General Provisions
Suun ensures that the processing of personal data is in accordance with the legislation regarding the protection and security of personal data (including the General Data Protection Regulation of the European Union, GDPR), other personal data protection legislation, and good business practices.
Suun considers the privacy of individuals and the protection of their data important and makes the best efforts to ensure the security and protection of the information system and other data carriers.
Definitions
The following capitalised terms shall have the meanings assigned to them below:
Account – the individual account which allows Users and Experts access to the Services and Subscriptions;
Suun, we, or us – Suun Health OÜ, a company registered in Estonia, registry code 16497362, address Marati tn 5/1, Tallinn 11712, Estonia, and/or Suun Health GmbH, a company registered in Germany, registry code HRB 265523 B, address Fontanepromenade 15, 10967 Berlin;
Suun App – the mobile application provided by Suun via the Google Play store and the Apple App store;
Suun Website – the website of Suun with its domain suunhealth.com and its subdomains and related domains;
Expert – a person providing services to Users;
Health Report – a document containing aggregated and summarised User health data;
Services – the information society services (e.g. subscription to livestream classes) and in-person services (e.g. well-being services) provided by Suun;
Subscriptions – payment-based access to digital content and in-person Services;
Terms – these Suun terms of service, its annexes, the privacy policy and any other documentation, guidelines, and other documents provided by Suun for the usage of Services and Subscriptions;
User or you – an individual user of the Services and Subscriptions as a client of Suun.
Purpose and Legal Basis for Processing Personal Data
Suun processes personal data necessary for the provision of the Services via the Suun Website and App.
In general, the legal basis for such a purpose is carried out in accordance with: Article 6(1)(a) of the GDPR (the data subject has consented to the specific data processing), Article 6(1)(b) of the GDPR (necessary for the performance of the contract or taking steps at specific request of the Client prior to entering into a contract), Article 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation), or Article 6(1)(f) of the GDPR (necessary for legitimate interests provided that those interests are not outweighed by the rights and interests of the data subject).
Suun is processing the following User data for providing the Suun App:
Processing activity | Data categories | Purpose | Legal basis |
App installation | System language and version, OS type and version | To enable Users access to the Suun App | Legitimate interest |
Account creation and management | Full name, country and city of residence, phone number, e-mail address | To register and manage User Accounts with access to the Services and Subscriptions | Contractual obligation |
Push notifications | Apple ID or Google Play account, Message content | To send push notifications to Users | Consent |
Filling out the Health Report | Maternity-related health data | To allow Users to add and delete data in their Health Report | Consent. Each time a User enters data or updates it in the Health Report, they give their consent to processing data in the specific entry. |
Subscriptions and client management | Apple ID or Play Store Account details, name, user account, phone and e-mail, nature of the Services or Subscriptions purchased / used, their costs, regularity, status of the contractual relationship | To allow Users to subscribe to and unsubscribe from Subscriptions, managing client relationships | Contractual obligation |
Reservation management | Name, phone, e-mail, time and requested location of appointment, nature of the Services to be purchased (or used), their costs, regularity Health data submitted upon booking (e.g. baby's due date or birth date, and any other additional data User chooses to voluntarily disclose), collected during the provision of Services | To enable Users to book reservations for receiving Services from Experts | Contractual obligation |
Participation in live online (livestream) classes and on-site classes which could be broadcast via livestream | Video and audio stream of the User (if the User activates camera and/or microphone), including individuals participating on-site who may be visible or audible in the livestream, name or profile name (for online participants), chat messages and reactions shared during the session, visual and audio presence of on-site Users that are incidentally captured as part of the livestream. | To enable Users to participate in real-time classes, interact with the Expert, and receive guidance or corrections during the class The livestream classes are not recorded, unless explicitly stated otherwise. If a recording is planned, Users will be informed in advance and given the option to participate without showing their image or to decline participation | Consent Legitimate interest (for livestreaming on-site classes if the capture of Users is incidental) |
Data regarding billing | Financial data, pricing plan data, billing contact details | Fulfilling accounting law obligations | Legal obligation |
Enhancing services and improving customer experience | Account, nature of the Services purchased / used, their costs, regularity, status of the contractual relationship, activities in the App, e.g., frequency or duration of use, preferences, selected location, type, language and version of device operating system | To improve User experience by making developments in the App | Legitimate interest Consent (e.g. cookies and other tracking technology) |
Suun App maintenance | IP address of the device, device screen size, device type (unique device identifiers), browser information, geographic location (country only) | Providing the Suun App and functionalities | Legitimate interest Consent (refer to the cookie policy for further information) |
User communication and request resolving | Name, e-mail, User request content and communication | Client support | Contractual obligation |
Newsletters and offers | Name, phone number, e-mail address | Marketing | Consent. You can opt-out of our marketing emails at any time |
Use of an AI-based chatbot to provide automated support and general wellness-related guidance | User-submitted messages, questions and other text-based input, technical metadata such as IP address, device/browser information and session timestamps, AI-generated responses. If the User voluntarily shares health-related information, such data may be processed as part of the conversation | To provide Users with automated assistance regarding Suun Services and general wellness information, and to improve the functionality, security and performance of the AI-based chatbot service | Consent Legitimate interest for improving Services, monitoring, and system maintenance |
Suun is processing the following website visitor data for providing the Suun Website:
Processing activity | Data categories | Purpose | Legal basis |
Making the Suun Website available | Activities on the website, e.g., frequency or duration of use, preferences | To enable website visitors access to the Suun Website and its features | Legitimate interest Consent (e.g. cookies and other tracking technology) |
Tracking website usage | IP address of the device, device screen size, device type (unique device identifiers), browser information, geographic location (country only) | To track website visitor usage for maintenance and improvement | Legitimate interest Consent (e.g. cookies and other tracking technology) |
Newsletters and offers | Name, phone number, e-mail address | Marketing | Consent. You can opt-out of our marketing emails at any time |
How We Collect Personal Data
The personal information we process is provided to us directly by you in order to register yourself as a User and while you use our Services and Subscriptions and booking Services via the Suun Website and App.
