Privacy Policy

Effective date:
2023-01-05
Last updated:
2023-01-05

Stepler AB is a company incorporated in Sweden (reg.no. 559199-9551) whose registered office is Drottninggatan 13, 65225, Karlstad, Sweden (hereafter referred to as “Stepler”, “we” or “us” as the context may require).

Stepler is the data controller for the processing of your personal data in accordance with this Privacy Policy. This Privacy Policy applies to your use of the Stepler mobile application (the “Stepler App”), any website operated by Stepler (including https://steplerapp.com) (the “Stepler Website(s)”) and the services we provide that are accessible via any of them (the “Services”).

We want you to feel confident about how we process your personal data. It is therefore important that you read and understand our Privacy Policy before using our Services. You can always contact us at feedback@stepler.io if you have any questions.

Please note that you must be aged 13 years or older to use the Services. Please do not use the Services or provide us with any personal data if you are under 13 years of age.

HOW YOUR PERSONAL DATA IS PROCESSED

Processing of personal data to provide the Services

Whose personal data do we process?

Anyone who uses the Stepler App.

What categories of data do we collect and how do we collect it?

Personal data is collected (a) from you; (b) by your use of the Service, and (c) from third parties that you choose to integrate with through our Services (e.g. with external pedometers).

Stepler will ask you to provide personal data at the time of registration such as your full name and email address. After the registration, you can choose to provide us with additional personal data regarding your user profile, such as your home address, biographical details and photographs. If you make a purchase at the marketplace in the Stepler App, we will process your full name, email address, home address, and details about your purchase/order.

If you choose to have Stepler App integrated with an external pedometer such as Apple HealthKit or Google Fit, we will only collect the health data types that you opt-in to such as your physical movement in form of number of steps that you have taken. This data will only be used to provide health, motion or fitness services with the Stepler App, see the purposes described in point d), g), and h) below. Stepler will not use this data for marketing, advertisement or use-based data mining, including such use by third parties.

The Stepler App may provide functionality allowing you to search for friends by using your Facebook credentials. If you choose to do this, you will be asked to allow the Stepler App to access certain personal data associated with your Facebook account such as your full name, profile picture and email address.

Please note that we do not collect location data.

What is our purpose for collecting your data?

We will process your personal data for the following purposes, to:

a) confirm your identity and enter into a contract with you;
b) create and administrate your user profile;
c) enable your use of the Services and the functions available in the Stepler App;
d) verify the total number of steps that you have taken;
e) enable you to connect the Stepler App with third party services such as Apple HealthKit and Google Fit;
f) enable you to connect with Facebook;
g) calculate and provide you with collected points, as a result of your physical movement, and to enable you to exchange your points at the Stepler App marketplace;
h) create daily leaderboards of Stepler App users, comprising all users or users meeting particular criteria as ranked by the number of steps completed or using other similar criteria, and to enable users to integrate with each other;
i) communicate with you, including to confirm purchases, inform you about your weekly progress in the Stepler App or inform you about updates to the Stepler App, Stepler Website(s), our Terms of Use or this Privacy Policy;
j) correct errors and problems with the Services; and
k) investigate and prevent misuse of the Services, suspected fraud or other criminal activities.

What is our legal basis for processing your data?

Our legal basis for processing personal data described in point a), b), c), f), g) and h) above, is based on our contract with you.

Our legal basis for processing personal data described in point d) and e) above (data related to integrations with third party services and health data collection) is based on your consent. You have the right to withdraw your consent at any time by emailing us at feedback@stepler.io.

Our legal basis for processing personal data described in point i) above, is based on our legitimate interest to communicate with users and provide information related to the use/the Services.

Our legal basis for processing personal data described in point j) and k) above, is based on our legitimate interest to provide you with faultless services and maintain the security of the Services.

How long do we store your personal data?

We store and process your data for as long as you are a registered user of our Stepler App. We will cease to store and process your personal data if your user profile has been inactive for two years or if you request erasure, unless it is necessary for us to store or process the relevant data for a longer time, e.g. for purposes such as defence of legal claims.

Advertisement from Stepler partners 

Whose personal data do we process?

Anyone who uses the Stepler App.

What categories of data do we collect and how do we collect it?

Your name, email address and phone number which have been collected from you.

What is our purpose for processing your data?

Within the Stepler App you can use your earned points in exchange for a wide range of rewards or like from partners to Stepler (“Stepler Partners”). A Stepler Partner that you have integrated with through the Stepler App has an interest in advertising its business and products to you e.g., by sending you offers or newsletters by email. Therefore, Stepler will ask for your consent to share your personal data with the Stepler Partner. The purpose is to enable the Stepler Partner to advertise their business and products to you.

What is our legal basis for processing your data?

Stepler will only share your personal data with a Stepler Partner if you have given your consent. The legal basis for sharing your personal data is though your consent. You have the right to withdraw your consent at any time. 

