We take your data protection seriously.
In order to protect your personal data in the best possible way, we continuously assess how high the risk is that our data processing affects your ability to control your data.
The party responsible for the processing of your personal data is
Liva Healthcare A/S
Company registration: CVR-38737368
Danneskiold-Samsøes Allé 41
1434 København K
If you have any questions about data privacy and protection, you can also contact our data protection officer at any time:
Birgite Kofod Olsen
Nørre Voldgade 11, 2
DK-1358 København K
We ensure fair and transparent data processing
Liva Healthcare ensures that the data processing takes place in accordance with the law. When we ask you to make your personal data available to us, we inform you of what data we process about you and for what purpose. You will receive information about this at the time of collection of your personal data.
If we collect data about you from others, e.g. a supplier, authority or business partner, we will inform you of this within 10 days after we have collected your personal data. We also provide information about the purpose of the collection and the legal basis that gives us access to collect your personal data.
Processing of your personal data
You must be old enough to consent and agree to the processing of your personal data
If you do not have the legal capacity to consent and agree to the processing of your personal data, you are not allowed to use the Liva Platform without the consent of your parent(s) or guardian(s). Liva takes all reasonable and practical measures to ensure that it does not process the personal data of underage individuals or individuals with diminished legal capacity without parental or guardian consent. However, to the extent that this does occur, and Liva verifies that it has processed or is processing personal data of such individuals without parental or guardian consent, Liva will as soon as possible cease the processing of this personal data and return and/or delete the same.
We use this type of data about you
We use data about you to make our service better and ensure quality in our products and services as well as in our contact with you. The categories of personal data we process depends on the context of your interactions with us. To the extent that you are using the Liva App, the user terms of service you agree to at the time of registration will inform and determine the processing of your data in the context of using the Liva App.
When you use our services and/or otherwise contact us, we may process the following personal data:
– which includes your first name and last name, date of birth and gender.
– which includes your date of birth, gender, ethnicity, and religion.
– which includes your email address and telephone number.
– which includes a user ID and other login data, settings, feedback and any survey responses, or information provided by you in forms.
– which contains information about how you use our services. This also includes browsing behavior and related information, for example how long you stay on one of our web pages, the page through which you came to our website, and the so-called “clickstream” during your visit to our website.
Marketing and communications data
– which includes your preferences regarding receiving marketing information and newsletters from us, as well as your communication preferences.
Sensitive personal data
– which includes information about your health and lifestyle, such as height, weight, diagnosis, steps, diet, medication exercise, alcohol and tobacco consumption, communications with your health coach etc.
Payment information – which includes full name, email, telephone number, purchase history, credit card number and expiry date.
In some cases, we need to compare your data with data we receive from third parties. If the compilation can reveal your identity and information of a private or sensitive nature, we will obtain your consent prior to the processing. Before we compile data, we assess whether there is a risk that the treatment will have a negative effect on your privacy. If so, we will inform you of the treatment and its purpose and ask for your consent to continue treatment.
We collect and store your personal data for specific purposes
We process your personal data in accordance with the provisions of the European Union’s General Data Protection Regulation (EU GDPR) and any other applicable Data Protection legislation.
If you give us your express consent to the processing of personal data for certain purposes (f.x. disclosure to third parties, evaluation for marketing purposes or advertising by e-mail), the lawfulness of this processing is given based on your consent. A previously given consent can be revoked by you at any time.
If the personal data processed by us are necessary for the establishment, execution, and fulfilment of a contract as well as for the implementation of pre-contractual measures, for the initiation or execution of a contractual relationship or in the context of the implementation of pre-contractual measures, this processing is deemed lawful.
If necessary and legally permissible, we process your personal data beyond the actual contractual purposes to fulfil our legal obligations.
In addition, processing takes place if necessary to safeguard our legitimate interests or those of third parties, as well as to defend against and assert legal claims. If necessary, we will inform you separately stating your legitimate interest, insofar as this is prescribed by law.
We collect and store your data in connection with certain purposes and other lawful business purposes. It happens when we need to:
- fulfill your request to use the Liva Platform
- determine your eligibility to be enrolled in a lifestyle program
- provide health coaching services to you in the Liva Platform
- improve our products and services
- administer your relationship with us
- conduct research
- conduct marketing activities
When your information in Liva is passed on for research, it does so at an overall aggregated and pseudonymised level. The researchers can therefore not identify you via the data we make available.
