Privacy Policy

Introduction

Overskudd AS (in the following “Overskudd”, “us”, “we”, or “our”) operate the overskudd.com, overskudd.net, overskudd.eu and overskudd.no websites, along with the Overskudd mobile application(s), any software embedded on Overskudd measurement devices, and any other features, content, web pages or application offered in connection therewith (collectively, the “Services”). This Privacy Policy covers our treatment of your personal data collected when you use these Services.
By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you agree in particular to the collection, use, and disclosure of your information in the ways described herein.
Your use of Overskudd’s Services is at all times subject to the separate Terms and Conditions at https://english.overskudd.no/TermsAndConditions.aspx. Any terms used in this Privacy Policy without definition have the definitions given to them in the Terms and Conditions.

Changes to this Privacy Policy

Occasional changes to this Privacy Policy might be necessary. Overskudd will alert you to such changes through notices on the Overskudd website, a notice through the Services, by email, and/or by other means. Your use of any of the Services after any changes to the Privacy Policy have been posted means that you accept all of the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.


Transfers of Personal Data

The Services are hosted and operated in the European Union (“EU”) and in Norway, and if you do not reside in the EU or in Norway the privacy laws governing data in Overskudd may be different from the privacy laws where your reside. By using the Services you consent to the transfer of your data to EU and Norway, and acknowledge and accept that Overskudd will store and process your personal data in the EU and in Norway.


Your personal data is only visible to a) other people with whom you have explicitly shared your data and  b) selected Overskudd personnel (in order to assist you, identify and resolve problems with the use of our Services, improve the Services and to quality control and verify data)

Personal Data Collected And Used By Overskudd

When registering for our Services we ask you to provide certain personal data, including but not limited to:

  • First and last name

  • Email address

  • Mobile phone number

  • Date of birth

  • Height and weight

  • Gender

  • Physical activity level


When using the Overskudd sensor together with our Services, you automatically provide the following personal and health-related data to Overskudd:

  • Heart rate data

  • Heart rate variability data

  • Accelerometer data

  • Activities, such as sleep or training, including duration of those activities. This includes both activities detected by Overskudd from your data and activities specified by you.

  • Other sensor data when explicitly enabled by you or for you, such as ECG signal.


When using any of the Services from the app or via a web site, we automatically collect the following information:

  • IP address

  • Device identification

  • Web browser information

  • Page or feature you accessed

  • Other log data, such as processing times and hardware/software information

  • Geolocation information

Cookies

Cookies and other tracking technologies like web beacons, pixel tags, and SDKs (collectively “Cookies”) are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device, and used to collect and track information and to improve and analyze our Services.


Essential cookies - Overskudd uses cookies to enable you to log into secure areas within our Services and to access your data and the analysis results of those data. Disabling these cookies will remove your ability to use our Service.


Performance and Analytical cookies - These allow us to understand how our users use our Services. Information from these cookies are used internally to improve the Services. Disabling these cookies will not impact your ability to use the Services.


Grounds for Processing Personal Data

Overskudd only processes personal data where there is a lawful basis for doing so. Lawful bases include consent, contractual necessity, and the legitimate interest of Overskudd and/or you.


Contractual Necessity -  We need to process the following data in order to provide the Services to you:


  • First and last name

  • Email address

  • Mobile phone number

  • Date of birth

  • Height and weight

  • Gender

  • Physical activity level

  • Heart rate data

  • Heart rate variability data

  • Accelerometer data

  • Some activity types, such as sleep, including duration

  • Other sensor data when explicitly enabled by you, or when enabled by Overskudd on your request, such as ECG signal


Legitimate Interest - We process the following categories of personal data when we believe it furthers the legitimate interest of Overskudd or you.:

  • IP address

  • Device identification

  • Web browser information

  • Page or feature you accessed

  • Other log data, such as processing times and hardware/software information


Consent - We process personal data based as described in the Terms and Conditions on the consent you expressly grant by accepting those Terms and Conditions.

With Whom We Share Your Personal Data

We share personal data with third party service providers and agents who work on our behalf and provide us with services related to the purposes described in this Privacy Policy or our Terms of Use. These parties include:

  • Payment processors

  • Fraud prevention service providers

  • Analytics service providers

  • Staff and contract personnel


We also share your personal data with other users and third-party services when this is requested by you.


We also share personal data when we believe it is necessary in order to:

  • Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies

  • Protect us, our business or our users, for example to enforce our terms of use, prevent spam or other unwanted communications and investigate or protect against fraud

  • Maintain the security of our products and services


Furthermore, if Overskudd were to be acquired or sold, entirely or in parts, or if we go out of business or file for bankruptcy, user information is typically one of the business assets that is acquired by others. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your personal data as described in this Privacy Policy.

How Long We Retain Your Personal Data

We retain personal data about you for as long as you have a user account with us or as otherwise necessary to provide you Services. In all cases, we retain your personal data for longer if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. After an account deletion, we retain some information regarding usage of the system in a depersonalized form.  We continue to use this data in a depersonalized form to improve our algorithms.

Security Measures

Overskudd seeks to protect your personal data using the appropriate technical and organizational measures. The Overskudd software and its access controls are designed and developed using world class technologies and competencies. The servers that host and process your data are physically secured and logically secured from the outside internet. Only authorized employees who have a legitimate and approved reason for accessing personal data have access to the data.

Your Rights Regarding Your Personal Data

You have certain rights with respect to your personal data, such as expressed by the EU GDPR legislation. For more information about these rights, or to submit a request, please email privacy@overskudd.no. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision.


Access -  You can access most of your personal data through our Services. You can request more information about the personal data we hold about you and request a copy of such data.


Rectification - If you believe that any personal data we are holding about you is incorrect or incomplete, you can correct most of that data directly in our Services. If you believe that we are holding incorrect or incomplete data that is not visible to you in our Services, you can request that we correct or supplement such data.

 
Erasure - You can request that we erase some or all of your personal data from our systems.  


Withdrawal of Consent - If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. You can also do this online while logged into some of our Services. Please note, however, that such withdrawal of consent will render you unable to use our Services.


Portability - You can ask for a copy of the personal data collected by Overskudd in a machine-readable format. You can download all of your measurement data yourself from our Service.


Right to File Complaint - You have the right to lodge a complaint about Overskudd’s practices with respect to your personal data with the supervisory authority of your country or EU member state.

Questions and Contact

If you have any questions about this Privacy Policy or our data practices generally, please contact us using the following information:

Overskudd AS

Attn: Data Protection Officer

Holtet 45

1368 Stabekk

Norway

Email: privacy@overskudd.no