Privacy Policy

Last updated 22.07.2023

1 The product and its intended use:

SYNCSENSE ApS is a Danish healthtech company that develops, markets, and implements a digital exercise device, SYNCSENSE®, for the healthcare sector.

The SYNCSENSE® product is designed to motivate and engage institutionalized citizens by encouraging them to be more active through exercise-driven immersive virtual reality (VR) experiences. By attaching our motion sensor to any exercise equipment (i.e., stationary bikes, ergometers, elliptical trainers), which may already be found in nursing homes, rehab centers, hospitals, or other institutions, it can synchronize the movement of the exercise equipment with the VR experiences (i.e., VR films and/or VR games).

The SYNCSENSE® product includes a VR application (operated via a VR headset) and a motion sensor that enables access to a library of VR films and/or VR games. It also includes a mobile application (operated by a tablet/phone) which allows control and streaming of the VR application. Furthermore, it features a data compliance web module, where usage of the product(s) can be monitored.

SYNCSENSE® is a CE marked digital exercise device that promotes, motivates, and enhances physical, cognitive, and social activity. However, it is not classified as a medical device and, as such, should not be used for the diagnosis, monitoring, treatment, alleviation of, or compensation for any injury or disability.

SYNCSENSE® is intended for use in combination with exercise equipment to facilitate physical exercise. While such exercise equipment may be classified as a medical device, SYNCSENSE® is not specifically intended for use with any particular medical device.

2 Brief about how we manage data:

SYNCSENSE ApS manages 'Personal data (non-sensitive)', 'Working data', 'Content data', and 'Usage data', utilizing Google Cloud and Amazon Web Services (AWS) for storage and processing. 'Content data' is acquired with clearly established agreements and/or participant consents. We ensure data security and GDPR compliance, offering various functionalities based on internet connectivity. A 'data processor agreement' may not be necessary as we do not handle 'Personal health data (sensitive)', and 'Personal data (non-sensitive)' is primarily maintained for effective client communication.

3 Data type definitions:

3.1 Personal health data (sensitive): This form of data is NOT collected.

3.2 Personal data (non sensitive): Data that can clearly be linked to a person(s).
(name, contact information and place of employment)
Data controller: SYNCSENSE ApS
Data processor: Google Cloud (hosted in the European Union)
Lawful basis: Contractual necessity.

3.3 Content data:  Data that is collected in the course of creating VR film/VR experiences.
(360 degree video footage and/or pictures, and sound)
Data controller: SYNCSENSE ApS
Data processor: Google Cloud (hosted in the European Union)
Lawful basis: Contractual necessity.

3.4 Working data: Data that is used or created on a daily basis in the functioning of SYNCSENSE ApS.
(E-mail correspondence, notes from meetings, pictures and videos along with their consent statements)
Data controller: SYNCSENSE ApS
Data processor: Google Cloud (hosted in the European Union)
Lawful basis: Contractual necessity.

3.5 Usage data: Data that tells us how/when the products are being used.
(Date, time, session length, choice of VR film, speed, and whether the tablet and/or sensor were used during the session)
Data controller: SYNCSENSE ApS
Data processor: AWS (hosted in Ireland)
Lawful basis: Legitimate interest.

4 Client and non-client data

4.1 Client data

For any data that is identifiable or that can be clearly linked to a person(s), we further differentiate between ‘client data’ and ‘non-client data’. We maintain ‘personal data (non sensitive)’ for as long as a client continues to work with us. In the event that a client stops working with us, for whatever reason, their personal data becomes classified as ‘non-client data’.

4.2 Non-client data

For ‘non-client data’ we maintain the data in our systems for 5 years, during this time and as part of our commitment to data protection, we ensure that users have the right to access, rectify, erase, object, and restrict the processing of their personal data, in compliance with GDPR guidelines. 

