Privacy policy

Processing of Personal Data

In this privacy policy we describe the personal data that is collected when you use the Pausit health portal, how the data is used, and who has access to it.

Personal data means any information that can be directly or indirectly linked to a natural, living person. Examples of personal data include name, address, phone number, and email address. Information
such as IP address and user behavior on our website also constitutes personal data.

The processing of personal data refers to all handling of such data, including collection, use, storage
and deletion.

Controller means the person or entity which, alone or jointly with others, determines the purposes and means of the processing of personal data and is responsible for ensuring that the processing complies with applicable data protection law. Unless otherwise specified in this privacy policy, Pausit AB, 556690-8132 (hereinafter referred to as “Pausit”) is the entity responsible for the processing of
personal data described below.

To process personal data, Pausit is legally required to have a so-called legal basis for each processing. We use the following legal bases:

  • contract, where we need the personal data to enter into or fulfil a contract with you
  • legitimate interest, where our interests as the data controller outweigh those of the data subject and the processing is necessary for the specific purpose in question
  • consent, where you have consented to the processing of your personal data for one or more specific purposes.

Pausit processes various types of personal data in different contexts and with different legal bases within the portal. In the following ovierview, you can see what applies to your relationship with Pausit as a registered user of the health portal.

When using the portal

Invite
Your employer can invite you to join a team in Pausit’s health portal. In order to send the invitation to you, we process information about your name and email, as provided to us by the team’s owner.

If you accept the invitation, you will become a member of the team. For information on how your personal data is processed as a team member, please see the separate section below (‘Membership in a team and/or buddy group’).

You can be invited to join a team whether you already have a user account or not. For information on how your personal data is processed as a user in the portal, please see the separate
section below (‘User account sign-up and management).

Legal basis: Our legitimate interest in inviting you to our portal in order to provide agreed services and features to our corporate customers.
Storage period: We retain your data for this purpose for 3 months, until you accept the invitation or until the team owner removes your invitation.

User account sign-up and management
You can either create an account directly in the portal or log in using your Google account or Microsoft account.

If you create a user account in our portal, we collect information about your password and email address. The login process is handled through Firebase authentication. If you use your Google
account or Microsoft account to log in, your login credentials, including your profile picture, are associated with an ID that Google/Microsoft shares with us. Pausit only processes your login ID, while
Google/Microsoft is the data controller for the remaining login information.

We collect this information about you in order to:

  • Give you access to the portal.
  • Provide you with, manage, and perform maintenance on your user account.

Legal basis: Fulfillment of the agreement you have entered into with us by joining the portal.
Storage period: We retain your data as long as you are a registered user of the portal and 3 months thereafter.

Personalized profile
In order to personalize your user account, you have the option to pick a profile name and to enter your first and last name, as well as connect your account to Gravatar to display a profile picture.
Legal basis: Your consent
Storage period: We retain your data as long as you are a registered user of the portal and 3 months thereafter, or until you choose to delete the data yourself.

User data
In order to provide and customize the portal to your preferences, we store information about your saved training schedules, your favorite exercises, exercises you dislike, and user statistics such as the
number of times you have performed a particular exercise and the last time you performed it. We also track the number of exercises you do per day and the total number of completed exercises. If you use the mood tracking feature, we save your responses so that you can track changes in your well-being over time.

Legal basis: Our legitimate interest in offering you the digital functionalities of our portal.
Storage period: We retain your data as long as you are a registered user of the portal.

Membership in a Team and/or Buddy group

There is a possibility in the portal to form teams or buddy groups together with other users. The purpose is to enable collaboration between users and, for in the case of teams, to simplify
administration for corporate users.

Membership management
Team owners and administrators can view who are members of their team/buddy group and manage their memberships. This means that basic information about you as a member will be shared with the
owner and any additional administrators of the team/buddy group. However, members who are not owners or administrators cannot see your personal data.