Please note that after we have shared your data with a Stepler Partner, they become the data controller for the personal data processing that they carry out, we encourage you to also read the Stepler Partner's privacy policy.

Processing of personal data to analyse and improve the Services and the Website

Whose personal data do we process?

Anyone who uses the Stepler App or visit Stepler Website(s).

What categories of data do we collect and how do we collect it?

Stepler uses a number of industry-standard data analytics tools, such as Google Analytics, which enable us and providers of such tools to collect certain data when you are using or integrating with the Stepler App or the Stepler Website. This includes following categories of personal data: IP address, unique device identifiers, other identification credentials, and on-site/app activities. With these personal data we can measure and report statistic on how users use and interact with the Stepler App or the Stepler Website.

This collection of personal data only takes place if you have accepted cookies.

The personal data collected by Google will be combined with data that Google already have about you (if any). Read more about Google’s processing or personal data at https://policies.google.com/privacy.

The data delivered to us by analytics tools is at an aggregated level using de-identified or pseudonymised data, without any link to you as an individual.

What is our purpose for processing your data?

We will process your personal data for the following purposes, to carry out data analysis:

a) to identifying usage trends and understand how Stepler Website(s), Stepler App, and Service are being used;
b) to know how to develop and improve the Stepler Website(s), Stepler App, and Service in the best way;
c) determining the effectiveness of our marketing, including whether your installation of the Stepler App was driven by a particular advertisement; and
d) to enhance and customize Stepler Website(s), Stepler App, and Services.

What is our legal basis for processing your data?

Our legal basis for processing personal data is based on your consent. You have the right to withdraw your consent at any time by emailing us at feedback@stepler.io, and you are entitled to object to this processing, for reasons connected to the circumstances in your particular case.

Processing of personal data to provide you with tailored advertisement

General

You may see advertisements when you are surfing or using apps or social medias. These advertisements are in some cases set by Stepler or third parties in form of advertisement providers that we work with. The advertisement is tailored based on you activities and interactions with the Stepler App or the Stepler Website(s) (i.e., your behavior).

Whose personal data do we process?

Anyone who uses the Stepler App or visit Stepler Website(s).

What categories of data do we collect and how do we collect it?

Stepler uses a number of industry-standard advertisement providers, such as Google Ads and Google AdMob, which enable us and such providers to collect certain data when you are using or integrating with the Stepler App or the Stepler Website. This includes following categories of personal data: IP address, unique device identifiers and other identification credentials, and on-site/app activities and interactions, advertising data (advertisement the user has seen).

This collection of personal data only takes place if you have accepted cookies.

The personal data collected by Google will be combined with data that Google already have about you (if any). Read more about Google’s processing of personal data at https://policies.google.com/privacy.

What is our purpose for processing your personal data?

We will process your personal data for the following purposes, to:

a) enable third parties to show you ads that they think are relevant to your interests based on your activities or help you discover something new;
b) deliver personal advertisement regarding Stepler or Stepler’s trusted partners that we think are relevant to your interests based on your activities or help you discover something new.

What is our legal basis for processing your data?

Our legal basis for processing personal data is based on your consent. You have the right to withdraw your consent at any time by emailing us at feedback@stepler.io, and you are entitled to object to this processing, for reasons connected to the circumstances in your particular case.

This processing may constitute profiling which aims to customise the marketing based on what we think you may be interested in.,

Processing of personal data to manage customer service inquiries

Whose personal data do we process?

Anyone who contact us.

What categories of data do we collect and how do we collect it?

The personal data is collected from you. We will process all personal data that you provide us with, normally your contact information, e.g. your full name and email address, customer service history and purchase history, and information in communication between us.

What is our purpose for processing your personal data?

We will process your personal data for the following purposes, to:

a) handle and reply to your questions, complaints or other customer service issues which involves communication with you.

What is our legal basis for processing your data?

Our legal basis for processing personal data is based on our legitimate interest to manage questions and any complaints related to our Services / business.

How long do we store your personal data?

Your personal data will be stored for six months after the questions has been resolved.

WHO WE SHARE YOUR PERSONAL DATA WITH

To run our business and to provide the Services, we need to work with other parties and in some cases, this means that we must share your personal data with a third party.

Stepler will only share user data with third parties that provide the same or equal protection of personal data as stated in this Privacy Policy and App Store Guidelines.

IT-support/maintenance and data storage – Stepler uses suppliers and subcontractors for services and functionalities that we cannot provide ourselves e.g. IT-consultants for IT-support and maintenance, and a supplier for data storage. These parties will gain access to personal data in order to carry out the work/provide the service. Purpose: data storage, provide the Services, correct errors and problems with the Services, and to investigate and prevent misuse of the Services, suspected fraud or other criminal activities. Personal data: all personal data stored in the Stepler App.

