Lenus eHealth ApS ("Lenus" or "we") respect your privacy and are committed to protecting it through the provision of our services and our compliance with this Privacy Policy.

‍

The phrase “information about you” or “personal information” in this policy has the same meaning as “personal data” according to the EU General Data Protection Regulation (“GDPR)”, and means data we may use to identify you or that relates to you in other ways. 

‍

We have tried to make this Privacy Policy easy for you to read and understand. If you have questions or need additional information about how we process information about you, you may contact us as set out in Section 1 below.

‍

For our privacy notice to US residents, please click here.

1. Who is responsible for the processing of your personal information and our contact information

This Privacy notice covers the activities which Lenus performs as a data controller. 
‍

For the personal information Lenus collects about you as part of coaching services you receive, Lenus acts as a joint data controller with your coach, as Lenus has an ongoing collaboration with the coach and provides the technical platform and support for the coaching services you receive.

In practice, this means that the coach is responsible for contact with you and the content of coaching services you receive as a client. Lenus on the other hand, is responsible for the data processors involved in the platform, the security settings of the platform, including retention periods, and management of your data subject rights through our Support channel. 

You may always reach out to both Lenus and your coach, should you have any concerns, questions or requests regarding our processing of your personal data and we will collaborate on providing you with the best response. You can read more about our joint data responsibility arrangement with your coach here. 

The contact information of Lenus eHealth ApS, is: 

Rued Langgaards Vej 8, 2300

Copenhagen, DK

If you have any privacy related questions, you may always reach out to us at email: privacy@lenus.io

Lenus also has appointed an external Data Protection Officer (DPO), who advises and supervises our processing of personal data in the EU. You may reach out to our DPO directly at email: lenus@complianceteam.dk

If you would like to complain to an official authority about Lenus’ processing of personal data, you may lodge a complaint with the Danish Data Protection Authority (‘Datatilsynet’), who may be contacted at https://www.datatilsynet.dk/kontakt/ring-til-os. However, we always hope you will contact us first with any concerns you may have. 
‍

2. How we collect information about you

This Privacy Policy covers the information about you that we may collect from you or that you may provide when you interact with Lenus. Below in section 3, you can find more information on our use of information about you in the following situations: 

1. When you visit or interact with this website (the “Lenus Website”) or the websites of Lenus coaches that link to this Privacy Policy (the “Coach Website” and collectively the “Websites”)
2. When you visit our social media platforms, such as Facebook & Instagram
3. When you use the Lenus Mobile App (the “App”) as a client of a coach
4. When you as a coach use the platform provided by Lenus in accordance with the Coaching Partner Master Service Agreement (the “Platform” and collectively with the App the “Services”)
5. When you communicate with our Lenus Support Team or other Lenus employees

‍

This Privacy Policy does not apply to information about you collected by:

• Lenus or your coach in a non-electronic format or offline
• Lenus as part of the recruitment process for employment at Lenus. In this case you will receive a separate privacy notice from us.

‍

If you receive coaching services, we may also receive your information from your coach as part of our collaboration and for us to support those services. To read about how your coach (who has teamed up with us) processes your personal data, please have a look at the coach's website or contact them.

Under certain circumstances, we may collect your information from public authorities or social media.

‍

3. The information we collect about you and how we use it

The information we collect about you depends on your relationship with us and how you interact with us. We do not use algorithms or profiling to make any decision that would significantly affect you.

‍

3.1 When you visit or interact with this website or websites of Lenus coaches operated by Lenus

We collect several types of information from and about users of the Websites, including the following information:

• Contact Information in webforms: Information by which you may be personally identified, such as name, postal address, email address, telephone number, or any other identifier you have provided to us and by which you may be contacted online or offline. 
  
  1. This information is collected for marketing purposes by us when you subscribe to our services, post material, or request further services on the website. We may also ask you for information when you enter a contest or promotion sponsored by us.
• Device and Usage Information: Information about your internet connection, the equipment you use to access the Websites and the Services, search queries, and usage details. This may also include automatically collected information as you use and navigate on the Websites and the Services, including IP addresses, device model and type, browser information, operating system, language preferences, the pages of the websites you visit and how long you spend on each page. We collect this information automatically about you, when you navigate through the website and may include cookies, web beacons, and other tracking technologies. You can read more about our use of cookies, web beacons, and other tracking technologies in our cookie policy and in the cookie policy of your coach. 

