Sani nudge ApS of Erik husfeldtsvej 7 2630 Taastrup Denmark and its group companies as detailed further below (collectively, “Sani nudge” / “we” / “our” / “us”) are committed to protecting and respecting your privacy.
This policy sets out the basis, under applicable data protection law (including the General Data Protection Regulation (EU 2016/679), on which we will process any personal data we collect from you, or that you or your employer provides to us through your use of the Sani nudge online software platform and the accompanying software App (together the “Platform”).
OUR PROCESSING OF PERSONAL DATA
In the normal course of our business we collect and process data in respect to:
When we refer to “personal data” in this policy, we mean that any information relating to you, from, or in relation to which you may be identified (directly or indirectly). This might include, for instance, contact details, your biographical details, online identifiers, and factors specific to your physical, mental, economic, cultural or social identity. Your personal data may also include any comments or opinions made by you or about you.
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting a saninudge.com domain including but not limited to saninudge.com, Sani analytics, Sani help, Sani academy, or using the Sani nudge smart phone application or platform, you are accepting and consenting to the activities and data usage as described in this policy.
When referred to the “Platform” it means any part of the Sani nudge system including:
OUR STATUS AND RESPONSIBILITIES
In the case of Survey Recipients and Client Users, Sani nudge ApS and/or one its subsidiary companies has entered into an agreement with your employer to grant you access to the Platform and / or to engagement surveys completed on or via the Platform (the “Employer Agreement”), and your employer is the data controller of your personal data. We will process your personal data on behalf of your employer and in accordance with its lawful instructions. The information you provide to us and/or upload to the Platform (whether or not it constitutes personal data) will also be governed by the Employer Agreement.
In the case of Marketing Contacts, we are the data controller in respect of your personal data.
We are also the data controller in respect of contact information for each client contact which we hold for account and contract management purposes, including for contract queries and billing purposes.
References in this policy to “your employer” shall refer to the entity who has entered into the Employer Agreement with us, whether or not as a matter of law you are an employee, consultant or contractor of that entity, and such references are not intended to characterize or prejudice your status vis-à-vis that entity.
INFORMATION WE COLLECT ABOUT YOU
For Survey Recipients and Client Users: we will collect and process the following data about you as follows.
Information your employer gives us. Your employer may give us information about you:
DATA COLLECTED ABOUT YOU WHILE YOU ARE WEARING THE SANI ID IS ANONYMIZED. THIS IS DONE TO PROTECT YOUR PRIVACY AND IS ENSURED BY NEVER SHARING YOUR NAME, COMPANY EMAIL ADDRESS OR COMPANY TELEPHONE NUMBER IN RELATION TO THE SANI ID WITH ANYONE.
In the case your employer has purchased the service of “Individual Motivation” you are granted the access to view your own hand hygiene compliance data. This is done by connecting your personal information with the data collected by the system.
Data we collect about your hand hygiene compliance consist of the following but is not related to your personal information until you activate the “Individual Motivation” service. Until then the data is only related to the Sani ID you are wearing while you are in a work area with the Sani nudge system installed.
A Sani ID in tandem with existing Sani sensors and the implementation of a localized Sani Gateway, is capable of tracking raw user data including accelerometer data, which is used for putting the device to sleep, when it is not in use. Bluetooth data is also collected and tracked, which is activated when a Sani sensor scans a beacon in order to correlate the interaction with the unique ID from the beacon transmitted to the database. Movement data indicates if someone wearing an ID has been active or inactive after 20 seconds.
For Marketing Contacts, we will collect and process personal data which you provide us when you complete an enquiry via a website or register for a trial or otherwise contact us to request information about our products and services. We will typically obtain contact information such as your name, employer, work email address and work telephone number. We may also receive further personal data about you which is publicly available, such as your seniority, years of experience and employment history and similar work-related background, from third party service providers who provide contact enrichment and lead generation services to us. We shall also store and process data relating to your communications with us and your responses to our marketing emails and attendance at our events.