When your information in Liva is processed for marketing purposes, this will be based on your explicit consent, which consent you can withdraw at any time, either inside the Liva Platform, or by contacting us at the contact details appearing below.
We only process relevant personal data
We only process data about you that is relevant and sufficient for the purposes defined above. The purposes are crucial to the type of data about you that is relevant to us. The same applies to the scope of the personal data we use.
Before we process your personal data, we investigate whether it is possible for us to minimize the amount of data we process about you. We are also investigating whether some of the data types we collect can be used in anonymized or pseudonymized form. We can do so if it does not adversely affect our obligations or the service we offer you.
We only process necessary personal data
We collect, process and store only the personal data necessary to fulfil our stated purpose. In addition, it may be determined by law what type of data is required to be collected and stored for our business operations. The type and extent of personal data we process may also be necessary to fulfil a contract or other legal obligation. We want to make sure that we only process personal data that is necessary for each of our specific purposes. Therefore, it is embedded in our IT systems that only the data types that are needed are collected.
Correct and updated information
We check that the personal data we process about you is not incorrect or misleading. As our service depends on your data being accurate and up to date, we ask you to inform us of relevant changes to your data. You can use the contact information below to let us know of your changes. To ensure the quality of your data, we have adopted internal rules and established procedures for checking and updating your personal data.
We delete your personal data when it is no longer needed
We obtain your consent before we process your personal data
We obtain your consent before processing your personal data for the purposes described above unless we have another legal basis for obtaining it. We will inform you of such a basis and of our legitimate interest in processing your personal data. Your consent is voluntary, and you can withdraw it at any time by contacting us. If we need to use your personal data for a purpose other than originally stated, we will inform you of the new purpose and ask for your consent before we begin data processing. If we have another legal basis for the new treatment, we will inform you of this.
We do not share your personal data without your consent
If we share your personal data with partners and third parties, e.g. for research or reporting purposes, we will inform you about what the data will be used for and with whom it will be shared. No personal data will be share unless you have given your consent. You can object to this type of disclosure at any time. If you use the Liva Platform through a Danish municipality, we will not in all cases obtain consent in connection with your data being used for research, it will depend on which legal basis in legislation applies. We do not obtain your consent if we are legally obliged to disclose your personal data, eg as part of reporting to an authority. We do not pass on your personal data to third countries without informing you and obtaining your consent.
Third-party sub-processors and data providers
We provide access to your personal data within our company exclusively to those departments and persons who need this data to fulfil their contractual and legal obligations, or to implement our legitimate interests. We may also transfer your personal data to the companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases set out above.
Your personal data will be processed on our behalf on the basis of data processing agreements. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the EU GDPR. The categories of recipients in this case are:
- Internet Service Providers (ISP).
- providers of customer management systems and corresponding products.
- providers of customer management systems and corresponding products.
- companies affiliated with us, in the context of data processing.
- third parties that provide us with health coaching services.
- other recipients to whom the transfer for one of the purposes set out above is necessary directly, from our contractual or legal obligation.
Otherwise, access to data will only be provided to recipients outside Liva if this is permitted or required by law, the disclosure is necessary for the purposes set out above or, at your request, if we have your consent or we are authorised or obliged to provide information. Under these conditions, recipients of your personal data may be:
- Public bodies and institutions (e.g., the public prosecutor’s office, the police, supervisory authorities, the tax office) in the event of a legal or official obligation.
- Other data recipients for whom you have given us your consent to the transfer of data.
- Liva works with certain third parties to provide certain functionality related to or within the Liva Platform, or to perform services related to the Liva Platform. Below is a list of the main sub-processors who process personal data on our behalf or from whom Liva may receive data about you:
Transfer of data to third countries
A transfer of personal data to countries outside the EEA (European Economic Area) or to an international organization only takes place if this is necessary for the processing and thus for the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, the transfer is required by law or you have given us your consent.
Security – Technical and organizational measures
Our employees and the subcontractors commissioned by us are obliged to maintain secrecy and comply with the provisions of the applicable data protection regulations (regulations and laws). We take all necessary technical and organizational measures to ensure an adequate level of protection and to protect your personal data processed by us, in particular against the risks of unintentional or unlawful destruction, manipulation, loss, alteration or unauthorized disclosure or access. Our security measures are constantly being improved in line with technological developments. In particular, we have implemented technical and organizational measures in the following areas:
Physical access control – Access to processing facilities with which the processing is carried out is denied to unauthorised persons. Access to our premises is limited to authorised personnel only.
