Personvernerklæring

Privacy Policy

Last Revised: January, 2019

Memento Network AS is a Norwegian limited liability company («Memento U», «we» or «us»). Memento U is the team behind the Memento U application, the («Application»). We are committed to your privacy. We will make sure to keep your personal data private and secure. We will ensure that your privacy rights and our processing of your personal data are held to the highest standard.

This Privacy Policy describes how Memento U handles information that Memento U collects or receives from you through the Application and Memento U’s other websites, online locations, and mobile applications (collectively, the «Sites»), as well as through offline and online interactions with Memento U and from third parties.

Memento U is the controller of the processing of your personal data which we receive directly from you and that we may process to third parties. We adhere to applicable Norwegian privacy law and meet the minimum requirements according to applicable laws and regulations within the EU/EEA, including the General Data Protection Regulation (GDPR).

It is important that you read this Privacy Policy and understand our collection, storage, use and disclosure of your personal information as described in this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. By accessing or using the Sites, you accept and consent to the privacy practice as described in this Privacy Policy.

  1. Legal Basis of the Processing

Contractual obligations. Memento U processes your personal data mainly on the legal basis of our contractual obligations. The terms of service set the framework for the processing.

Legal obligation. Memento U must comply with applicable law and may therefore process your personal data. Such regulations are related to billing, accounting and taxes.

Legitimate interests. Memento U processes personal data on the basis of your legitimate interests, not overridden by your rights. When handling your issues, potential contractual agreements with you and for the security of our users, the legal basis is your legitimate interest.

Consent. In case any processing is not covered by our contractual obligations or your legitimate interests, Memento U will ensure to collect the necessary consent. Memento U will not send out marketing material or use cookies without your prior consent.

  1. Purpose of the Processing

We collect, store and use personal data for several purposes:

  • To provide you with the Sites;
  • To process and respond to your requests and inquiries;
  • To fulfill our contractual obligations with you;
  • To administer and process payments;
  • To administer and process your invitations to, and responses to invitations received by, others for splitting fees for an activity;
  • To inform health resources of a future activity of the users, activity preferences, activity experiences and past health resource’ observations;
  • To send important notices, such as communications about scheduled activities and other transactions through the Application and changes to our terms, conditions, and policies;
  • To inform you about new developments, features, terms, products, services or promotions, specials, special events, or other activities and to plan and administer the foregoing;
  • To send you announcements, promotions, and newsletters;
  • To monitor and analyze information regarding your browsing and viewing preferences;
  • To carry out internal operations and to analyze our users’ demographics, interests and purchasing practices;
  • To ensure the technical functionality of the Sites;
  • To promote, develop and improve our services, products and content;
  • To prevent fraud and perform other security measures.

 

  1. What Personal Data We Collect, how and from whom

Communication with Memento U. You may contact Memento U per email, telephone and at some occasions, communicate with us directly. Memento U may also contact you regarding our services.

Registering as a user in the Application. Users are required to register some personal data when signing up to the Application. The user may also choose to register additional information.

Using the Application. Different sorts of personal information may be shared and collected through your interactions in the Application.

Automatically collected information. We automatically collect certain information about your computer or device hardware and software and your use of the Sites.

Cookies. We collect personal information through our own and third-party cookies.

Surveys and questionnaires. We may perform surveys and questionnaires. These surveys and questionnaires are voluntary and normally anonymous, but you may need to disclose certain information that can be personally identifiable.

Communication:

Communication with Memento U will normally commence at your initiative. In order to respond to your requests or inquires, we may collect and use some of your personal information which you share with us and that are accessible through the Sites.

Users of the Application. Memento U will transmit email or postal mail to you, telephone you or send messages through the Application if necessary, to fulfill a purpose as described in section 2. If we send any emails to promote our services, instructions for un subscription will be included in each such promotional email from Memento U. Please note that unsubscribe requests may take up to ten (10) business days to become effective. You are not able to opt out from receiving messages in the Application regarding scheduled activities, payment and such.

