Privacy Policy
Mindforce Game Lab Fig Application
–> Integritetspolicy App på Svenska
–> Datenschutzrichtlinie App in deutscher Sprache
–> Politique de confidentialité de l’application en français

Last updated: 7 November, 2022

  1. Introduction

    1.1 This privacy policy (the “Privacy Policy”) describes how Mindforce Game Lab AB, reg. no 559132-9346, (“Mindforce”, “we”, “us” and “our”), process your personal data when you sign up to, use and interact with our mobile game application Fig: A Playtient Journey (referred to as “Fig”).

    1.2 We respect and safeguard your personal integrity. It is therefore important for us to protect your personal data and ensure that our processing of your personal data is correct and lawful. We ask that you read this Privacy Policy carefully and familiarize yourself with its content. We may sometimes need to make updates or changes to this Privacy Policy, you can always find the latest version of this Privacy Policy in your user settings of Fig or on our webpage https://mindforcegamelab.com/.

  2. Identity and contact details of the data controller

    2.1 Unless otherwise stated in this Privacy Policy, Mindforce is the data controller in regard to the processing of your personal data within the scope of this Privacy Policy and thus responsible for the processing of such personal data under applicable data protection laws and regulations.

    2.2 If you have any questions regarding the processing of your personal data, please contact Mindforce at info@mindforcegamelab.com or by post at:

    Mindforce Game Lab AB
    Laboratorgränd 7
    931 62 Skellefteå, Sweden

  3. The content of this Privacy Policy
    3.1 This Privacy Policy applies to processing of personal data that is initiated when you sign up to use Fig, and any processing of personal data that applies to you when you are installing, using and/or interacting with Fig. This Privacy Policy also applies to processing of personal data that is performed when a user of Fig invites you as a team member and chooses to share their use of Fig with you.

    3.2 Please note that this Privacy Policy does not apply to third party products or services that Mindforce do not own or control, but that you might come to interact with by using Fig.

    3.3 This Privacy Policy includes information on what type of personal data we process about you, from what sources we collect such personal data, for what purposes we process such personal data, how and with which parties we share your personal data as well as information on your rights as a data subject.

  4. What categories of personal data do we process, for what purpose do we process them and on what lawful basis do we base or processing activities?

    4.1 How we in general process your personal data

    4.1.1 We process your personal data in the way and for the purposes described in the tables below in this Section 4, and we are accountable in the role as data controller for the processing activities described in each table.

    4.1.2 We need to base each purpose on a lawful basis. A lawful basis can for example be (i) your consent to the specific processing activity, (ii) that the processing is necessary for the performance of a contract to which you as data subject is party, or (iii) that we, based on weighing of interests, have a legitimate interest to process your personal data, which is not overruled by your interest of not having your personal data processed. In the tables below in this Section 4, you will find information on what lawful basis we process your personal data, for what purpose we process your personal data as well as for what period in time we will keep your personal data.

    4.1.3 Do note, we are not the data controller for such personal data processing occurring locally on your device whereas the personal data processing is not being shared with Fig.

    4.2 To sign up to become a test user of Fig

    Lawful basis: Your consent. We will only process the personal data if you have made an application by responding to our form available at Intresseanmälan and thus have consented to us reviewing the information contained in the application.

    The application process includes a step where you must review a separate consent notice, which is crucial to you joining as a test user. In the consent notice, you will be able to review information about the scope of the consent and our purpose of processing your personal data.

    You are at any time entitled to withdraw your consent and thereby end your participation in the test team, and we will in that case no further collect or in any other way process personal data that is based on your consent. Withdrawal of your consent does not affect the lawfulness of processing of personal data based on your consent that was performed before your withdrawal.

    Retention period: We process and keep information contained in your application until we have made a decision of your eligibility of participating in the test or for a period of maximum six (6) months, whichever is shorter. If you are found not to be eligible, the personal data provided in your application will be deleted immediately.

