PRIVACY POLICY

MediYoga Online
2022

Please see the standard Apple Terms of Use (EULA) here; https://www.apple.com/legal/internet-services/itunes/dev/stdeula/

1. INTRODUCTION

At MediYoga Online we protect your privacy and always strive to maintain a high level of data protection (e.g. we would never sell your personal data to another company). This privacy policy explains how we collect and use your personal information. It also describes your rights and how you can enforce them. It is important that you take note of and understand our privacy policy and feel safe in our processing of your personal data. If you have any questions, you are always welcome to contact us (hello@mediyoga.se). Using the table of contents below, you can easily navigate to the sections that are of particular interest to you.

The privacy policy has three purposes:

1. Explain how we use the information you share with us so that we can offer the very best service and give you a fantastic experience with it;
2. Ensure that you understand what information we collect and what we do – and do not do – with it;
3. Hold us accountable for protecting your rights and privacy under the policy.

All information we collect is linked to the provision of the MediYoga Online service and its functions.

Below we have formulated a table of contents, so that you can easily navigate and find the questions that interest you:

TABLE OF CONTENTS

1. What is personal data and what is processing of personal data?
2. Who is responsible for the personal data we collect?
3. What is your relationship with MediYoga Online?
4. How do we define different categories and personal data?
5. What personal information do we collect about you and why (for what purpose)?
6. From what sources do we collect your personal information?
7. What information do you share when using MediYoga Online?
8. Who can we share your personal information with?
9. Where do we process your personal data?
10. How long do we store your personal information?
11. What are your registered rights?
12. What are cookies and how do we use them?
13. How do we protect your personal information?
14. What does it mean that the Data Inspectorate is a supervisory authority?
15. How do you contact us most easily with questions about data protection?
16. Changes to the privacy policy

1. What is personal data and what is processing of personal data?

Personal data is any kind of data and/or information that can be directly or indirectly attributed to a physical person who is alive. For example, images and sound recordings that are processed on a computer can be personal data even if no names are mentioned. Encrypted data and various types of electronic identities (eg IP numbers) are personal data if they can be linked to physical persons. Processing of personal data is everything that happens with the personal data. Every action taken with personal data constitutes a processing, regardless of whether it is performed automatically or not. Examples of common treatments are collection, registration, organization, structuring, storage, processing, transfer and deletion.

2. Who is responsible for the personal data we collect?

MediYoga Online Sweden AB org.nr. 556977-5943 (hereinafter “MediYoga Online”), with postal and visiting address at MediYoga Online Sweden AB Gröna vägen 10, 313 32 OSKARSTRÖM

3. What is your relationship with MediYoga Online?

What is your relationship with MediYoga Online? Below we clearly define what different types of relationship you can have with us.

Your relationship with us and how we define it

Member
When you create an account with MediYoga Online. You can be an active, inactive, paying and / or non-paying member. As a member, you are also automatically defined as a user and visitor.

User
When you have signed up to receive our newsletter, event, made a booking request, filled in a survey and / or otherwise made an active choice to accept our Terms of Use.

Visitor
When you visit MediYoga Online or another URL owned by MediYoga Online but not yet a member or user.

Customer
When you choose to make a purchase of a product or service with MediYoga Online or a subcontractor and at the same time can not be defined as a member or user.

4. How do we define different categories and personal data?

To make it easy, transparent and clear for you to understand what we mean by different words and categories in our policy, we collect them here.

Account information
Account ID, email address, password, name, status, membership form (subscription type), start date, etc.

Address information
Name

Profile information
Name shown

Profile settings
Settings regarding your profile and personal choices. 

User-generated data
Favorites, things you actively follow, playlists you create, data you upload, pages you link yourself to, etc.

User content
The User Content (as defined in the Terms of Use) that you contribute to the service, including messages that you send and / or receive via the service

Technical information
URL information, cookie data, your IP address, the types of devices you use to access or connect to the MediYoga Online service, unique device ID, network and device performance, browser type, language, information which enables the management of digital rights, operating systems and the MediYoga Online application version

Interaction information
How you have used the service, login method, where and for how long different pages are visited, videos you have seen, playlists you have seen / created / followed, other audiovisual content, which MediYoga Online members you follow.