We may also collect your personal data indirectly. When visiting Suun Website and App, we and our service providers may collect certain data using tracking technologies like cookies, web beacons and similar technologies. The use of web cookies is described on the Suun Website in the cookie banner.
Indirectly collected data may fall under the terms of third-party privacy policies while they act as independent data controllers. Please read those separately.
Disclosure of Personal Data
Any data you provide will not be publicly displayed or shared with other users. Suun employees and business partners have access to personal data to the extent necessary for the performance of their work duties and are covered by confidentiality obligations.
Suun engages third-party service providers to provide, run, and maintain the Suun Website and App on our behalf. These service providers have access to your personal data only to the extent necessary to perform their services, and they are contractually obligated to maintain the confidentiality and security of your information.
If the User provides health-related information to AI-based chatbot, such data is processed only to respond to the User’s inquiry and in accordance with appropriate safeguards. The AI-based chatbot service may be supported by third-party AI technology providers acting as data processors. Data may be anonymised and aggregated for service improvement.
We may disclose your personal data if required to do so by law or in good faith belief that such action is necessary to comply with legal obligations, such as platform exchange of tax information or anti-money laundering obligations.
We share your personal data with:
Categories of Recipients | Reason for Sharing | Territory |
Experts | If you as a User book Services with Experts, we will share the booking data with the Expert, including a Health Report, if applicable. Sharing data is based on your consent. | EEA |
Service providers | We work with service providers who need access to certain personal data to provide their services to us, including those we have hired to maintain and operate technical infrastructure, securing our systems and services as well as for business management and marketing.
| EEA/US |
Payment providers | Subscriptions purchased through Suun App may be paid for via Google Pay or Apple Pay. Payment service providers process your data separately as data controllers; thus, their privacy policy applies. | EEA/US |
Advertising partners | We work with advertising partners to enable us to customize the advertising content you may receive. These partners help us deliver more relevant ads and promotional messages to you, which may include interest-based advertising, contextual advertising, and generic advertising. We and our advertising partners process certain personal data to help us understand your interests or preferences so that we can deliver advertisements that are more relevant to you. When doing this, we take into account the data protection requirements regarding your consent and opt-out. | EEA/US |
Transmission of Personal Data
Suun processes personal data in the European Union (EU) and within the European Economic Area (EEA). Suun receives, transmits, and processes personal data only digitally.
If we use service providers that process your data outside the EEA, we make sure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place (e.g. additional safeguards through Standard Contractual Clauses).
Security of Personal Data
We have taken necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure, abuse, or other processing in violation of applicable laws.
Retention of Personal Data
The storage period of personal data depends on the legal obligations to store data (i.e. accounting regulations), contractual obligations, legitimate interest to provide the best services, or your explicit consent:
Data type | Purpose | Retention time |
User Account information | To manage Accounts and provide access to the Services and Subscriptions | Retained for the duration of the Services and Subscriptions, and for a period of 3 years after the last login to comply with legal obligations or legitimate interests |
Financial data | Accounting law obligations | 7 years after the end of the current fiscal year |
Health data | To provide the Services and comply with legal obligations | Until withdrawal of consent. Some data is retained for up to 30 years after service provision to a User to comply with legal obligations |
IP address of the device, device screen size, device type (unique device identifiers), browser information, geographic location (country only) | Providing the Services and functionalities | Until Account deletion and/or cookie retention time |
Online identifiers (including cookie identifiers and IP addresses) | Website visitor statistics | Until cookie retention time or request for data deletion |
Name, e-mail, User request content and communication | Client support | Until Account deletion |
Name, phone number, e-mail address | Marketing | Until withdrawal of consent |
Text or message content submitted by the User in the AI-based chatbot | To provide automated guidance regarding the Services and general wellness information. To improve AI service quality and reliability. | Data is retained as long as necessary for service provision and security or until withdrawal of consent |
Rights of the Data Subject
You as the data subject shall at all times have the right:
to be informed and to access personal data (you may get information regarding your personal data processed by us, accessed via the Suun Website and App);
to data portability (you have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to independently transmit those data to a third party);
to erasure (you have the right to have personal data we process about you erased from our systems if the personal data are no longer necessary for the related purposes);
to object and restrict (you have the right to object to the processing of your personal data and restrict it in certain cases);
to rectification (you have the right to make corrections to your personal data);
to withdraw consent (if you have given us consent to process your personal data, you may withdraw said consent at any time).
In order to exercise these rights, please contact us at hello@suunhealth.com. The application shall be responded to within a maximum of 30 calendar days.
Additional Provisions
With your explicit consent, we may send you our newsletter and marketing offers. You may opt out of these messages any time. Please note that email marketing messages, if used, include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the messages we send to you). Clicking on the link will opt you out of further messages. You may also opt-out on your account settings in case this option is available. We may also use social media tools to market our Services. As social media and web analytics providers act as separate data controllers, there might be consent or opt-out requirements also on their side.
If you have questions or concerns about our use of your personal information, feel free to contact us at hello@suunhealth.com. You may also lodge a complaint to the supervisory authority, the Estonian Data Protection Inspectorate , info@aki.ee.
Suun has the right to change the conditions for processing personal data. In the event, that there are substantial changes, Suun will provide at least 1 (one) month’s notice in advance through the Suun Website and App before the substantial changes take effect.