    4.3 To create and manage your user account

    Lawful basis: Performance of contract. Processing of personal data connected with your user account is necessary in order for us to enter into and perform our contractual obligations in the Terms and conditions and thus provide Fig to you who have signed up to be a user.

    Retention period: We process and keep your personal data for as long as the contract is valid and for a maximum of two (2) years thereafter.

    We may however be required to keep personal data for a longer period of time for other purposes, for example for establishment, exercise or defence of legal claims. We may also need to keep personal data for a longer period of time in order to comply with legal obligations, such as matters including our bookkeeping obligations according to the bookkeeping legislation.

    4.4 To follow users’ progress as a team member

    Lawful basis: Legitimate interest. Our legitimate interest is to communicate with you because you have been invited and trusted as a team member of a user of Fig.

    Retention period: We process and keep your personal data as long as you are invited and connected as a team member with the Fig account, however for a maximum of one (1) year from the expiration of the user’s license to the Fig account.

    4.5 To provide Fig to you to improve your health

    Lawful basis: Your consent. We will only process the personal data if you have registered a user account and given your consent to us processing your personal health data.

    Retention period: We process your personal data until you delete your user account, or for a maximum of two (2) years from the time you had an active license to your user account.

    You are at any time entitled to withdraw your consent by deleting your user account and we will in that case no further collect or in any other way process personal data that is based on your consent. Withdrawal of your consent does not affect the lawful-ness of processing of personal data based on your consent that was performed before your withdrawal.

    4.6 To improve the functionality and experience of Fig

    Lawful basis: Legitimate interest. Our legitimate interest is to develop and improve the functionality and experience of our products and services, including Fig.

    Retention period: We process and keep information of user behaviour on Fig for as long as the information is necessary in order to fulfil the purpose, however for a maximum of three (3) years from the time it was collected.

    4.7 Profiling

    4.7.1 For the purposes set out in Sections 4.5-4.6, Mindforce analyse the usage of Fig in order to provide you as a user with the most relevant features of Fig with regard to your mental health condition.

    4.7.2 Analysing the usage of Fig may include elements of so-called profiling. Profiling means the processing of your and other users’ personal data to analyse aspects of your behaviour on and use of Fig. We will process actions taken by you in Fig, such as when you choose to skip or snooze a medication reminder. Mindforce does not use profiling to make any decision that would significantly affect you.

    4.8 To comply with our legal obligations or to exercise legal claims

    4.8.1 We may process your personal data in order to comply with legal obligations according to legislation which is applicable to our operations and organisation, such as to satisfy tax or reporting obligations. We may also process your personal data in order to comply with a decision by public authority or court which requires us to keep and process your personal data.

    4.8.2 We may also process your personal data because you, ourselves or affected third party shall be able to establish, exercise or defend a legal claim, for example upon forthcoming or ongoing dispute.

  5. From where do we collect your personal data?

    5.1 We process personal data which are collected directly from you, or from third parties.

    5.2 If you provide us with access to health data according to the tables above, personal data will be collected from connected third party sources such as Apple Health. Some personal data will then be collected through your device’s sensors (such as the accelerometer calculating your movements). You have control over what data are stored and accessed between the Fig and other applications and you can modify these settings directly in Fig or in your device at any time. We do not collect information about you from any third party source unless you allow us to do so.

  6. What happens if you do not want to share your personal data with us?

    You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with Fig or the best possible experience of Fig. It is also possible that the functionality of Fig becomes limited and does not work as you may expect.

  7. How we share your personal data

    Access to your personal data is limited to parties which needs access in order to fulfil the purposes described under Section 4 above. We will share your personal data with the following parties in order to fulfil the stipulated purposes:

    (a) Service providers. We may engage third parties to act as our service providers and perform certain tasks on our behalf, such as processing or storing data, including personal data, in connection with your use of Fig. Whenever using third party service providers, we establish data processor agreements as well as take other adequate measures in order to make sure that your personal data is processed in a way that conforms with this Privacy Policy;

    (b) Business partners. . We may share your personal data with third parties with whom we transact or collaborate with to provide, purchase and deliver products, solutions or services and/or third parties with whom we seek to develop and deliver new or improved products, solutions or services with; and,

    (c) Others at your discretion. We may share personal data with others at you discretion and/or with your consent, such as with your invited team members if you add these to your account.