Payment information
Transaction date and history, amount, VAT, payment method, subscription period

Mobile subscription information
Phone number

Communication
Content in all your communication with us. Such as surveys, forms, social media, customer service.

Purchase information
All information required for you to be able to buy services or products at MediYoga Online.

Deidentified content
Content anonymised. Ie. cannot be linked to a unique individual.

5. What personal information do we collect about you and why (what purpose)?

At MediYoga Online, you can fall into four main categories: Member, user, visitor and / or customer. See definitions under point 3 above. Depending on our relationship, the reason why, what and for how long we collect your information varies. We tell you more about this here:

5.1.

Purpose: To be able to create your profile as a member

Processes performed: The creation of a login function, ensuring your identity, maintaining correct and up-to-date information and the ability to save and manage your personal information.

Categories of personal data: Account data, profile data, profile settings, user-generated data, technical data, payment information, mobile subscription data.

Legal basis: Agreement. The treatment is necessary to meet the general conditions of service.

5.2.

Purpose: For you as a Member to be able to use our Service

Processing performed: We use your personal data to be able to provide the service, e.g. features, customized and / or personalized content, recommendations, managing payments and preventing or detecting fraud.

• The creation of a content that is personalized for you, e.g. through relevant video and playlist recommendations, product recommendations, product descriptions (Ex. favorites / follow) and other similar measures that simplify things for you, such as being able to see previously seen or unfinished sequences.
• Generating statistics for your individual follow-up and enabling you to set or follow set goals with your training.

• Other personal communication based on your membership behavior.

Categories of personal data: Account data, profile data, profile settings, user-generated data, user information, health data, interaction information, technical data, payment information, mobile subscription data and communication.

Legal basis: Agreement, the processing is necessary to meet our Terms of use.

5.3.

Purpose: For you as a User or Customer to be able to interact with parts of our Service.

Processing performed: We use your personal data to be able to provide the service, e.g. functions, customized and / or personalized content based on how you use the service, recommendations and to prevent or detect fraud.

Categories of personal data: mobile subscription and account data as well as user-generated data, interaction information, payment information, technical data and communication.

Legal basis: Agreement

5.4.

Purpose: For you as a Visitor to be able to interact with parts of our Service.

Treatments performed: We use your technical information and interaction information to be able to adapt your experience in the Service and be able to direct relevant communication to you.

• Analysis of the data we collect for the purpose. Based on the information we collect (eg user history, statistics, purchase and click history), we perform an analysis at the individual level. The insights from the analysis form the basis for our communication with you and what offers, benefits and information are presented to you in our and others’ channels.

Categories of personal data: User content, interaction information and technical data.

Legal basis: Legitimate interest.

5.5.

Purpose: To enable us to evaluate, develop, adapt and improve our service, whether you are a Member, User, Visitor or Customer

Treatments performed based on your relationship with us and the extent to which you use the Service: We use your information to be able to provide the service, e.g. functions, customized and / or personalized / individualized content based on how you use the service, recommendations and to prevent or detect fraud.

Categories of personal data: Account data, profile data, profile settings, user-generated data, user information, interaction information, technical data, payment information, mobile subscription data and communication.

Legal basis: Legitimate interest.

5.6

Purpose: To be able to communicate with you for advertising purposes

Treatments performed:

• For example. Identification
• Communication via targeted newsletters
• Communication via directed automatic e-mails
• Communication via targeted ads on social media
• Communication via targeted ads in digital media

Categories of personal data: Account data, profile data, profile settings, user-generated data, user information, interaction information, technical data, payment information, mobile subscription data and communication.

Legal basis: Legitimate interest.

5.7.

Purpose: To communicate with you

Treatments performed:

• Communication and answering any questions to customer service (by phone or in digital channels, including social media).
• Identification.
• Investigation of any complaints and support matters (including technical support).

Categories of personal data: Account data, profile data, profile settings, user-generated data, user information, health data, interaction information, technical data, payment information, mobile subscription data and communication.

Legal basis: Legitimate interest and agreement

Storage period: As long as a customer relationship exists.

5.8.

