SportID International OÜ (hereinafter referred to as Stebby) knows that our users value their privacy and protection of personal data highly. We take the matter or protecting personal data very seriously. Please take a minute to read our privacy notice.
What does our privacy notice include?
The privacy notice of Stebby includes the privacy terms and conditions of all the websites and services managed by us and the protection of personal data of private users (hereinafter referred to as the User) in those online environments. Such environments include our websites stebby.eu, sportid.com, sportid.ee, but also other local Stebby domains as well as our blogs at stebby.eu/blog, tervefirma.ee, sveikakomanda.lt, teamwellness.blog and all of the other sites owned by Stebby that reference this privacy notice. This privacy notice also includes all of the mobile applications developed by us, for example the SportID and Fit100 web applications and other applications developed by Stebby that are available at Google Play and iTunes mobile application stores referencing this privacy notice.
Controller of personal data
The controller of personal data collected via Stebby web services is SportID International OÜ (Estonian Business Register Code 12231911), located in Tartu, Veeriku street 9. Contact information firstname.lastname@example.org, telephone +372 8 803 124.
The data transmitted by Users via Stebby web service
There are several different activities that a User can carry out on our website without the transmission of personal data. Such services include, for example, viewing the profiles of service providers and the services they provide, viewing the content and prices of services provided by Stebby or reading our blog posts.
A user’s profile is created upon the registration of a user name and this process involves recording personal data, including the User’s name, e-mail address, personal identification code, sex, phone number, data of the employer. Using the Stebby web service produces data regarding the User’s choices of sports clubs, training, services and sports events, and the data that the User has added to the training diary, such as the sports that the User practices, duration of the training sessions and comments to the session.
Automatically registered data
Over the course of using Stebby web services, the following data is registered automatically: the User’s IP address and the approximate location based on the IP address; browser version; information about cookies, and the pages that the User visits in our online environment.
Why do we collect data?
We do not sell or rent User data to third parties. We collect data so that Users could employ the health and sports services in the Stebby web service. Location data is collected so that Users could find the services nearest to them as quickly as possible. The data related to health services, sports clubs, workouts, and event participation is chosen via Stebby web service is collected for non-personal data processing (analytics) and for forwarding personalized direct marketing messages, provided that the User has given the corresponding consent.
Recipients of personal data
In case of compensation of health and sports expenses by the employer, the Stebby web service enables the employer to receive information about the compensation used by their employees among Users in the amount of compensation the employer has paid to their employees.
Stebby employs software by third parties for enhancing our service. For example, the User’s e-mail addresses, alongside with information regarding whether the User has agreed to direct marketing or not, are forwarded to our cooperation partner Vero (getvero.com) whose service is employed by Stebby for sending out newsletters and notifications.
This data may also be forwarded to different service providers employed by Stebby in the future. In each such instance Stebby will try its best to ensure that the service provider’s privacy requirements would be in accordance with currently valid legislation and the Users’ personal data would be stored and transmitted in a secure manner.
Where is Users’ personal data stored and how is it transmitted?
The personal data collected via Stebby web service is not transmitted to countries outside the European Union or to countries that lack personal data protection legislation in compliance with the standards of the European Union. Data is stored in servers located in a European Union member state.
Public personal data
When using the Stebby web service, the User agrees that other Users are able to search for the User by name through the search window and check whether the User has an account with the Stebby web service whilst also viewing the public information regarding training data on the User’s account. The User has the possibility of limiting the visibility of training information by other Users in the settings of the User’s account.
Each User may disable cookies in their web browser and delete the cookies that have already been saved. However, in such a case we are not able to guarantee the flawless functioning of Stebby web services.
How is the User’s personal data protected?
User’s accounts in Stebby web service are protected by passwords for ensuring safety and privacy. Be careful as a User and do not give out your password to third parties, do not use passwords that are not easily guessed, and avoid using the same password in several web services.
Do not leave your Stebby account logged in in unfamiliar devices.
Stebby data requests are encrypted. Within the company, we employ reasonable technical and organizational-administrative solutions for transmitting personal data between employees and cooperation partners.
