Last updated: 13 February 2023
At SOVN, (“SOVN, “Jawsaver”, “we”, “us”, “our”), we take your privacy and data protection seriously.
Below we describe the privacy practices for our devices, applications, software, APIs, products, websites, social media channels and services (collectively, the “Services”) for the benefit of our users (“Users”, “you”, “your”).
- What data we collect when you use our services
- How we use, store and process your data
- The measures we take to keep your data safe
- Your legal rights and how to exercise them
1. OUR CONTACT INFORMATION
Padualaan 8, 3584CH Utrecht, Netherlands
2. PERSONAL DATA WE PROCESS
In most cases, we collect personal data directly from you, such as when you register for an account, tag your data in the app, or use the SOVN device. To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information on the mobile app, like your bedtime routine, your teeth grinding history and other information related to your sleep and health. We may also process data that is produced from the information you provide to us. We may also rely on trusted third party processors to collect data on our behalf, such as our payment processor and advertising partners.
We processes the following personal data categories through our Services:
- Contact information: name, email address, mailing address
- User information: gender, age, User ID, and other information you may provide to use about yourself or your account
- Device information: IP address, device status, intervention mode, stimulus type, crash point of reference & call stack for debugging purposes
- User-generated activity and contextual information: subjective health data (sleep quality, stress level, pain levels), tags, notes and comments you provide within the app
- Measurement data: event log, jaw movement data, heart rate, respiration rate, body movement data
- Calculated user, sleep, health, and activity data such as event frequency and duration, sleep phases, total sleep time, microarousal frequency
- Website & online store: customer & analytics data (see detailed description below).
Please note that some of the personal data we process, including any data concerning your health, is considered special or sensitive personal data. Under applicable law, such data is processed only if you have given your consent for processing.
We collect two types of data when you use our website and online store: Customer data and Analytics data. Please note that we do not use the personal data generated by your use of our mobile app and/or devices for the purposes of running our website and online store, and vice versa.
Although we do not normally use Analytics data to identify individuals, sometimes individuals can be recognized from it, either alone or when combined or linked with Customer data. In such situations, Analytics data shall also be considered to be personal data under applicable laws and we will treat the combined data as personal data.
We may collect and process the following Customer data when you use our website and online store:
- Your name and contact details
- Phone number
- E-mail address
- Possible communication with us
- Invoicing and billing information
- Shipping address
- Possible claims or refunds
- Delivery information and delivery status
- Your purchases on this site (item and value)
- Chosen payment method
- Possible use of discount or campaign codes;
- Direct marketing opt-outs and opt-ins
- We may also process details about your interaction with our emails (such as whether the email is opened and which links are clicked in the email).
Analytics data may include for example the following data:
- IP address
- Device type
- Operating system
- Time of visit
- Search terms used to reach our websites
- Browser type and version
- Browsing patterns on the site
- Unique cookie identifiers
- Language settings
3. DATA SOURCES
Some of the data are received directly from you when you register an account with us or when you complete a purchase in our online store. We may also receive data directly from you when you contact us with a question or complaint via e-mail, the contact form on our website, or social media channels.
Measurement Data are collected & Technical/Usage-related Data regarding the sensor are collected automatically when the device is on. Data is also produced by combining the data listed above and by calculating collected teeth grinding, measurement and your sleep data.
Analytics data is automatically collected when you visit the site. We may also track transactions data as well as details of your browsing patterns on the site.
4. PURPOSES & LEGITIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA
Purposes of processing
To provide you the service
We process personal data in the first place to be able to offer our services to our Users in accordance with their user contract.
We may process personal data for the purpose of communicating with Users. If you contact our support with questions regarding your app data, we will use the provided information to answer your questions and for solving any issues you may have.
For analytics and service improvements
We may process aggregated information regarding the use of our Services to improve our offering. When possible, we will do this using only aggregated, non-personally identifiable data.
Processing and delivering your orders
We process personal data in the first place to process, handle and send your orders and to facilitate your shopping.
With your consent we may send you marketing material, such as newsletters or offers.
Legal grounds for processing
We process personal and health data to perform our contractual obligations towards User or to facilitate their entry into a contract at their request, which is formed when User creates an account and accepts our terms and conditions. We may also process certain information to comply with legal obligations, such as accounting or consumer protection legislation.
Furthermore, we process personal data to pursue our legitimate interest to run, maintain and develop our business, for analytics and trend detection, direct marketing and to create and maintain customer relationships. We may also process data for responding to consumer claims, cases regarding product warranty and similar situations. When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.
Please note that inserting health data to your profile is considered an explicit consent for us to process your data.
Measurement data or any data derived from measurement data used for advertising are subject to your explicit consent.
5. COOKIES AND ANALYTICS
The cookies we use include both first party and third-party cookies.
Web analytics services and other online tools
We use web analytics services to compile data and reports on visitor usage and to help us to improve the Services and offer targeted content.
