Phystic - Privacy Policy

Privacy Policy of Phystic AB

Phystic AB operates the Phystic App, which provides the SERVICE.

Phystic AB operates the Phystic App, designed to motivate users to engage in physical activity and support scientific research. We are committed to protecting your privacy and processing your personal data in a lawful, fair, and transparent manner.

This page is used to inform users regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service, the Phystic App. If you choose to use our Service, then you agree to the collection and use of information in relation with this policy.

The Personal Information that we collect are used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

Purpose of processing

Your data may be processed for the following purposes:

Identification and contact purposes.
Feedback on activity and accomplishments.
Sharing activities and progress with healthcare personnel, coach or therapist.
Evaluation and improvement of existing and future functions.
Improvement of user experience.
Data collection for research purposes.

What types of data do we collect?

Depending on your use and type of licensed service, the app may collect:

Profile information.
Health and wellness- related data.
Information about your use.
Self-reported research data.

Information you provide directly:

Profile information: Name, phone number, e-mail, and postal address.
Responses to self-report forms.
Chat conversations with your health care personnel.

Information we obtain by automated means:

Information about your use: Date, time, and amount of use.
Device information.
Health and wellness- related data.
Location data.

Legal Basis for Processing

We process your data based on the following legal grounds:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
ARTICLE 29 Data Protection Working Party. 0829/14/EN. WP216. Opinion 05/2014 on Anonymization Techniques.
Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning and Patientdatalag (2008:355).

How is your data protected?

We implement appropriate technical and organizational measures, including:

End-to-end encryption and password protection for sensitive data.
Secure user authentication.
Data minimization and access control.
Pseudonymization and anonymization where applicable.
Regular security and performance testing.

Who can access your data?

Your data may be accessed only by:

Authorized personnel within Phystic AB.
Researchers you have provided with written informed consent.
Regulatory if legally required (MDR Art. 87)

We do not sell your data to third parties.

Where is your data stored?

All personal data is processed and stored within the EU/EEA.

For how long is your data stored?

The personal data is stored for as long as you have an active account and an additional 2 years, or until you withdraw consent. For research, the personal data is stored in accordance with ethics approval and/or your informed consent. Anonymized analytics may be retained indefinitely, as it no longer identifies you.

Your rights

You have the right to:

Access your personal data.
Request to update or correct any personal data that is inaccurate or incomplete.
Restrict or object to the processing of personal data.
Withdraw consent at any time.
You have the right to file a complaint with your national data protection authority: https://www.imy.se/privatperson/utfora-arenden/lamna-ett-klagomal/ Requests for access, corrections, restrictions and withdraw of consent can be done by going to menu/settings/contact/your integrity (use the specified e-mail address).

For study participants: some rights (e.g., data deletion) may be limited to preserve scientific integrity, per GDPR Art. 17(3)(d).

Children's Privacy

Our Services do not address anyone under the age of 13. We do not knowingly collect personal identifiable information from children under 13. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. The Phystic mobile application will facilitate the recording of instruction movies with a health care personnel and children of all ages. These films will be stored solely on the parents’ own device. The parents will not be able to share these movies and can delete the files by going to menu/settings/delete movies after entering a code given to them by Phystic AB.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page, through the app, or via email where appropriate. These changes are effective immediately, after they are posted.

Contact Us

Contact details of the Company:

Phystic AB
Madarvägen 24
59554 Mjölby
Sweden

physticapp@gmail.com

Contact details of the Data Protection Officer:

Oskar Lundgren
oskarlundgren@gmail.com