Last updated: 2020-04-04
This policy may be supplemented by additional privacy terms or policies set forth on certain areas of the Service.
1 What information do we collect?
1.1 Information you disclose to us
We collect personal information that you voluntarily provide to us when you register on the Services, and when using our Services, or otherwise when you contact us.
The personal information that we collect depends on the context of your interaction with us and the Services, the choices you make and the products and features you use. The personal information we collect may include the following:
Personal information provided by you:
- Phone number
- Email address
- Authentication data
- Debit/credit card numbers
- Information about what you agree to (e.g. terms of service)
- Comments, feedback, posts and other content you submit to the Service
Patient data provided by you:
- Results from multiple choice questionnaires (including health data)
- Personal and patient data from in activities in our treatment programs
1.2 Information automatically collected
We automatically collect certain information when you visit, use or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language prefere, referring URLs, device name, country, location, information about about how and when you use our Services and other technical information. This information is primarily needed to maintain the security and operation of our Services, for troubleshooting and for our internal analytics and reporting purposes.
We also collect information through cookies and similar technologies. A cookie is a text file that is stored on your computer or mobile device by a website’s server. Each cookie contains anonymised information about how you use our websites and applications, which allows us to improve your experience of using our products and services.
If you prefer, it is possible to disable cookies by modifying the settings in your browser. However, if you block certain cookies, you may not be able to register, login to the Services, access certain parts of the Services or make full use of the Services.
The information we collect includes:
Log and usage data: Log and usage data is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”) and hardware settings).
Device data: Device data if information about your computer, phone, tablet or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model Internet service provider and/or mobile carrier, operating system and system configuration information.
1.3 Information collected through our App
If you use our App, we also collect the following information:
- Mobile Device Data: We automatically collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model, Internet service provider and (or mobile carrier, and Internet Protocol (IP) address (or proxy server). If you are using our App, we may also collect information about the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID and information about the features of our App you accessed.
- Push notifications: We may request to send you push notifications regarding your account or certain features of the App. if you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
This information is primarily needed to maintain the security and operation of our App, for troubleshooting and for our internal analytics and reporting purposes.
2 How do we use your information?
We use personal information collected via our Services for a variety of purposes, described below.
We may use your personal information based on the lawful basis contractual relation for:
- To manage user accounts: We may use your information for the purposes of managing our account and keeping it in working order.
- Provide the Services to you, such as allow access to or delivery of our products or services, process or fulfil an order, or administer surveys or treatment programs
- Provide technical, product and other support and help keep the Services working, safe and secure
- Respond to your requests, inquiries, comments or concerns
- To enable user-to-clinician communications: We may use your information in order to enable user-clinician communications, if you give your approval to this when using specific features of our Services.
We may use your personal information based on the lawful basis legitimate interest for:
- Enhance, evaluate and improve the Services, our products and services and to develop new products and services
- Request feedback: We may use your information to request feedback and to contact you about your use of our Services
- Identify and analyse usage trends, including for the purposes of research, audits and reporting
- To send administrative information to you: We may use your personal information to send your product, service and new feature information and/or information about changes to our terms, conditions, and policies.
We may use your personal information based on the lawful basis consent for:
- Important news and relevant content, to contribute to your successful use of the Services
- Confirmation notifications connected to appointments with healthcare providers
3 How do we keep your information safe?
Braive, as the data controller, is responsible for the safety of your personal data with respect to confidentiality, integrity and availability, as per article 5 in EU's General Data Protection Regulation (GDPR).
The data we collect and process is stored in a secure manner in accordance with GDPR. The Services have a Privacy by Design approach to system engineering which takes privacy into account throughout the entire engineering process.
We prevent unauthorized access, modification and unlawful destruction of information we possess. We employ industry standard techniques to protect against unauthorized access of data about you that we store, including personal information.
4 Will your information be shared with anyone?
The processed information is stored on servers operated by Microsoft. A separate agreement between Microsoft, and Braive govern what information they have access to, and how it should be treated. Braive’s employees only come into contact with your personal information when necessary for safe operation of the service, and in cases where you want our staff to assist you in using the Service.
Employees of Braive, as data controller, and Microsoft, as a data processor, are subject to confidentiality.
You retain ownership of the personal information (“Your Content”) you upload, and we do not share Your Content to others than our collaborating data processor, and third parties involved in research projects. Your Content remains secure at all times, and is encrypted or de-identified before reaching our data processor and third parties involved.
For research purposes, we will share anonymized test scores with research partners. The extracted information comes from multiple answer questionnaires, that leaves no trace as to the identity of the responder (such as identification number or IP-address). For information about our research projects, and partners, go to About Us.
If you access the service content database or learning service (“subscription service") through an institution-sponsored subscription or a corporation or other business entity, certain usage data gathered through the Subscription Service, such as the course you enrolled in, may be shared with your institution for the purposes of usage analysis, subscription management, course management and testing results, and for the purposes of cost attribution and departmental budgeting.
