Privacy Policy
Mindforce Game Lab Fig Application
–> Integritetspolicy App på Svenska

Last updated: 26 November, 2024

  1. Introduction

    1.1 This privacy policy (the “Privacy Policy”) describes how Mindforce Game Lab AB, reg. no 559132-9346, (“Mindforce”, “we”, “us” and “our”), process your personal data when you sign up to, use and interact with our mobile game application Fig: A Playtient Journey (referred to as “Fig”).

    1.2 We respect and safeguard your personal integrity. It is therefore important for us to protect your personal data and ensure that our processing of your personal data is correct and lawful. We ask that you read this Privacy Policy carefully and familiarize yourself with its content. We may sometimes need to make updates or changes to this Privacy Policy. If significant changes are made, we will notify you through appropriate means, such as email or in-app notifications. You can always find the latest version of this Privacy Policy in your user settings of Fig or on our webpage https://mindforcegamelab.com/.

    2. 1.3 Our app is intended for users as specified by the age restrictions set on the platform where the app is downloaded (e.g., Apple App Store, Google Play Store). Individuals under 18 years of age must have the consent of a parent or legal guardian to use the app. By using the app, users confirm that they meet the age requirements and, if under 18, have obtained the necessary consent. It is the user’s responsibility to comply with these age restrictions and ensure any required consent has been obtained.

  2. Identity and contact details of the data controller

    2.1 Unless otherwise stated in this Privacy Policy, Mindforce is the data controller in regard to the processing of your personal data within the scope of this Privacy Policy and thus responsible for the processing of such personal data under applicable data protection laws and regulations.

    2.2 If you have any questions regarding the processing of your personal data, please contact Mindforce at info@mindforcegamelab.com or by post at:

    Mindforce Game Lab AB
    C/O Business Control Partner Norden AB
    Krokslätts Fabriker 30
    431 37 Mölndal
    Sweden

  3. The content of this Privacy Policy
    3.1 This Privacy Policy applies to processing of personal data that is initiated when you sign up to use Fig, and any processing of personal data that applies to you when you are installing, using and/or interacting with Fig. This Privacy Policy also applies to processing of personal data that is performed when a user of Fig invites you as a team member and chooses to share their use of Fig with you.

    3.2 Please note that this Privacy Policy does not apply to third party products or services that Mindforce do not own or control, but that you might come to interact with by using Fig.

    3.3 Mindforce does not collect or store any payment information directly. All purchases and subscriptions for the Service are managed through third-party platforms, Google Play Store and Apple App Store. These platforms are responsible for collecting, processing, and storing payment information, such as credit card details and billing information. Mindforce does not have access to sensitive payment data collected by these platforms.
    For more information on how Google Play Store and Apple App Store handle payment data, please consult their respective privacy policies.

    3.4 This Privacy Policy includes information on what type of personal data we process about you, from what sources we collect such personal data, for what purposes we process such personal data, how and with which parties we share your personal data as well as information on your rights as a data subject.

  4. What categories of personal data do we process, for what purpose do we process them and on what lawful basis do we base or processing activities?


    4.1 How we in general process your personal data

    4.1.1 We process your personal data in the way and for the purposes described in the tables below in this Section 4, and we are accountable in the role as data controller for the processing activities described in each table.

    4.1.2 We need to base each purpose on a lawful basis. A lawful basis can for example be (i) your consent to the specific processing activity, (ii) that the processing is necessary for the performance of a contract to which you as data subject is party, or (iii) that we, based on weighing of interests, have a legitimate interest to process your personal data, which is not overruled by your interest of not having your personal data processed. In the tables below in this Section 4, you will find information on what lawful basis we process your personal data, for what purpose we process your personal data as well as for what period in time we will keep your personal data.

    4.1.3 Do note, we are not the data controller for such personal data processing occurring locally on your device whereas the personal data processing is not being shared with Fig.

    4.2 To create and manage your user account

    Purpose Processing Activities Categories of Personal Data
    In order to create, maintain and manage your Fig user account.
    • Registering, administering and storing of your Fig user account, including your login details and invited team members.
    • Your first name and surname.
    • Login details including email address and password.
    • Your year of birth.
    • Your gender.
    • Medical diagnosis (such as mental illness or depression).
    • Email address and name of your invited team members.


    Lawful basis: Performance of contract. Processing of personal data connected with your user account is necessary in order for us to enter into and perform our contractual obligations in the Terms and conditions and thus provide Fig to you who have signed up to be a user.

    Retention period: We process and keep your personal data for as long as the contract is valid and for a maximum of two (2) years thereafter.

    We may however be required to keep personal data for a longer period of time for other purposes, for example for establishment, exercise or defence of legal claims. We may also need to keep personal data for a longer period of time in order to comply with legal obligations, such as matters including our bookkeeping obligations according to the bookkeeping legislation.