Purpose: To be able to fulfill the company’s legal obligations

Treatments performed: Necessary handling to fulfill the company’s legal obligations according to legal requirements, judgments or government decisions (eg the Accounting Act or the rules on product liability and product safety, which may require the production of communication and information to the public about product recalls in the event of a defective or hazardous product ).

Categories of personal information: Account information, profile information, profile settings, user-generated information, user information, health data, interaction information, technical information, payment information, purchase information, mobile subscription information and communication.

Legal basis: Legal obligation. This processing of your personal data is required by law.

5.9

Purpose: To enable us to evaluate, develop, adapt and improve our service, products and systems whether you are a Member, User, Visitor or Customer

Treatments performed based on your relationship with us and the extent to which you use the Service:

• Adapting services to become more user-friendly (eg changing the user interface to simplify the flow of information or to highlight features that are often used by members / customers in our digital channels).
• Production of data to develop and improve our range of video material and other content.
• Production of data to develop and improve our assortment of products.
• Give our customers the opportunity to influence our assortment.
• Production of data to improve IT systems in order to generally increase security for the company and our members / visitors / customers.
• Analysis of the data we collect for the purpose.
• Based on the information we collect (eg user history, statistics, purchase and click history), we perform an analysis at the individual level. The insights from the analysis form the basis for our communication with you and what offers, benefits and information are presented to you in our and others’ channels.
• Analysis of your data. An analysis at the individual level that can result in you being sorted into a so-called segment and / or get a unique experience. The insights from the analysis form the basis for your personal offers and customized benefits, etc. Depending on your relationship with MediYoga Online, you can get different benefits and offers.

Categories of personal information: Account information, profile information, profile settings, user-generated information, user information, health data, interaction information, technical information, payment information, purchase information, mobile subscription information and communication.

Legal basis: Legitimate interest.

5.10.

Purpose: To be able to prevent misuse of a service or to prevent and investigate crimes against the company.

Treatments performed:

• Prevention of spam, phishing, harassment, attempted illegal login to user accounts or other measures prohibited by law or our terms of purchase, use or service.
• Protection and improvement of our IT environment against attacks and intrusions.

Categories of personal information: Account information, address information, profile information, profile settings, user-generated information, user information, health data, interaction information, technical information, payment information, purchase information, mobile subscription information and communication.

Legal basis: Fulfillment of legal obligation (if any) or legitimate interest. If there is no legal obligation, the processing is necessary to satisfy our legitimate interest in preventing the misuse of a service or to prevent and investigate crimes against the company.

5.11. Sharing of your personal information

Other companies in the MediYoga Online Group
We share your personal information with other MediYoga Online Group companies in order to carry out our daily operations and to enable us to maintain and provide the service and our operations in the sale of products and experiences.

Police and data protection authorities
We share your personal information when we believe in good faith that it is necessary for us to do so in order to fulfill a legal obligation under applicable law, or respond to a valid legal process, such as a search warrant, a court decision or a lawsuit. We also share your personal information when we believe in good faith that it is necessary for our own or third parties’ legitimate interests relating to national security, law enforcement, litigation, criminal investigations, to protect someone’s security, or to prevent death or imminent bodily injury, provided that we believe that such an interest exceeds your interests or fundamental rights and freedoms that require the protection of your personal data.

Buyer of our business
We share your personal information in cases where we sell or negotiate to sell our company to a buyer or to potential buyers. In this situation, MediYoga Online continues to ensure the confidentiality of your personal information and notifies you before your personal information is transferred to the buyer or is subject to another privacy policy.

6. From what sources do we collect your personal information?

In addition to the information you provide to us, or which we collect from you based on your purchases and how you use our services, we may also collect personal information from someone else (so-called third party). The information we collect from third parties is the following: 1) Address information from public registers, such as SPAR to be sure that we have the correct address information for you. 2) Credit rating information from credit rating agencies, banks or information companies.

7. What information do you share when using MediYoga Online?

7.1. Information sharing performed by you

The MediYoga Online service is an interactive service that offers many ways to find, take part of and share content. We encourage you to take advantage of these interactive features with others on the Service.

