information we collect from you as a user of the Sidekick Health application and why we collect it. Here you can find information about who
receives your personal data, our legal basis for processing personal data, how long we retain it, what your rights are as a user of the application
and other important facts relating to data protection laws.
Personal data that Sidekick collects and how that data is used
1. Information you provide when you create an account
We receive certain information from you when you create a Sidekick account. To create an account, you have four different options:
1.1. Traditional login
You can choose to create a new account directly by registering information about your name, email and password. You may optionally choose to
provide information about your height, weight, age and gender, as well as upload a photo of yourself.
1.2. Login with Facebook
You can choose to use Facebook to create an account. Through this method, we collect information about your name, birthday, email address,
gender, profile image and friends who also use Sidekick.
1.3. Login with Google
You can choose to use Google to create an account. Using this process, we collect information about your name, email address, gender and
1.4. Login with Apple ID
You can choose to use Apple ID to create an account. Using this process, we collect information about your email address. You may optionally
choose to provide information about your height, weight, age and gender, as well as upload a photo of yourself.
1.5. Recipients and data retention regarding account registration
We use the Google Cloud SQL service to store account registration information. Google’s role is limited to storing information on our behalf;
Google does not use the information for any other reason. Please also note that when you create an account, other users will be able to see
some of your information, such as your name and your profile picture.
We store your information using the Google Cloud SQL service until you delete your Sidekick account. This deletion involves only personally
identifiable data, which includes for example (username, password, all images, GPS data and entered programs).
If you do not log any activity in the application for a period of two years, we remove all personal data and thereby anonymise your account
automatically. This removal of personal data includes all personally identifiable information, that includes for example (username, password, all images, GPS data and entered programs).
The registration data along with usage data is stored using Google Cloud SQL whose databases are located in the EU. Images are stored on
Google Cloud Storage, whose databases are located in multiple regions in the EU.
2. Information you provide when you use the application
When you use the application you can choose to share certain information, including information related to your health. For example:
2.1. Information about your diet
You can choose to share information relating to your diet, such as the goals you want to achieve, as well as information and photos relating to the
food you have eaten. Sidekick uses this information to allow you as a user to keep track of your dietary habits and progress.
2.2. Information about your physical activity
You can choose to share information about your physical activity, such as information about your workouts, as well as your location while you
exercise (e.g., to measure distance travelled on a run). Sidekick uses this information to allow you as a user to keep track of your exercise routine.
2.3. Information about how you reduce stress
You can choose to share information about how you reduce stress, such as minutes spent completing relaxation exercises in the application.
Sidekick uses this information to allow you as a user to keep track of your stress and energy levels, as well as mindfulness activities.
2.4. Information about the tests that you take
You can choose to take various tests in the application, such as questionnaires to check your risk for diabetes or work-related stress, as well as a personality test. The results of these tests are based on the information you provide. Sidekick uses this information to allow you as a user to keep
track of your test results.
2.5. Information about your vital signs
You can choose to share information related to your vital signs, such as your blood pressure, pulse, weight and blood test results. Sidekick uses
this information to allow you as a user to log your vital signs and keep track of changes in these measurements over time.
2.6. Information about your use of the application
We also use the information, specified in sections 2.1 to 2.5, that you choose to share with us, to inform, entertain and provide you with relevant
Sidekick services if you have given consent for this communication.
2.7. Community activities
As a user of the application, you can partake in a community, if the lifestyle program you are active in allows for it, for example by posting on the
feed, commenting on or liking others posts. Our only goal is to allow you to interact with other users and we do not use your information for any
2.8. Information about your interest in participating in a lifestyle program
As a user, you can use the application to indicate your interest in participating in a lifestyle program. Sidekick uses that information to identify which Sidekick services are likely to fit you best and send you an email with information about these services.
2.9. Information about how you use the application
To improve the user experience of the application, we also collect information on how you use the application.
2.10. Personal profiling
The above-mentioned information leads to personal profiling of users. The logic used is simple: if you log activities on a bike the SidekickHealth
application is more likely to suggest cycling as an exercise for you, than for example walking/running. There are no automatic decisions (as
defined in Article 22 of GDPR) made within the SidekickHealth application.
2.11. Recipients of information and retention period of data due to the use of the application
To keep track of the information specified in sections 2.1. to 2.7. and 2.9., we use the Google Cloud SQL service. Google’s role is limited to
storing information on our behalf; Google does not use the information for any other reason. We store your information using the Google Cloud
SQL service until you delete your Sidekick account (see section 1.5.). If you do not log any activity in the application for a period of two years, we
anonymise your account automatically. If you decide to participate in a lifestyle change program with a trainer or health coach, s/he will also have
access to some of the above information.
3. Outgoing emails
3.1. Lost password
If you have lost or forgotten your account password, you can request a password reset. If we receive that kind of request from you, we will send
an email with reset instructions to the email address you used to register for your Sidekick account.
