1. Introduction
Welcome to Ragnarok Solutions. This Privacy Policy explains how Ragnarok Solutions (“we,” “us,” or “our”) collects, uses, shares, and protects your personal data when you use our website, https://ragnarok.solutions (the “Site”), and any of our applications or services that link to this policy, including our research and development application prototype (the “Application”).
Ragnarok Solutions is the data controller responsible for your personal data under applicable data protection laws, including the General Data Protection Regulation (GDPR). Our contact details are provided at the end of this policy.
2. Scope of this Policy
This policy applies to all personal data processed by us, including data you provide directly, data we collect automatically, and data we receive from third parties, specifically from the Garmin Connect service when you choose to connect your Garmin account to our Application.
3. The Personal Data We Collect and How We Use It
Our Application is designed to help you track and analyze your health and fitness metrics. To provide this service, we must process certain personal data. We are committed to the principle of data minimization and will only collect data that is necessary for the Application’s functionality.
Data You Provide to Us:
Account Information: When you create an account for our Application, we may collect your name and email address.
Data We Receive from Garmin:
With your explicit consent and authorization, we will access specific data from your Garmin Connect account via the Garmin Connect API. This data is classified as “special category data” (health data) under GDPR and is treated with the highest level of care. The categories of data we may request include:
Health API Data: All-day health summary metrics such as heart rate, sleep duration and stages, step count, calories burned, and stress levels.
Activity API Data: Detailed data from your recorded fitness activities, such as running, cycling, or swimming, including metrics like distance, duration, pace, elevation, and location data (GPS tracks).
How We Use Your Personal Data:
To Provide Application Functionality: To process your Garmin data and display it within the Application in analytical and graphical formats.
To Personalize Your Experience: To analyze your trends and provide insights based on the data you have shared.
To Communicate With You: To send you important information about your account, our services, or material changes to this Privacy Policy.
For Research and Development: As our Application is currently a prototype, we use processed data to improve our services, test new features, and enhance our data analysis and visualization capabilities. All such use is for internal purposes only.
We will never use your personal health data for marketing or advertising purposes without obtaining separate, specific, and explicit consent from you.
4. Our Legal Basis for Processing
We only process your personal data when we have a valid legal basis to do so under GDPR.
Explicit Consent: For all processing of your health and activity data received from Garmin, our legal basis is your explicit consent. When you first connect your Garmin account, we will present you with a clear consent request, detailing exactly what data we are requesting and for what purpose. You can withdraw this consent at any time through the Application’s settings, and we will cease processing your data going forward.
Legitimate Interests: For processing non-sensitive data, such as your email address for account security and communication, we rely on our legitimate interests in maintaining our service and protecting your account.
5. Data Security and Storage
We take the security of your personal data very seriously. We have implemented appropriate technical and organizational security measures to protect your data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure. These measures include:
Encryption: Your personal data is encrypted both in transit (using TLS/HTTPS) and at rest in our databases (using industry-standard algorithms like AES-256).
Access Controls: Access to your personal data is strictly limited to authorized personnel at Ragnarok Solutions who require it to perform their job functions.
Secure Infrastructure: Our services are hosted on secure cloud infrastructure that provides robust physical and network security.
6. Data Retention
We will only retain your personal data for as long as is necessary to fulfill the purposes for which it was collected, including for the duration your account is active. If you choose to delete your account or withdraw your consent, we will securely and permanently delete your personal data from our systems in accordance with our data deletion protocols. You will be informed of our specific retention periods when you provide consent.
7. Your Data Protection Rights
Under GDPR and other data protection laws, you have specific rights regarding your personal data. We are committed to upholding these rights.
The Right to Access: You have the right to request a copy of the personal data we hold about you.
The Right to Rectification: You have the right to request that we correct any inaccurate or incomplete data.
The Right to Erasure (The “Right to be Forgotten”): You have the right to request the deletion of your personal data under certain conditions.
The Right to Restrict Processing: You have the right to request that we restrict the processing of your data under certain conditions.
The Right to Data Portability: You have the right to receive the data you have provided to us in a structured, commonly used, and machine-readable format and to transmit it to another controller.
The Right to Object: You have the right to object to processing based on our legitimate interests.
The Right to Withdraw Consent: You can withdraw your consent for the processing of your health data at any time.
To exercise any of these rights, please contact us using the details below.
8. Data Transfers
Your personal data may be processed and stored in servers located outside of your country of residence. We will ensure that any transfer of personal data to a country that has not been deemed to provide an adequate level of data protection by the European Commission is subject to appropriate safeguards, such as Standard Contractual Clauses.
9. Children’s Privacy
Our services are not intended for or directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our Site and, where appropriate, by notifying you via email.
11. How to Contact Us
If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise any of your rights, please contact us at:
Ragnarok Solutions
Email: admin@ragnarok.solutions
Website: https://ragnarok.solutions
You also have the right to lodge a complaint with your local data protection supervisory authority.