COMING SOON: Reframing the Narrative for Health and Performance in Female Athletes. LEARN MORE (McNulty, K.L., Taim, B.C., Freemas, J.A., Hassan, A., Lupton-Brantner, C., Oleka, C.T., Scott, D., Howatson, G., Moore, I.S., Yung, K.K., Hicks, K.M., Whalan, M., Lovell, R., Moore, S.R., Russell, S., Smith-Ryan, A.E., & Bruinvels, G. (2024). Research across the female lifecycle: Reframing the narrative for health and performance in athletic females and showcasing solutions to drive advancements in research and translation. Women in Sport and Physical Activity Journal. Accepted July 2024.)

Privacy Policy

Last Updated: June 18, 2024

PRIVACY NOTICE

This Privacy Notice describes how Kynisca UK and Kynisca Innovation Hub (collectively, “we”, “us,” “our”) collects, uses, and discloses information about individuals who use our website, software, mobile application, services, tools and features, or otherwise interact with us (collectively, the “Services”). For the purposes of this Privacy Notice, “you” and “your” means you as the user of the Services, whether you are a registered user or visitor of our application, customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Notice. Please note that the Services are designed for users in the United States, United Kingdom, Canada, New Zealand, Australia, South Africa and the European Union only and are not intended for users located outside these regions.

Please read this Privacy Notice carefully. By using any of the Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Notice. If you do not agree to this Privacy Notice, please do not use or access the Services.

1. CHANGES TO THIS PRIVACY NOTICE

We may modify this Privacy Notice from time to time, in which case we will update the “Last Updated” date at the top of this Privacy Notice. If we make material changes to the way in which we use or disclose information we collect, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us, by posting notice of such changes on the Services, or by other means consistent with applicable law) and will take additional steps as required by applicable law. If you do not agree to any updates to this Privacy Notice, please do not continue using or accessing the Services.

2. COLLECTION AND USE OF YOUR INFORMATION

Data Processing Transparency

We require explicit, informed consent for the collection and processing of personal data. Users can manage their consent preferences through their account settings at any time. Our End User License Agreement(EULA) includes detailed information on how consent is obtained and how users can withdraw their consent.

We process personal data only for the purposes explicitly stated at the time of collection. This includes providing and improving our services, communicating with users, and complying with legal obligations. We rely on the legal basis of our user consent, contract performance, and legitimate interest for processing personal data. When you use or access the Services, we collect certain categories of information about you from a variety of sources.

Information You Provide to Us

Some features of the Services may require you to directly provide us with certain information about yourself. You may elect not to provide this information, but doing so may prevent you from using or accessing these features. Information that you directly submit through our Services includes:

  • Basic personal details: We use this information to create and maintain the user account, validate user age, provide services, and communicate with users. Basic demographic information like date of birth and gender may be used for age group and gender group categorization and comparison during research. We may collect the following details:
    • Name: A name can be helpful for account personalization. It allows the app to address the user directly in communications and potentially enhances the user experience.
    • Date of Birth: This is primarily used for user age validation. Age restrictions might apply to the app’s content or features. Verifying age ensures compliance and protects underage users from inappropriate content. Additionally, as mentioned, date of birth helps with age group categorization for research purposes.
    • Gender: This can be used for research categorization purposes. It allows researchers to analyze data segmented by gender, which can be valuable in some health or behavioral studies.
    • Telephone Number: This can be used for two-factor authentication, a security measure to verify a user’s identity when logging in. It may also be used for important account-related communication, like password reset notifications.
    • Email: The primary purpose of an email address is to create a communication channel with the user. The app can send important updates, service notifications, or marketing messages (with permission). It’s also commonly used for account recovery if a user forgets their password.
  • Account information: Such as username, password, and security questions that you select and the answers you provide. We use this information to provide the Services and to maintain and secure your account with us. If you choose to register an account, you are responsible for keeping your account credentials safe. To prevent unauthorized activity, never share your account information/access details with anyone. If you believe your account has been compromised, please contact us immediately.
  • Demographic information: Demographic information, such as ethnicity, may be used for research purposes. Some studies may involve comparing health information between different ethnic groups.
  • Health and wellness information: Based on the user’s choices and permissions, the app may collect various types of personal health information. The application will integrate with the user’s personal wearable devices, as identified by user, and will only process the health data and information that the user chooses to share. This information will be analyzed, de-identified and stored in our databases for research purposes. Additionally, this information will also be used to display personal analytics, trends, and predictions that only authorized users can view.