‍

3.2 When you visit our social media platforms 

If you visit our pages at Facebook, Instagram, or LinkedIn, we may process the personal data that you make available to us via the pages, including your reactions on content, likes and comments, and any sharing of our content, etc. 

We process your information for the purpose of managing our social media platforms and communicating with our followers through these platforms. The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing the above-mentioned legitimate interests.

Please note that when using our social media platforms, the provider (such as e.g., Facebook) will also process your personal data for its own purposes, including for targeted marketing purposes. You may find further information on the processing activities in the relevant privacy notices: 

• Facebook   (https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer) 
• Instagram (https://help.instagram.com/581066165581870?cms_id=581066165581870 )
• LinkedIn (https://dk.linkedin.com/legal/privacy-policy)
  ‍

3.3 When you use the Lenus Mobile App as a client of a coach 

We may, in collaboration with your coach or on our own, process the following information: 

• Onboarding Information: The information you provide, when signing on and onboarding to the coaching services. This may include contact information, your motivation and ambitions for your coaching program, your gender, age, information on your habits e.g. sleep, dietary preferences, work-outs, and other similar information as indicated therein. Please be aware that the specific information collected will depend on the specific Coach Website. 

We do this to operate and to provide you with ongoing notices and information about your account.For example, notices on expiration and renewal as a part of your contract with a coach, which we are collaborating on performing. This we may do as it is necessary to perform the contract (cf. GDPR Art. 6,(1),(b)). 
‍

• User Contributions: Your images, status updates and other information which you may provide to be published, displayed or transmitted (collectively “posted”) on public areas of the App, as an example through the ‘Groups’ feature. Please note that you are always responsible for the content you post as User Contributions, and Lenus encourages you to do so thoughtfully.
   
• Location Data: This information will be collected automatically based on your use and input in the App, as an example when you record a fitness activity. For this to be applicable, you must first allow the App to access your location.  

The App will access your location data from the moment you start recording the activity until the moment you stop the recording. To ensure that your full activity is recorded, we need to continue to access the location data if the App is in the background during the activity. You can remove the permission at any time by adjusting your device settings.

This processing will enable a history of your fitness activities, including (where eligible) duration, distance, speed, activity type and heart rate, as well as an overview of your fitness progression.  
‍

• Health or Fitness Data: Imported history of fitness activities from Apple Health or Google Fit. You must first allow the app to access your data from these sources. You can remove this permission at any time by adjusting your app settings.

We process your User Contributions, Location Data, Health or Fitness Data to operate the platform and to provide you with the platform features of your choice, as part of your contract with a coach, which we are collaborating on performing. This we may do as it is necessary to perform the contract (cf. GDPR Art. 6,(1),(b)) and your explicit consent (cf. GDPR Art. 9, (2),(a)). 
‍

• Transactional and Banking Information: Details of transactions you carry out through the Coach Website or the App and the fulfillment of your orders. You may be required to provide financial information before placing an order through the Coach Website or the App. This we may do as it is necessary to perform the contract (cf. GDPR Art. 6,(1),(b)). 
  ‍
• Survey Input: Your responses to surveys that we or your coach might ask you to complete to provide you with a better service in the future based on your consent (cf. GDPR Art. 6,(1),(a)). In rare situations, these surveys may also include your health information, and in this case we will further process this data based on your explicit consent (cf. GDPR Art. 9,(2),(a). You are always able to recall the consent  regarding the collected survey input by contacting us, but please be aware that this will not affect the lawfulness of processing based on consent before its withdrawal, meaning that we will in most cases not be able to extract your input in the aggregated result of the survey. 

‍‍

3.4 When you as a coach use the platform provided by Lenus

We may process the following information to fulfill our obligations under our contract with you: 

• Contract Information: including contact information and business information, which may include business name, business address, full name, bank details, VAT or other tax information, and business ID.