HOW WE USE YOUR PERSONAL DATA AND OUR LEGAL BASIS FOR DOING SO
Please note that we are permitted to collect, use, disclose and/or otherwise process any information other than personal data, including data sets you upload to the Platform or otherwise provide to us, to the fullest extent permitted by the Employer Agreement.
Where we have collected, received or generated personal data from or about you, we may use this for the purposes, and on the legal bases, as set out below.
For Survey Recipients and Client Users
In relation to the above uses, we shall process your personal data on the legal basis that it is necessary for the purposes of our legitimate interests or of your employer’s legitimate interests, including: to enable us to perform our contractual obligations under the Employer Agreement, to improve or optimize our services, to maintain the security of our computer systems, to understand how the Platform is use and to improve the user experience of the Platform, to protect and defend our legal rights, for troubleshooting, and for data analysis, testing and research purposes. Please note:
For Marketing Contacts, we will collect and use data to contact you about our news, updates, events, developments, products and services from time to time and for the purposes of entering into discussions with you in connection with your purchase of licenses from us to use or have access to the Platform. This data is processed by us on the basis that it is necessary for the purposes of our legitimate interests, namely undertaking targeted marketing and business development activities in connection with our business.
DISCLOSURE OF YOUR INFORMATION
We may share your personal data with other companies in our group, where necessary or desirable to do so in the course of the provision of services to you or your employer or in the course of undertaking marketing activities.
We may also share your personal data with selected third parties in accordance with this policy, including:
We require all our third-party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
We may also disclose your personal data to other third parties in the following circumstances:
If you are wearing a Sani ID, please note that:
Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we have a legal right or obligation to do so.
INTERNATIONAL DATA TRANSFERS
A number of our service providers are based outside the European Economic Area (“EEA”), predominantly in the United States. We may transfer your personal data to those services providers in the United States or other countries outside the EEA in order to provide our services via the Platform or (in respect of Marketing Contacts) in order to undertake marketing activities. Data collected about your location or hand hygiene compliance is not managed by services outside EEA.
We have put in place appropriate measures to ensure that your personal data are treated by those third parties in a way that is consistent with and which respects the EU laws on data protection, including verifying that the recipient is certified under the EU-US Privacy Shield, or in putting in place written contractual agreements to meet EU-approved data protection obligations. If you require further information about these protective measures, please contact us at email@example.com.
SECURITY OF INFORMATION
We maintain appropriate technical and organizational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Platform and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorized access or inadvertent disclosure, which may include two factor authentication and end-to-end encryption.
Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent to us (whether by phone, email or other means), you consent to our use of that personal data as set out in this policy. If you disclose someone else’s personal data to us, you confirm that you have their consent to disclose this to us and for us to use and disclose it in accordance with this policy.
RETAINING YOUR INFORMATION
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymized data and any information other than personal data can be stored indefinitely.
You have the following rights in regard to your personal information:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Please note that if you exercise any of the above rights to require us to restrict or cease processing or to delete personal data, and this type of processing is required in order to facilitate your use of the Platform, you will no longer be able to use the Platform following the date on which we action your request. This does not include your right to object to direct marketing which can be exercised at any time without restriction. Please allow at least 5 working days for your request to be actioned.
Save as set out above, your rights detailed above can be exercised free of charge in accordance with applicable data protection laws. Please contact your employer directly if you would like to exercise any of these rights (other than a change to your marketing preferences, which should be notified directly to us as described above).
If for any reason you are not happy with the way that we have handled your personal data, you also have the right to make a complaint to the relevant supervisory authority in your country. In the UK, the relevant authority is the Information Commissioner’s Office.
HOW TO CONTACT US
We are committed to resolving any privacy concerns you have. However, if you feel we have not addressed your specific concern, you have the right to make a complaint at any time to the relevant supervisory authority in your country responsible for data protection issues.