Other users of the Stepler App – Provided that you have given Stepler your consent, Stepler will share certain of your personal data with other users of the Stepler App. Purpose: to create daily leaderboards of users, comprising all users or users meeting particular criteria as ranked by the number of steps completed or using other similar criteria, and to enable users to integrate with each other. Personal data: uploaded profile picture, biographical information and/or your total verified steps.

Analysis tools and advertising tools – Provided that you have given Stepler your consent, Stepler will use analysis- and advertising tools from third parties (e.g. Goolge’s services) and therefor share personal data with these parties. Purpose: the purposes stated in section “Processing of personal data to analyse and improve the Services and the Website” and “Processing of personal data to provide you with advertisement” above.  Personal data: IP address, unique device identifiers and other identification credentials, and on-site/app activities. To learn about how Google is processing your personal data, read Google’s privacy policy at https://policies.google.com/privacy.

In some cases, personal data will be disclosed to a recipient outside the EU or the EEA. It especially concerns cases where a supplier/service provider of ours is located outside the this area. Currently, we have service providers based in the U.S, e.g. Google. We only share your personal data with such recipients if Stepler and the recipient have entered into the EU Commission’s model clause and/or similar mechanisms under the GDPR to ensure that your data remains protected. You can contact Stepler by emailing feedback@stepler.io to find out more about the mechanism we use to protect your personal data, and to receive a copy of our security measures.

The Stepler Partners who wants to advertise their business and products Your personal data will only be shared with a Stepler Partner if you have given your consent to Stepler to do so.  

HOW WE PROTECT YOUR PERSONAL DATA

We take reasonable industry-standard care in keeping all our data secure and in preventing any unauthorised access or unlawful use of it. All personal data we store and process is handled strictly in accordance with applicable data protection legislation.

YOUR RIGHTS

Right to access. You have the right to be informed about how your personal data is processed, such information shall be provided in connection with the collection of data about you. We do this through this privacy policy.

You have the right to ask us about the personal data we process about you and to request a copy of your personal data. You can exercise your right to access by emailing feedback@stepler.io.

Right to rectification. You have the right to change inaccurate or incomplete personal data we have about you. You can exercise your right to rectification by emailing feedback@stepler.io.

Right to object. When Stepler processes your personal data for the purposes of the legitimate interests pursued by us or a third party, you have the right to object to the processing at any time. If we cannot show that there are compelling legitimate grounds to continue processing the data, we must cease the processing.

When Stepler processes your personal data for marketing purposes, you have the right to request that we cease the processing.

We do not make any decisions based solely on automated processing. However, we do process your data for profiling purposes (as stated in this policy), which you are entitled to object to.

You can exercise your right to object by emailing feedback@stepler.io.

Right to restriction of processing. In certain cases, e.g. if you have objected to the processing, you have the possibility to request restriction of our processing of your personal data. By requesting a restriction, you have the possibility, at least for a certain period of time, to stop Stepler from using the data other than for the purpose of e.g. defending legal claims. You can also prevent Stepler from deleting the data, e.g. if you need the data to claim damages. You can exercise your right to restriction by emailing feedback@stepler.io.

Right to erasure. In certain cases, you have the right to have your personal data erased. In the following cases we must delete your personal data: the personal data is no longer necessary for the purpose for which they were collected; the processing is carried out based on your consent and you revoke this; the processing takes place for direct marketing and you oppose this; the processing turned out to be unlawfully processed; or deletion is required to fulfil a legal obligation. We are also obliged to delete your personal data if you have objected to the processing, and we have no overriding legitimate grounds for the processing that outweigh your interest.

The right to erasure is not an absolute right and there may be legal obligations, contractual relations, and compelling legitimate interests which require us to continue the processing. We are also entitled to continue the processing if necessary for the establishment, exercise or defence of legal claims.

You can exercise your right to erasure by emailing feedback@stepler.io.

Right to data portability. When Stepler processes your personal data on the basis of your consent or for the performance of a contract, you may in certain cases have the opportunity to obtain personal data in a structured, commonly used electronic form. You also have the right to have the data transferred to another controller, if technically feasible. You can exercise your right to data portability by emailing feedback@stepler.io.

Right to withdraw your consent. If we are processing your personal data on the basis of your consent, you may withdraw this consent at any time. Your withdrawal does not affect the legality of our processing up to the point of your withdrawal.

Right to lodge a complaint with a supervisory authority. If you are not satisfied with how we are processing your personal data, we ask that you contact us. You also have the right to lodge a complaint with a supervisory authority, which in Sweden is the Swedish Authority for Privacy Protection (www.imy.se), Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time. Any such changes we may make to this Privacy Policy will be posted on the Stepler App and Stepler Website(s) and may be emailed to you. Please check the Privacy Policy available on the Stepler App and Stepler Website(s) from time to time. In the event of any such change, by continuing to use the Stepler App or Stepler Website(s) you agree to the relevant change.

CONTACT INFORMATION

Questions, comments and requests regarding this Privacy Policy are welcomed and can be addressed to feedback@stepler.io with the subject line “Privacy”.