Privacy Policy
Introduction
Overskudd AS (in the following “Overskudd”, “us”, “we”, or “our”) operate the overskudd.com, overskudd.net, overskudd.eu and overskudd.no websites, along with the Overskudd mobile application(s), any software embedded on Overskudd measurement devices, and any other features, content, web pages or application offered in connection therewith (collectively, the “Services”). This Privacy Policy covers our treatment of your personal data collected when you use these Services.
By using or accessing the Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you agree in particular to the collection, use, and disclosure of your information in the ways described herein.
Your use of Overskudd’s Services is at all times subject to the separate License Agrement at https://english.overskudd.no/LicenseAgreement.aspx. Any terms used in this Privacy Policy without definition have the definitions given to them in the License Agrement.
Changes to this Privacy Policy
Occasional changes to this Privacy Policy might be necessary. Overskudd will alert you to such changes through notices on the Overskudd website, a notice through the Services, by email,messaging services and/or by other means. Your use of any of the Services after any changes to the Privacy Policy have been posted means that you accept all of the changes. Use of information we collect is subject to the Privacy Policy in effect at the time such information is collected.
Transfers of Personal Data
The Services are hosted and operated in the European Union (“EU”) and in Norway, and if you do not reside in the EU or in Norway the privacy laws governing data in Overskudd may be different from the privacy laws where you reside. By using the Services you consent to the transfer of your data to EU and Norway, and acknowledge and accept that Overskudd will store and process your personal data in the EU and in Norway.
Your personal data is only visible to a) other people with whom you have explicitly shared your data and b) selected Overskudd personnel ( to assist you, identify and resolve problems with the use of our Services, improve the Services and to quality control and verify data)
Data collected and used by Overskudd
When registering for our Services we ask you to provide certain personal data, including but not limited to:
First and last name
Email address
Mobile phone number
Date of birth
Height and weight
Gender
Physical activity level
When using a sensor with our Services, you automatically provide the following personal and health-related data to Overskudd:
Heart rate data
Heart rate variability data
Motion data, such as accelerometer, gyrometer and magnetometer data
Activities, such as sleep or training, including duration of those activities. This includes both activities detected by Overskudd from your data and activities specified by you.
Other sensor data when enabled by you or for you, such as ECG signal.
When using any of the Services from the app or via a web site, we automatically collect the following information:
IP address
Device identification
Web browser information
Page or feature you accessed
Other log data, such as processing times and hardware/software information
Geolocation information
Cookies
Cookies and other tracking technologies like web beacons, pixel tags, and SDKs (collectively “Cookies”) are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website, stored on your device and used to collect and track information and to improve and analyze our Services.
Essential cookies - Overskudd uses cookies to enable you to log into secure areas within our Services and to access your data and the analysis results of those data. Disabling these cookies will remove your ability to use our Service.
Performance and Analytical cookies - These allow us to understand how our users use our Services. Information from these cookies is used internally to improve the Services. Disabling these cookies will not impact your ability to use the Services.
Grounds for Processing Personal Data
Overskudd only processes personal data where there is a lawful basis for doing so. Lawful bases include consent, contractual necessity, and the legitimate interest of Overskudd and/or you.
Contractual Necessity - We need to process the following data to provide the Services to you:
Names
Email address
Mobile phone number
Date of birth
Height and weight
Gender
Physical activity level
Heart rate data and Heart rate variability data
Motion data, such as accelerometer, gyrometer and magnetometer data
Some activity types, such as sleep, including duration
Other sensor data when explicitly enabled by you, or when enabled by Overskudd on your request, such as ECG signal, GPS, Location data and other data from devices controlled by you.
Your comments, tags or other media associated with the measurements
Any survey or test provided as part of the Services
We will from time to time contact by email and/or messaging services to make sure your personal information is correct, to make sure you have updated information about our services available and to encourage you to in your quest you improve your health and performance. Please close your account of you do not want to receive such communication.
Legitimate Interest - We process the following categories of personal data when we believe it furthers the legitimate interest of Overskudd or you.:
IP address
Device identification
Web browser information
Page or feature you accessed
Other log data, such as processing times and hardware/software information
Consent - We process personal data based as described in the Terms and Conditions on the consent you expressly grant by accepting those Terms and Conditions.
With Whom We Share Your Personal Data
We may share personal data with third party service providers and agents who work on our behalf and provide us with services related to the purposes described in this Privacy Policy or our Terms of Use.
We also share your personal data with other users and third-party services when this is requested by you.
We also share personal data when we believe it is necessary to:
Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
Protect us, our business or our users, for example to enforce our terms of use, prevent spam or other unwanted communications and investigate or protect against fraud
Maintain the security of our products and services
Furthermore, if Overskudd were to be acquired or sold, entirely or in parts, or if we go out of business or file for bankruptcy, user information is typically one of the business assets that is acquired by others. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your personal data as described in this Privacy Policy.
Use of Data
We retain personal identifiable data about you for as long as you have a user account with us or as otherwise necessary to provide you Services. In all cases, we retain your personal data for longer to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We continue to use data in depersonalised form after account deletion as part of statistics and to improve our algorithms.
Security Measures
Overskudd seeks to protect your personal data using the appropriate technical and organizational measures. The Overskudd software and its access controls are designed and developed using world class technologies and competencies. The servers that host and process your data are physically secured and logically secured from the outside internet. Only authorized employees who have a legitimate and approved reason for accessing personal data have access to the data.
Your Rights Regarding Your Personal Data
You have certain rights with respect to your personal data, such as expressed by the EU GDPR legislation. For more information about these rights, or to submit a request, please email privacy@overskudd.no. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision.
Access - You can access most of your personal data through our Services. You can request more information about the personal data we hold about you and request a copy of such data.
Rectification - If you believe that any personal data we are holding about you is incorrect or incomplete, you can correct most of that data directly in our Services. If you believe that we are holding incorrect or incomplete data that is not visible to you in our Services, you can request that we correct or supplement such data.
Erasure - You can request that we erase your personal data from our systems. Then your account and all data that can be used to identify you personally will be deleted.
We may continue to use measurement data in depersonalised form after account deletion as part of statistics and to improve our algorithms.
Withdrawal of Consent - If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. You can also do this online while logged into some of our Services. Please note, however, that such withdrawal of consent will render you unable to use our Services.
Portability - You can ask for a copy of the personal data collected by Overskudd in a machine-readable format.
Right to File Complaint - You have the right to lodge a complaint about Overskudd’s practices with respect to your personal data with the supervisory authority of your country or EU member state.
Questions and Contact
If you have any questions about this Privacy Policy or our data practices generally, please contact us using the following information:
Overskudd AS
Attn: Data Protection Officer
Filipstad brygge 1
0250 Oslo
Norway
Email: privacy@overskudd.no