Privacy Policy

Last revised: November 2024

Introduction

Our privacy policy (the “Privacy Policy”) explains the information we collect, how we use and share it, how to manage your privacy controls and your rights in connection with our websites and the related mobile applications and services (collectively, the “Services”). Please also read our Terms of Service which sets out the terms governing the Services.

Frami is a service consisting of web and mobile applications and is a product of Frami Activity AS (org No. 926 696 416), a company based in Oslo, Norway.

Frami Activity is a Norwegian company, which means that we are obliged to process your personal data in accordance with the Norwegian Personal Data Act of 2018 and the EU General Data Protection Regulation 2016/679 (GDPR), regardless of where you, as a user of the Services, are in the world. If you reside outside the EEA, you may have additional or additional rights under national or local data protection laws. In such cases, we will inform you of these rights as far as possible and plan for you to exercise these rights.

It is important that you read this Privacy Policy and understand how we collect, store and otherwise process your personal data. You are advised to review this Privacy Policy periodically for any updates made due to changes in the law, changes in our practices, or for any other reason. We will notify you if we make any material changes to the Privacy Policy.

Please note that this Privacy Policy only applies to the use of our Services and does not apply to any third-party products or services that you might interact with on or through the Services. We recommend that you review the privacy policies of each of these websites, apps or services before connecting your Services account or sharing any personal data.

Questions or comments about this Privacy Policy may be submitted by mail or email using the contact information below or via https://www.frami.eco/#contact.

Frami Activity AS

Oscar Wistings vei 10A

1463, Fjellhamar, Norge

support@frami.eco

Information we collect

All the personal information we collect in Services and its features falls into two general categories:

Information you provide
Information we obtain from third parties

Information you provide

We ask for and collect the personal information mentioned below, when you use our Services. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations.

We process this information in light of our legitimate interest in improving our Services and giving our users the best experience, and where it is necessary for the adequate performance of the contract between us and you. Without it, we may not be able to provide you with all the requested services and features of Services.

By registering for an account in our Services, you will need to provide us with certain information:

Full name
Email
Nationality
Employer (if you connect to an employer community, we will store this information linked to your profile)

Any additional information you provide in Services, such as posts, comments, pictures, videos or text associated with activities uploaded/created will be stored and published in appropriate places in Services. Please bear this in mind when considering whether to provide any additional information about yourself in the services. Lastly, when you register activity manually from our service you can decide to register with manual input or record session. If record session is chosen, you will be opted out to accept that the app can see your location and follow it while recording session.

Communications

When you communicate with Services by email or through our Services, or use the Services to communicate with other users, we collect information about your communication and any information you choose to provide.

Information you post

When you post your Activities (which includes, and is not limited to, GPS, heart rate data) or any other data in Services, we collect that information, and you can add additional text and/or pictures to that activity. You can also post text, videos and pictures on challenges/communities or events you have connected to or attending.

Information from third parties

Activity-information (only applicable to you if you have granted Services access to your tracking-device activity data):

When you sync an activity from your device (Garmin, etc.) to Services (after connecting your device to Frami in your profile settings), we will analyze and extract the data necessary to provide our services. This data includes your GPS coordinates (including altitude), sport, timestamp, distance, avg pace, calories, and your avg HR. We will store this data in relation to your account.

We only allow our third-party service providers to use information we share with them for what is strictly necessary to perform the service they provide to us.

Questions and answers

Data Collection

Question	Answer
Do we sell your personal information?	No
Do we share your data with third party APIs?	Yes
Do we use sensitive categories of data, as health information?	Yes, with your consent
Do we delete your account when you request it?	Yes
Do we store your data as long as we need them unless you ask for deletion?	Yes

Privacy settings and control

Question	Answer
Can you control who sees your activity and your content?	Yes
Can you control who sees your locationbased activities?	Yes
Is your privacy control set to “all” as default? To see yout activity and profil	Yes
Can you delete your data?	Yes

Tracking

Question	Answer
Do we track your device location to give you frami?	Yes, with your consent
Do we track your device location when the app is not used?	No

Communication

Question	Answer
Do we provide you with advance notice when we make important changes to our Privacy Policy?	Yes
Do we send you marketing communications with an opt-out?	Yes
Do we send you push notifications with opt-out?	Yes

How we use your information

We use the personal information we collect from you to Provide, Improve, and Develop our Services. It will be used to:

To operate and maintain your Services account, and to provide you with access to and use of the Services.
Your log-in credentials (methods) are used to identify you when you log into the Services. If you have an account in Services, you can access the Services with your account from any device that supports the Services.
Your email will be used to send you Service updates and notifications about your account.
To respond to you about any comment or enquiry you have submitted.
Verify and authenticate your identity and prevent unauthorized or illegal activity.
Detects and prevents fraud, spam, abuse, security incidents, and other suspicious activity.
Enhance the safety and security of our products and services.
Conduct security investigations and risk assessments.
To prevent or take action against activities that are, or may be, in breach of our Terms of Use, Community Guidelines or applicable law.
To provide you with customer and technical support.