    4.3 To follow users’ progress as a team member

    Purpose Processing Activities Categories of Personal Data
    In order to share progress and Fig interactions of users you are invited to follow as a team member.
    • Contact and communicate with you in the role of a team member via email about the progress and interactions of Fig users.
    • First name and surname of team member.
    • Login details including team member email address and password.
    • Year of birth of the team member.
    • The gender of the team member.
    • The team member’s medical diagnosis, such as depression or bipolar disorder.
    • Information that the team member provides us with when we communicate with the team member.


    Lawful basis: Legitimate interest. Our legitimate interest is to communicate with you because you have been invited and trusted as a team member of a user of Fig.

    Retention period: We process and keep your personal data as long as you are invited and connected as a team member with the Fig account, however for a maximum of one (1) year from the expiration of the user’s license to the Fig account.

    4.4 To provide Fig to you to improve your health

    Purpose Processing Activities Categories of Personal Data
    In order to provide Fig to you as a user and thereby help you improve your health status, including:

    (a) to customise features such as the dose reminder system according to your medical condition; and,

    (b) to provide you with prompts in Fig, that are determined based on the analysis of your interactions.
    • Configuration and storing of your medication settings in order to set up and provide the reminder system in Fig.
    • Storing and analysing your use of Fig, including your interaction with the dose reminder system.
    • Sharing of your progress and interaction with invited team members by sending them a notification to their email address.
    • Information on your medication, including dose schedule, name of medication, strength and amount.
    • Usage information, including data about your activity on and use of Fig, such as interaction with the medical dose reminder system.
    • Information relating to your health status, including data related to your physical or mental health.
    • Sensor information, such as movements, heart rate, noises, pulse, from which personal data will be derived (such as physical activity and sleep efficiency).
    • Location information.


    Lawful basis: Your consent. We will only process the personal data if you have registered a user account and given your consent to us processing your personal health data.

    Retention period: We process your personal data until you delete your user account, or for a maximum of two (2) years from the time you had an active license to your user account.

    You are at any time entitled to withdraw your consent by deleting your user account and we will in that case no further collect or in any other way process personal data that is based on your consent. Withdrawal of your consent does not affect the lawful-ness of processing of personal data based on your consent that was performed before your withdrawal.

    4.5 To improve the functionality and experience of Fig

    Purpose Processing Activities Categories of Personal Data
    In order to improve the functionality and experience of the Fig application.
    • Storing and analysing use of Fig, including but not limited to users’ interaction with the dose reminder system.
    • Troubleshooting and protecting against errors.
    • Usage information, including users’ interactions with Fig, in aggregated form.


    Lawful basis: Legitimate interest. Our legitimate interest is to develop and improve the functionality and experience of our products and services, including Fig.

    Retention period: We process and keep information of user behaviour on Fig for as long as the information is necessary in order to fulfil the purpose, however for a maximum of three (3) years from the time it was collected.

    4.6 Participation in Testing Periods

    Purpose Processing Activities Categories of Personal Data
    To invite users to participate in testing periods for new features or services and gather feedback to improve our offerings.
    • Reviewing applications or invitations to participate in testing periods.
    • Communicating with users about eligibility and participation.
    • First name and surname.
    • Contact information, such as email address.
    • Basic demographic information, such as age group and residency status.
    • Technical data, such as device type and operating system.


    Lawful basis: Your consent. You are at any time entitled to withdraw your consent and thereby end your participation in the testing period. In such cases, we will no longer collect or otherwise process personal data based on your consent. Withdrawal of your consent does not affect the lawfulness of processing of personal data carried out before your withdrawal.
    For certain testing periods, we may request your explicit consent through a separate consent form. This form will provide details on the scope and purpose of the data collection for the testing period.
    Free trial periods prior to transitioning to a paid subscription are governed by this Privacy Policy and our Terms of Use. By initiating a trial period, users agree to the data collection and processing outlined in these policies.

    Retention period: We process and retain information collected during applications or participation in testing periods only as long as necessary to fulfill the purpose of the testing period or for a maximum of six (6) months, whichever is shorter. If you are not selected for a testing period, the personal data provided in your application will be deleted immediately after the selection process.

    4.7 Profiling

    4.7.1 For the purposes set out in Sections 4.4-4.5, Mindforce analyse the usage of Fig in order to provide you as a user with the most relevant features of Fig with regard to your mental health condition.

    4.7.2 Analysing the usage of Fig may include elements of so-called profiling. Profiling means the processing of your and other users’ personal data to analyse aspects of your behaviour on and use of Fig. We will process actions taken by you in Fig, such as when you choose to skip or snooze a medication reminder. Mindforce does not use profiling to make any decision that would significantly affect you.

    4.8 To comply with our legal obligations or to exercise legal claims

    4.8.1 We may process your personal data in order to comply with legal obligations according to legislation which is applicable to our operations and organisation, such as to satisfy tax or reporting obligations. We may also process your personal data in order to comply with a decision by public authority or court which requires us to keep and process your personal data.

