Privacy policy

Subscribers and enquiries

BrainLit AB (556902-2014), Scheelevägen 34, 223 63 Lund, Sweden (BrainLit, we, us or our) is the data controller in respect to your personal data and is committed to protecting and respecting your privacy and personal integrity when you use brainlit.com (our Service). Our Privacy Policy will help you understand what personal data we collect through this Service, why it is collected and how we use it. It will also clarify how you can exercise your rights when you trust us to handle your personal data.

We ask that you read this Privacy Policy carefully and familiarize yourself with its contents. If you have any questions, you are welcome to contact us using the contact information provided at the end of this Privacy Policy.

Please note that our website may contain links to and from websites held by affiliates. If you visit any of these websites or use third party services through our links, please be aware that they have their own privacy policies and that we do not assume any liability for their processing of your personal data. Consider reading their privacy policies before using their services.

What personal data do we collect and why?

When you subscribe to information from us (i.e., news, press releases, reports) or use contact forms through our Service, we collect personal data including your name, email address and phone number. This data is stored based on your consent, to facilitate the automatic delivery of information to your email inbox. We may also collect other information regarding your use of our Services through cookies and similar technologies. You can read more about this in our Cookie Policy.

Do you need to provide personal data?

The personal data that we request from you is required by us for administrative and technical reasons in order to contact you in regard to your enquiry. You always have the right to request us to remove any of your personal data we have stored by contacting info@brainlit.com.

Do we share personal data with others?

IntraGroup Transfers

We may disclose your personal data to other companies within the BrainLit Group if it is necessary for administrative purposes or the provision of our Services to you. BrainLit Group companies with access to your personal data follow practices consistent with this Privacy Policy.

Third parties for security or other legitimate reasons

We may disclose your personal data to third parties if we have reason to believe that disclosure of such personal data is necessary:

  • to comply with valid legal obligations including subpoenas, court orders, governmental requests or search warrants, and as otherwise authorized by law;
  • to protect our rights or property, or the safety of our customers or employees;
  • to protect against fraudulent, malicious, abusive, unauthorized or unlawful use of or subscription to our Services and to protect our network, Services, devices and users from such use;
  • to advance or defend against complaints or legal claims in court, administrative proceedings and elsewhere;
  • as part of mergers & acquisitions, provided that the prospective buyer or seller agree to respect your personal data in a manner consistent with our Privacy Policy;
  • to outside auditors and regulators.

Third party suppliers

We may use third party suppliers to perform services for us, such as infrastructure and IT services (including but not limited to data storage), customer services, customer inquiry processing and other statistical analyses. In the performance of these services, third party suppliers may have access to your personal data but are only authorized to process it strictly on our behalf and in accordance with our regulations.

Where do we process personal data?

The personal data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”), including destinations that are not subject to a decision by the European Commission establishing an adequate level of protection of personal data. It can be shared with other companies within the BrainLit Group, and be processed by staff working for us or for one of our suppliers located outside the EEA. Such personnel may, for example, be involved in the fulfilment of your request and execution of our support services. We will take all reasonably necessary steps to ensure that your personal data is treated securely and in accordance with this Privacy Policy, and we have adopted appropriate safeguards to protect it. If you wish to have further information or a copy of these safeguards, please contact us using the contact information provided at the end of this Privacy Policy.

For how long is personal data kept?

We will only keep your personal data for as long as we consider necessary for the fulfilment of your enquiry, after which we will securely delete or in some cases anonymize your personal data. We perform regular status checks to review when personal data needs to be deleted. However, as we process personal data for various purposes, the actual period for which your personal data will be stored will depend on the circumstances.

If our processing of personal data is based on your consent, we will retain your personal data until you withdraw your consent.

How do we protect personal data?

Safeguarding your personal data is a priority for us. Any personal data that you provide to us is stored on secure servers, and we take pride in using procedures to protect against loss, misuse, unauthorized access, alteration, disclosure or destruction of your personal data. Although we work hard to protect your personal data, we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose personal data. However, in the event of a physical or technical incident, we maintain security and incident response plans to handle such incidents in a timely manner and limit any negative effect of such incidents.

How can you access your personal data?