You decide what information you want to make public, and what you want to keep private. Public information is available to MediYoga Online members or other logged in users, while private information is only available to You and MediYoga Online. Below is what information is standard, ie the information that is public versus private.

Public information:

• Your name and / or username

Private information:

• Content you favorite (“Favorites”)
• Playlists that you follow
• Playlists that you have created
• Users you follow
• Content you have saved (see “Offline”)

7.2. Customer support

When you send an email to our employees, customer support, or Customer Care manager, this information is saved by us in the e-mail client and CRM system.

8. Who can we share your personal information with?

8.1. Personal data assistants

In cases where it is necessary for us to be able to offer our services, we share your personal information with companies that are so-called personal data assistants for us. A personal data assistant is a company that processes the information on our behalf and according to our instructions. We have personal data assistants who help us with:

• Payment solutions (card redeeming companies, banks and other payment service providers).
• IT services (companies that handle the necessary operation, technical support and maintenance of our IT solutions).
• Analysis Services (companies that handle the analysis of our data. If a third party processes user data on our behalf (eg a hosting provider), it is bound by security and confidentiality requirements that comply with this Privacy Policy and applicable law).
• MediYoga Online partners. If you access the MediYoga Online Service through an offer you have received or purchased from a third party, such as your yoga teacher, coach, caregiver, physician, therapist or employer, we may also share unidentified information about your use of the MediYoga Online Service with the third party, for example if and to what extent you have taken advantage of the offer, activated a MediYoga Online account or actively used the Service. In order to share personal information with a partner, you must first approve the sharing. This is relevant for collaboration with healthcare in the future within the framework of digital health and support for you in self-care and the like.

 

When your personal data is shared with personal data assistants, it is only for purposes that are compatible with the purposes for which we have collected the information (e.g. to be able to fulfill our obligations under the purchase agreement or our Terms of use). We check all personal data assistants to ensure that they can provide adequate guarantees regarding the security and confidentiality of personal data. We have cooperation agreements with all personal data assistants through which they guarantee the security of the personal data processed and undertake to comply with our security requirements as well as restrictions and requirements regarding international transfer of personal data.

8.2. Companies that are independently responsible for personal data

We also share your personal data with certain companies that are independently responsible for personal data. The fact that the company is independently responsible for personal data means that we are not in control of how the information provided to the company is to be processed. Independent personal data controllers with whom we share your personal data are:

• State authorities (police, tax authorities or other authorities) if we are obliged to do so by law or in case of suspicion of crime.
• Companies that handle general goods transport (logistics companies and freight forwarders).
• Companies that offer payment solutions (card redeeming companies, banks and other payment service providers).

When your personal data is shared with a company that is independently responsible for personal data, that company’s privacy policy and personal data management apply.

8.3. Other division

In addition to what is mentioned above, we may also share your information with third parties for these limited purposes:

• to permit a merger, acquisition or sale of all or part of our assets,
• for defense in legal proceedings (eg a court decision or lawsuit), if we in good faith deem it necessary; to meet the requirements of mandatory applicable law; to protect the safety of any person; to protect MediYoga Online’s rights and property, including to enforce the Terms of Use and other terms you have accepted, and to deal with fraud, security or technical issues,
• with academic researchers for purposes such as statistical analysis and academic studies, but only in deidentified format,
• to publish deidentified or aggregated information about the use of the MediYoga Online service, and
• to allow other companies in the MediYoga Online Group to use your information in the manner set out in this Privacy Policy.

9. Where do we process your personal data?

We always strive for your personal data to be processed within the EU / EEA and all our own IT systems are located within the EU / EEA. In the case of systemic support and maintenance, however, we may have to transfer the information to a country outside the EU / EEA, e.g. if we share your personal data with a personal data assistant who, either himself or through a subcontractor, is established or stores information in a country outside the EU / EEA. In these cases, the assistant may only access the information that is relevant to the purpose (eg log files). Regardless of the country in which your personal data is processed, we take all reasonable legal, technical and organizational measures to ensure that the level of protection is the same as within the EU / EEA. In cases where personal data is processed outside the EU / EEA, the level of protection is guaranteed either through a decision by the EU Commission that the country in question ensures an adequate level of protection or through the use of so-called appropriate protective measures. Examples of appropriate protection measures are an approved code of conduct in the recipient country, standard contract clauses, binding internal company rules or the Privacy Shield. If you would like a copy of the protective measures that have been taken or information on where these have been made available, you are welcome to contact us.