Data carrier control – Unauthorised reading, copying, modification or deletion of data carriers is prevented. We follow the proven principles of “Need to know” and “Least Privilege”. Therefore, all data is stored only in the systems provided for this purpose. We also ensure that only relevant employees can carry out authorised transactions on these systems. Our data transmissions are always carried out via secure communication channels.
Storage control – The unauthorised entry of personal data as well as the unauthorised access, modification and deletion of stored personal data is prevented. All IT systems used for the processing of personal data have hard disk encryption. The systems are monitored for signs of suspicious activity.
User control – The use of automated processing systems with the help of data transmission facilities is not possible for unauthorised persons. Liva Healthcare has implemented processes for managing the user ID to ensure a specific assignment of access permissions. Each user has a unique user notification.
Access control – Those authorised to use an automated processing system shall have access exclusively to the personal data covered by their access authorisation. The access authorisations are assigned restrictively and regularly checked. We enforce strong passwords for our employees, we use multi-factor authentication (MFA) procedures where necessary and monitor our IT systems for suspicious activity.
Transmission control – We can determine at any time by means of a review to which places personal data has been or may be transmitted or made available with the help of data transmission facilities. Your data is always encrypted during transport routes. We only use secure connections and protocols, such as “sftp:” and “https:”.
Logging – We can also subsequently determine by checking the log files which personal data has been entered or changed into automated processing systems at what time and by whom. Only a limited number of our employees can enter or change your personal data under special circumstances. The input must always be checked by you.
Transport control – The confidentiality and integrity of personal data is protected during their transmission and during the possible transport of data carriers. Data transmission takes place via secure channels. For example, we always use strong encryption technologies and protocols, such as Transport Layer Security (TLS) to send data by e-mail.
Recoverability – The IT systems we use can be restored in the event of a malfunction. All data is backed up regularly. We check our backup copies through regular restore tests.
Reliability – All functions of the IT systems we use are classified according to their availability requirements for the protection of the personal data processed therein. Supposedly occurring malfunctions in these systems are reported automatically. Our IT systems are protected by up-to-date anti-virus tools. Operating system and software updates are regularly checked and installed.
Data integrity – Should malfunctions occur in our IT systems, personal data stored by us will not be damaged, as our IT systems provide for a separation of the data stocks of processing programs. Our multi-level data backup concept ensures that corrupted data can be recovered quickly.
Data control – Since we also give your personal data to our contractors for further processing, we have stipulated by appropriate data processing agreements that personal data will only be processed by the contractors in accordance with our instructions. All contractors commissioned by us with the processing of your personal data are selected with due care and the security measures taken are checked so that the requirements of the European General Data Protection Regulation (EU GDPR) and applicable legislation and regulations are complied with.
Availability control – Your personal data is protected against destruction or loss. The personal data is only stored in cloud facilities that ensure the highest level of security.
Separability – We process personal data that we have collected for different purposes in separate IT systems.
Cookies, purpose and relevance:
We use three different types of cookies on Liva’s website: necessary cookies, third-party marketing cookies and third-party analytical cookies.
Necessary cookies are used to provide the functionality on our website that is necessary for the user, and Liva does not need the user’s consent to use these cookies.
Third-party cookies are used by external applications or software to perform specific functions, and these can only be used if the user gives his consent. In connection with this, Liva uses the following:
- Remarketing with Google Analytics
- Exposure reporting on the Google Display Network
- Google Analytics reporting on demographics and interests
- Integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data through advertising cookies and identifiers
You can find more information about Google Analytics here.
You can find information on how to completely opt out of Google Analytics here.
- Google Analytics
- Facebook conversion Pixels
Facebook Pixel is a tracking cookie provided by Facebook Inc. With its help, we can keep track of what users do after they see or click on a Facebook advertisement. This enables us to monitor the effectiveness of Facebook ads for purposes of statistics and market research. Data collected in this way is anonymous to us, which means we cannot see the personal data of individual users. However, this data is saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own advertising purposes, in accordance with Facebook’s Data Policy which can be found here. You can allow Facebook and its partners to place ads on and outside of Facebook. A cookie can also be saved on your device for these purposes. Alternatively, you can deactivate the remarketing function “Custom Audiences” here. To do this, you have to be logged in to Facebook.