The personal data shared with owners and administrators of the teams/groups where you are a member are:

Account type (member(/admin)
Demouser yes/no (trial period)
Account id (generated)
Provider name (if you use google/microsoft, the person’s own name is retrieved)
Email address (required)
Fullname (optional)
Nickname (optional), is on the start page
Language
Provider login (enabled or not)
Organizations (to which one is connected – can be several)

Legal basis: Our legitimate interest in being able to provide the option of teams and buddy groups to our users.
Storage period: We retain your data as long as you’re a member of the team/buddy group.

Collaboration in a team or buddy group
As a member of a team or buddy group you can choose to share certain information with other team/group members. Sharing is disabled by default. You can choose which information to share and
which not to share.

Legal basis: Your consent.
Storage period: We retain your data as long as you are a registered user of the portal, or until you choose to disable the sharing.

Security, support, and development

Security for logged-in users
When you are logged into your user account, we process technical information about the type of device (e.g., mobile, tablet, or computer) used to access the service, the device’s unique ID, IP address, and information about what network the device is using. We collect this data in order to provide a secure service and prevent harmful behavior and fraudulent attempts.

Legal basis: Our legitimate interest in ensuring that our service is secure for you to use.
Storage period: We retain your data for 3 months.

Support inquiries
When you contact us for support, we process your first and last name, email address, and any personal data that may arise from the inquiry. Your personal data is used to facilitate email conversations
regarding your inquiry with us.

Legal basis: Our legitimate interest in assisting you in getting the portal to function properly.
Storage period: We retain your data for the duration necessary to handle the inquiry and 3 months thereafter.

Licensees
If you or someone else has purchased a license for your user account, we process your personal data in order to charge for the provided service and fulfil our obligations according to the license agreement. Personal data that we process includes basic information about the relevant account for the license, as well as billing information for whomever is paying the license.

Legal basis: Fulfillment of the license agreement.
Storage period: We retain invoice records for up to eight years in accordance with the Swedish Book-keeping Act (bokföringslagen).

Evaluation and development of our services
When you are logged into the portal, we process technical information about the device (computer, tablet, or mobile) you are using, along with user data, browser information, and your behavior within the portal.
We collect this information about you in order to:

  • Be able to process and analyze statistical data in an external system in order to follow behavior over time and improve and develop the service.

Legal basis: Our legitimate interest in evaluating and developing our services.
Storage period: We retain your data for 3 months.

Who has access to the personal data?

If your personal data is processed for any of the purposes mentioned in this privacy policy, the data may be shared with our suppliers and/or partners if necessary to achieve the purpose of the
processing. We have entered into specific agreements with these parties to ensure that they only process the personal data in accordance with our instructions.

Our partners will only have access to your personal data in de-identified form, so that the partner cannot link the information to you as an individual. Exceptions to this apply when the partner needs the
information to fulfill an agreement, such as delivering a requested service to you.

If you are part of a team or buddy group, the owner of the team/group can see basic information about you, such as your email address and any profile picture. You can choose whether you also want to
share your user data with the owner of the team/group and other members. Read more above under the sections on processing of personal data in teams and groups and sharing with other users.

Geographical location for data processing

Our suppliers have their servers and databases located within the EU, and therefore, there is no transfer of your personal data outside the EU.

Your rights

Details on Your Rights

As a data subject, you have a number of rights under the General Data Protection Regulation. Below is a description of these rights and how we work to fulfil these rights.

Right of access
You have the right to request information about whether we process your personal data and, if so, to access that data and information about how we use it. You also have the right to request a copy of your personal data. The first copy you request is free of charge, but additional copies may be subject to a fee. If you submit your request in an electronic format, we will provide it to you electronically, if possible. If you do not specify a particular electronic format, we will provide the information in a commonly used
format, such as PDF.

If providing the information would adversely affect the rights and freedoms of others, we may refuse to disclose certain personal data. Please also note that the right of access does not mean that you always have the right to receive the actual document or file where your personal data is processed.

Right to rectification
You have the right to have inaccurate personal data corrected without undue delay. If appropriate with regards to the purpose of our processing, you also have the right to have incomplete personal data
completed, for example by providing us with supplementary information.