We process this information to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. This we may do as it is necessary for the performance of our contract (cf. GDPR Art. 6,(1),(b)) and to potentially pursue a legitimate interest (cf. GDPR Art. 6,(1),(f))
‍

• Transactional Information: This may include information related to the payments and billing of your services to the clients, your VAT or other tax calculations, contracts with your clients managed through the Platform. 

We do this for book-keeping,ensuring information security and other legal requirements. This is necessary for us to ensure that we comply with our legal obligations (cf. GDPR Art. 6,(1),(c)).
‍

• Social Media information: Information pertaining to your social media accounts for the purpose of delivering the services in scope of the agreement between you and Lenus. We may therefore process this information, as this is necessary for us to fulfill the contract (cf. GDPR Art. 6,(1),(b)).
  ‍
• Survey input: Your responses to surveys that we may ask you to complete to assess and improve our services to you in the future based on your consent (cf. GDPR Art. 6,(1),(a)). You are always able to recall the consent  regarding the collected survey input by contacting us, but please be aware that this will not affect the lawfulness of processing based on consent before its withdrawal, meaning that we will in most cases not be able to extract your input in the aggregated result of the survey. 
  ‍
• Records of phone conversations: When you have a conversation with one of Lenus’ Key Account Managers on Google Meet, this may be recorded for internal learning and development, including AI generated summaries and feedback on a pseudonymised level for the Key Account Managers to contemplate and develop from each conversation. You will be informed about this, when the meeting starts. The records will be managed in strict confidentiality and only shared with a selected number of persons in our data team, who ensures the functionality and data quality. We will keep this data segregated and not use the records for other purposes. We may do so based on the legitimate interest of Lenus in ensuring quality service and continuous improvement of our employees (cf. GDPR Art. 6, (1),(f)).
  ‍

3.5 When you communicate with our Support Team

When you communicate with our Lenus Support Team or other Lenus employees, we will process information about your use of our service and your inquiries or questions to be able to solve your problem or further assist you. We may also receive your correspondence with your coach, if the coach needs our assistance to provide you with a better service.

We may do so to provide you with customer support services and to train our support staff. This is necessary to pursue our and your legitimate interest in making sure you get the help you need from us on an ongoing basis (cf. GDPR Art. 6,(1),(f)).

‍

4. To whom do we disclose Your Information

We may disclose personal information that we collect or you provide as described in this privacy policy to:

• Subsidiaries and affiliates of the Lenus company group, including our entities in the US and the UK. 
• Contractors, service providers, and other third parties, which we may use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them. You may at all times see our list of data processors (including the purpose and location of processing, as well as the legal basis for transfer if processing is done outside of the EU).
• A buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Lenus company group’s’ assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Lenus about the Website and Service users is among the assets transferred.
• Research partners may get access to anonymised, pseudomized or aggregated data for the purpose of collaboration on research on health and wellbeing.
• To the extent these are located outside of EU/EEA, the processing will be based upon the adequacy decisions of the EU Commission in accordance with GDPR Art. 45, including certifications under the EU-US Data Privacy Framework, and otherwise the EU Commission’s Standard Contractual Clauses along with suitable safeguards.

If you want additional information about our transfer of personal data outside the EU and EEA, including a copy of the relevant security measures, etc., you can make a request for such additional information by contacting us (see section 1 above). 

‍

We may under certain circumstances also disclose information about you to third parties:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use and other agreements, including for billing and debt collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Lenus or others. This might include exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

‍

5. For how long do we store your information

Lenus is committed to only process your information in a period necessary to achieve the purposes for which the personal information was originally collected. Due to this, we have defined retention periods, which ensures we don’t store or process personal data for longer than necessary. Your personal information will be deleted or fully anonymised as follows: 

