PRIVACY POLICY
1.About this Privacy Policy and GØT
This privacy policy applies to the GØT app, which is owned and operated by GØT AS. GØT AS (Org. No. 927 516 098, address Erling Skakkes gate 54, 7012 Trondheim) (hereinafter referred to as "we," "us," or "GØT"), is a Norwegian limited company behind the "GØT" app. GØT is a brand, a community, and an app that guides people toward an anti-inflammatory and bowel-friendly lifestyle. GØT demonstrates how to get an anti-inflammatory lifestyle by providing advice on holistic health, nutrition, activity, stress management, exercise, and sleep.
At GØT, we are committed to protecting the privacy of our users. This document provides an overview of when, why, and how we, as the data controller, process personal data that we collect or receive through your use of the GØT app (hereinafter referred to as the "Service," "app," or "GØT app"). You can find the terms of use for the GØT app here.
GØT is a Norwegian company, which means we are obligated to process your personal data in accordance with the Norwegian Personal Data Act of 2018 and the EU General Data Protection Regulation 2016/679 (GDPR), regardless of where you, as a user of the Service, are located in the world. If you reside outside the EEA, you may have additional or supplemental rights under local privacy laws. In such cases, we will inform you of these rights as far as possible and facilitate the exercise of these rights.
It is important that you read this privacy policy and understand how we collect, store, and otherwise process your personal data. You are advised to review this privacy policy periodically to stay informed of any updates made due to legal changes, changes in our practices, or other reasons. We will notify you if we make any material changes to the privacy policy.
Last updated: 01.08.2024
2. The Information We Process, the Purpose of Processing, and the Legal Basis
Processing Activity
Processing of contact information during registration and use of the Service.
Purpose
In order to register as a user in the GØT app, you must provide a minimum amount of information that can identify you.
Information
Name, address, phone number, and email address.
Legal Basis
The processing is necessary to fulfill our agreement to provide the Service to you.
Processing Activity
Processing of device data.
Purpose
Certain actions performed in the GØT app trigger the collection of data about your device.
Information
Information such as the device type and model, and the software version you are using.
Legal Basis
The processing is necessary to safeguard GØT's legitimate interests for the aforementioned purposes, and these legitimate interests are not overridden by your rights and freedoms.
Processing Activity
Processing of health information in the Service.
Purpose
We use the information you share to analyze and calculate various parameters and insights regarding your health and activity level, and to provide advice based on the insights derived from the data. To offer this functionality, we will collect, analyze, and store information about you that constitutes health information, defined as “special categories of personal data” under GDPR.
Information and Specific Purpose
Date of birth, gender, height, and weight: We process this personal data to provide personalized calculations regarding the necessary activity level.
Resting heart rate and maximum heart rate: We collect this information from connected devices and process it to estimate your ongoing fitness development, health risks, and required activity level. You can provide this information manually, or it can be retrieved from one of your connected devices.
Legal Basis
The processing of your health information is based on your explicit consent. You can withdraw your consent at any time without affecting the legality of the processing carried out before the consent was withdrawn. Please note that if you do not consent to us processing such personal data in the Service, this will mean that we cannot deliver all the features and services that GØT has to offer you.
Processing Activity
Processing of data from connected devices.
Purpose
This data will be processed for the same purposes as the data you manually provide in our product.
Information
Activity data, heart rate data, sleep data, and HRV (Heart Rate Variability).
Legal Basis
Our processing of the information is contingent upon your consent to the transfer to the GØT app directly from the service provider(s) (from entities such as Whoop, Oura Ring, FitBit, Polar, Garmin, and Apple Health, or equivalent). Read more about the processing, purposes, and basis under “Processing of Health Information in the Service” above.
3. Data Storage and How We Share and Make Your Personal Data Available
General Disclosure of Personal Data to Others:
We do not share or sell your personal data with others unless you consent to or there is a legal basis for sharing. Examples of such legal basis include the necessity to fulfill an agreement with you, a legal obligation requiring us to disclose your personal data, or a justification based on our legitimate interests in sharing the information.
In specific cases, we may share personal data with our advisors, auditors, lawyers, IT consultants, and others. In such cases, sharing will be regulated by an agreement between GØT and the relevant third party, and processing will be limited to what is necessary for the third party to provide their services to GØT.