Suppliers, subcontractors or partners. For communication with suppliers, subcontractors or partners or will, if necessary, to fulfill the purpose of the agreement, register and store contact information such as name and email address. For communication with potential suppliers, subcontractors or partners we may also register and store contact information if it is likely that there will be a contractual relation.

Job applicants. For anyone who applies for a job at Memento U, we may collect and evaluate their information in regards of potential hiring. Such information may consist the of applicant’s full name, date of birth, home address, e-mail, education, job experience and references, in addition to other information voluntarily given.

Minimum Personal Data Needed to Register as a User:

In order to register as a user, you must register a minimum personal data. These are:

  • Email address
  • Full name
  • Telephone number
  • Country and place of residence
  • Password

Please be aware that your first and last name and your profile picture will be visible on your profile. Your full profile is not public and cannot be viewed by other users accessing the Application. Your first and last name, and profile picture will be visible for other users in the friend and group functions, chats and user to user interactions. Health resources will have access to view your profile once a booking has been made.

When logged in you will be asked to supply the following required information:

  • Payment details (third party, asked for upon first booking)

 

Optional User Personal Data:                  

Users can choose to add the following additional information:

  • Favorite activity location (will be used in map positioning in searches)
  • Photo / Cover photo
  • Activity goals (e.g weight loss, social, rehabilitation etc.)
  • Activity preferences (e.g. strength training, conditioning, yoga etc.)
  • Trainings per week (e.g. 1, 2-3 etc.)
  • Current fitness level (e.g untrained, exerciser, trained etc.)
  • A text on the profile where you write something about yourself
  • Other pictures than your profile picture (background picture, group chat pics etc.)

Please be aware that if you do add such information, it will be visible for Health resources on your profile together along with your full name and your profile picture. Your profile is not public and cannot be viewed by other users accessing the Application.

Mandatory Personal Data for Health Resources:

In order to register as health resource, there are certain mandatory personal data you must register. These are;

  • Profile picture
  • Email
  • Full name
  • Telephone number
  • Place of residence
  • Password
  • Information about you as a health resource the you write about yourself
  • Areas of expertise (e.g strength training, rehab/prehab etc.)
  • Work experience documentation
  • Areas of expertise
  • A certificate of your liability insurance as Trainer/Health resource
  • Educational documentation

Please be aware that the Health resource’s full name, profile picture, other pictures, gender and any text provided will be visible on the health resource profile. The profile is public and may be viewed by anyone accessing the Application.

Optional Personal Data for Health Resources:

Supplemental Information regarding your competence as a health resource, such as:

  • Cover photo
  • Work zones and schedule
  • Pricing
  • Certificates, courses etc.
  • Affiliations, e.g.
  • Clinic or fitness center which you are affiliated
  • Merits regarding sports or fitness
  • Languages mastered

Please be aware that such optional personal data will be visible on the health resource profile together with the health resource’s full name and profile picture. The profile is public and can be viewed by anyone accessing the Application.

Personal Data Generated while Using the Application:

  • Location data (you will be asked to accept the tracking of location data)
  • Information about your mobile device
  • IP-address
  • E-mail address
  • Mobile phone number
  • Service provider, etc.
  • Usage information and statistics
  • Personal data you disclose in the chat or message functions
  • Personal data you disclose when writing reviews of trainers and bookings

Sensitive Personal Data:

Sensitive personal data is information about;

  • Racial or ethnic, or political opinions, philosophical or religious beliefs
  • Trade union membership
  • Genetics
  • Biometrics, for the purpose of identifying a natural person
  • Health
  • Sex life or sexual orientation

We do not collect sensitive personal data. However, Memento U has a chat and message function and other communication tools that enable users and health resources to communicate. If you disclose any sensitive personal data such as information about your health in the chat or messaging functions or other Application functions, we will process such information as described below.

