Privacy Policy

Privacy Policy Statement Skadefri

The CEO is responsible for the processing of personal data at the Norwegian School of Sport Sciences (NIH), and thus also at Skadefri. Daily follow-up responsibility is further delegated to Skadefri at NIH/Oslo Sports Trauma Research Center.

NIH is responsible for the processing of personal data for the Skadefri app.

All our forms are designed so that we only request relevant personal data for the purpose of the form.

We retain your personal data for as long as they are relevant to our professional relationship with you, or until you explicitly instruct us at skadefri@nih.no to delete or correct them.

The purpose of the information is to enable the user to create their own user account, thereby creating, saving, and sharing their own training programs despite app upgrades.

We will only use the information for internal analysis.

Only NIH/Skadefri employees have access to the personal data we collect. NoA Ignite and subcontractor AppShack have access to data if necessary, for service operation and security. We do not disclose your personal data to third-party users.

Privacy Statement

The privacy statement complies with the requirements set forth in the General Data Protection Regulation (GDPR) Articles 12-15.

The General Data Protection Regulation is the EU's new legislation on data privacy, applicable throughout the EU/EEA since May 25, 2018, and in Norway since July 2018.

Personal data refers to any information or assessment that can be linked to you as an individual, either directly or indirectly. For NIH/Skadefri to use (register, collect, disclose, etc.) personal data about you, we must have a legal basis as specified by law.

What is a privacy statement?

A privacy statement describes which personal data are processed, how they are processed, who is responsible for the processing, what rights you have, and who you can contact regarding your personal data. Skadefri/NIH processes personal data:

1. About you as a user (only name and email).

- The data processor processes the following personal data on behalf of the data controller in connection with the operation of the central services for the Skadefri app:

- Email address: Used for user authentication and to send emails to registered users; stored on the user's mobile device and in the backend service.

- Name: Stored on the user's mobile device and in the backend service.

- IP address: Processed by the hosting provider to provide hosting services (Amazon AWS at a Swedish data center).

- Device information: Processed by the hosting provider to provide hosting services (Amazon AWS at a Swedish data center).

These data are not considered sensitive. They are directly identifiable. The personal data concern the following registered users of the app.

2. Information on where you as a user can address questions about the processing or exercise your rights:

You can contact NIH, email: skadefri@nih.no

General

All processing by Skadefri/NIH shall comply with applicable laws and regulations. Skadefri/NIH shall not process personal data to a greater extent than necessary to fulfill Skadefri's purpose, which is knowledge dissemination. Skadefri/NIH shall ensure that processing is based on a legal basis as specified by law, whether it is consent, compliance with law/regulation, or if processing is necessary to perform.

Skadefri/NIH shall, in processing personal data of individuals, ensure that the processing of personal data constitutes the least possible intrusion for the data subject, and that no more information about the individual is used or stored longer than necessary, pursuant to the requirement of data minimization.

Secure procedures for handling personal and sensitive user data:

• Operation of the backend service on Amazon AWS in Sweden, with physical and digital security managed by Amazon.
• Encryption of stored and transmitted data in accordance with AWS256 standard.
• Data backup using standard Amazon services.
• Authentication protection for API and administrative access to ensure that the data is only accessible to registered users or designated personnel.
• Logging of access to the system, including access to personal data and the nature of processing activities performed.

User Rights

Developer's data retention and deletion policies:

• Data retention: User data is retained only for the time necessary to provide the app's services.
• Data deletion: Upon account deletion or at the user's request, personal data is securely deleted within 30 days, including backups.

Contact NIH if you have any questions about the processing.