Personalization and User Insights

Logs for Wellness, Sleep Data, Exercise Data: These categories track activity levels, sleep patterns, and work out details. By analyzing this information, the app can provide users with:

  • Personalized Insights: Identify trends in sleep quality, activity levels, and workout performance.
  • Recommendations: Suggest improvements in sleep hygiene, exercise routines, or overall well-being habits.
  • Goal Setting and Tracking: Help users set personalized goals and track progress towards them.

Menstrual Cycle Data: This data can be used to:

  • Predict menstrual cycles: Help users anticipate their menstrual cycles and associated symptoms.
  • Identify potential health concerns: Unusual cycle patterns could prompt users to consult a healthcare professional.

De-identified Health Research

Physiology, Injuries, Soreness, Physical Activity, Wellness Data: This comprehensive data set, once de-identified, can be incredibly valuable for researchers in various fields like:

    • Injury Surveillance: Understanding injury patterns, risk factors, and potential longterm health impacts. Predicting injury and developing preventative measures.
    • Health and Wellbeing Management: Identify patterns and trends in physiological data to understand how certain factors may influence long-term health.
    • Mental Health Research: Analyzing large datasets on sleep, activity, and mood to gain insights into mental health conditions.
    • Personalized Activity and Wellness Recommendations: Discover connections between various wellness indicators to inform the development of personalized health recommendations.
  • Application Usage Data: Based on the user’s choices and permissions, the application may collect various types of personal health information. The application will integrate with personal wearable devices, as identified by the user, and will only process the health data and information that the user chooses to share. This information will be analyzed, de-identified and stored in our databases for research purposes Additionally, this information will also be used to display personal analytics, trends, and predictions that only authorized users can view.
    • Device Information and Browser Type: This helps identify the device and operating system users are using. This can be used to ensure the app functions correctly across different platforms and optimize performance.
    • Log Data and Date/Time Stamps: These provide insights into how users interact with the application. For instance, identifying common crash points or features with low engagement.
    • Clickstream Data: This tracks the specific buttons or links users click within the app. This helps understand user behavior and optimize the user interface for a smoother experience.
    • Location Information (with User Permission): This allows the app to tailor contents or features based on your location. One of the examples is to count users by country, but it could also be used for location-based features or displaying relevant educational content.
    • Application Usage Information: This encompasses how long you use the app, which features you utilize most, and how often you engage with it. This data helps developers understand user preferences and prioritize improvements or new features based on user behavior.
  • Communications: Any information you choose to include in communications with us, for example, when sending a message through the Services or email. This includes messages on discussion boards or to your connections on the Services that are manually collected or automatically extracted from our servers.
    • User Feedback: This information would be used to improve the app. When you send us feedback, we analyze the content of your message to understand your suggestions, identify areas of improvement, and prioritize new features.
    • Technical Support: If you contact us for technical support, we will use the information in your communication to diagnose and resolve the issue you may be experiencing. This may include details about the problem you are experiencing, the functionality you were using, and any error message(s) you encountered.

We also automatically collect certain information about your interaction with the Services (“Usage Data”). Usage Data includes:

  • Device information: Such as device type, operating system, unique device identifier, and internet protocol (IP) address.
  • Location information: Such as approximate location / precise geolocation, if you choose to provide it.
  • Other information regarding your interaction with the Services: Such as browser type, crash reports, log data, date and time stamps, mobile statistics, and clickstream data.

We use Usage Data to tailor features and content to you, market to you, provide you with offers or promotions, run analytics, and better understand user interaction with the Services. For more information on how we use Tracking Technologies and your choices, see the section below, SDKs and Other Tracking Technologies.

Information Collected From Other Sources

We may obtain information about you from outside sources, including information that we collect directly from third parties and information from third parties that you choose to share with us. We are committed to processing this data in accordance with GDPR.

  • Athletic and educational information: (Processing Purpose: Account allocation & Organization Partnership)
    • We receive information about you from your sport organization, including your team, club, and training center.
    • This information is used solely to associate your account with your organization during a partnership with them. We will not use this data for any other purposes.
  • Health and wellness information: (Processing Purpose: User choice & Integration functionality)
    • As stated above, you may choose to import your health and wellness information from other integrations or devices (such as Apple Health, OURA Ring, Playermaker, or other activity and fitness trackers).
    • You control this data and can stop sharing it by removing our access to these integrations. We will only process this data if you explicitly authorize the import.
  • Analytics data: (Processing Purpose: Service improvement & Usage analysis)
    • We receive analytics data from providers like Google Analytics. This data is anonymized and cannot be used to identify you. We use it to understand how users interact with our platform and improve the service.
  • Social media platform information: (Processing Purpose: Account management & Login functionality)
    • Only with your consent can you link social media platforms (e.g., Facebook, Instagram) to your account. This information is used to maintain your account and login credentials.

