1.1. The University of Gothenburg (“we” or “us”) is the controller of the processing of personal data in connection with the provision of our services on the Open Website and the Guided Web Program (together “our website”).
PART I – TERMS SPECIFIC TO THE GUIDED WEB PROGRAM
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT
2.1. When you create an account we will ask you to provide your e-mail address, a user name, a password and a registration code. Your chosen user name does not need to be your real name. These data are required in order for you to create an account and for us to provide the services to you. The registration code is given to you by your employer or other organisation you are affiliated with that we have a partnership with (hereinafter “Partner”), and is necessary in order for us to validate that you are associated with one of our Partners, which is a legitimate interest of our Partners and us. Each Partner has been allocated a unique registration code. We save anonymised data on the number of new accounts created and what Partner registration codes were used at registration, as our Partners and we have a legitimate interest in understanding how big the interest is for the website amongst different Partner user groups and assess the effectiveness of communication about the service.
2.2. The registration code you use at registration will continue to be linked to your account. The association with the registration code is necessary in order for us to generate anonymous user statistics (as described in Section 5.3), which is a legitimate interest of our Partners and us. However, if the registration code you use reveals a special category of personal data (such as membership in union) or if we determine that association with the Partner is sensitive for other reasons, we will only link the registration code to your account with your consent. If you do not give your consent, your account will be associated with a generic code that does not reveal your Partner association. If you give your consent, you may withdraw your consent any time by e-mailing us at firstname.lastname@example.org.
2.3. You may also, during the process of creating an account, be given the option to provide additional personal data regarding your country/state of residence. These personal data are not necessary to provide in order for you to create an account, but if you provide such additional personal data, we will use these personal data to improve and develop our services to give you and other users an even better experience when using the services on our website. (Please refer to section 5 regarding anonymisation.) Once your account is created, you may choose to upload other personal data, e.g. your weight, physical activity, eating habits, medical history and other information. These personal data will only be accessible by you and no other account holders. These personal data will be processed in order for you to follow your own personal development. These personal data will be saved until your account is deleted or until you contact us to have personal data deleted.
2.4. You may also enter personal data into online tests. When doing an online test an algorithm will automatically generate a result, such as calories burnt based on your exercise and weight. The results generated will only be accessible to you and will be
used to provide you with information and feedback. The results from the online tests will be saved until you contact us to have the personal data deleted. You can always cancel an online test; if you do so, the data you entered into the online test without running the test will not be saved.
2.5. Each time you log out of the Guided Web Program, you will be given the option to receive an e-mail reminder to visit the website again. The legal basis for sending such reminder is your consent.
3. WHO CAN ACCESS YOUR PERSONAL DATA?
3.1. Your account profile and all data you upload thereto, including your user name, email address, medical history, health and lifestyle data, data you enter into online tests or other data, will only be visible to you and not to other account holders or non-account holders. Content you publish in areas of the Guided Web Program that are accessible to all account holders, will be published anonymously unless you yourself include personal data in the content you publish that may reveal your identity. Please be aware that other users may share, spread and otherwise process content including any personal data you have chosen to make publicly available by publishing it in areas of our website that are accessible by other users, such as forums, and that we are in no way in control of, or responsible for, such processing by third parties or other users. Please refer to our User Terms for more information about how our website works in terms of for instance sharing. 3.2. We may access all the personal data you upload to or publish on the website, to the extent that it is necessary in order for us to fulfil our legal obligations and run our website.
4. WHEN ARE PERSONAL DATA DELETED?
4.1. Personal data you upload to your account will be saved for as long as the account exists or until you contact us to have personal data removed.
4.2. If you wish to delete personal data or content that you have uploaded to your account, forums or other areas of our website, or your entire account, please contact us (see section 10). You may also log in and delete your account manually. Please note that we
may delete your account after a pro-longed period of inactivity or in case of inappropriate usage of our website; please refer to the User Terms for more information.