Your personal information could be transferred to our hosting partner, within the EU. By using the Services you consent to the transfer of information to countries outside of your country of residence, which may have different personal data protection rules than in your country. Braive will always ensure that privacy and security is maintained within the requirements of the EU General Data Protection Regulation.
5 What are your privacy rights?
It is voluntary to provide us with your personal data. Your consent may at any time be withdrawn. If you withdraw your consent to the processing of personal data when using the Service, you will not be able to access the content that requires login.
Some features in our Services (the so called Mental Health Check) include multiple choice questionnaires where solely automated processing is used to determine results and recommendations.
6 How can you review, update, or delete the data we collect from you?
You have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request, update, or delete your personal information, please contact us by email to [email protected] We will respond to your request within 30 days.
The Services allow registered users to access their account information and make corrections or updates upon login at any time. When logged in you have access to all the personal information about you that may be held in the Service.
In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request please use the contact details provided below.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you are a resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
If you are a resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html
If you want to withdraw your consent and delete your personal information, send an email to [email protected] We will deactivate your profile and permanently delete all information about you from our servers, including backup server, within 30 business days. If you have been inactive for more than five years your user profile, along with all your personal information, will be automatically deleted. Once your personal information has been deleted, it cannot be restored again.
Our system will automatically delete data older than five years, even if you are an active user.
If after five years without using the Services, you wish to log on again, you must create a new user profile.
7 Do we make updates to this policy?
8 Applicable Law
The use of your personal data is subject to the all time applicable laws regarding personal data, currently EU's General Data Protection Regulation.
9 How can you contact us about this policy?
If you have any questions or comments about this policy, you may contact our Data Protection Officer (DPO) by email at [email protected], or by post to: Braive AS, Tollbugata 24, 5 floors 0157, Oslo, Norway
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information. It also helps maintain your choices when navigating on our website or returning to it at a later time.
Necessary: Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Analytics: Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics, such as the number of visitors, bounce rate, traffic source, etc.
Functional: Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedback, and other third-party features.
Performance: Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Advertisement: Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other: Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
|test_cookie||.doubleclick.net||Advertisement||This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.||15 minutes|
|ajs_anonymous_id||.braive.com||Analytics||This cookie is set by Segment.io to check the number of new and returning visitors to the website.||1 year|
|_hjFirstSeen||.braive.com||Analytics||This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.||30 minutes|
|_ga||.braive.com||Analytics||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.||2 years|
|_gid||.braive.com||Analytics||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.||1 day|
|locale||.braive.com||Functional||This cookie is used to store the language preference of a user allowing the website to content relevant to the preferred language.||session|
|__livechat||.livechatinc.com||Functional||This cookie is set by the provider LiveChat.Inc. This cookie is used to enable live chat with customers on the website.||2 years|
|__lc_cid||.accounts.livechatinc.com||Functional||This is an essential cookie for the website live chat box to function properly.||2 years|
|__lc_cst||.accounts.livechatinc.com||Functional||This cookie is used for the website live chat box to function properly.||2 years|
|__lc2_cid||.accounts.livechatinc.com||Functional||This cookie is used to enable the website live chat-box function. It is used to reconnect the customer with the last agent with whom the customer had chatted.||2 years|
|__lc2_cst||.accounts.livechatinc.com||Functional||This cookie is necessary to enable the website live chat-box function. It is used to distinguish different users using live chat at different times that is to reconnect the last agent with whom the customer had chatted.||2 years|
|__oauth_redirect_detector||accounts.livechatinc.com||Functional||This cookie is used to recognize the visitors using live chat at different times in order to optimize the chat-box functionality.|
|__cfduid||.braive.com||Necessary||The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.||1 month|
|__stripe_mid||.braive.com||Necessary||This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any payment information on a server.||1 year|
|__stripe_sid||.braive.com||Necessary||This cookie is set by Stripe payment gateway. This cookie is used to enable payment on the website without storing any payment information on a server.||30 minutes|
|__cfduid||.hellobar.com||Necessary||The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.||1 month|
This cookie is set by Braive.
It is used to set the expired session time to automatically sign users out for security.
|_hjid||.braive.com||Other||This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.||1 year|
This cookie is set by MixPanel.
It is used to identify individual users. MixPanel is used to measure site performance and usage patterns.
This cookie is set by Hotjar.
This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's pageview limit.
This cookie is set by Hotjar.
This cookie is used to detect the first pageview session of a user. This is a True/False flag set by the cookie.
This cookie is set by Hotjar.
This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit.
This cookie is set by Stripe.
Stripe’s advanced fraud detection looks at signals from a customer’s device characteristics and user activity indicators, such as quickly copy and pasting—things that bots or fraudsters would do, not legitimate customers. These signals are highly indicative of fraud and power Stripe’s fraud prevention systems, such as Radar. The signals are securely transmitted to Stripe’s backend by periodically making requests to the m.stripe.com endpoint.
|_gat||.braive.com||Performance||This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites.||1 minute|