3.2. Improving your experience with the application and Sidekick services
As described in section 2.9 we collect information about how you use the application in order to provide you with a better and more accurate
service. We will send you an email with information about potentially relevant Sidekick services that we think may be of interest to you. It should
be noted that you, as a user of the application, have the right to object to such email communications, by unsubscribing or sending an email to co
3.3. Changes to Terms and Conditions
Our terms may change in the future. When we change them, we will send you information about those changes by email.
3.5. Recipients of information and the retention period for outgoing emails
We use a service from MailChimp to email you and to store information about our email communication with you. MailChimp’s role is limited to
comply with our instructions on how the information should be used. MailChimp does not use the information for any other reason. MailChimp
whose databases are located in the U.S. is subject to Standard Contractual Clauses and under that resource the movement of data away from
the EEA Area is authorised.
Email communications for lost passwords will be deleted as soon as an email has been received.
Email communications for information about potentially relevant Sidekick services will be deleted after six months.
Email communications due to changes in our Terms and Conditions and handling of your personal data will be stored as long as the
company has use for the information.
4. Legal basis for processing personal data
The personal information referred to in sections 1.1. to 1.4. mentioned above is collected on the basis of your consent.
The contact information gathered through our websites is collected on the basis of your consent and will only be used for the relevant purposes of
The personal information referred to in sections 2.1. to 2.8. is also collected on the basis of your consent. The information in connection with your
use of the application, referred to in section 2.9., is collected on the basis of your consent, we will only communicate this information to users who
have consented to receiving such emails.
Emails regarding lost passwords, as described in section 3.1., will be sent to you on the basis of your consent. Emails regarding your experience
of the application, referred to in section 3.2., will be sent on the basis of your consent, we will only communicate this information to users who
have consented to receiving such emails.
Emails described in sections 3.3. and 3.4. will also be sent to you on the basis of our legitimate interest in demonstrating that the company has
informed users about changes to our Terms and Conditions or to our handling of users´ personal information.
The personal information provided by users is used to ensure the quality of the SidekickHealth application as a Medical Device through research.
This is done on the basis of Article 9(2)i of GDPR. We do take measures to safeguard the rights and freedoms of the data subject, these involve
researchers having signed and being bound by the confidential statement. The research done with user data will never be published with any
personally identifiable data. The purpose of this is to increase the quality of lifestyle programs on offer and to gather information through research
to support the clinical evaluation of SidekickHealth as a medical device.
5. Protection of Personal Data
Sidekick takes precautions, including administrative, technical and physical measures, to safeguard your personal data against loss, theft and
misuse, as well as against unauthorised access, disclosure, alteration and destruction. We store the personal data you provide encrypted on
computer servers that are located in controlled facilities. We restrict access to personal data to our employees, contractors and agents who need
access in order to operate, develop, or improve our services and the application.
When you enter sensitive personal data in the application we encrypt the transmission of such data using secure socket layer technology. We
follow generally accepted standards to protect the personal data submitted to us, both during transmission and once we receive it.
6. Personal data transfers outside of the European Economic Area (EEA)
Where your personal data is transferred to a country outside of the EEA, and that country is not subject to an EU adequacy decision, we will
ensure your data is protected by appropriate safeguards (e.g., EU-approved standard contractual clauses or Binding Corporate Rules).
7. Your rights as a user of the application
If you have granted your consent for processing certain personal data, you are entitled to withdraw your consent at any time pursuant to data
protection laws. However, that right does not affect the legitimacy of the processing of data carried out before you withdrew your consent. You
also enjoy other rights, such as the right to access your data, the right to have wrong or misleading information about you to be rectified, the right
to have your personal data deleted, the right to restrict that your personal data will be processed, the right to object and your right to data
portability. Please note that some of your rights may be subject to certain conditions.
Users are never under any obligation to provide personal data. The consequences of not providing personal data are that the user will not be
able to fully enjoy the application and what it has to offer.
Users can delete their account by going into Health > press the crank wheel > press “Other” > press “Delete Account” > write “Sidekick” in the
text box and press “Delete account”. All personally identifiable data will be deleted.
8. Cookies (website only)
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or
work more efficiently, as well as to provide information to the owners of the site. You can change your cookie preferences at any time by clicking
on the ‘C’ icon. You can then adjust the available sliders to ‘Allow’ or ‘Deny’, then clicking ‘Save settings’. You may need to refresh your page for
your settings to take effect.
8.1. Necessary cookies
Some cookies are required to provide core functionality. The website won’t function properly without these cookies and they are enabled by
8.2. Analytical cookies
Analytical cookies help us improve our website by collecting and reporting information on its usage.
8.3. Marketing cookies
Marketing cookies are used to track visitors across websites to allow publishers to display relevant ads.
9. Name and contact details of the controller
Org. no 680912-1490,
203 Kópavogur, Iceland.
10. Data Protection Officer
If you have further questions about how Sidekick handles your personal data, or if you want to exercise your rights, you may contact our data
11. Right to file a complaint with the Data Protection Authority
If you have any concern that Sidekick handles your personal data legitimately, you have the right to file a complaint with the regulatory authority.