4.3. Before deleting your account we will anonymise your personal data, so that no personal data remain, and use it to improve our services (see section 5). After your account has been deleted all personal data not being anonymised will be permanently deleted and you will no longer be able to access it. Please note however that content you have published in areas of our website that are accessible to other users, such as forums, may be stored and continuously be accessible to other users unless you contact us to have the content removed. Please note that, as the content in areas accessible to all users is published anonymously, you must be able to specify which content you wish to have deleted and show that it is your personal data, in order for us to assist you.
5. STATISTICS TO IMPROVE OUR SERVICES
5.1. We only process sensitive personal data, e.g. concerning health, with your explicit consent. With your consent we will pseudonymise your personal data, including health related data, to generate statistics to evaluate and analyse user behaviour that will help us improve and develop our services. For instance, by combining data about your weight loss with other data, such as which food related articles you have read on our website, we can measure which articles had the most positive effect on users’ weight loss, and thus adjust the content of the website to better meet the needs to the users. By using a computer algorithm that links your data to your account, we can generate statistics showing users’ development over multiple years. Your data will form part of statistics and at no point will a physical person see which account holder the data relates to. By giving your consent, not only will you benefit from improved services, but you will also give other users a greater chance of benefiting from the service. If you change your mind, you can withdraw your consent at any time.
5.2. If you do not give your consent for us to use your data in pseudonymised form as described above, or if you have requested to have your account deleted, all your personal data, including data concerning health, will be anonymised and used to improve our services as described above. After anonymising your personal data, it will not be possible to link your data to your account.
5.3 Your account will be associated with the registration code you used when you created your account or, if your consent is required but not given, a generic code (see Section 2.2). The link with the registration code is necessary in order for us to generate anonymous statistics on:
a) number of accounts associated with each respective Partner;
b) number of views per article/theme etc. per Partner (or generic code). (Note! We do
not track what individual users click on.); and
c) the time of log in and log out (data is anonymised within 14 days).
The purpose of generating the anonymised statistics is for our Partners and us to assess the effectiveness of communication about PriusHealth, so that we can reach out to relevant groups, and to assess the interest in different types of articles and themes etcetera, so that we can publish more of the content that we believe our members will prefer on the Guided Web Tool.
PART II – TERMS APPLICABLE TO BOTH THE OPEN WEBSITE AND THE
GUIDED WEB PROGRAM
6. RECIPIENTS OF PERSONAL DATA
6.1. Our sub-contractors will process your personal data if and to the extent that it is necessary for them to provide to us the services agreed, such as our website developer or hosting provider. This is done without your consent, as it is necessary in order for us to provide you with our services. We have data processing agreements with all subcontractors who process personal data on our behalf and we will not process your personal data outside the EU/EEA.
6.2 We share anonymised statistics (in which you will not be identified) with our Partners, as well as in information material for potential Partners and users.
7. YOUR RIGHTS
7.1. You have the legal right to request from us rectification of, access to or erasure of your personal data. You also have the right to request that we restrict the processing of your personal data, to withdraw your consent or object to our processing of your personal data, and the right to data portability. You should be aware that, depending on your requests, you may not thereafter be able to use our website as intended. Please contact us and we will assist you (see section 10).
7.2. If you are not happy with the way we process your personal data, you have the right to lodge a complaint with a supervisory authority within the EU.
8. PERSONAL DATA COLLECTED AUTOMATICALLY
8.1. When you visit our website we collect data about your IP-address. We process IPaddresses to improve the security of our website. IP-addresses are stored for a maximum of one (1) month. When you use the Guided Web Program, we will, in addition to the IPaddress, also collect data about what type of device (e.g. mobile phone/computer/tablet) you use to access our website and data about your web browser (including version and language). Data about device and browser are processed by us as it is necessary for our legitimate interest of improving our services and facilitating troubleshooting. These data will be deleted or anonymised if your account is deleted.
10. CONTACT US
Address: University of Gothenburg, Box100, 40530 Gothenburg, Sweden
10.2. To contact the Data Protection Officer at the University of Gothenburg, please write to:
Records Management, University of Gothenburg, Box 100, 40530 Göteborg, Sweden