Print Friendly and PDF

Privacy Policy 

EXORLIVE is committed to protecting individuals privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the EXORLIVE Website and mobile platforms and Apps owned and controlled by EXORLIVE (hereafter collectively named “EXORLIVE”) and governs data collection and usage. By using EXORLIVE, you consent to the data practices described in this statement.

For the purpose of the License Agreement and in respect of the personal data of End Users, the parties agree that Customer shall be the data controller and EXORLIVE shall be a data processor. EXORLIVE shall take and implement the appropriate technical and organizational measures to protect such personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access.

EXORLIVE is compliant with The EU General Data Protection Regulation (GDPR).

Collection of your Personal Information

EXORLIVE collects personally identifiable information, such as your e-mail address, name, home or work address or telephone number. EXORLIVE also collects anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests and favorites. There is also information about your computer hardware and software that is automatically collected by EXORLIVE. This information can include your IP address, browser type, domain names, access times and referring Web site addresses. This information is used by EXORLIVE for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the EXORLIVE Web site.

All this information is being processed by EXORLIVE as personal data, in the meaning of personal data defined by the European general data protection regulation (GDPR).

Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through EXORLIVE this information may be collected and read by your Health Provider and by EXORLIVE and our sub-processors.

EXORLIVE encourages you to review the privacy statements of Websites you choose to link to from EXORLIVE so that you can understand how those Web sites collect, use and share your information. EXORLIVE is not responsible for the privacy statements or other content on Web sites outside of the EXORLIVE and EXORLIVE family of Web sites.

As an End User you can obtain and reuse your personal data for your own purposes across different Accounts.

Information about Children

EXORLIVE is not intended for or targeting children under the age of 13, and we do not knowingly or intentionally collect information about children under the age of 13. If you believe that we have collected information about children under the age of 13, please contact us at dpo@exorlive.com.

Use of Your Personal Information

EXORLIVE collects and uses your personal information to operate the ExorLive Website and deliver the services you have requested. EXORLIVE will not contact End-Users who gain access to the System from a Customer, unless it is agreed upon with the Customer who provides access to the System.

EXORLIVE does not sell, rent or lease its customer lists to third parties. EXORLIVE may share data with trusted partners to help us perform statistical analysis, provide customer support, hosting etc. All such third parties are prohibited from using your personal information except to provide these services to EXORLIVE, and they are required to maintain the confidentiality of your information.

EXORLIVE does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without your explicit consent.

EXORLIVE Websites will disclose your personal information, without notice, only if required to do so by law or to protect and defend the rights or property of EXORLIVE.

Use of Cookies

The EXORLIVE Web site use cookies to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize S pages, or register with EXORLIVE site or services, a cookie helps the System to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same EXORLIVE Web site, the information you previously provided can be retrieved, so you can easily use the System features that you customized.

You can accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the System services or Web sites you visit.

Security of your Personal Information

Security in EXORLIVE is enforced by a strict security policy, and does not permit entities to be accessed or manipulated across organizations. Within the organization, security is role based and users can be given administrative roles on a unit/department level.

The System is always accessed over SSL, safeguarding the information being exchanged between the client and the server. EXORLIVE store only a hash of the user’s password, and when authenticating through EXORLIVE’s regular interface, salt, hashing, and a short-lived challenge is used to ensure that message replay cannot be used to wrongfully gain access.

External services are required to use the SSL enabled endpoints to ensure transport security. The system provides integrity by ensuring that users are not able to insert or edit entities they are not authorized for. Actions are logged.

Safety measures and procedures against external attacks: We are partners with Microsoft and keep our technical staff updated on the current system and security solutions. Through Azure as a sub-processor, we ensure with Microsoft that our services are always up to date on security and latest security patches; Always running the latest version of important software; Logging of all attempts at login; Performance of manual vulnerability tests.

EXORLIVE satisfies the requirement for built-in privacy.

EXORLIVE is classified as a medical software in risk Class 1. This is the lowest risk class.   EXORLIVE is CE certified.

Retention of Personal Information

We retain Personal Information that you provide us, as long as we consider it necessary. We will be contacting you about the Services from time to time, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements, and then we securely delete the information. We will delete this information from the servers at an earlier date if you so request. If you provide information to our customers as part of their use of the Services, our customers decide how long to retain the personal information they collect from you, and they should be contacted for requests on deletion. If a Customer terminates its use of the Services, then we will provide such customer with access to all information stored for the customer by the Services, After termination, we may, unless legally prohibited, delete all customer information, including your Personal Information, from the Services.

International Transfer of Information

All data is replicated on multiple servers real-time, and backups are stored on Microsoft Azure Servers located in Dublin, Ireland. EXORLIVE process and store data in accordance with current EU General Data Protection Regulation and Norwegian legislation on data protection. The servers are administered by limited number of authorized technical personnel at EXORLIVE Headquarter in Oslo, Norway. The degree of anonymization can be chosen by the Customer EXORLIVE encrypt data traffic through HTTPS.

Data Processor Agreement

The purpose of processing personal data is to create exercise programs and plans that the patient or member can perform. In this connection, you can choose which personal information is included. The most common is the name, email and training data linked to this. It is up to the Customer how much personal information they submit and this is further regulated in the agreement with the Customer or in our License Agreement. Everyone who collects or uses personal data must enter into a Data Processor Agreement with EXORLIVE, where the Customer is the owner of the data (data controller) and EXORLIVE is the data processor. It is the responsibility of the data controller that a Data Processor Agreement is in place. EXORLIVE’s License Agreement regulates data protection in general, and EXORLIVE’s Data Processor Agreement is a standard Agreement included in the License Agreement. If the Customer wants customized protection clauses or services, we customize the Data Processor Agreement in a separate agreement.

Changes to this Statement

EXORLIVE will occasionally update this Statement of Privacy to reflect company and customer feedback. EXORLIVE encourages you to periodically review this Statement to be informed of how EXORLIVE is protecting your information. You will be able to view and accept updated License Agreement and Privacy Policy when you log into the System.

Contact Information

EXORLIVE welcomes your comments regarding this Statement of Privacy. If you believe that EXORLIVE has not adhered to this Statement, please contact EXORLIVE at dpo@exorlive.com. We will use commercially reasonable efforts to promptly determine and remedy the problem.

 

Last edited 26.10.2023