We understand that you may require further information from us regarding your personal data and how it is processed, or that you may wish to update or correct the personal data with which you have provided us. The following rights applies to you:

  • Right to access your personal data: you have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and information.
  • Right to rectification of personal data: if you find that personal data that we process about you is inaccurate, you have the right to have us correct such personal data.
  • Right to erasure of personal data (right to be forgotten): under certain circumstances, such as if your personal data has been unlawfully processed or you have withdrawn your consent (if the processing of your personal data is based on consent), you have the right to request and obtain deletion of your personal data from us.
  • Right to restriction of processing: under certain circumstances, such as if you question the accuracy of your personal data or you have objected to our legitimate purpose to process your personal data, you have the right to request that we restrict the processing of your personal data until a solution is found.
  • Right to object to processing: under certain circumstances, such as if you question our legitimate interest to process your personal data, you have the right to object, on grounds relating to your particular situation, to such processing.
  • Right to data portability: if your personal data is processed by automated means based on your consent or for the fulfilment of our contractual relationship, you have the right to request that we provide you with your personal data on a machine-readable format for transmission to another data controller.
  • Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint regarding our processing of your personal data with your supervisory authority.

Please contact us to make a request in respect of your rights. We will use commercially reasonable efforts to respond to your request within 30 days of receiving such a request. If we cannot honor your request within the 30-day period, we will give reasons why and when we expect to be able to fulfil your request.

Changes to this privacy policy

Our Privacy Policy may change from time to time. Therefore, you should make sure to review the latest version of this Policy on a regular basis. We will post any Privacy Policy changes here, and, if the changes are significant, we will provide you with a more prominent notice such as an email notification. If we change this Privacy Policy in a way that will affect how we use your personal data, we will inform you and provide options. We will also keep prior versions of this Privacy Policy in an archive for your review, available upon request.

Contact

As a user of our Service, you can request more information on your stored personal data or notify us if you are dissatisfied with our processing of your personal data, by contacting info@brainlit.com.

Applications and devices

BrainLit AB (556902-2014), Scheelevägen 34, 223 63 Lund, Sweden (BrainLit, we, us or our) is the data controller in respect to your personal data and is committed to protecting and respecting your privacy and personal integrity when you use our BCL application (the “App”) and Alven device (the “Device”). Our Privacy Policy will help you understand what personal data we collect through the App or Device, why it is collected and how we use it. It will also clarify how you can exercise your rights when you trust us to handle your personal data.

We ask that you read this Privacy Policy carefully and familiarize yourself with its contents. If you have any questions, you are welcome to contact us using the contact information provided at the end of this Privacy Policy.

What personal data do we collect and why?

When you use the App and Device, we collect personal data including your name, email, gender, birth date and year, height and weight, activities, notes and tags We may also collect other information regarding your use of our App and Device such as your IP address and high-level location and metadata regarding app use.

Please note that certain measurement data collected via the App may be regarded as health-related data, also referred to as sensitive data.

We process personal data on the basis of a user contract, which is formed in connection with the creation of an account and acceptance of our terms and conditions. We may also process certain information to comply with legal obligations.

Furthermore, we process the personal data to pursue our legitimate interest for aggregated analytics and trend detection. When choosing to use your data on the basis of our legitimate interests, we carefully weigh our own interests against your right to privacy.

Health and measurement data is processed and stored based on your explicit consent to process such data.

Do you need to provide personal data?

The personal data that we request from you is required by us to be able to offer the App and Device to you in accordance with the user contract.

We may process personal data for the purpose of communicating with users. If you contact our support with questions regarding your App and Device data, we will use the provided information to answer your questions and for solving any issues you may have.

We may process aggregated information regarding the use of our App and Device to improve our app quality. When possible, we will do this using only aggregated, non-personally identifiable data.

With your consent we may show or send you advertisements within the App or by using push notifications. We will never use your health-related data for advertising without your explicit consent.

Do we share personal data with others?

IntraGroup Transfers

We may disclose your personal data to other companies within the BrainLit Group if it is necessary for administrative purposes or the provision of our App and Device to you. BrainLit Group companies with access to your personal data follow practices consistent with this Privacy Policy.

Third parties for security or other legitimate reasons

We may disclose your personal data to third parties if we have reason to believe that disclosure of such personal data is necessary:

  • to comply with valid legal obligations including subpoenas, court orders, governmental requests or search warrants, and as otherwise authorized by law;
  • to protect our rights or property, or the safety of our customers or employees;
  • to protect against fraudulent, malicious, abusive, unauthorized or unlawful use of our App and Device and to protect our network, Apps, Devices and users from such use;
  • to advance or defend against complaints or legal claims in court, administrative proceedings and elsewhere;
  • as part of mergers & acquisitions, provided that the prospective buyer or seller agree to respect your personal data in a manner consistent with our Privacy Policy;
  • to outside auditors and regulators.