Right to restriction of processing
A restriction of processing means that the personal data may only be used and processed in certain limited manners, for example, in that we may only store the personal data but not process it in any other manner during the time that the restriction applies. Other use may only take place with your consent, to protect the rights of others, or for an important public interest. You have the right to request that we restrict the processing of your personal data in the following four situations:

  • If you contest the accuracy of your personal data, you have the right to request a restriction while we verify the accuracy of the personal data.
  • If the processing is unlawful and you oppose the erasure of the personal data, you can instead request that its use be restricted.
  • If we no longer need the personal data for the purposes of the processing, but you need the personal data to establish, exercise or defend against legal claims, you may request that we retain the data for that purpose only.
  • If you object to a processing of your personal data (in one of the circumstances outlined in this Privacy Policy), you have the right to request that the processing of your personal data be restricted while we verify whether our legitimate grounds for processing override your interests.

If we restrict the processing of your personal data, we are obliged to notify you before the restriction is lifted.

Right to erasure (‘right to be forgotten’)
You have the right to request the deletion of your personal data. We are obligated to delete your personal data without delay in the following cases:

  • When the personal data is no longer necessary for the purposes for which it was collected.
  • If you revoke the consent on which the processing is based and there is no other legal basis for the processing.
  • If the processing of personal data is performed for the purpose of direct marketing, and you object to the data being processed for that purpose.
  • If you object to the processing (in one of the circumstances outlined in this Privacy Policy), and there are no legitimate grounds for the processing which outweigh your interests.
  • If the personal data has been unlawfully processed. For example, if the personal data has not been processed in accordance with applicable privacy laws.
  • If the personal data must be deleted in order to comply with a legal obligation.

Please note that in certain circumstances, we may not be able to fulfil your request to have your personal data erased. We may refuse your request in whole or in part if our processing is necessary for
any of the following reasons:

  • To fulfil other important rights, such as the right freedom of expression and freedom of information.
  • To comply with legal obligations.
  • For the establishment, exercise or defence of legal claims.
  • For archiving purposes in the public interest, or for scientific, historical or statistical purposes.

Right to compensation
If you have suffered damage because your personal data has been processed unlawfully, you have the right to request compensation.

Right to lodge a complaint with IMY
If you believe that our processing of your personal data is unlawful or not carried out correctly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY). IMY is the
regulatory authority responsible for enforcing privacy laws in Sweden.

Right to object
If we are processing your personal data based on legitimate interests, you have the right to object to such processing on grounds relating to your particular situation. If so, we will no longer process the
personal data, unless we can either demonstrate compelling legitimate grounds for the processing which override your given grounds, or if we need to continue the processing for the establishment,
exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at to our processing for such marketing purposes. If so, we will no longer process your personal data for such purposes.

Right to withdraw your consent
With regards to processing carried out on the basis of consent, you have the right to withdraw your consent at any time, in which case the personal data must cease to be processed. However, the
withdrawal of your consent does not affect the lawfulness of processing based on consent performed before the withdrawal.

Right to move your personal data (“data portability”)
Automated processing (e.g. in an IT system) carried out based on your consent or on a contract, where the personal data has been collected directly from you, is covered by the right to data portability. This means that you have the right to request your personal data in a structured, commonly used and machine-readable format and, if technically feasible, have this personal data transferred directly to
another data controller.

How to Exercise Your Rights

You are always welcome to contact us with your questions or concerns about how we process your personal data, or to exercise one of your rights. All requests should be made in writing and submitted
by you personally or emailed from the email address you have registered with us to info@pausit.se.

We may ask you to confirm your identity before we begin processing a request to exercise your rights. If your request is manifestly unfounded or excessive, we may request a reasonable fee from you or
deny your request.

You can read more about your rights on The Swedish Authority for Privacy Protection’s website: www.imy.se/privatperson/dataskydd/dina-rattigheter/.

Updates to this Privacy Policy

We may update this privacy policy from time to time, e.g., if we were to process your personal data for new purposes, collect additional data or share your data with new recipients. The latest version of the privacy policy is always published on app.pausitcoach.com.

Revision history
2023-06-29 First version
2024-03-28 Second version
2024-04-04 Third version
2025-02-25 Fourth version