Any information we receive from outside sources will be treated in accordance with this Privacy Notice. We are not responsible for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices. For more information, see the section below, Third Party Websites and Links.

In addition to the specific uses described above, we may use any of the above information to provide you with the Services and to maintain our business relationship, including by enhancing the safety and security of our Services (e.g., troubleshooting, data analysis, testing, system maintenance, and reporting), providing customer support, sending service and other non-marketing communications, monitoring and analyzing trends, conducting internal research and development, complying with applicable legal obligations, enforcing any applicable terms of service, and protecting the Services, our rights, and the rights of our employees, users or other individuals.

Finally, we may deidentify or anonymize your information such that it cannot reasonably be used to infer information about you or otherwise be linked to you (“deidentified information”) (or we may collect information that has already been deidentified/anonymized), and we may use such deidentified information for any purpose, including scientific research and studies. To the extent we possess or process any deidentified information, we will maintain and use such information in deidentified/anonymized form and not attempt to re-identify the information, except solely for the purpose of determining whether our deidentification/anonymization process satisfies legal requirements. Once deidentified information has been shared with a research partner, it cannot be deleted or recalled. However, any data that has been deleted will not be included in subsequent data sets.

3. COOKIES, SDKs, AND OTHER TRACKING TECHNOLOGIES

Most browsers accept cookies automatically, but you may be able to control the way in which your devices permit the use of Tracking Technologies. If you so choose, you may decline, block or delete our cookies from your browser; however, blocking or deleting cookies may cause some of the Services, including certain features and general functionality, to work incorrectly. If you have questions regarding the specific information about you that we process or retain, as well as your choices regarding our collection and use practices, please contact us using the information listed below.

To opt out of tracking by Google Analytics, click here.

Your browser settings may allow you to transmit a “do not track” signal, “opt-out preference” signal, or other mechanism for exercising your choice regarding the collection of your information when you visit various websites. Like many websites, our website is not designed to respond to such signals, and we do not use or disclose your information in any way that would legally require us to recognize opt-out preference
signals. To learn more about “do not track” signals, you can visit http://www.allaboutdnt.com/. To learn more about Global Privacy Control, you can visit https://globalprivacycontrol.org/.

For Tracking Technologies on your mobile applications, check your mobile device for settings that control ads based on your interactions with the applications on your device. For example, on your iOS device, disable the “Allow Apps to Request to Track” setting, and on your Android device, enable the “Opt out of Ads Personalization” setting.

4. DISCLOSURE OF YOUR INFORMATION

We may disclose your information to third parties for legitimate purposes subject to this Privacy Notice, including the following categories of third parties:

  • Your sport organization and their training department, if applicable. This includes the coaching staff, trainer, psychologist, nutritionist, dietician, data analyst, medical professionals, and legal staff.
  • Your parents or legal guardians, upon their authentication and request, if you are under 18 years old. This includes situations where information sharing is required by applicable local laws or regulations.
  • Our affiliates or others within our corporate group.
  • Third parties to whom you request or direct us to disclose information.
  • Professional advisors, such as auditors, law firms, or accounting firms.
  • Third parties in connection with or anticipation of an asset sale, merger, or other business transaction, including in the context of a bankruptcy.
  • Government agencies, law enforcement agencies or relevant authorities, when required by relevant law or deemed necessary at our sole discretion to protect the immediate health and safety of our business, employees, and users. However, we will challenge such requests under the Cloud Act if they pertain to non-U.S. residents and conflict with applicable laws.

To help advance female athletic potential through research, education, and innovation, we may share relevant aggregated and de-identified information, including health and wellness information, with carefully selected research partners to be used in their scientific research and studies.

International Data Request and Cloud Act

In the event of a request from U.S. law enforcement under the Cloud Act for data pertaining to non-U.S. residents, we will assess whether the request conflicts with the laws of the country where the data is stored and whether there is a relevant Executive Agreement in place. If we reasonably believe that the data request conflicts with applicable laws or pertains to a non-U.S. resident, we will seek to challenge, modify, or quash the request to ensure compliance with GDPR and protect the privacy of our users.

