Privacy Policy

Effective Date: 06.03.2025
Last Updated: 06.03.2025

1. Introduction

Welcome to SmartCrowding AS (“we”, “our”, or “the Company”). We are committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information. This Privacy Policy explains our data collection, storage, processing, sharing, security measures, and user rights.

This policy applies to all users accessing our website (www.smartcrowding.com), our web application, and related services (collectively referred to as “Services”).

This policy complies with General Data Protection Regulation (GDPR), UK Data Protection Act 2018, NHS Digital Technology Assessment Criteria (DTAC), and ORCHA privacy standards.

For inquiries, please contact our Data Protection Officer (DPO):
Email: support@smartcrowding.com
Address: SmartCrowding AS, Reidar Berges gate 9, 3rd Floor, 4013 Stavanger, Norway

2. Information We Collect

We collect both non-personal information (anonymous) and personal information (identifiable).

2.1 Non-Personal Information
Automatically collected and anonymized data:

Device type, operating system, and browser
Language preferences
IP address and geolocation
Pages visited, browsing history, and user interactions
System logs and performance metrics

2.2 Personal Information
Data that can directly or indirectly identify an individual:

Contact Information: Full name, email, phone number, and address
Account Information: Username, hashed password, registration details
Usage Data: Interactions with our platform, session logs, activity tracking
Cookies & Tracking Data: Online behaviour (see Section 9)
Location Data: If enabled by the user’s device settings

2.3 Data Collection Methods
Data is collected through:

User input: When signing up, updating profiles, or contacting support
Automated tracking: Through cookies and analytics tools
Third-party sources: Partners such as Google Fit, NHS systems, and analytics platforms (only with user consent)

3. Purpose & Legal Basis for Processing Data

We process data strictly under GDPR legal bases:

Purpose	Legal Basis
To provide and improve Services	Performance of a contract
To communicate with users	Legitimate interest
To personalize user experience	Legitimate interest
For analytics and performance	Legitimate interest
To comply with legal obligations	Legal obligation
For marketing & promotions	Explicit user consent

4. Data Sharing & Third Parties

We do not sell or rent personal data. However, we may share data in the following cases:

4.1 With Third-Party Service Providers
Trusted third-party vendors assist in service operation:

Cloud storage providers (e.g., Microsoft Azure)
Analytics and monitoring tools (e.g., Google Analytics, PostHog)
Customer support platforms
Security & authentication providers (e.g., MFA, encryption services)

4.2 With Other Users (Limited)
If users interact with others via our platform, only limited data (e.g., name, email) may be visible.

4.3 With Authorities
We may disclose data to comply with legal obligations or respond to law enforcement requests.

4.4 International Data Transfers
When transferring data outside the EEA, compliance is ensured via:

Adequacy decisions (where applicable)
Standard Contractual Clauses (SCCs)
Other legally approved transfer mechanisms

5. User Rights & Data Control

Users have full control over their data as per GDPR:

Right	Description
Access	Request a copy of personal data
Rectification	Correct inaccurate or incomplete data
Erasure (Right to be Forgotten)	Request deletion of data
Restriction	Limit processing of data
Objection	Object to data processing (e.g., marketing)
Data Portability	Request data in a machine-readable format
Withdraw Consent	Revoke consent at any time

To exercise rights, contact support@smartcrowding.com.

6. Data Security & Protection Measures

We implement industry-standard security controls:

Encryption: All data is encrypted in transit (TLS 1.2) and at rest (AES-256)
Multi-Factor Authentication (MFA): Required for admin access
Access Controls: Role-based access restrictions
Security Audits: Regular penetration testing (per DTAC requirements)
Data Masking: Ensuring sensitive data is anonymized where applicable

Users are encouraged to take necessary precautions to protect their accounts.

7. Data Retention & Destruction Policy

Personal data is retained only as long as necessary, factoring:

Legal compliance (e.g., tax, audit, health regulations)
Operational requirements
User requests for deletion

Upon expiration, data is securely deleted or anonymized using industry best practices.

8. API & Data Interoperability

SmartCrowding integrates with NHS systems, Google Fit, and hospital EHRs.

FHIR & HL7 standards are used for interoperability.
Users can configure data-sharing preferences in settings.
Data sharing with third-party apps is disabled by default and requires explicit opt-in.

9. Cookies & Tracking Technologies

We use cookies to improve functionality, analyze traffic, and personalize content.
9.1 Types of Cookies Used

Type	Purpose
Session Cookies	Maintain login sessions
Persistent Cookies	Store preferences for future visits
Third-Party Cookies	Used for analytics and ads

Users can disable cookies through browser settings.

10. Marketing & Communications

Marketing emails: Sent only with explicit user consent.

Opt-out option: Available in all promotional messages.
Transactional emails: Required for account-related activities (cannot opt-out).

To unsubscribe, email support@smartcrowding.com.

11. Third-Party Links

Our Services may contain external links to third-party websites (e.g., healthcare resources). We are not responsible for third-party privacy policies and advise users to review them separately.

12. Changes to This Policy

We periodically update this Privacy Policy to maintain compliance. Major updates will be notified via email or in-app alerts.
Last Updated: 06.03.2025

13. Contact Us

For privacy-related inquiries: Email: support@smartcrowding.com
Address: Smart Crowding AS, Reidar Berges gate 9, 3rd Floor, 4013 Stavanger, Norway