    4.8.2 We may also process your personal data because you, ourselves or affected third party shall be able to establish, exercise or defend a legal claim, for example upon forthcoming or ongoing dispute.

  5. From where do we collect your personal data?

    5.1 We process personal data which are collected directly from you, or from third parties.

    5.2 If you provide us with access to health data according to the tables above, personal data will be collected from connected third party sources such as Apple Health. Some personal data will then be collected through your device’s sensors (such as the accelerometer calculating your movements). You have control over what data are stored and accessed between the Fig and other applications and you can modify these settings directly in Fig or in your device at any time. We do not collect information about you from any third party source unless you allow us to do so.

    5.3 We use third-party tools to improve the app experience. In compliance with Apple’s App Tracking Transparency (ATT) framework and similar platform requirements, you will see a consent prompt during your first use of the app.
    This prompt explains the types of data we collect and provides the option to allow or decline tracking. You can update your preferences at any time through your device’s privacy settings. Please note that declining tracking may limit some app features.

  6. What happens if you do not want to share your personal data with us?

    You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with Fig or the best possible experience of Fig. It is also possible that the functionality of Fig becomes limited and does not work as you may expect.

  7. How we share your personal data

    Access to your personal data is limited to parties which needs access in order to fulfil the purposes described under Section 4 above. We will share your personal data with the following parties in order to fulfil the stipulated purposes:

    (a) Service providers. We may engage third parties to act as our service providers and perform certain tasks on our behalf, such as processing or storing data, including personal data, in connection with your use of Fig. Whenever using third party service providers, we establish data processor agreements as well as take other adequate measures in order to make sure that your personal data is processed in a way that conforms with this Privacy Policy;

    (b) Business partners. . We may share your personal data with third parties with whom we transact or collaborate with to provide, purchase and deliver products, solutions or services and/or third parties with whom we seek to develop and deliver new or improved products, solutions or services with; and,

    (c) Others at your discretion. We may share personal data with others at you discretion and/or with your consent, such as with your invited team members if you add these to your account.

    (d) Authorities. We may share your personal data with governmental and/or state authorities (such as the Medical Products Agency or the Swedish Tax Agency) when required by law, regulation or by a court order.

  8. Protection of personal data at Mindforce

    We use administrative, technical, and physical safeguards to protect your personal data, taking into account the nature of the personal data and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal data secure. In the unlikely event of a data breach, we will take the necessary steps to address the issue and notify affected users and relevant authorities as required by applicable laws.

  9. Will we transfer your personal data outside of EU/EEA?

    We may transfer your personal data to countries outside of the European Union (“EU”)/European Economic Area (“EEA”). If the European Commission has not issued a decision that the country to which your personal data are transferred has an adequate level of protection for your personal data, then we will provide a description of what safeguarding measures we have taken and what lawful basis we base the transfer upon in order to ensure that the transfer of your personal data is done in accordance with European data protection legislation. Please contact us by sending us a written notice to the contact details featured in this Privacy Policy if you want to have more information about whether we have transferred your personal data outside of EU/EEA, what countries we have transferred your personal data to and what safeguarding measures we have taken to protect the transfer.

  10. Your rights as data subject

    10.1 In this section we describe your rights under applicable European data protection legislation. You will not be charged if you want to exercise your rights and you can exercise them by contacting us. Do not hesitate to contact us if you have any questions regarding your rights.

    10.2 Please note that we will always do an assessment of a request of exercising a right in order to determine whether the request is legitimate. Not all rights listed below are absolute and there are exemptions which can be valid.

    10.3 Your rights are the following:

    (a) Right of access. You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.

    (b) Right of rectification. You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.

    (c) Right to erasure. You have the right to request that we erase your personal data without undue delay in the following circumstances:

    (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

    (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;

    (iii) you object to our processing of personal data and we do not have any overriding legitimate grounds for the processing;

    (iv) the processed personal data is unlawfully processed; or

    (v) the processed personal data has to be erased for compliance with legal obligations.

    (d) Right to restriction. You have the right to restrict the processing of your personal data in the following circumstances:

    (i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;

    (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead;

    (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or

    (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.

    (e) Right to data portability. If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.

    (f) Right to object. You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

    (g) Right to object to direct marketing. You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.

    (h) Right to withdraw consent. When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.

  11. California Consumer Privacy Act (CCPA) Compliance
    If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA). These include the right to request access to the personal data we collect and how we use it, the right to request the deletion of your personal data (subject to legal exceptions), and the right to opt out of the sale of your personal data to third parties.

    To exercise these rights, you can contact us at info@mindforcegamelab.com. Requests will be processed within 30 days.

  12. Complaints to the supervisory authority

    The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’. If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you in first-hand to contact us in order for us to oversee your complaints. You may at any time also file a complaint with the supervisory authority.