6. DATA TRANSFERS TO COUNTRIES OUTSIDE THE EEA
We stores your personal data primarily within the European Economic Area (EEA).
However, we have service providers in several geographical locations. As such, we or our service providers may transfer personal data to, or access it in, jurisdictions outside the European Economic Area or the Customer’s domicile. In the events where we do transfer personal data to or access it in jurisdictions outside the European Economic Area or your domicile, we will take steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed.
We provide adequate protection for the transfers of personal data to countries outside of the European Economic Area through a series of agreements with our service providers based on the Standard Contractual Clauses or other similar arrangements.
7. SHARING YOUR PERSONAL DATA
We do not share personal data with third parties outside of our organization unless one of the following circumstances applies:
For legal reasons
We may share personal data with third parties if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect your and our interests & safety in accordance with the law. Where possible, we will inform you about such transfer and processing.
To our authorized service providers
For other legitimate reasons
With your explicit consent
We may share personal data with third parties for other reasons than the ones mentioned before only when we have your explicit consent to do so. You have the right to withdraw this consent at all times.
To other data controllers
In certain cases, we may also process and transfer your personal data to our third-party partners with whom you have an existing contractual relationship with, if such transfer is necessary for providing you with certain benefits or to ensure the full performance of our products and services. For example, if you purchase our products in connection to a bonus scheme campaign or in connection to another service provided by our third-party partner, we may provide such partners with the personal data necessary for them to acknowledge and calculate your accrued bonus or to provide you with the service involving the use of our products. Please note that such partners shall process your personal data as independent data controllers in accordance with their own privacy policies.
8. ANONYMIZED / DE-IDENTIFIED DATA
We may aggregate and/or anonymize data collected via our Services. Such data will be anonymous and cannot be connected to an individual User, therefore no longer qualifying as personal data. We may use this type of anonymous data for analytics, statistics, research & development, communications and PR purposes as well as for trend detection and for benchmark data.
9. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We do not store personal data longer than is legally permitted and necessary for the purposes specified above. The storage period generally depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use.
Storage periods reflect the time frames we may need data for accounting, claims handling, internal reporting or reconciliation purposes.
Backups are deleted as soon as reasonably possible, typically within 6 months.
10. YOUR RIGHTS
Right to access
You have the right to access your personal data processed by us. You may contact us and we will inform you what personal data we have collected and processed.
Right to withdraw consent
In case the processing is based on your consent, you may withdraw the consent at any time. Withdrawing a consent may lead to fewer possibilities to use our Services. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to correct
Users have the right to have incorrect or incomplete personal data we have stored about the User corrected or completed. You can correct or update some of your personal data through your user account in the Service.
Right to erasure
Users may also ask us to erase the User’s personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data.
Right to object
Users may object to the processing of personal data if such data are processed for other purposes than purposes necessary for the provision of our Service to the User or for compliance with a legal obligation. In case we do not have legitimate grounds to continue processing such personal data, we shall no longer process the personal data after your objection.
Right to restriction of processing
Users may request us to restrict processing of personal data for example when your data erasure, rectification or objection requests are pending and/or when we do not have legitimate grounds to process your data. This may however lead to fewer possibilities to use our Service.
Right to data portability
Users have the right to receive their personal data from us in a structured and commonly used format and to independently transmit those data to a third party.
How to use the rights
The above-mentioned rights may be used by sending a letter or a secured e-mail to us on the addresses set out above, including the following information: the full name, company name, address, e-mail address and a phone number. We may request the provision of additional information necessary to confirm the identity of the User. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
11. DIRECT MARKETING & PUSH NOTIFICATIONS
Notwithstanding any consent granted beforehand for the purposes of direct marketing, you have the right to prohibit us from using your personal data for direct marketing purposes by contacting us or by using the unsubscribe possibility offered in connection with our newsletter or other communication.
We will ask your explicit consent if we wish to send you push notifications or to use any health-related data for marketing purposes.
12. DATA OF CHILDREN
We do not knowingly process data of children under the age of 18.
Please note that according to our terms and conditions we reserve the right to delete accounts of children, in particular if no proof of parental consent is provided.
13. SAFEGUARDING YOUR PERSONAL DATA
We do our best to keep your data safe and secure. We use administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Measures may include, for example, where appropriate, encryption, anonymization and access right systems. Our security controls are designed to maintain an appropriate level of data confidentiality, integrity, availability, resilience and ability restore the data. We regularly test our Services, systems, and other assets for security vulnerabilities.
We will take all reasonable precautions to ensure that our staff and employees who have been specifically granted access to information about you have received adequate training to ensure that they process that information only in accordance with this policy and with our obligations under applicable legislation.
Should a security breach occur that is likely to have negative effects to your privacy, we will inform you and relevant authorities as required by applicable data protection laws.
14. LODGING A COMPLAINT
In case you consider our processing of personal data to be inconsistent with the applicable data protection laws, a complaint may be lodged with the data protection supervisory authority.