Chat, Messages and Reviews:

The Application has a chat and messaging function that enables communication between users and health resources. We and eventual subcontractors may access chat and message logs. We do not collect or transfer, only store and occasionally monitor sensitive personal data from our users and health resources. We limit all ‘third party’ access to personal data. The Application also has other communication tools, like the ability for users to write reviews of health resources and activities. We encourage both users and health resources to not disclose any sensitive personal data through the chat, message or review function.

Surveys and Questionnaires

We may perform surveys and questionnaires. These surveys and questionnaires are voluntary and normally anonymous, but you may need to disclose certain information that can be personally identifiable, such as:

  • Age
  • Gender
  • Relationship status
  • Work status
  • Activity levels
  • Types of activity
  • Subjective interpretations of activity, training and fitness.
  • Subjective interpretations of mental training and barriers

No sensitive data will be required to participate in our surveys and questionnaires.

For surveys and questionnaires we may use Google forms or send these directly to you as native in-app questionnaires – which means that all data is encrypted when you are logged in to the Application.


Cookies:

We use cookies on our Sites. A cookie is a small text file which is stored on your web browser to enable our website to recognize your web browser each time you visit us.

The cookies will first of all help us to recognize our visitors and make your user experience as smooth as possible – these are the necessary cookies. We also use cookies to evaluate user sessions on our website to for example see which sites and functions you click into. Cookies for analytics and statistics helps us to improve our services and our offers. Marketing cookies helps us provide targeted adds which are an effective strategy for sales and growth of our company.

Cookies may be divided into first party cookies which are cookies set by the distributor of the website you are visiting, and third-party cookies which is cookies that are connected to a third party, that the first party distributor has engaged. There is also a distinction between necessary, analytic and marketing cookies.

 

 

 

Third-party cookies

 

Description Duration
 

Google Analytics

https://privacy.google.com/

 

_ga  

Used to distinguish users.

 

2 years

 

_gid

 

 

Used to distinguish users.

 

Session

 

_gat  

Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

 

 

Session

 

AMP_TOKEN  

Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.

 

 

30 seconds to 1 year

_gac_<property-id>  

Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out

 

 

90 days

collect  

Session

 

ads/ga-audiences  

Session

 

Facebook

https://www.facebook.com/policies/cookies/

 

Paypal

https://www.paypal.com/no/webapps/mpp/ua/cookie-full?locale.x=no_NO

 

You can opt-out, deactivate or delete cookies in your browser. You will find links to instructions for administration of cookies in the different browsers hereafter;

  • Chrome (https://support.google.com/chrome/answer/95647)
  • Safari (https://www.apple.com/legal/privacy/no/cookies/)
  • Firefox (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)
  • Opera (https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/)
  • Internet Explorer (https://support.microsoft.com/nb-no/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-10)

 

 

Third party cookies    

 

Functions for opt-out
 

Google

 

 

https://tools.google.com/dlpage/gaoptout

 

 

Facebook

 

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
 

 

Paypal

 

 

https://www.paypal.com/no/webapps/mpp/ua/cookie-full?locale.x=no_NO

 

Third party “in app” cookies/parties Type of data it collects/processes End user data interaction
Alamofire HTTP networking library. Yes. While working with network, access to user data is possible
SwiftyJSON Works with JSON data. Yes. While working with network, access to user data is possible
GoogleSignIn Sign in \ Sign up with Google+ Yes. Google+ account public information.
FacebookCore Sign in \ Sign up with Facebook. Yes. Facebook account public information
Fusuma Custom camera and gallery, photos only Yes. Access to user photo (if granted by user).
Stripe Payment system. Yes. Information about credit cards.
Room Persistence Library Provides an abstraction layer over SQLite to allow for more robust database access while harnessing the full power of SQLite Yes. Store user data on device within the app. https://developer.android.com/license
Glide Fast and efficient image loading library for Android Yes. Fetch user images from network & cache them on device within the app. Open