Third party suppliers

We may use third party suppliers to perform services for us, such as infrastructure and IT services (including but not limited to data storage), customer services, customer inquiry processing and other statistical analyses. In the performance of these services, third party suppliers may have access to your personal data but are only authorized to process it strictly on our behalf and in accordance with our regulations.

Where do we process personal data?

The personal data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”), including destinations that are not subject to a decision by the European Commission establishing an adequate level of protection of personal data. It can be shared with other companies within the BrainLit Group, and be processed by staff working for us or for one of our suppliers located outside the EEA. Such personnel may, for example, be involved in the fulfilment of your request and execution of our support services. We will take all reasonably necessary steps to ensure that your personal data is treated securely and in accordance with this Privacy Policy, and we have adopted appropriate safeguards to protect it. If you wish to have further information or a copy of these safeguards, please contact us using the contact information provided at the end of this Privacy Policy.

Social media and public forums

The App enables you to publish certain information from your App related to your App and Device experience or sleep data on social media sites such as Facebook, Instagram and Twitter, online blogs and forums.

Please think carefully before deciding what information you share. Please note that we do not control who will have access to the information that you choose to make public in such forums, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on social media, online blogs or public forums – or what others do with information you share.

For how long is personal data kept?

We will only store personal data as long as is legally permitted and necessary for the purposes specified above after which we will securely delete or in some cases anonymize your personal data. The storage period generally depends on the duration of an account lifecycle, unless data has been deleted upon request. Backups are deleted as soon as reasonably possible, typically within 6 months.

We perform regular status checks to review when personal data needs to be deleted. However, as we process personal data for various purposes, the actual period for which your personal data will be stored will depend on the circumstances.

If our processing of personal data is based on your consent, we will retain your personal data until you withdraw your consent.

How do we protect personal data?

Safeguarding your personal data is a priority for us. Any personal data that you provide to us is stored on secure servers, and we take pride in using procedures to protect against loss, misuse, unauthorized access, alteration, disclosure or destruction of your personal data. Although we work hard to protect your personal data, we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose personal data. However, in the event of a physical or technical incident, we maintain security and incident response plans to handle such incidents in a timely manner and limit any negative effect of such incidents.

Your rights

We understand that you may require further information from us regarding your personal data and how it is processed, or that you may wish to update or correct the personal data with which you have provided us. The following rights applies to you:

  • Right to access your personal data: you have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and information.
  • Right to rectification of personal data: if you find that personal data that we process about you is inaccurate, you have the right to have us correct such personal data.
  • Right to erasure of personal data (right to be forgotten): under certain circumstances, such as if your personal data has been unlawfully processed or you have withdrawn your consent (if the processing of your personal data is based on consent), you have the right to request and obtain deletion of your personal data from us.
  • Right to restriction of processing: under certain circumstances, such as if you question the accuracy of your personal data or you have objected to our legitimate purpose to process your personal data, you have the right to request that we restrict the processing of your personal data until a solution is found.
  • Right to object to processing: under certain circumstances, such as if you question our legitimate interest to process your personal data, you have the right to object to such processing on grounds relating to your particular situation, for example to our use of your personal data for direct marketing purposes.
  • Right to data portability: if your personal data is processed by automated means based on your consent or for the fulfilment of our contractual relationship, you have the right to request that we provide you with your personal data on a machine-readable format for transmission to another data controller.
  • Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint regarding our processing of your personal data with your supervisory authority.

Please contact us to make a request in respect of your rights. We will use commercially reasonable efforts to respond to your request within 30 days of receiving such a request. If we cannot honor your request within the 30-day period, we will give reasons why and when we expect to be able to fulfil your request.

Changes to this privacy policy

Our Privacy Policy may change from time to time. Therefore, you should make sure to review the latest version of this Policy on a regular basis. We will post any Privacy Policy changes here, and, if the changes are significant, we will provide you with a more prominent notice such as an email notification. If we change this Privacy Policy in a way that will affect how we use your personal data, we will inform you and provide options. We will also keep prior versions of this Privacy Policy in an archive for your review, available upon request.

Contact

As a user of our App or Device, you can request more information on your stored personal data or notify us if you are dissatisfied with our processing of your personal data, by contacting info@brainlit.com.