Stebby OÜ (brand name Stebby) knows that our users highly value their privacy and personal data protection. We take the protection of all data very seriously. Please take a moment to read our privacy notice.
WHAT DOES OUR PRIVACY NOTICE COVER?
This statement does not cover the rules and organisation of work of our clients or service providers.
The controller for personal data collected through the Stebby platform is Stebby OÜ (Estonian Business Registry code 12231911), located in the city of Tartu, Riia 142. Contact details email@example.com.
DATA THAT THE USERS CAN PROVIDE US ON THE STEBBY PLATFORM
On our Platform, the User can perform several activities without transferring personal data. For example, the User can check the sales account of the service providers and the services they offer, the content and prices of the services offered by Stebby, or read our blog posts.
Stebby has the data necessary to fulfil the obligations arising from the client contract, i.e., the name, personal identification code, and e-mail address of the user. These allow Stebby to contact the User to provide them with information on how they can use their account and confirm their right to use this account and the funds on the account.
When registering a user ID, a profile is created for the User and several pieces of personal data are stored in this process. For example: User name, e-mail address, personal identification code, gender, telephone number, employer details. In using the Stebby platform, data on the sports clubs, trainings, health services, and sports events of the User and data entered by the User in the training diary, for example, the sport they engaged in, training duration, comments on training, is generated.
AUTOMATICALLY REGISTERED DATA
When using the Stebby platform, the IP address of the User and its approximate location, browser version, cookie data as well as the pages that the Users visit on our platform are automatically registered.
WHAT IS THE PURPOSE OF COLLECTING THE DATA?
We do not sell or rent the data of Users to third parties. The data is collected so that the Users could use the health and sports services provided on the Stebby platform. Location data is collected so that the Users could find the services closest to their location as quickly as possible. Data on health services, sports clubs, trainings, and participation in events through Stebby is collected for non-personalised data processing (analytics) and, if the User has provided their consent, this data is also used for submitting personalised direct marketing messages.
RECIPIENTS OF PERSONAL DATA
Stebby OÜ is the recipient of the data. Health and sports clubs and event organisers will be provided with the personal data of the Users only to the extent that is necessary for identifying the User and checking the payment limits of their Stebby accounts to sell them the desired service or product.
In the case of support for health and sports expenses provided by the employer, the employer receives data on the use of the support by the Users through the Stebby platform to the extent in which they have paid support to their employees.
Stebby also uses third party software to improve its service. For example, the e-mail addresses of users, together with information whether they have accepted direct marketing communications, are forwarded to our partner Vero (getvero.com). We use their service to send out newsletters. User behaviour on the website is monitored by Google Analytics (analytics.google.com)
The data may also be sent to other Service Providers used by Stebby in the future. In any such case, Stebby checks in advance whether the privacy requirements of the respective service provider are in accordance with the law and whether the personal data of the Users are stored and transmitted in a sufficiently secure manner.
WHERE IS THE PERSONAL DATA OF THE USERS STORED AND HOW IS THE DATA TRANSMITTED?
Personal data collected through the Stebby platform will not be transferred to countries outside the European Union or countries which do not have similar personal data protection laws in compliance with the EU legislation. The data is stored on servers located in a member state of the European Union.
PUBLIC PERSONAL DATA
Other Users can search for the User by name using the search window and see if the User has a Stebby account. It is also possible to see the training data publicly added to the account of the User. The User has the opportunity to limit the visibility of their training for other Users under their account settings.
Cookies can also be turned off by each User in their web browser and stored cookies can also be deleted, but doing so, we cannot unfortunately guarantee the smooth operation of the Stebby platform.
HOW IS THE PERSONAL DATA OF USERS PROTECTED?
To ensure security and privacy, the Stebby account of the User is password-protected. Be careful not to share your user password with third parties or use a simple password for your account or use the same password for many different web services. Please do not stay logged in to your Stebby account on computers other than your own.
The Stebby platform uses secure data exchange that cannot be monitored by third parties and all data queries made in and sent from the Stebby platform are encrypted.
The company uses reasonable technical and organisational measures for transferring personal data between employees and partners.
Although we work and make daily efforts to maintain and transfer the personal data of all Users securely, we remind you that sending information on the Internet is never completely secure.
Stebby is not responsible if the personal data of the Users becomes known to other Users or third parties due to the actions of the Group Account Administrator or other persons related to the Client (disclosure of a username and/or password, adding Users to a group without the consent of the Users, sharing group events between group members, etc.).
Our blog and website provide links to other websites that may or may not be our partners. Stebby does not guarantee, and is not responsible for, the protection of the personal data on the websites found at these links. When a User navigates from one page to another, the User must first understand the privacy settings of these websites. The same applies to using social media log-ins or social media sharing buttons/links.
