1.1. The University of Gothenburg (“we” or “us”) is the controller of the processing of your personal data in connection with the provision of our services on Prius Health.
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE MAY USE IT
2.1. When creating an account
In order to create an account, you need to provide your e-mail address and choose a user name and password. You do not need to use your real name as your user name. We need to process your e-mail address, user name and password in order to provide the services on Prius Health to you (fulfil our contract with you). Your user name and e- mail address will only be visible to you and not to other users.
In order to create an account, you also need to enter a registration code. The registration code is given to you by your employer, union or other organisation you are associated with, that we have a partnership with (hereinafter referred to as “Partner”). Each Partner is associated with, and has been given, a Partner unique registration code. We process the registration code when you create your account in order for us to pursue our legitimate interest in validating that you are associated with one of our Partners. We generate anonymised statistics on the number of new accounts created and what Partner registration code was used, in order for us to pursue our legitimate interest in understanding how big the interest is for our website amongst different Partner user groups and assess the effectiveness of communication about Prius Health.
The registration code will remain linked to your account after registration (see exception concerning sensitive Partner registration codes), and will be used by us to generate anonymous user statistics as described in section 5. If we believe that the Partner registration code you use reveals sensitive data about you, such as if it reveals a special category of personal data like union membership or if we believe that association with a certain Partner is particularly sensitive for other reasons, we will request your consent for continued registration code association and your account will only remain associated with the registration code if you have given your explicit consent. If you do not give your consent, your account will be associated with a generic code that does not reveal which Partner registration code you used when registering. If you give your consent, you may withdraw your consent any time by e-mailing us at email@example.com.
When you create an account, you are required to select country and language. We use the country setting when we publish or distribute information that is relevant to users in a specific country, as it is in our legitimate interest to limit the provision of such information to the users for which we believe it is relevant. Your language setting is used by us to provide Prius Health in your preferred language. You cannot change country or language after registering, so please make sure that you select the correct country and language when you create your account.
2.2. Themes, online tests and data you upload
Once your account is created, you may explore different themes. This often involves answering questions, setting up goals or writing notes of your thoughts concerning the chosen theme. When you have completed a theme, the theme and any input you have provided into the theme, such as comments or answers to questions, will be saved in your account for you to go back to and read. Upon completion of a theme, you will be recommended a number of other themes. These theme recommendations are general and based on your most recently selected theme.
If you do an online test, an algorithm will automatically generate a result based on your answers to questions in the test. The results generated will only be accessible to you and will be used to provide you with information and feedback. The results from the online tests will be saved in your account. If you cancel an online test before running the test, the data entered into the online test will not be saved.
You may also upload other data to your account, such as by entering notes into the diary. Additional functions will be added continuously.
Online test results, diary notes, themes and other data saved in your account will only be accessible to you and no other account holders, and will be processed only in order for you to follow your own personal development. The processing of these data is based on your consent. If you wish to withdraw your consent and instead wish for all or certain data to be deleted from your account, please contact us with a request to have the data deleted (see section 4.2 on how to delete certain personal data or content). The data will be stored in your account until you withdraw your consent or delete your account.
2.3. Public areas of Prius Health
Prius Health allows you to share questions from themes and thoughts on those themes with other users, as well as viewing questions and thoughts that other users have chosen to share. The public areas of Prius Health are accessible to all users that are associated with the same Partner registration code as your account. Any content you post in the public areas will be displayed anonymously. However, please ensure not to include personal data in the free text section of your post, as it can be viewed by other users. If you wish to have one of your previously published posts deleted, please contact us at firstname.lastname@example.org.
2.4. Contact form
Any messages you send to us via the contact form are transported to us via e-mail. We respond by sending an e-mail to the e-mail address with which your account is registered. Our processing of your message necessary in order for us to pursue our legitimate interest in handling and replying to incoming correspondence. We delete your message after having replied to it.
2.5. Log in reminders
Our vision is for Prius Health to improve the health and wellbeing of the users. As we believe that habits is what really makes a difference, our intention is that Prius Health shall form part of the users’ everyday life. In order to achieve that, frequent use of Prius Health is necessary. Our scientific research study, which is separate from but similar to Prius Health, has shown that the sending of login reminders leads to increased frequency of usage amongst the participants of the study. As it is in our legitimate interest that Prius Health is used as intended, we will send e-mail reminders to you after your last visit at
Prius Health, encouraging you to log in again. You may change the frequency of your reminders or turn them off completely in the settings section of your account.
2.6. Information e-mail
If you subscribe to information e-mails we will use the e-mail with which your account is registered, to send you information e-mails. The use of your e-mail for this purpose is based on your consent, which you can withdraw at any point by changing your settings for information e-mails.
2.7. Sharing via e-mail and social media
If you share Prius Health content via e-mail or social media, the person you share the content with will see that you have an account at Prius Health, but will not have access to the information in your account; only the content shared. We do not process your social media or e-mail details.
