Why do we collect personal data
Neubit collects and processes the personal data of website and application users only for the following purposes:
- To provide Neubit services
We process personal data to provide Neubit services and app features, such as to provide you with insights about your wellbeing and stress level.
- To provide customer service
We process personal data for the purpose of providing customer service and managing our customer communication.
- To develop our products and services
We process data regarding your use of the Neubit website, applications, devices and platform to improve our services and features. When possible, we will do this using only pseudonymized, aggregated, or non-personally identifiable data.
- To enable third party integrations
We process data to provide users who request that we share their data with certain third parties, such as research partners. This is only done with your express consent.
- To comply with statutory obligations
In certain cases, we must process certain data when it is required by applicable laws and regulations. Such statutory obligations are related, for example, to accounting and tax requirements, legal claims, or other legal purposes.
What personal data do we collect and from which sources
In most cases, Neubit collects personal data directly from you, such as when you register for an account or use Neubit products to collect biosignal data. We may also process data that is produced from the information you provide to us.
Neubit processes the following personal data categories about website and application users:
- Contact information such as email address or physical address
- User information such as gender, height and weight, user ID, and other information you may provide to us about yourself or your account
- Device information such as IP address and location data
- User activity and context information such as activities, notes and tags
- Measurement data such as heart rate and heart rate variability
Please note that some of the personal data we process, including any data concerning your health, is considered special or sensitive personal data. Under applicable law, such data is processed only if you have given your express consent for processing.
Legal basis for processing personal data
Our legal basis for processing your personal data depends on the particular processing purposes, including:
- Contract: when processing personal data for the purpose of providing Neubit services we process it on the basis of the performance of the user contract between Us and you, which is formed when you create your account and accept our terms and conditions.
- Consent: we process your health-related data only with your express consent. We will request your express consent in connection with the registration process of your account prior to any health data being processed by Us and you may, at any time, revoke your consent.
- Legitimate Interest: we process your personal data based on our legitimate interests when we process it for the purposes of marketing our products and services, providing our customer service and improving our products and services. When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy, in compliance with applicable law.
- Legal obligation: Neubit must process certain information to comply with statutory obligations which may vary in each country. For example, such obligations can relate to tax or accounting laws.
Who is the controller of your personal data and who can process your personal data
Neubit is the controller of your personal data. We may also outsource some parts of the processing of personal data to our third party suppliers or vendors who act as our subprocessors. In this case we ensure through contractual measures that the personal data is handled appropriately and in compliance with the applicable legislation, including the GDPR.
In certain cases we share, if necessary, your personal data with other recipients for certain purposes e.g. to fulfill legal obligations and to handle and defend legal claims. Examples of recipients are external advisors, authorities, courts, the police and potential buyers or sellers of the Neubit.
Where do we store and process your personal data
How is the personal data protected
We use technical and organizational measures to protect personal data against unauthorized access, transfer, deletion or other processing that may compromise information security. Such methods include the use of firewalls, encryption technologies and safe server rooms, proper access control systems, the controlled provision of user rights and supervision of their use, providing instructions for data processors, and the thorough selection of competent subcontractors who comply with industry standards for information security management.
Under applicable data protection regulations you have certain rights in relation to the processing of your personal data. We process your personal data to the extent necessary in order to fulfill your rights. Please submit requests for exercising your rights by contacting us at firstname.lastname@example.org. You have the right to:
- Access your personal data
You have the right to access personal data we process about you. You may request a copy of your personal data by emailing us at the address set out above. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.
- Update your personal data
Furthermore, you have the right to request that incorrect or incomplete personal data is corrected or completed.
- Withdraw consent
To the extent we rely on your consent to process personal data you have the right to at any time withdraw your consent.
- Object to the processing of personal data
You have the right to object to the processing of your personal data based on a legitimate interest for reasons which concerns your particular situation. In such a situation, we will stop using your personal data where the processing is based on a legitimate interest, unless we can show that the interest over-rides your privacy interest or that the use of your personal data is necessary in order to manage or defend legal claims.
- Delete your personal data
Under certain circumstances you have the right to request that your personal data is deleted. However, we cannot delete your personal data if we for example are obligated under law to keep the data.
- Restrict the use of your personal data
You have the right under certain circumstances to request that the processing of your personal data is restricted. If the processing of your personal data has been restricted we may only, besides storing the data, process your personal data with your consent, in order to establish, exercise or defend legal claims or to defend rights of others.
- Transfer your personal data (data portability)
Finally, you have the right to request a copy of the personal data that we store about you in a structured, commonly used and machine-readable format (data portability). The right to data portability, compared to the right to access, only comprises such personal data you yourself have provided and which we process based on certain legal grounds, e.g. your consent.
Effective date: February 11, 2022