Painless privacy policy

Updated: 26 December 2023

1) General

This Privacy Policy describes how Painless (”we”, ”us” or ”our”) processes your personal data when you use our services in our mobile app: Painless (“the app”).

In this Privacy Policy we inform you about your rights and how we process and protect your personal data. If you have any questions about our processing of your personal data, you may contact us at any time:
support@painless.wiki

It may be necessary from time to time to amend this Privacy Policy. An updated version will at all times be available here.

2) Data processing roles

In our app, we offer access to our exercises and personalized training programs.We act as the data controller when we process your personal data in connection with your access to our exercises and training programs. This Privacy Policy covers our data processing activities both when we act as a data controller and as a data processor. We are committed to and responsible for ensuring compliance with applicable data protection legislation when processing your personal data.

3) Processing of personal data

When you sign up to the app, we may process the following personal data: General personal data: Identity and contact information: Name, address, phone number, sex, height, weight, body measures and age; E-mail address and password used for login to the app; User ID and profile information from third-party login (Google or Apple); IP-address, device identifier and browser information; Chat data. Sensitive personal data: Diagnosis; Specific information about pain. Other information: Activity level at work and in your free time; Completed training sessions; Rating of your pain levels; Internally generated data which is anonymous, aggregated, de-identified etc.

We provide third-party application login methods to the app from Google and Apple. If you use either one of these login methods, you authorize us to access certain account information from your Google or Apple account. Painless has no responsibilities for Google’s and Apple’s processing of your personal data in this regard and we refer you to read the privacy policies of these third parties to gain insights to their processing of your personal data.

4) Purposes

We process your personal data for the purpose of conducting business and provide you with our services, including: Provide you with access to the content in the app, including our exercises; Provide you with the most personalized training program possible; Communication with you in the app, including technical support; Administration of your account in the app; Deliver, maintain and update our services and an effective operation of our IT-structure; Internal business development, including analyzing use of the app, product development and improvement of services; Security such as preventing misuse or to identify hacking etc. Some personal data is collected directly from you when you sign up to the app whereas other personal data is collected automatically as part of your use of the app.

5) Legal basis

We rely on the following legal basis when processing your personal data: Legitimate interest: We have a legitimate business interest in processing some of your personal data for the purposes of internal business development, operation of an effective IT-structure and services in the app and to enforce our terms and ensure appropriate security measures; Performance of a contract: When you sign up to use the app, we process your personal data for the purposes of providing you with our services as per your request, including access to our exercises, personalized training program, booking of consultations with professional consultants and other content included in the app. We also process personal data under this legal basis for the purposes of administering your account, communicating with you and providing technical support. Consent: When receiving personal data in connection with your use of a referral from your health insurance provider, you consent to the health insurance provider’s sharing of your personal data with us, including health data.

Legal obligation: Sometimes we may be under legal obligation to process your personal data to comply with our legal obligations.

6) Exchanging/Sharing personal data

We may exchange or share your personal data with third-parties as stated in the Privacy Policy and for the purposes specified in paragraph 4. This includes exchanging and/or sharing with the following categories of third-parties: Our Data Processors:When you sign up to use the app, you acknowledge and authorize us to share or disclose your personal data with third-parties supporting us in delivering our services. We enter into data processing agreements with our data processors ensuring their compliance with applicable data protection legislation. If it is necessary to transfer your data outside Ukraine to pursue one or more of the purposes in paragraph 4, such third country transfer will only take place in compliance with applicable data protection legislation and be based on a valid transfer legal basis i.e. the Ukraine standard contractual clauses. If you wish to receive a list of third country transfers, you can make use of the contact information provided in this Privacy Policy. You can download the app through a platform operated by a third party e.g. App Store, Google Play, etc. We have no control over your personal data processed by these third parties as they are not affiliated with or controlled by Painless. Accordingly, the use of the app may be subject to additional third party privacy policies.

7) Data retention and deletion

We process your personal data for as long as you have an active account in the app. You are able to edit your account at any time. You are also able to delete your account. If you delete your account, we will immediately delete or anonymize your personal data. We may at any time, if your use of the app is in violation with our online terms, delete your account and associated personal data.We only retain your personal data longer if necessary for us to comply with legal obligations or to enforce our online terms.

8) Your rights

According to the GDPR, you have certain rights over personal data processed by us:

You have a right of access to the information that we process about you as well as certain other information; You have the right to have inaccurate Personal Information concerning you rectified; In special cases, you have the right to have Personal Information about you erased before our general erasure time; In certain cases, you have the right to restrict the processing of your Personal Information; In certain cases, you have the right to object to our otherwise legitimate processing of your Personal Information; In certain cases, you have the right to receive your Personal Information in a structured, commonly used and machine-readable format and to transmit such personal data from one data controller to another without hindrance (data portability).

9) Contact information

To exercise your rights, or if you have any questions regarding our processing of your personal data, please contact via support@painless.wiki. We will immediately evaluate your request and revert no later than one month after receiving the request to let you know if it is possible to meet the request.