Personal data controller
For the purpose of data protection legislation including the EU General Data Protection Regulation (‘GDPR’), the data controller of your personal data is:
Sepapaja tn 6
Principles of data collection
Data collection at Swiftware OÜ is based on the following principles:
- We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
- Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
- We will collect and use personal information solely for fulfilling those purposes specified by us and for other ancillary purposes, unless we obtain the consent of the individual concerned or as required by law.
- Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.
- We will protect personal information by using reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- We will make readily available to customers information about our policies and practices relating to the management of personal information.
- We will only retain personal information for as long as necessary for the fulfilment of those purposes.
Legal basis for data processing
We will only use your information where:
- we have your consent to do so; or
- we need to process personal information to provide services under our Terms of Service; or
- we have a legitimate interest to collect data to provide and improve products and services; or
- we introduced technical measures to anonymise data collected from you (e.g. anonymisation of web traffic to our website)
- We collect your name, email address, gender, date of birth and related demographic and geographic information, if provided by you.
- You can use Cora to store health information such as vital signs, your body measurements and BMI. Depending on your usage, this information may stay entirely on your device (cloud services turned off) or may be transferred and stored in encrypted form to/on our web servers (cloud services turned on).
- We may log information about you using "cookies" in our app and on our website. Cookies are small data files stored on your hard drive by a website or app.
- We may get personal information about you from third parties.
- We automatically collect anonymized log information about you and your devices. For example, when using our platform, we log your device language, pages you view, how long you spent on a page and other usage data.
- We may also, depending on your explicit consent, collect pseudonymised and/or anonymised data about your use of our product, vital signs, your body measurements and BMI. You can opt in and opt out of this data collection in our app's settings.
Use of personal information
Our main purpose of collecting personal information is to operate, maintain, and improve our sites, products, and services; to respond to questions and provide customer service; and to communicate about promotions, upcoming events, and other news about products and services offered by us.
Furthermore, we use your email address to send you emails about our products, to provide additional services related to our offering and for marketing purposes. You can opt out from receiving emails from us at the end of each email we send you.
Sharing of personal information
We do not share your personal data with third parties and without your permission, except in the limited circumstances provided below:
- We may share personal information with our affiliates and business partners to provide (service fulfilment) and improve (legitimate interest) our services
- We may share personal information for legal, protection, and safety purposes.
- We do not share personally identifiable health information with third parties.
- We do not sell your personal information to third parties.
At times, some of your personal data may be transferred and processed in the United States or other countries outside the EEA in which our affiliates and service providers maintain facilities. We always apply safeguards to protect your personal data from unauthorised access. By registering an account you consent to any such transfer of personal data outside the EEA. Furthermore, we may transfer your personal data in the event that our business (or a portion of our assets) is sold.
You have the right to request access to personal data that we may process, to correct any inaccuracies in your data, or to request deletion of your personal data. This can be done either inside our apps or by contacting us.
If you gave us consent to the collection and processing of your personal information, then you can withdraw that consent at any time, with the exception of cases in which we may be required by law to collect and process personal data.
You can also opt-out of data processing for direct marketing (email marketing). This can be done at the bottom of emails we send you, in your Account Settings in the Cora mobile app or by contacting us.
The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
If you want to send feedback and questions or use your rights, please contact us at support[at]cora.health.
Last Update: May-24, 2018