Definitions and partners
Challengize is developed by Egetto AB (556920-3945) and is below called ”Challengize”. A digital health initiative is called a ”Challenge”. A participant in a Challenge is called a “User”. The company counterpart purchasing Challengize is called the “Client”. The Challengize web application is called the “Website”. The Challengize mobile application is called the “app”.
Challengize with address Egetto AB, c/o Roman, Edsbäcksvägen 46, 19135 Sollentuna, Sweden (visiting address) is responsible for the personal data and handling of it.
At Challengize we care about your personal integrity and strive to always protect your personal data in the best way possible. At Challengize it is our goal to follow all current rules and regulations for personal data protection.
What personal data is collected and how is it used?
Challengize will handle the personal data a User leaves, or has left, or been collected through the Website using cookies in order to administer the User’s participation in a Challenge.
The personal data that Challengize will collect and handle about a User is (name, e-mail, gender, length, weight and age), the User’s answers to the Challengize health survey at three different occasions (beginning, middle and end of each Challenge) along with data about completed activities registered directly on the Website, using the Challengize-App or via a third party app such as Endomondo, Runkeeper, Strava etc. (type of activity, time, distance, start time, finish time, altitude, cadens and calorie consumption).
The data is used to calculate the Users personal amount of Challenge Points using the algorithm developed by Challengize. Personal data about length, weight, age and gender are not visible to either the User, the User’s friends, the Client or Challengize employees.
The data collected is used to present and show the User’s current status in the Client Challenge on a user-, team-, and unit level in the dashboard along with widgets like ME, My Activities, Mini-challenges etc.
The data is used to create a Health Points report to the Client after each finished Challenge. The Health data is never presented on an individual level. The Health data is only presented on a team level if a minimum of 6 Users in that team have answered the questions.
The data in regards to name and e-mail are used in order to send the User information in connection with the Clients Challenge and includes welcome emails, digital health tips, automatic status emails, information about competitions, races, results of the Challenge etc. The User can refrain from receiving these e-mails and notifications by unmarking automatic weekly emails under their profile page on the website and by unsubscribing to any of the other e-mails sent.
The data will be handled within EU and can be presented both inside and outside of the EU. The data Is handled and stored in Sweden and will be presented in the application in all the countries where the Client has participating teams and users, therefore both inside and outside the EU if necessary.
How do we protect your personal data?
I order to keep the personal data we collect secure we have taken several security measures:
The data is stored on virtual servers with high security level based in Stockholm, Sweden, using supplier Glesys. For more information on Glesys visit www.glesys.se
We have implemented security routines and both technical and organisational measures to secure and protect your personal data such as certification for secure websites. Further there are the necessary encryptions, firewalls and antivirus programs in place to protect and prevent from unauthorized access.
Access to the personal data is limited to a few employees with a unique login required.
The Website uses SSL (Secure Socket Layer) which is a protocol for secure transition of data over the internet.
In cases when the Clients Challenge requires an external payment solution we co-operate with highly accredited Stripe. Read more about Stripe and their security measures on https://stripe.com/
How long is my personal data stored?
The personal data is stored per default for 3 months where after it is either deleted in its entirety or anonymised by the User’s name and e-mail removed.
Exceptions can med made if the Client plans a future Challenge and has requested that the Users remain in order to simplify the registration process of the upcoming Challenge.
When the contract between the Client and Challengize has expired all personal data will be removed within 3 months from the finished Challenge.
Access to, updating of and correction of you personal data.
At each new Challenge the User can update the Users personal data. If a User want to update the information at any other time it can be easily done by contacting Challengize Customer Service via e-mail on email@example.com
If a User wants to be completely deleted and thereby terminate his/her account with Challengize it can be easily done by contacting Challengize Customer Service via e-mail on firstname.lastname@example.org
If the User wants to take part of his/her personal data it can be easily done by contacting Challengize Customer Service via e-mail on email@example.com
External links and partners
As a User of Challengize you can connect a third-party app for registration of activities. Information from Challengize may also include links to third-party websites. This policy is only for the Challengize website, app and Challengize e-mails. When linking to an external website you should read that site’s personal data policy. Challengize cannot be held responsible for other websites or third-party app’s handling of the Users personal data.’
Third party suppliers
The following third-party suppliers are used and for what purpose.
Mailchimp: e-mail based communication with the users in welcome email, health tips, weekly summary mails etc are sent using Mailchimp. Read more about their GDPR policy here: https://mailchimp.com/gdpr/
OneSignal: app based communication with the users such as push notifications, in-app messages etc are sent using OneSignal. Read more about their GDPR policy here: https://onesignal.com/privacy
Dropbox: information about clients and challenges such as contact person, dates, anonymized back-ups and challenge data such as time, distance etc is stored using Dropbox Business with password protection. Read more about their GDPR policy here: https://www.dropbox.com/security/GDPR
Hubspot CRM: information about clients and contact persons such as name, e-mail, phone number etc are stored in Hubspot CRM. Read more about their GDPR policy here: https://www.hubspot.com/data-privacy/gdpr
Stripe: Stripe Payment is the payment solution that can be connected to a challenge to handle registration and payment. Read more about their GDPR policy here: https://stripe.com/en-se/guides/general-data-protection-regulation
Changes in the personal data policy
Challengize has the right to amend the personal data policy at any time if needed to remedy interference or fulfil new legal or technical requirements. All changes to the policy will be published on the Challengize Website.
The Personal Data Policy has been updated on 2021-01-07