• Cookie information: Information about you as a website visitor will be deleted automatically by the cookie technology in use, on this please also see our cookie policy.
• ‍Communications with you: (such as email inquiries) will be deleted 5 years after the end of the financial year where your last inquiry has been handled/concluded. If your communication pertains to an order, personal data will generally also be deleted 5 years after the end of the financial year in which the order was placed. In specific situations, we may defer from our general retention periods (in case of e.g. complaints, objections or other specific situations).‍
• Coach information: As a starting point, we will delete your personal data 5 years after the end of the financial year where our partnership has ended. In specific situations, we may defer from our general retention periods (in case of e.g., complaints, objections or other specific situations).‍
• Client information: We will, together with your coach, delete or anonymize your information after 3 years of inactivity on the platform, while any health information or body images will be deleted after 6 months of inactivity due to their sensitivity. However, financial information we will maintain for 5 years due to our book-keeping and legal obligations.‍
• Sign-up information or requests for more information: the information provided on the lead form on the coach website will be automatically deleted in our system 6 months after the collection of the personal information, if you decide not to sign up with the specific coach. ‍
• Social media information: Your personal data is deleted in accordance with applicable data protection policies in place to the relevant social media platforms (see the links above section 3.B).

‍

6. Your rights and choices related to the information we collect about you

Lenus eHealth ApS is established in the EU, and is thus subject to the GDPR, under which you as a data subject have granted rights which you may exercise in relation to your personal data. 

- In this regard, you also have the right to receive, upon request, further information that is helpful for you, and which you may deem necessary to exercise these rights. You may request such additional information at the contact information listed in section 1 above.

‍

Right to withdraw your consent given

Whenever our use and processing of your personal information is based upon a consent given by you, you always have the right to withdraw this consent for further processing. This will not impact or render the processing performed until that moment illegal, but no further processing will take place. 

‍

The Right to Request Access, Correction or Erasure of your Personal Information

You can  review and change your personal information yourself by logging into the Service and visiting your account profile page.

You may also send us an email at privacy@lenus.io to request access to, request correction of incorrect data, or erasure of any personal information that you have provided to us. 

Please be aware that in many situations we cannot delete your personal information except by also deleting your user account.

‍

The right to Data Portability 

You may request from Lenus that we provide certain personal data in a commonly used electronic format or transfer it to another data controller. Please be aware that in regard to data portability for coaching services and your data as a coach client, this will be done in collaboration with your coach, and may be subject to a joint evaluation on whether you fulfill the requirements of the GDPR. 

‍

7. Data Security Measures to protect your personal data 

We take the security of your personal data very seriously. We implement a range of technical and organizational measures designed to protect your information from unauthorized access, use, alteration, disclosure, or destruction. These measures aim to ensure the confidentiality, integrity, and availability of your data.

Our security practices include:

• Encryption and Pseudonymization: We may encrypt or pseudonymize your data where appropriate to protect it. Encryption transforms data into an unreadable format, while pseudonymization replaces identifying information with pseudonyms.
• Access Controls: We restrict access to your personal data to authorized personnel only who need it to perform their job duties. This includes measures such as access restrictions and logging of access.
• Data Backup: We maintain regular backups of our systems and data to help prevent data loss.
• Confidentiality Agreements: We have confidentiality agreements in place with our employees and any third-party service providers who have access to your personal data.
• Monitoring: We continuously monitor our systems for potential security breaches.
• Secure Transmission: We protect data transmitted between you and our website and mobile/desktop apps using TLS encryption.

While Lenus implements the necessary and appropriate security measures, it's important to acknowledge that no security system is foolproof. Security risks can never be completely eliminated, and some residual risks are unavoidable.

We want to emphasize that we can only secure the areas within our control. You also play a vital role in protecting your information. We recommend the following:

• Keep your login credentials confidential: Protect your usernames, passwords, and PIN codes and do not share them with others.
• Keep your devices secure: Ensure your devices (computers, phones, etc.) are free from viruses and malware.
• Be cautious in public areas: Be careful about disclosing personal information in public areas of our website, such as message boards.
  ‍

8. Changes to Our Privacy Policy

Lenus will post any changes we make to this Privacy Policy on this page. If we make material changes to how we treat your information, we will notify you by email to the primary email address specified in your account and/or through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page.

‍