tool.
pll_language	1 year	The pll _language cookie is used by Polylang to remember the language selected by the user when returning to the website, and also to get the language information when not available in another way.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_154637876_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
li_gc	5 months 27 days	No description