We process personal data about you through your general use of Frami’s mobile application. This can be information that you share in different functions of the mobile application, such as in feed/area for Communities, events and competitions. The legal basis is that the processing is necessary for the performance of our agreement to provide the Services to you.

We process this information in light of our legitimate interest in improving Services and giving our users the best experience, and where it is necessary for the adequate performance of the contract with you (e.g. Terms of Use).

Affiliation with a company or organization

If you are invited by a company or organization to participate in their private community, you will be given a code to access that private community. It will not be shared any data with the employer or organization other than your activity progress (high-level information) on challenges you choose to participate in will be visible in the challenge itself. All members in the community will be able to see participants progress on challenges, but not details on how you reached that level unless they follow you as a user in the application (Your privacy control decides who can see your data). If you decide to post anything on the wall of the community, challenge or event, either only text or text with picture/video other members/participants can see, comment and applaude on that.

Users have the possibility to report posts that is not in guidance with what is meant to be posted.

Admins of the community will get a notification that a post on the community the user is admin of has been reported and can then choose to delete it.

Admins of the community can delete reported posts, edit text about the community and main community picture as well as create sub-communities and challenges/events on behalf of that community.

Data processors

We use external subcontractors (data processors) for technical support, for data storage and security, and for bookkeeping and accounting. Data processors may have access to your personal data. In such cases, we have entered into data processing agreements to ensure information security at all stages of the processing.

Our data processors may be located outside the EU/EEA. We will only transfer personal data outside the EU/EEA if there is a legal basis for transfer pursuant to GDPR Chapter V. You can be informed of the basis used for the transfer if you contact us. We will always choose data storage within the EU/EEA where this is possible.

We use the following data processors for data storage, data analysis, and marketing.

Microsoft Azure is used as a cloud solution for our services.
https://www.microsoft.com/licensing/terms/product/PrivacyandSecurityTerms/all
Google Analytics is used for statistical analysis of traffic in our services
https://policies.google.com/privacy
Firebase is used for the distribution of our mobile applications and associated technical and usage analysis.
https://firebase.google.com/support/privacy/
Apple App Store for application download
https://www.apple.com/legal/privacy/data/en/app-store/
Google Play Store for application download
https://policies.google.com/privacy?hl=en-US

Safety of the processing

All processing of personal data is secured with the required technical and organizational measures. We handle information confidentially, and ensure that it is correct, accessible and handled according to the degree of sensitivity of the information. We carry out the necessary risk assessments for the processing of personal data, and limit access to personal data to those staff or third parties who will process the data on our behalf. These parties are subject to a duty of confidentiality.

Access: You have the right to get information about what personal data we have stored about you, and the right to access this personal data.

Correction and deletion: The information we have about you must be correct and up-to-date. If you discover an error, we encourage you to contact us so that the information can be corrected. You can also contact us if you want information to be deleted.

Restriction of processing: You have a general right to ask us to stop processing your personal data, for example if you are of the opinion that we are processing personal data about you unlawfully and you do not want us to delete the personal data in accordance with our procedures until the matter has been clarified.

Data portability: For data that you have provided to us and that is necessary for the performance of an agreement with us, and which is processed automatically (i.e. not manually by us), you can request to have your personal data disclosed or transferred to another provider in a structured, commonly used and machine-readable format (data portability).

Right to object: You have the right to object to our processing of your personal data if this can be justified by special circumstances on your part.

Right to complain: If you do not agree with how we process your personal data, you have the right to complain to a supervisory authority. In Norway, this is the Data Protection Authority. However, you should contact us first so that we can clear up any ambiguities.

Processing on the basis of consent: If we process personal data on the basis of your consent, you can withdraw your consent at any time. The easiest way to do this is to use the method provided when you gave your consent or by contacting us.