Last update: 1. December 2023

1 General

This Privacy Policy describes how Injurymap (”we”, ”us” or ”our”) processes your personal data when you use our services in our mobile app: Injurymap (“the app”).

In this Privacy Policy we inform your about your rights and how we process and protect your personal data. If you have any questions about our processing of your personal data, you may contact us at any time:

Injurymap ApSC/O Health Tech Hub Copenhagen, Danneskiold-Samsøes Allé 41, st., 1434 København K, [email protected]

It may be necessary from time to time to amend this Privacy Policy. An updated version will at all times be available here.

2. Data processing roles

In our app, we offer different services to our users: i) access to our exercises and personalized training programs, and ii) consultations with professional consultants e.g. online physiotherapists (“professional consultants”)

We act as the data controller when we process your personal data in connection with your access to our exercises and training programs cf. 2.1(i).

We act as the data processer on behalf of the consultants in connection with your booking of consultations with professional consultants cf. 2.1(ii).

This Privacy Policy covers our data processing activities both when we act as a data controller and as a data processor. We are committed to and responsible for ensuring compliance with applicable data protection legislation when processing your personal data.

3. Processing of personal data

When you sign up to the app, either voluntarily, by use of a voucher from an external party e.g. a doctor or by referral from a health insurance company, we may process the following personal data:

General personal data: 

• Identity and contact information: Name, address, phone number, sex, height, weight, body measures and age
• E-mail address and password used for login to the app
• User ID and profile information from third-party login (Google or Apple)
• IP-address, device identifier and browser information
• Chat data.

Sensitive personal data:

• Diagnosis
• Specific information about injury

Other information:

• Activity level at work and in your free time
• Completed training sessions
• Rating of your pain levels
• Internally generated data which is anonymous, aggregated, de-identified etc.

If you make use of a referral from your health insurance provider, we also process the following information:

• The health insurance company
• Information provided to the health insurance about you andr your injury, including CPR-no. and health data
• Patient journal logged in our app from consultations with our professional consultants.

We provide third-party application login methods to the app from Google and Apple. If you use either one of these login methods, you authorize us to access certain account information from your Google or Apple account. Injurymap has no responsibilities for Google’s and Apple’s processing of your personal data in this regard and we refer you to read the privacy policies of these third parties to gain insights to their processing of your personal data.

4. Purposes

We process your personal data for the purpose of conducting business and provide you with our services, including:

• Provide you with access to the content in the app, including our exercises;
• Provide you with the most personalized training program possible;
• Enabling you to engage with professional consultants (see further explanation cf. 6.1.2);
• Communication with you in the app, including technical support;
• Administration of your account in the app;
• Deliver, maintain and update our services and an effective operation of our IT-structure;
• Internal business development, including analyzing use of the app, product development and improvement of services;
• Facilitate research and academic research, including with our business partners;
• Security such as preventing misuse or to identify hacking etc.
• Some personal data is collected directly from you when you sign up to the app whereas other personal data is collected automatically as part of your use of the app.

5. Legal basis

We rely on the following legal basis when processing your personal data:

• Legitimate interest: We have a legitimate business interest in processing some of your personal data for the purposes of internal business development, operation of an effective IT-structure and services in the app and to enforce our terms and ensure appropriate security measures;
• Performance of a contract: When you sign up to use the app, we process your personal data for the purposes of providing you with our services as per your request, including access to our exercises, personalized training program, booking of consultations with professional consultants and other content included in the app. We also process personal data under this legal basis for the purposes of administrating your account, communicating with you and provide technical support.
• Consent: When receiving personal data in connection with your use of a referral from your health insurance provider, you consent to the health insurance provider’s sharing of your personal data with us, including health data.
• Legal obligation: Sometimes we may be under legal obligation to process your personal data to comply with our legal obligations.

6. Exchanging/Sharing personal data

We may exchange or share your personal data with third-parties as stated in the Privacy Policy and for the purposes specified cf. 4.1(A-F). This includes exchanging and/or sharing with the following categories of third-parties:

Our Data Processors:

When you sign up to use the app, you acknowledge and authorise us to share or disclose your personal data with third-parties supporting us in delivering our services. We enter into data processing agreements with our data processors ensuring their compliance with applicable data protection legislation.

If it is necessary to transfer your data outside EU/EES to pursue one or more of the purposes cf. 4.1(A-F), such third country transfer will only take place in compliance with applicable data protection legislation and be based on a valid transfer legal basis i.e. the EU-commission’s standard contractual clauses. If you wish to receive a list of third country transfers, you can make use of the contact information provided in this Privacy Policy.

You can download the app through a platform operated by a third party e.g. App Store, Google Play, etc. We have no control over your personal data processed by these third parties as they are not affiliated with or controlled by Injurymap. Accordingly, the use of the app may be subject to additional third party privacy policies.

Professional consultants:

As a service, we offer the option to book consultations with a professional consultant. This service may be effectuated by use of a referral from your health insurance provider. The health insurance provider obtains consent to the data processing activities including exchanging personal data with us and our professional consultants. Injurymap may also report epicrisis to the health insurance provider. This may only be effectuated with your specific consent. The health insurance provider is responsible for collecting your consent to reporting of epicrisis.

These consultants act as data controllers and we as their data processor by providing access to our app data to the consultants enabling them to access user data which is necessary to ensure effective and relevant consultations.

Research Business Partners:

Injurymap facilitates research and academic research with our business partners. This may include sharing your personal data with our business partners to conduct commercial and academic research concerning demography, interests, and consumer preferences in order to gain insights into our users, products and services and to use this for i) internal purposes cf. section 3.1.G., and ii) to improve knowledge of training based on aggregated or de-identifiable data.

Business transactions and reorganisations:

We may at some point decide to sell some of our assets and activities – partly or in whole – to other businesses. Such transactions may include customer information and thereby your personal data and user data. You acknowledge that any such transaction may occur when accepting our online terms and thereby that any other business acquiring assets and activities from us may continue to use and process your personal data.

Social Media Platforms:

We may share some of your personal information with Facebook and Google Ads for remarketing purposes.

7. Data retention and deletion
We process your personal data for as long as you have an active account in the app.

You are able to edit your account at any time. You are also able to delete your account. If you delete your account, we will immediately delete or anonymize your personal data.

We may at any time, if your use of the app is in violation with our online terms, delete your account and associated personal data.We only retain your personal data longer if necessary for us to comply with legal obligations or to enforce our online terms.

8. Your rights

According to the GDPR, you have certain rights over personal data processed by us:

• You have a right of access to the information that we process about you as well as certain other information;
• You have the right to have inaccurate Personal Information concerning you rectified;
• In special cases, you have the right to have Personal Information about you erased before our general erasure time;
• In certain cases, you have the right to restrict the processing of your Personal Information;
• In certain cases, you have the right to object to our otherwise legitimate processing of your Personal Information; and
• In certain cases, you have the right to receive your Personal Information in a structured, commonly used and machine-readable format and to transmit such personal data from one data controller to another without hindrance (data portability).

9. Contact information

To exercise your rights, or if you have any questions regarding our processing of your personal data, please contact us by using the contact information in the beginning of this Privacy Policy. We will immediately evaluate your request and revert no later than one month after receiving the request to let you know if it is possible to meet the request.

You can complain about our processing of your Personal Information to the Danish Data Protection Agency, Carl Jacobsens Vej 35, 2500 Valby, e-mail: [email protected].