3. WHO CAN ACCESS YOUR PERSONAL DATA?
3.1. Your account and all data you upload thereto, including your user name, email address, diary notes, data you enter into online tests or other data, will only be visible to you only, and not to other users or non-users. Content you publish in public areas of Prius Health will be published anonymously unless you include personal data in the post you publish that reveals your identity. Please be aware that other users may share, spread and otherwise use content including any personal data you have chosen to make available in public areas of Prius Health. We are not in control of, nor responsible for, such sharing or spreading, or use by other users or third parties. Please refer to our User Terms to learn more about sharing on Prius Health.
3.2. You may see inspirational texts, insights or thoughts of other users of Prius Health or users of our separate scientific research study, on Prius Health. We have obtained these users’ consent to share these specific texts on Prius Health. We do not share the data you upload to your account with other users or third parties without your consent (except that data posted in public areas of Prius Health may be viewed by other users).
4. WHEN IS PERSONAL DATA DELETED?
4.1. Personal data you upload to your account will be saved for as long as the account exists or until you contact us to have personal data removed.
4.2. You may delete your account manually from the settings section of your account or from the webpage where you change your password (main page before logging in). If you wish to delete certain personal data or content that you have uploaded to your account, or if you need assistance to delete your account, please contact us (see section 10.1). Please note that we reserve the right to delete your account after a pro-longed period of inactivity or in case of inappropriate usage of Prius Health. We will notify you before doing so; please refer to the User Terms for more information.
4.3. After your account has been deleted all personal data in your account will be permanently deleted and you will no longer be able to access it. Please note however that content you have published in public areas of Prius Health will not be deleted as they are anonymous; they will therefore still be accessible to other users unless you contact us to have the content removed. Please note that, as the content in public areas of Prius Health is published anonymously, you need to be able to specify what content you wish to have deleted, in order for us to assist you.
5.1. Your account will be associated with the Partner registration code used when you created your account, or, as the case may be, a generic code (see section 2.1). The association with the code is necessary in order for us to generate anonymous statistics on:
a) number of accounts associated with each respective Partner (or general code);
b) number of clicks per article/theme etcetera per Partner (or generic code). (Note! We do not track what individual users click on); and
c) time of log in and log out (data is anonymised within 14 days).
5.2. We generate the anonymous statistics as it is necessary in order for us to pursue our legitimate interest in assessing the effectiveness of communication about Prius Health, so that we can reach out to relevant groups and to assess the interest in different types of articles, themes and other content we publish on Prius Health, so that we can publish more of the type of content we believe the users as a group will be interested in.
6. RECIPIENTS OF PERSONAL DATA
6.1. Our sub-contractors will process your personal data if and to the extent that it is necessary in order for them to provide their services to us as agreed (such as our website developer or hosting provider), so that we can operate Prius Health. We have data processing agreements in place with all sub-contractors who process personal data on our behalf and we (and our sub-contractors) only process your personal data within the EU/EEA.
6.2. We share anonymised statistics (in which you are not identified) with our Partners, as well as in information material to be presented to potential Partners, the public or to users.
7. RECTIFICATION, ACCESS AND OTHER RIGHTS
7.1. You have the right to have personal data deleted and to withdraw your consent. Please refer to section 2 for information on how to withdraw your consent and section 4 for information on how to delete your personal data.
7.2. You have the right to have inaccurate personal data rectified. If wish to rectify data you have uploaded to Prius Health, please contact us (see section 10.1).
7.2. You have the right to obtain confirmation as to whether or not we process personal data concerning you, and where is the case, access to the personal data and information about the processing. If you wish to exercise this right, please contact us (see section 10.1).
7.3. You have the right to receive personal data concerning you that you have provided to us and have the right to transmit those data to another controller (data portability). This right only applies to processing that is based on your consent or on a contract. If you wish to exercise this right, please contact us (see section 10.1).
7.4. You have the right to request that we restrict the processing of your personal data, for instance if you believe the processing is unlawful or in other circumstances outlined in Article 18 GDPR. If you wish to exercise this right, please contact us (see section 10.1).
7.5. You have the right to object, on grounds relating to your particular situation, at any time, to processing based on our legitimate interest. If you wish to exercise this right, please contact us (see section 10.1).
7.6. If you are not happy with the way we process your personal data, you have the right to lodge a complaint with a supervisory authority within the EU. We encourage you to contact us with your request or complaint, before contacting the supervisory authority.
8. PERSONAL DATA COLLECTED AUTOMATICALLY
8.1. When you visit Prius Health we collect data about your IP-address. We process IP- addresses as it is necessary in order for us to pursue our legitimate interest in maintaining and improving the security of Prius Health and applying the right language on the login webpage (note that you can choose a different language to be used when you create your account; see section 2.1.). IP-addresses are stored for a maximum of one (1) month.
10. CONTACT US
Address: University of Gothenburg, Box100, 40530 Gothenburg, Sweden
10.2. To contact the Data Protection Officer at the University of Gothenburg, please write to: Records Management, University of Gothenburg, Box 100, 40530 Göteborg, Sweden