5. THIRD PARTY WEBSITES AND LINKS

We may provide links to third-party websites or platforms. If you follow links to sites or platforms that we do not control and are not affiliated with us, you should review the applicable privacy notice, policies and other terms. We are not responsible for the privacy or security of, or information found on, these sites or platforms. Information you provide on public or semi-public venues, such as third-party social networking platforms, may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators.

6. CHILDREN’S PRIVACY

Children under the age of 13 are not permitted to use the Services, and we do not seek or knowingly collect any personal information about children under 13 years of age. If we become aware that we have unknowingly collected information about a child under 13 years of age, we will make commercially reasonable efforts to delete such information. If you are the parent or guardian of a child under 13 years of age who has provided us with their personal information, you may contact us using the below information to request that it be deleted.

7. DATA SECURITY AND RETENTION

We employ industry-standard encryption protocols for the transmission and storage of all Personal Identifiable Information (PII) and Protected Health Information (PHI). Access to PII and PHI are restricted to authorized personnels only, and all access is logged and audited regularly to ensure compliance with HIPAA regulations and GDPR. Our application implements least privilege access controls to minimize unnecessary access to sensitive data. Despite our reasonable efforts to protect your information, no security measures are impenetrable, and we cannot guarantee “perfect security.” Any information you send to us electronically, while using the Services or otherwise interacting with us, may not be secure while in transit. We recommend that you do not use unsecure channels to send us sensitive or confidential information.

GDPR Compliance

We are committed to complying with the General Data Protection Regulation (GDPR). We process personal data based on the following legal bases:

  • Consent: When you have given explicit consent for specific purposes.
  • Contractual Necessity: To perform a contract with you or to take steps at your request before
    entering into a contract.
  • Legal Obligation: To comply with our legal obligations.
  • Legitimate Interests: To pursue our legitimate interests, provided your interests and fundamental rights do not override those interests.

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of data subjects.

We ensure that any international transfers of personal data are conducted in compliance with GDPR, using appropriate safeguards such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

We adhere to the principles of Privacy by Design and Default, integrating data protection into our processing activities from the outset.

Data Breach Notification

In the event of a data breach involving PII or PHI, we will notify relevant supervisory authority within 72 hours and affected individuals within 60 days of the breach discovery, in accordance with HIPAA and GDPR requirements. Notifications will be sent via email or through in-app alerts, depending on the contact information available.

We adhere to the principle of data minimization, collecting only the data necessary for specified purposes. Personal data is retained only as long as necessary for these purposes or as required by law, after which it is securely deleted. For users who do not access their account for a period of 12 months, we may anonymize and aggregate data after a reasonable period. When determining the length of time to retain your information, we consider various criteria, including whether we need the information to continue to provide you the Services, resolve a dispute, enforce our contractual agreements, prevent harm, promote safety, security and integrity, or protect ourselves, including our rights, property or products.

Active Users: For active users who continue to use the app, we retain all data for as long as your account is active. This allows you to access historical trends, analyze progress, and maintain a complete health and wellness record.

Inactive Users: Users who do not access their account on the app for a period of 12 months, will be categorized as an inactive user. For inactive users, we may anonymize, aggregate, and store your de- identified data after a reasonable period (i.e., 12 months) while your identifiable data will be removed from our system. This anonymized data helps us improve the app, perform scientific research, and understand user behavior without identifying individuals.

Account Deletion: You have the right to delete your account at any time. Upon deletion, we will remove your personal data from our systems, except for anonymized and aggregated data used for analysis or anonymized and aggregated data that previously shared with partners.

8. YOUR PRIVACY RIGHTS

Depending on where you live, you may have some or all the rights listed below in relation to information that we have collected about you. Note that a number of these rights only apply in certain circumstances, and all these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain your personal data.

  • Right to Delete (Erasure): You have the right to delete your account at any time. Upon deletion, we will remove your personal data from our systems. Moreover, we will also remove you from our marketing databases and your consents. This may not include anonymized and aggregated data used for analysis or previously shared with partners.
  • Right to Correct (Rectify): You may have a right to request that we correct inaccurate information we maintain about you.
  • Right to Access/Know: You may have a right to request that we confirm whether we process information about you and give you access to that information.
  • Right to Data Portability: You may have a right to receive that information in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the information to another business without impediment.
  • Right to Automated Decision-Making and Profiling: You may have the right to be informed about and potentially object to automated decision-making based on your data, including profiling.
  • Right to Restriction: You may have the right to request that we restrict the processing of your personal data. This means we can store your data but limit its use of specific purposes.

9. HOW TO CONTACT US

Should you have any questions about our privacy practices or this Privacy Notice, please email us Privacy@KyniscaInnovationHub.com.