10. How long do we store your personal information?

We retain your personal information only for as long as is necessary to provide you with the MediYoga Online service and for legitimate and important purposes, such as maintenance of the service, computerized decisions about new functions and solutions, fulfillment of our legal obligations and resolution of disputes.

At your request, we delete or anonymize your personal information so that it no longer identifies you, unless we are legally entitled or obliged to maintain certain personal information, including in the following situations:

• if there is an unresolved issue with your account, e.g. outstanding payments to your account or unresolved claims or disputes, we store the necessary personal information until the problem has been resolved
• if we have to store the personal data for our legal, tax, auditing and accounting obligations, we store the necessary personal data during the period of time enforced in applicable law
• if it is necessary for our legitimate business interests, e.g. to prevent fraud or maintain the security of our users.

11. What are your registered rights?

11.1. Right of access (so-called register extract).

We are always open and transparent with how we process your personal data and if you want to get a deeper insight into which personal data we process about you, you can request access to the data (the information is provided in the form of a register extract with purpose, categories of personal data, categories of recipients, storage periods, information on where the information was collected and the existence of automated decision-making). Keep in mind that if we receive a request for access, we may ask for additional information to ensure efficient handling of your request and that the information is provided to the right person.

11.2. Right to rectification.

You can request that your personal information be corrected if the information is incorrect. Within the framework of the stated purpose, you also have the right to supplement any incomplete personal data. Keep in mind that you as a member of MediYoga Online can change certain tasks directly via My settings.

11.3. Right to delete.

You can request deletion of personally identifiable information we process about you if:

• The data are no longer necessary for the purposes for which they were collected or processed.
• You object to a balance of interests we have made based on legitimate interest and your reason for objection outweighs our legitimate interest.
• You object to processing for direct marketing purposes.
• Personal data is processed illegally.
• Personal data must be deleted in order to fulfill a legal obligation to which we are subject.
• Personal data has been collected about a child (under the age of 18) for whom you have parental responsibility and the collection has taken place in connection with the provision of information society services (eg social media).

 

Please note that we may have the right to deny your request if there are legal obligations that prevent us from immediately deleting certain personal data. These obligations come from accounting and tax legislation, banking and money laundering legislation, but also from consumer law legislation. It may also be that the processing is necessary for us to be able to establish, assert or defend legal claims. Should we be prevented from meeting a request for deletion, we will instead block the personal data from being used for purposes other than the purpose that prevents the requested deletion.

11.4. Right to restriction.

You have the right to request that our processing of your personal data be restricted. If you dispute that the personal data we process is correct, you can request a limited processing for the time we need to check whether the personal data is correct. If we no longer need the personal data for the stated purposes, but you do need them to be able to establish, assert or defend legal claims, you can request limited processing of the data from us. This means that you can request that we not delete your information.

If you have objected to a balance of interests of legitimate interest that we have made as a legal basis for a purpose, you can request limited processing for the time we need to check whether our legitimate interests outweigh your interests in having the data deleted.

If the processing has been restricted according to any of the situations above, we may only, in addition to the actual storage, process the data to establish, assert or defend legal claims, to protect someone else’s rights or if you have given your consent.

11.5. The right to object to a certain type of treatment.

You always have the right to avoid direct marketing and to object to any processing of personal data based on a balance of interests.

11.6 Right to data portability.

You have the right to request a copy of your account information, address information and profile information in electronic format and the right to transfer this customer information for use to another party’s services.

11.7 The right not to be subject to automated decision-making.

You have the right not to be subject to any decisions based solely on automated decision-making, including profiling, where the decision would have a legal or similar effect on you.

11.8. Legitimate interest.

In cases where we use a balance of interests as a legal basis for a purpose, you have the opportunity to object to the processing. In order to continue to process your personal data after such an objection, we need to be able to show a compelling justified reason for the processing in question that outweighs your interests, rights or freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims.