Though we try our hardest and work towards keeping the User’s personal data protected and transmitting it safely every single day, we would like to remind you that transmitting information online is never 100% safe.
Our blog and websites contain links to other websites that may or may not be our partners. Stebby does not guarantee nor is it responsible for the way these websites handle personal data. Should the User move onto other webpages through the aforementioned links, the User must first specify the privacy settings of those pages. The same procedure applies to logging in through social media or using social media sharing buttons/links.
Duration of the storage of personal data
The data is stored until the User has a Stebby web service account or in instances when the data storage is required by legislation (such as the Accounting Act). After the User has deleted the account, the User’s data concerning sports clubs, training, health services, and participation of sports events is made anonymous and used for analytic purposes. The data of deleted Users are removed from spare copies and logs within 90 days after deletion.
The User’s history of purchases is stored and it remains accessible to the sports clubs from whom the service has been purchased, and the companies whose sports compensation has been used. However, this data is separated from the user account and all other personal data.
Correction and deletion of data
The User reserves the right to demand access, correction, and deletion of the data collected with the User’s consent at all times. In addition to that, the User has the right to stop unlawful data processing, withdraw consent, or to demand the transfer of the personal data. These procedures can be carried out under your profile options after the User logs into the Stebby web service account or send an e-mail to email@example.com
It has to be taken into account that it is not possible to use the Stebby web service or the Stebby web service credit, either personal or uploaded by the employer, once the User decides to disallow processing personal data or requests it to be deleted or transferred. Another aspect that has to be considered is that data cannot be deleted in its entirety because it may be stored on grounds other than the User’s consent. For example, your purchase history cannot be deleted because it is stored in compliance with the requirements of the Accounting Act.
If Stebby deleted your User Account owing to a breach of the user agreement, you have the right to demand the deletion of your personal data by sending an e-mail to firstname.lastname@example.org. Stebby processes all such claims independently and informs the user of if and when the claim will be satisfied.
Personal data of children
Stebby services are available for use by minors. If you are a User under the age of 16, please consult your parents before setting up an account and do not forward any personal data without prior consent from parents. Should you discover that your underage child has set up a Stebby web service account against your will, please let us know at email@example.com
Personal data transmitted to Stebby by third parties
It is possible for employers to create user accounts for employees in our online environment. The user agreement of Stebby services provides that each and every employee must consent to set up an account. Let us know immediately at firstname.lastname@example.org if you have received an e-mail from us, stating that your employer or somebody else has created a Stebby web service account in your name and you are sure that you have not agreed to this.
Compensation of employees’ health and sports expenses
In case of health and sports expenses compensation by the employer, all of the employees’ names, personal identification numbers, and contact information (e-mail address and mobile phone number) are saved to the Stebby database. The employer is transmitted the data of the compensation used if the User activates the Stebby web service account and uses health and sports services. In addition to that, the employer has the right to the data of the used health and sports expenses compensation when such data is necessary for accounting procedures and for verifying that the compensation is used in the manner in which it was intended.
Forwarding direct marketing messages
If the User has consented to receive messages about health and sports clubs as well as sports events, Stebby will be in charge of forwarding the corresponding messages. Neither Users’ personal data nor contact information is transmitted to health or sports clubs or event organisers for the purpose of direct marketing. Direct marketing messages may be forwarded in a personalised manner according to the User’s age, sex, and data that Stebby has collected about the User’s health and sports habits.
If the User does not wish to receive direct marketing messages, the User can choose to stop receiving them by visiting the settings section of the Users Stebby web service and alternating the settings of how and which messages the User would like to receive. Links for unsubscribing are also included in all of the newsletters and direct marketing messages we send out.
Alternations to the Privacy Notice
Stebby develops, legislation changes and life goes on. From time to time we may find it necessary to make alternations to this privacy notice. We will notify our Users of such alternations via the web site or e-mail.
Data protection officers
If after communicating with our data protection officer the User feels that Stebby does not fulfill the obligation of personal data protection with the required diligence and does not act in accordance with the present privacy notice, then you may inform the Estonian Data Protection Inspectorate, located in Tallinn, at Väike-Ameerika street 19, 10129, and may be found online at www.aki.ee.