Last updated/Effective date December 9, 2022
This privacy notice for Stint AS describes how and why we collect, store, use, share and process your information when you use our services, such as when you:
- Download and use our mobile application «Stint”, or any other application of ours that links to this privacy notice
- Use our web application «Stint Challenge”, or any other application of ours that links to this privacy notice
- Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? If you do not agree with our policies and practices, please do not use our Services. If you any questions, please contact us at email@example.com.
We collect the personal information you provide us.
We do not sell any information from any of our platforms.
Sharing of any data with third party: NO
Keep data as long as you keep an account open: YES
Delete data when you request account deletion: YES
Keep anonymized aggregated data: YES, for internal use only, not selling
Health related data: By consent (details below)
For current version, stint app is a place where your profile is viewable by you and nobody else.
By nature, Stint Challenge is a Company service where employees of a company see some default account and workout activity data of each other. No privacy controls, but may have individual company modifications. (Details below)
We track number of website users only.
For Stint App:
We do not track any Usage Analytics
No marketing mails as of now
No push or text messages as of now.
- WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
Personal Information Provided by You.
- email address
- display name
- first name
- last name
- profile picture (will be stored on a public share)
Sensitive Information / Health data.
Stint is a health motivation app, to give better feedback on your exercise goals we have provided integration with third party Strava. More integrations will come later and follow the same pattern. Bear in mind to read up on Strava’s or other third party’s privacy policies as we do not control them. On integrating with Strava you will accept that we collect Strava Profile and Strava Workout data.
In specific, we collect these optional health data on your request:
- Maximum heart rate
- Age (to calculate max heart rate)
- Daily Workout goal
- Average Heart rate
- Duration (moving time)
- Activity type
- Gpx track or location if any (abbreviated, full track on your request)
In addition, we automatically receive information about your computer and browser, including your IP address, software and hardware, as well as the page you request. These logs are not aggregated or sold. Logs are cleaned by default platform standards (Microsoft azure).
Application Data. If you use our applications, we also may collect the following information if you choose to provide us with access or permission:
- Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile applications, to provide certain location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
- On you request we may request access or permission to certain features from your mobile device, specifically your mobile device’s camera and photo storage. If you wish to change our access or permissions, you may do so in your device’s settings.
- HOW DO WE PROCESS YOUR INFORMATION?
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To facilitate account creation and authentication and otherwise manage user accounts. We process your information so you can create and log in to your account, as well as keep your account in working order.
- To facilitate a user profile, we process display name, email, profile picture (optional), max heartrate (optional), age (optional)
- To calculate health benefits from exercises we process length, duration, activity type, average heart rate (optional), gpx track from exercise (third party or built-in tracker – optional)
For Stint Challenge:
We process and aggregate data of Which company you are an employee and optionally in what department. We also process your workout contribution (calculated into “Stint points”) to the group in which you belong. This consent is made by your employer, but the consent to join the platform (Stint) at all is made by you individually.
Activity data will be used in a compilation of the company’s overall activity. After the end of the campaign, everyone will information is anonymised and only stored in connection with the company’s profile. Anonymised data can not be linked to person, but is data used to calculate progress; activity type, duration, intensity and date.
- LEGAL BASES TO PROCESS YOUR INFORMATION.
We only process your personal information when it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:
- Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.
- Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
- Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
- SHARING OF PERSONAL INFORMATION.
In Stint, no information is shared with any third party.
Information is shared between Stint and Stint Challenge if and only if you are a registered customer in both products. Stint and Stint Challenge is in fact “the same product” whilst Stint is for private market, Stint Challenge is for Businesses. The synchronization will happen only if the user register with the same email account both products.
For Stint Challenge weekly reports with aggregated data (anonymized) are shared with the purchaser/organizer of the buying company. In rare occasions a purchasing company agrees with another company to see each other’s top-level aggregation (total stint points). This is done by mutual written agreement between Stint and the competing companies.
- HOW LONG DO WE KEEP YOUR INFORMATION?
We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than four (4) months past the termination of the user’s account.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
- HOW DO WE KEEP YOUR INFORMATION SAFE?
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
For Stint and Stint Challenge all data and data processing and web site hosting is done in Microsoft Azure, specifically Norway East data center. No geo-redundancy. All traffic is done by https. For our landing page, stint.no, Norway based company Syse AS is hosting our web site on Norwegian soil. We always strive to keep our frameworks updated to give our customers a safe journey. Our tech stack is currently Sql server, .NET Web API, Angular and React Native which is in our opinion all considered mature and safe frameworks.
The servers that host Stint is only accessible of limited trusted employees at Bergstiger AS. No consultants or other external parts are accessing servers or maintaining codebase.
7. WHAT ARE YOUR PRIVACY RIGHTS?
In Short: In some regions, such as the European Economic Area (EEA) and United Kingdom (UK), you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.
In some regions (like the EEA and UK), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us at firstname.lastname@example.org.
We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
If you are located in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.
Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us at email@example.com.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you would at any time like to review or change the information in your account or terminate your account, you can:
- Log in to your account settings and update your user account.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
If you have questions or comments about your privacy rights, you may email us at firstname.lastname@example.org.
8. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may email us at email@example.com or by post to:
9. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
You have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please visit: firstname.lastname@example.org.