PERSONAL DATA RETENTION PERIOD
The data is retained for as long as the User has a Stebby account. After deleting the Stebby account, the data of the User on participation in sports clubs, trainings, health services, and participation will be anonymised and this data will be used for analytical purposes. The data of deleted users will be permanently lost from backups and logs within 90 days after its deletion at the latest.
The history of purchases made by the User is retained and it can be accessed by the clubs from which the service was purchased and by the company whose sports compensation has been used, but this data is uncoupled from that of the user account and other personal data.
CORRECTION AND DELETION OF DATA
The User may, at any time, request access to, correction, and deletion of their data. The User also has the right to restrict the processing of data, withdraw consent for the processing of data, or request transfer of data to another database. The User can perform the respective actions by logging in to their Stebby account or by writing to firstname.lastname@example.org.
The User has the right to request the deletion of their user account if there is no basis for the processing of any personal data of the User by giving notice to Stebby thereof.
It must be borne in mind that it is no longer possible to use the Stebby platform when restricting access to data, deleting, or transferring data, nor is it possible to use personal Stebby compensation or Stebby compensation provided by the employer.
Access to user accounts containing incorrect data will be suspended until the data is corrected by the administrator of the group account associated with the User Account. If the data is not corrected within fourteen (14) days as of notifying the administrator, Stebby has the right to delete the User Account. The above applies to all Stebby accounts.
If a fraud scheme is suspected, Stebby has the right to close the account related to the suspicion and suspend the transactions.
If Stebby deletes your User Account due to a breach of the terms and conditions of the user contract, you have the right to request the deletion of your data by writing to the e-mail address email@example.com. Stebby analyses each such claim individually and informs the User if and when their claim will be satisfied.
PERSONAL DATA OF CHILDREN
Stebby services can also be used by minors. If you are a User under the age of 18, please consult with your parents before creating an account and do not share your personal data without parental consent. If you discover that your minor child has created a Stebby account without your consent, please let us know at firstname.lastname@example.org.
PERSONAL DATA PROVIDED TO STEBBY BY THIRD PARTIES
In our environment, employers can create Stebby user accounts for their employees. In accordance with the General Terms and Conditions of Stebby, the creation of any account requires the consent of that employee. If you have received a letter from us confirming that your employer or another person has created a Stebby account for you and you are sure that you have not given a consent for this, please notify us immediately at the address email@example.com.
Stebby occasionally runs advertising campaigns asking you to recommend us your friends or colleagues who might like the Stebby service. During such campaigns, we ask Users for the name and e-mail address of their friend/colleague. Such data will be retained to send a one-time invitation to the friend/colleague of the User to join Stebby and to monitor the success of the referral programme and to archive to whom such an invitation has been sent.
The friend or colleague of the User has the opportunity to request the deletion of such data by writing to firstname.lastname@example.org.
HEALTH AND SPORTS EXPENDITURE FOR THE BENEFIT OF EMPLOYEES
In the case of support for health and sports expenses being provided by the employer, the names, personal identification code, and contact details (e-mail and mobile phone number) of all employees are entered into the Stebby database. If the User activates a Stebby account and uses health and sports services, the employer will be provided with information on the support used by the employee. The employer is also entitled to receive data on the health and sports expenses of the employee if such data is necessary for accounting purposes and for verifying the correct use of the support.
TRANSMISSION OF DIRECT MARKETING COMMUNICATIONS
If the User has consented to receive notifications about health and sports clubs and events, then Stebby OÜ will send the respective communications to the user. The personal data or contact details of the users for the transmission of direct marketing messages will not be transmitted to the health and sports clubs or the organisers of events. Direct marketing communications may be provided in a personalised form based on the age, gender, and data of the User collected by Stebby regarding the health and sports habits of the User.
If the User does not wish to receive direct marketing communications, they can unsubscribe by visiting their Stebby settings page and choosing whether and which direct marketing communications they wish to receive. Links to opt out of newsletters and direct marketing communications are also included in any such letter sent.
AMENDMENTS TO THE PRIVACY NOTICE
Stebby evolves, laws change, and life goes on. We may occasionally make changes to this privacy notice. We will notify the Users of these changes on our website or by e-mail.
DATA PROTECTION OFFICERS
The Stebby Data Protection Officer can be contacted by email at email@example.com or by writing to our general data protection e-mail address at firstname.lastname@example.org.
If the User feels i.e., that Stebby does not fulfil its obligation to protect personal data with due diligence and does not comply with this privacy notice after communicating with our Data Protection Officer, you can notify the Estonian Data Protection Inspectorate, whose offices are located in Tallinn, Väike-Ameerika 19, 10129, www.aki.ee.