GØT’s Data Processors:
We may use external suppliers (data processors) which will process personal data on GØT’s behalf when providing their services to us. This typically includes providers of storage services and communication solutions that are part of our supplier systems. In such cases, we have entered into Data Processing Agreements to ensure sufficient security at all stages of the processing.
Our data processors may be located outside the EU/EEA. We will only transfer personal data outside the EU/EEA if there is a legal basis for this transfer under GDPR Chapter V. You can find out the basis for the transfer by contacting us. We will always choose data storage within the EU/EEA where possible.
An overview of GØT’s data processors can be found here.
Storage, Retention, and Security:
We will not retain your personal data longer than necessary to fulfill the purpose of processing and our legal obligations. For example, personal data processed based on your consent will be deleted if you withdraw your consent. Personal data processed to fulfill an agreement with you will be deleted once the agreement is fulfilled and all obligations arising from the contractual relationship are met, such as legal obligations related to accounting, customer relationship follow-up regarding complaints, etc. Data processed due to legal obligations will be deleted as soon as we are no longer required to retain it.
All personal data collected in connection with the use of our services is stored electronically within local IT systems with sufficient security measures in place. We have established routines and measures at various levels to ensure that unauthorized individuals do not access your personal data and that all processing of the data otherwise complies with applicable laws. These measures include regular risk assessments, technical monitoring systems, and physical procedures to ensure information security, as well as routines for verifying access and correction requests. Further details about these risk assessments and security measures can be obtained by contacting us.
Processing Activity
Processing of information in connection with communications.
Purpose
If you contact us, either via email, phone, or through the GØT app, we will process personal data about you to be able to respond to your inquiries.
Information
Name, email address, phone number, subscription information, and any other information you choose to share with us.
Legal Basis
The processing is necessary to safeguard GØT's legitimate interests in responding to your inquiries.
5. Contacting Us
If you have questions or concerns regarding the processing of your personal data, or if you wish to exercise one or more of your privacy rights, you can contact us.
For our contact information visit our contact page.
Please note that we may ask you to verify your identity before responding to such requests. We are obligated to facilitate the fulfillment of your rights free of charge and within 30 days. If it takes longer than this, you will be informed.
Processing Activity
Processing of information in connection with newsletters, marketing, and other information we provide.
Purpose
We may contact you with important information, newsletters, marketing, or other information we provide. The purpose is to provide you with information relevant to your subscription, such as error messages, changes, etc. The purpose of sending you marketing and newsletters is to promote new updates and tips about our Services.
Note
All marketing is sent in accordance with the Norwegian Marketing Act, whereby we can only send you marketing via electronic communication channels, such as email and SMS, if you have explicitly consented to this or the sending can be based on our existing customer relationship with you, cf. the Marketing Act § 15 first and third paragraph.
Information
Name, email address, phone number, and any relevant subscription information.
Legal Basis
The processing is based on your explicit consent or our legitimate interest in sending you this information.
4. Your Rights and Information about Inquiries
You have the following rights in connection with the personal data we process about you:
Access:
You have the right to receive information about what personal data we have stored about you and the right to access this personal data.
Correction and Deletion:
The information we have about you should be accurate and up to date. If you discover an error, we encourage you to contact us so the information can be corrected. You can also contact us if you wish for information to be deleted. We will, as far as possible, accommodate a request to delete personal data, but we may not be able to do so if we still need the information and further processing is required by law.
Restriction of Processing:
You have a general right to ask us to stop processing your personal data—for example, if you believe that we are processing your personal data unlawfully and you do not want us to delete the personal data according to our procedures until the matter has been resolved.
Data Portability:
For information you have provided to us that is necessary to fulfill an agreement with us and that is processed automatically (i.e., not manually by us), you can request that the personal data about you be delivered or transferred to another provider in a structured, commonly used, and machine-readable format.
Right to Object:
You have the right to object to our processing of your personal data if this can be justified on grounds relating to your particular situation.
Right to Complain:
If you disagree with how we process your personal data, you have the right to file a complaint with a supervisory authority. In Norway, this is the Norwegian Data Protection Authority (Datatilsynet). However, you should contact us first so that we can clarify any misunderstandings.
Processing Based on Consent:
If we process personal data based on your consent, you can withdraw your consent at any time. The easiest way to do this is to use the method indicated when you gave your consent or by contacting us.