Privacy policy

General

Heely Oy, 3162501-1, (”Heely”, ’’we” or ”us”) acts as a controller in relation to the processing of personal data in connection with provision of Heely’s services. This privacy policy applies to your use of Heely ́s service, our website as well as when we communicate with you about our services.

In this privacy policy, we describe how we collect, process and share your personal data when we act as a controller. Personal data means any information which may be used to identify you.

It is important to us that you feel safe with how we handle your personal data. We take all necessary measures to ensure that your personal data is protected and that the processing of your personal data is carried out in accordance with applicable data protection legislation and our internal policies.

To whom is this privacy policy addressed?

This privacy policy covers and applies to the following categories of data subjects:

• Professional athletes who use Heely ́s service for storing and sharing their personal data.

• Other users who use our service (e.g., as a result of professional athlete user’s invitation).

• Persons who receive Heely’s marketing communication.

What personal data do we process and why?

We collect and process the following personal data in order to provide, manage, improve, protect, and promote Heely’s service:

• User account data. We collect, and associate with your user account, the personal data you provide to us in connection with creating a user account, updating your user information and your security or privacy settings. Such personal data may include your name, email, phone number and the sports club or similar organization that you represent.

• Your material. Heely’s services are intended to allow you, as a professional athlete, to have a single place of storage for your medical data, including relevant files, documents, messages, comments, etc. (“Material”), which you can access and share with parties that you have authorized. To make this possible, we store, process and share your Material as well as other personal data related to it. Such related data includes your user account data which makes it easier to share your Material with authorized parties.

• Authorized third parties. You choose which authorized third parties (e.g., medical
professionals, physicians, sports agents, etc.) may access your Material. If you choose to share Material with such parties, we will store their user and contact data, service usage data and device information on our servers. You have always direct access to see and limit these authorizations when ever you want.

• Service usage data. We collect data related to how you use Heely’s service, including actions taken in your user account (like sharing invitations as well as viewing, creating oruploading Material). Usage data is processed in order to provide and manage Heely’s service as well as to protect our users.

• Device information. We collect information from and about the devices you use to access Heely’s service. This includes information such as IP addresses, the type of browser and device used, or similar identifiers associated with your devices. Device information is used to manage and protect Heely’s services, for example, by way of detecting abuses and identifying technical problems in the service.

• Cookies and similar technologies. We use cookie technologies or similar in order to
provide and protect Heely’s service. We only use cookies that can be characterized as technically necessary for the provision of Heely’s service. In principle, we do not use cookies to identify you individually.

• Marketing communication data. If you have subscribed to our newsletter, we send you marketing communication in the form of newsletter. In this regard, we use your contact data, including email, in order to promote Heely’s service. As for, our business contact persons, we may also send marketing communications (e.g., newsletter) based on your contact data without you having subscribed to such communication separately.

Further information on the processing of Material which contains
medical data

Heely’s service is designed to improve professional athletes’ informational self-determination in relation to Material which contains their medical data. This means that through Heely’s service professional athlete users can exercise full control over their Material, including the rights granted under applicable data protection legislation.

Medical data is stored in Heely ́s servers. However, Heely does not own the data, nor does it have access to the medical data in clear or plain text format (i.e., the data is encrypted or pseudonymized/anonymized). Only you, as a professional athlete user, can decide which other users or parties can access and otherwise process your medical data in identifiable format. Heely does not have this right. The Material is heavily encrypted and stored in a way that combining the health data to the concerned professional athlete is very difficult.

Heely may perform statistical analysis on medical data. However, this is also made so that individual athletes' and their medical data cannot be recognized or identified.

Lawful basis for processing personal data

We collect and otherwise process the personal data described above in order to provide you with Heely’s service as well as to manage and protect the service. In this regard, the processing is necessary for the performance of Heely’s terms of use concluded between Heely and the user. We may also collect and use personal data for our legitimate business interests, such as implementing and maintaining appropriate information security measures, providing necessary notifications regarding the use of Heely’s service or sending marketing communication to our business contact persons. Where required under applicable data protection legislation, we will ask your consent in advance for a specific processing activity (e.g., sending newsletters to individual user).

As for the collection and storage of your Material containing medical data, we will obtain your explicit consent prior to collecting the data. As provided under applicable data protection legislation, you have the righto to withdraw your consent at any time, after which we may no longer store your Material containing medical data.

With whom we share your personal data with?

We may share the personal data as provided below:

• Heely’s trustworthy service providers. Heely uses certain trusted service providers (e.g., providers of IT, data storage and information security services) in order to fulfill the purposes identified in this privacy policy. These service providers may access your data to perform tasks on our behalf, and never for their purposes. We remain responsible for such service providers handling of your personal data.