https://bumptech.github.io/glide/dev/open-source-licenses.html

Retrofit A type-safe HTTP client for Android and Java Yes. While working with network, access to user data. http://www.apache.org/lice nses/LICENSE-2.0
OkHttp An HTTP & HTTP/2 client for Android and Java app Yes. While working with network, access to user data. http://www.apache.org/lice nses/LICENSE-2.0
Google Play Services Provide advantages of the latest, Google-powered features such as Maps, Google+, and more, with automatic platform updates distributed as an APK through the Google Play store Yes. G+ account public information. Geolocation. https://creativecommons.org/lice & nses/by/3.0/ http://www.apache.org/licenses/LICENSE-2.0
Firebase Provides functionality like analytics, PUSH notifications and crash reporting Yes. Gathering device information.   https://creativecommons.org/licenses/by/3.0/ & http://www.apache.org/licenses/LICENSE-2.0
Crashlytics For monitoring app stability. Yes. Gathering device information.   https://creativecommons.org/licenses/by/3.0/ & http://www.apache.org/licenses/LICENSE-2.0
Facebook API Login with Facebook Yes. Facebook account public information. https://developers.facebook.com/policy
Inputmask (UI component) Javascript library that helps the user with the input by ensuring a predefined format. Yes. Format phone number. https://opensource.org/licenses/mit-license.php
CircleImageView (UI component) A light library helper to make Images rounded. Yes. While displaying data. http://www.apache.org/licenses/LICENSE-2.0
RoundedImageView (UI component) A light library helper to make Images rounded. Yes. While displaying data. http://www.apache.org/licenses/LICENSE-2.0
ZoomImage (UI component) A simple pinch-to-zoom ImageView library for Android. Yes. While displaying data. http://www.apache.org/licenses/LICENSE-2.0
 

Android SmartImagePicker (UI component)

 

 Image picker on Android from camera or gallery Yes. While searching data on device. http://www.apache.org/licenses/LICENSE-2. 0
Crop Library Image cropping library for Android Yes. While displaying data. http://www.apache.org/licenses/LICENSE-2.0
Smack An open source, highly modular, easy to use, XMPP client library written in Java for Java SE compatible JVMs and Android. Yes. Messaging. Share private user data or/and information. http://www.apache.or g/licenses/LICENSE-2.0
Stripe Software platform for online payments Yes. Payment processing.

https://stripe.com/spc/licenses

FeathersJS Provides a backbone for the API. Manages API interface and database communication. Yes, everything that goes through API. https://docs.feathersjs.com/license.html
Ajv Validates nearly all data that is coming to the API, such as post and patch requests and queries. Yes, nearly every request that comes from outside. https://ajv.js.org/license.html
Google Maps Location data  Yes, user’s city, country and postcode (provided by user during registration and in settings). https://github.com/googlemaps/google-maps-services-js/blob/master/LI CENSE.md
AWS SDK Amazon Web Services software development kit, used to store static files send by users Yes, saves pictures send by user in chats, profile avatar and background, etc. http s://github.com/aws/aws-sdk-js/blob/master/LICENSE.txt
axios HTTP client Yes, communication with Stripe servers related to payments, and working with instant messaging database (contacts saving/removal, etc). https://github.com/axi os/axios/blob/master/LICENSE
bcryptjs  Library for passwords hashing and comparison Yes, users’ passwords. https://github.com/dcodeIO/bcrypt.js/blob/master/LICENS E
bluebird  Yes. https://github.com/petkaantonov/bluebird/blob/master/LICENSE
Bull Library that provides job queues. Used for deferred events such as training start, finish. Yes, times of bookings and trainings. https://github.com/OptimalBits/bull/blob/deve lop/LICENSE.md
compression  Library for compressing server responses Yes, all responses from the server. https://github.com/expressjs/compression/blob /master/LICENSE
CORS  Library for allowing Cross-Origin requests (so that dashboards on other domains could communicate with the server without being blocked by browsers). Yes. https://github.com/expressjs/cors/blob/master/LICENSE
winston Logger  Yes. https://github.com/winstonjs/winston/blob/master/LICENSE