11.9. Direct marketing (including analyzes performed for direct marketing purposes)

You have the opportunity to object to your personal data being processed for direct marketing. The objection also includes the analyzes of personal data (so-called profiling) that are performed for direct marketing purposes. Direct marketing refers to all types of outreach marketing measures (eg via mail, e-mail and SMS). Marketing measures where you as a customer have actively chosen to use one of our services or otherwise sought us out to find out more about our services do not count as direct marketing (eg video recommendations, product recommendations or other functions and offers on My pages).

If you object to direct marketing, we will discontinue the processing of your personal data for that purpose as well as discontinue all types of direct marketing measures.

Remember that you always have the opportunity to influence which channels we will use for mailings and personal offers. For example. you can choose to only receive offers from us via e-mail, but not sms. In that case, you should not object to the processing of personal data as such, but instead limit our communication channels (by changing the settings on My pages or contact customer service).

11.10 Right to data portability.

If our right to process your personal data is based either on your consent or fulfillment of an agreement with you, you have the right to request that the data concerning you and which you have provided to us be transferred to another personal data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically possible and can be automated.

12. What are cookies and how do we use them?

12.1 What are cookies and other technology?

A cookie is a small text file that is stored on your computer, mobile phone or other device when you visit a website. The cookie helps website providers recognize your device the next time you visit their website. There are other similar techniques such as pixel tags (transparent graphic images placed on a web page or in an e-mail message, which indicate that a page or e-mail has been displayed), so-called web bugs (similar to pixel tags) and web storage, which are used in software on computers or mobile devices.

There are also technologies such as mobile device identifiers and SDK integrations that help companies recognize your device when you return to an app or otherwise use a service.

12.2 How we use cookies and other technology

We use the following types of cookies for the purposes described below:

• Session cookies (a temporary cookie that expires when you close your browser or device).
• Permanent / persistent cookies (cookies that remain on your computer until you delete them or they expire).
• First-party cookies (cookies set by the website you visit).
• Third-party cookies (cookies set by a third-party website. With us, these are primarily used for analysis, e.g. Google Analytics.).
• Similar technologies (technologies that store information in your browser or in your device in a way similar to cookies).

The cookies we use normally improve the services we offer. Some of our services need cookies to work properly, while others improve the services for you. We use cookies for overall analytical information regarding your use of our services and to save functional settings such as language and other information. We also use cookies to be able to direct relevant marketing to you.

13. How do we protect your personal information?

MediYoga Online stores your personal information in a way that is compatible with security standards in the industry. MediYoga Online has implemented appropriate technical, organizational and administrative systems, policies and procedures to promote the security, integrity and confidentiality of your Content and to reduce the risk of unauthorized access to or use of your Content. Access to the spaces where personal data is stored is limited and it is required that employees are identified for access.

14. What does it mean that Datainspektionen is a supervisory authority?

Datainspektionen is the authority responsible for monitoring the application of the legislation, and anyone who believes that a company is handling personal data incorrectly can submit a complaint to the Datainspektionen.

15. How do you contact us most easily with questions about data protection?

You can review and change much of the information we store about you through your account and your profile pages. If you have any questions about the use of your personal information in the Service, this Privacy Policy, or information we have about you, please contact us at hello@mediyoga.se. You can also contact our personal data representative by sending a letter to MediYoga Online Sweden AB, Att: Pär Krutzén, MediYoga Online Sweden AB Gröna Vägen 10, 313 32 Oskarström. We will respond to your request within a reasonable time after confirming your identity in accordance with local law. We recommend that you include current contact information, attach documents proving your identity and provide a clear and unambiguous description of the information you request access to.

16. Changes to the privacy policy

Sometimes, at our own discretion, we may make changes to the Agreements. When we make significant changes to the Agreements, we will send you a clear notice based on what is appropriate in view of the circumstances, e.g. by displaying a clear message in the Service or by sending you an email. In some cases, we will notify you in advance, and your continued use of the Service after the changes have been made will constitute your acceptance of the changes. Therefore, please make sure that you read all such messages carefully. If you do not wish to continue using the Service in accordance with the new version of the Agreements, you may terminate your membership by emailing us at hello@mediyoga.se