5 ‘Usage data’ and 'content data' with and without internet access

5.1 With internet:

When using our product with an internet connection, the 'usage data' is automatically uploaded to our AWS back-end. This enables us to provide detailed usage reports for our clients, offering valuable insights into the performance and usage of the equipment. The continuous data flow also allows for real-time monitoring and efficient support for any issues that may arise during the usage of the product. VR films can be downloaded directly from our google cloud and placed in the products manually.

 5.2 Without internet:

When our products operate offline, 'usage data' is saved locally. Updates and system maintenance are implemented through mailed SD cards containing new VR films and system patches. Clients can independently extract 'usage data' by transferring the .CSV file from the device to our website for auto-generated reports.


6 Content data creation

‘Content data’ is specifically curated based on the needs and desires of our user and client community. We diligently secure necessary authorizations from pertinent organizations, individuals, and venues. As required, we proactively draft establishment agreements and/or participant consents, all of which are grounded on a carefully constructed script, for instance, the playbook of the anticipated VR film. Throughout our filming procedures, we place a significant emphasis on transparency, ensuring that our intent and playbook are openly communicated from the outset particularly on the day of filming.

We engage in creating both VR films in the form of situational recordings and portrait recordings. When we undertake situational recordings, the objective of the image lies in the situation and the atmosphere itself. However, when we create portraits with the intent of depicting individuals, this is done with consent and/or through measures of censorship or anonymity.

Our crew, distinctively attired in reflective vests, can be easily identified. Additionally, we strategically position signage at the beginning, intermittent points, and the end of our filming routes to inform and periodically remind the public of our presence and purpose. In situations where an individual featured in the footage later expresses a wish for anonymity, we respect their request by rendering them unidentifiable in the final VR film.

It is also crucial to note that our ‘content data’ is exclusively for our community of users and clients, accessible through our product free of charge. We do not engage in the separate sale of ‘content data’ or VR films. Our primary focus lies in maintaining stringent compliance and upholding privacy throughout our operations.


7 Data processor agreement:

A ‘data processor agreement’ may be unnecessary, given that ‘personal health data (sensitive)’ is not within our collection scope. We store ‘Personal data (non sensitive)’ primarily to maintain effective communication with our current and prospective clients.


8 Data transfers:

'Personal data (non sensitive)', 'content data', and 'working data' generated by Syncsense ApS does not leave the European Union (EU) or the European Economic Area (EEA) at any point. 'Usage data' cannot be guaranteed to stay within the EU or EEA (see 13.1 Data residency).


9 Data breach:

Any breach in data protection reported to us by our processor(s) will be reported to the appropriate authorities and relevant client(s) or non-client(s) within 72 hours.


10 Device services:
We collect geo-location and mobile device information from our mobile application. We require permissions to access your device's Bluetooth and location services.


11 How we use your information: 
In order for our VR headset to connect to the mobile application, it is necessary for us to gain access to the Bluetooth system of the device and make a request to connect. This is considered a part of the 'geo-location' package. We only use the 'geo-location' in order to enable streaming. 


12 Sharing your information:
We share information with your consent, to comply with laws, provide services, protect rights, or fulfill business obligations.


13 Data residency:
AWS data can not explicitly be guaranteed to have data residency within the EU or EEA due to security concerns. Robust security measures ensure protection of data regardless of where it is stored​ (more info)​. Google Cloud data is guaranteed to have data residency in the EU​ (more info)​.


14 Minors:
We do not knowingly collect data from children under 18.


15 Privacy rights:
You may review, change, or terminate your account/file at any time.


16 Do-not-track controls:
We don't currently respond to Do-Not-Track (DNT) signals.


17 Privacy notice updates:
We update this notice as needed to comply with laws.


18 Contact us:
Email our data responsible at steen@syncsense.io or mail us at SYNCSENSE ApS, Frederiksborgvej 66, 3.th., 2400 Copenhagen NV, Denmark.


19 Review, update, or delete your data:
To request access, changes, or deletion of your personal information, submit a request form. We'll respond within 30 days.


20 Cookie policy

We use cookies on our site to enhance your user experience. We do not store any personal identifiable information through the use of our cookies.

Free AI Website Creator