 

  1. Disclosure of Personal Data to Third Parties, including Subcontractors

Our subcontractors are mainly located within EU/EEA. We may also use subcontractors outside the EU/EEA for processing personal data for the following purposes:

  • Data storage
  • Data analysis
  • Marketing
  • Payment
  • Webinar/Live chat solutions

Our subcontractors outside the EU/EEA are Google, Facebook and Stripe. They are all located in the U.S and members of the Privacy Shield. Legal entities within the U.S whom are members of Privacy Shield, an agreement between USA, EU/EEA and Switzerland, are considered to have an adequate level of privacy protection in line with EU law standards.

When you use Stripe, you must agree to their legal agreements and the regulations regarding your personal data in order to use the Application. You may administrate how your personal data is being processed through Stripe, such as their cookies. As to Google and Facebook, you may prevent them from processing your personal data as described in section 3.

We will never sell, transfer or otherwise disclose personal data for other reasons than defined by this Privacy Policy unless required by law or with your consent. If we suspect criminal activity relating to your use of the Sites, we will disclose information to the authorities upon demand.

  1. Your Rights

Withdrawal of consent. If our personal data processing is based on your consent, you can withdraw your consent regarding our use of your personal data at any time. If you want to withdraw your consent, we will delete your account within reasonable time, unless we have a legal basis for further processing of the data.

Objection. You may object to the processing of your personal data which is based on legitimate interest and automatic processing of your personal data as described under section 3. We will stop the processing unless compelling legitimate grounds are present. You may also object to direct marketing concerning you.

Restriction. You can request that we temporarily or permanently restrict the processing of your personal data. Note that restrictions regarding mandatory personal information may prevent or complicate the usage of the Application. Cookies may be restricted as described under section 3.

Access. You can request access, free of charge, to the personal data we have collected at any time by contacting Memento U. You can also request information about how we collect personal data. You will be given access in the extent that is reasonable.

Copies. You can request copies of the personal data that we have stored in a machine readable format.

Erasure and rectification. You can request that we erase (delete) and rectify any collected personal data concerning you at any time. Note that if you want to continue using the Sites, erasure may prevent or complicate the usage of the Sites. If terminating or closing your Memento U account, any information contained will be quarantined for 50 days. This quarantine period applies to prevent fraudulently or mistakenly terminated or closed accounts by third parties. Upon expiration of the quarantine period, all personal data is deleted or anonymized. Some personal data may be retained for accounting purposes as required by law.

Complaint to the supervisory authority. Complaint about breach of privacy laws may be lodged to the supervisory authority of privacy in Norway, Datatilsynet.

  1. Security

There is only a limited number of employees and subcontractors that have access to your personal data. We perform all necessary and reasonable technical and organizational precautions to prevent unauthorized access or disclosure of your personal information. These measures include both physical and logical measures, risk assessments, and routines for handling data and following up requests about access to and deletion of personal data. We will store all personal information on secure servers.

  1. Changes to the Privacy Policy

In order to and comply with any legal requirements or correct mistakes, Memento U may change the Privacy Policy. Changes will be posted on the Sites under «Privacy Policy» and will be effective immediately upon posting. When required by law, any material changes in the manner that we use or share personally identifiable information will apply only to information collected after posting of the revised Privacy Policy, unless we provide you with notice or obtain your consent in accordance with applicable law.

  1. Contact

If you have any questions or concerns about the processing of your personal data, or you wish to plead one or more of your privacy rights, please contact our customer service. Please note that we may ask you to verify your identity before responding to such requests.

Support@mementonetwork.zendesk.com

or

MEMENTO NETWORK AS
Saltnessand
7350 Buvika
Norway