Google provides cookies including Pagead, AdWords, DoubleClick and Google Adsense which we may use for the following marketing purposes: Pagead collects preference data across websites to optimize ad relevance and ensure a user does not see the same ad more times than is intended. AdWords is used to show repeat advertisements to users who are likely to become customers. DoubleClick records and reports on users’ interactions with our ads in order to measure the effectiveness of an ad as well as to target ads to the user. Google Adsense uses GTM to experiment with the effectiveness of our ads.
Social media presence
Liva operates and maintains certain online presences on social media networks and platforms in the legitimate interest of facilitating functional communication with customers, interested parties and any other relevant stakeholders.
For information on the nature, scope and purpose of data processing, the further processing of the data and your rights and possible settings in this regard to protect your privacy, please see the relevant social network’s data protection and privacy policies. Liva has no control over the scope of the data collected by social networks.
In the interest of providing you with the most comprehensive and accessible understanding of how your data is handled, please see the privacy policies of the social media platforms used by Liva:
You have the right to access your personal data
You have the right to be informed at any time what data we process about you, where they come from and what we use them for. You can also be informed how long we store your personal data and who receives data about you, to the extent that we pass on data in Denmark and abroad. If you request it, you can gain insight into the data we process about you. However, access may be limited for the protection of other persons’ privacy, trade secrets and intellectual property rights.
You have the right to have inaccurate personal data corrected or deleted
If you believe that the personal data we process about you is inaccurate, you have the right to have it corrected. You must contact us and inform us of the inaccuracies and how they can be corrected. In some cases, we will have an obligation to delete your personal data. This applies, for example, if you withdraw your consent. If you believe that your data is no longer necessary for the purpose for which we collected it, you may request that it be deleted. You can also contact us if you believe that your personal data is being processed in violation of the law or other legal obligations. When you contact us with a request to have your personal data corrected or deleted, we will investigate whether the conditions are met, and if so, implement changes or deletion as soon as possible.
You have the right to object to our processing of your personal data.
You have the right to object to our processing of your personal data. If your objection is justified, we will make sure to stop the processing of your personal data.
You have the right to have your personal data transferred to another service provider
You have the right to receive the personal data you have made available to us and those that we have collected about you from third parties based on your consent. If we process data about you as part of a contract to which you are a party, you can also have your data sent to you. You also have the right to transfer your personal data to another service provider. If you wish to exercise your right to data portability, you will receive your personal data from us in a commonly used format.
You have the right to restrict the processing of your personal data
You have the right to request that we restrict the processing of your personal data under certain conditions. Should you request that we restrict the processing of all or some of your personal data, this may result in us being unable to continue rendering services to you since those services may require the processing of personal data that is subject to your request for restriction.
You have the right not to be subject to a decision based on automatic processing
You have the right to object to the processing of your personal data in a such manner that it results in automated decisions being taken about you, including profiling, and which produces legal effects concerning you or which similarly affects you.
If you experience incorrect or illegal data processing at Liva Healthcare, you can contact us by using the contact information above. You also have the right to submit a complaint to the competent data protection supervisory authority:
Denmark – the Danish Data Protection Agency (Datatilsynet). You can submit your complaint to Datatilsynet here.
United Kingdom – Information Commissioners Office (ICO). You can submit your complaint to the ICO here.
Germany – Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD) situated at Holstenstraße 98, 24103 KielPostal. You can submit your complaint to ULD here.
Exercising your rights
We will respond to your inquiry as soon as possible. We seek to accommodate your wishes to use your data rights for access to your data, for correction and deletion, objection to our processing and transfer to another provider. We will give you an answer to your inquiry as soon as possible. Use our contact information below if you wish to exercise your rights.
Should you have any questions regarding the data we process and the way we do so, or to exercise your rights as a data subject, you can contact us at the contact information appearing below.
Liva Healthcare A/S – Denmark
Address: Danneskiold-Samsøes Allé 41, 1434 Copenhagen K
CVR no.: 38 73 73 68
Telephone: +45 93 30 15 11
Liva Healthcare UK Ltd. – United Kingdom
Address: 125 Kingsway, London, WC2B 6NHH
Company Reg: 10717560
Telephone no .: +44 203 858 0767
Liva Healthcare Deutschland GmBH – Germany
Address: 123 Stresemannstraße, 10963, Berlin
Company Reg: HRB 14985
UST ID Number: DE 37 422 51394
Telephone no .: +45 93 30 15 11
To the extent that there are any changes to the types of personal data that we process about you or the way we process your personal data which requires your consent, we will obtain your consent prior to processing your personal data.