    (d) Authorities. We may share your personal data with governmental and/or state authorities (such as the Medical Products Agency or the Swedish Tax Agency) when required by law, regulation or by a court order.

  8. Protection of personal data at Mindforce

    We use administrative, technical, and physical safeguards to protect your personal data, taking into account the nature of the personal data and the processing, and the threats posed. We are constantly working to improve on these safeguards to help keep your personal data secure.

  9. Will we transfer your personal data outside of EU/EEA?

    We may transfer your personal data to countries outside of the European Union (“EU”)/European Economic Area (“EEA”). If the European Commission has not issued a decision that the country to which your personal data are transferred has an adequate level of protection for your personal data, then we will provide a description of what safeguarding measures we have taken and what lawful basis we base the transfer upon in order to ensure that the transfer of your personal data is done in accordance with European data protection legislation. Please contact us by sending us a written notice to the contact details featured in this Privacy Policy if you want to have more information about whether we have transferred your personal data outside of EU/EEA, what countries we have transferred your personal data to and what safeguarding measures we have taken to protect the transfer.

  10. Your rights as data subject

    10.1 In this section we describe your rights under applicable European data protection legislation. You will not be charged if you want to exercise your rights and you can exercise them by contacting us. Do not hesitate to contact us if you have any questions regarding your rights.

    10.2 Please note that we will always do an assessment of a request of exercising a right in order to determine whether the request is legitimate. Not all rights listed below are absolute and there are exemptions which can be valid.

    10.3 Your rights are the following:

    (a) Right of access. You have the right upon request to get a copy of your personal data which we process and to get complementary information regarding our processing of your personal data.

    (b) Right of rectification. You have the right to have your personal data rectified and/or complemented if they are wrong and/or incomplete.

    (c) Right to erasure. You have the right to request that we erase your personal data without undue delay in the following circumstances:

    (i) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

    (ii) you withdraw your consent on which the processing is based (if applicable) and there is no other legal ground for the processing;

    (iii) you object to our processing of personal data and we do not have any overriding legitimate grounds for the processing;

    (iv) the processed personal data is unlawfully processed; or

    (v) the processed personal data has to be erased for compliance with legal obligations.

    (d) Right to restriction. You have the right to restrict the processing of your personal data in the following circumstances:

    (i) you contest the accuracy of the personal data during a period enabling us to verify the accuracy of such data;

    (ii) the processing is unlawful, and you oppose erasure of the personal data and request restriction instead;

    (iii) the personal data is no longer needed for the purposes of the processing, but are necessary for you for the establishment, exercise or defence of legal claims; or

    (iv) you have objected to the processing of the personal data, pending the verification whether our legitimate grounds for our processing override your interests, rights and freedoms.

    (e) Right to data portability. If your personal data has been provided by you and our processing of your personal data is based on your consent or on the performance of a contract with you, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format in order to transmit these to another service provider where it would be technically feasible and can be carried out by automated means.

    (f) Right to object. You have the general right to object to our processing of your personal data when it is based on our legitimate interest. If you object and we believe that we may still process your personal data, we must demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

    (g) Right to object to direct marketing. You have the right to at any time object to processing which is done for the purpose of direct marketing. If you object to such processing, we will no longer process your data for such purposes.

    (h) Right to withdraw consent. When our processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the lawfulness of any processing based on your consent before its withdrawal is not affected by the withdrawal.

  11. Complaints to the supervisory authority

    The data protection authority in Sweden is ‘Integritetsskyddsmyndigheten’. If you believe that our processing is performed in breach of applicable data protection legislation, we encourage you in first-hand to contact us in order for us to oversee your complaints. You may at any time also file a complaint with the supervisory authority.