• Your sports club or similar organization. Heely’s service is also designed to help your sports club or similar organization to manage and develop its sporting activities. If you start using Heely’s service as a result of your sports club’s or organization’s invitation, your user account data will be associated with the sport club’s or organization’s team of Heely users. However, this does not mean that your Material including medical data would be shared automatically shared with your sport club or organization. Only you can authorize your sports club’s or similar organization’s admin user(s) to access your Material.

• Authorized third parties. You can authorize a third party, such as a medical professional, physician, or sports agent, to access your Material in Heely’s service. As provided, only you can do this, not Heely, your sports club or similar organization.
‍
• In case of compelling legal obligation. If we are compelled under legal obligation, we may disclose personal data to public authorities. However, we will never accept disclosure of your personal data to public authorities without having carefully assessed that such disclosures are made in accordance with applicable data protection legislation.

• In case of business rearrangements. We may share necessary personal data with
potential buyers in case of an acquisition of our business or a merger.

How long do we retain personal data?

In principle, you, as a professional athlete user, have control over your personal data. This applies to the data retention period as well. Your personal data is retained following the principles provided below:

• You control your data retention period. When you use Heely’s service as a professional athlete user, we will retain your user account data and the Material stored by you for as long as your user account exists. If you delete your account, we will initiate personal data deletion on your user account data and the Material.

• Service usage data and device information retained for a maximum period of 24
months. We will retain service usage data and device information for a maximum period of 24 months following the collection of such data.

• Subscription basis or until opted out. We will retain your email address or similar
contact data used for the purpose of sending marketing communications until you cancel your subscription or opt-out from receiving such communication.

Personal data processing location(s)

We strive to process personal data mainly within the European Economic Area (“EEA”). In case our service provider performs certain ancillary processing outside the EEA, we will ensure that your personal data remain adequately protected or that appropriate safeguards are in place as required by applicable data protection legislation. Such safeguards include, for example, data transfer agreements on international transfers of personal data, including standard data protection clauses
adopted by the European Commission as well as additional organizational and/or technical security measures. If you wish to learn more about the locations of your personal data processing and the safeguards applicable, please contact us at info@heely.io.

Your rights

Under data protection legislation, you have certain rights in relation to the processing of your personal data. The users of Heely are able to exercise their rights through the added functionalities in the service by visiting the profile or settings. If you are unable to exercise your rights using these functions, please make a request to exercise your rights by contacting us at info@heely.io.
‍
You have the right to:

• Access your personal data: You have the right to access personal data we process about you.

• Rectify and update your personal data: You have the right to rectify your personal data, which we process about you. The users of Heely are able to update personal data within the service. However, you may also ask us to correct or complement your incorrect or incomplete personal data if you are unable to do this yourself.

• Delete your personal data: Under certain circumstances you have the right to request that your personal data is deleted. Please note, that we will retain your personal and health data for maximum period of 24 months in case you wish to return to our service.

• Download your personal data: You have the right to download your personal data,
including your health data.

• Withdraw your consent: To the extent we rely on your consent to process personal data, you have the right to, at any time, withdraw your consent.

• Object to the processing of your personal data: You have the right to object to the
processing of your personal data based on a legitimate interest.

• Restrict the use of your personal data: You have the right under certain circumstances to request that the processing of your personal data is restricted. If the processing of your personal data has been restricted, we may only carry-on storage of the data.

• Transfer your personal data: You have the right to request a copy of the personal data that we store about you in a structured, commonly used and machine-readable format (data portability). Moreover, you have the right to request us to transfer your personal data to another controller.

• Lodge a complaint with the supervisory authority: If you consider the processing of your personal data to be incompatible with applicable data protection legislation or feel that we have not enforced your rights, you may lodge a complaint with the competent supervisory authority in your jurisdiction. The Office of the Data Protection Ombudsman is the competent supervisory authority in Finland. The contact details European supervisory authorities can be found here.

Updating the privacy policy

We may update this privacy policy as needed, for example, if we process personal data for new purposes, share personal data with new recipients, or other essential changes occur in the processing of personal data. We will always notify you of any update to this privacy policy in an appropriate manner and always publish the latest versions on this page.

Contact

If you have any questions regarding the processing of your personal data, please do not hesitate to contact us. See below for contact details.

Controller: Heely Oy
Domicile: Helsinki, Finland
Address: Yrjönkatu 34 B 32, 00100 Helsinki, Finland
Business ID: 3162501-1
Telephone: +358 40 586 6788
Email: info@heely.io

Elina Seppälä, CEO
Elina (at) heely.io