This Privacy Policy applies to the personal data processed by Sugar.no app (“Sugar.no” or "we") in relation to the users of Sugar.no’s platform, mobile application ("App"), website, and any associated services or products (collectively, the "Sugar.no Services"). It also applies to personal data processed by Sugar.no regarding the representatives of our vendors, business partners, and customer organisations, including data processed within our CRM database and related to direct marketing activities. The individuals covered by this policy are hereinafter collectively referred to as "Users" or "you."
If you have any questions regarding how we process your personal data or if you wish to exercise any of your rights, including accessing or erasing your data, please contact our Data Protection Officer ("DPO") at [email protected].
This Privacy Policy only applies to data processing carried out by Sugar.no as a data controller. We are not responsible for the privacy and data processing practices of any third parties. Please refer to their respective privacy policies for information on how they handle your data.
The controller for all personal data processed through the Sugar.no Services is:
INTENDUM LTD
Record number: 648641
Cyprus
We collect and process data to provide and improve the Sugar.no Services, including the Sugar.no App. We also collect user data to enable payment processing and for marketing purposes, such as sending you offers and updates about our products and services. The types of data we collect are grouped into two main categories:
This includes essential information necessary to provide the Sugar.no Services, such as personal data related to your purchases, account creation, and app usage. The legal basis for processing this data is the performance of the contract between you and Sugar.no. We may also process this data based on our legitimate interest in maintaining the security and integrity of the Sugar.no Services, as well as for the establishment, exercise, or defence of legal claims related to your use of our services. Additionally, we may process Default Data for direct marketing purposes, based on your explicit consent, which you can withdraw at any time.
This includes information that enhances your experience of the Sugar.no App, such as dietary preferences, height, weight, and health-related metrics. Some features may not function as intended without certain Optional Data (e.g., logging meals in the app). The legal basis for processing Optional Data is either the performance of a contract or our legitimate interest in improving the Sugar.no Services. If the data includes health-related information, we will rely on your explicit consent for processing.
To function properly, the Sugar.no App requires access to certain health-related data, such as glucose levels from your Continuous Glucose Monitor (CGM), dietary information, and other optional health metrics like BMI and heart rate. The legal basis for processing this sensitive data is your explicit consent, which you can revoke at any time through the app or by contacting us directly.
For research and development purposes, we may de-identify your health data to protect your privacy. De-identified data means that all personal identifiers have been removed, making it impossible to link the data back to you. However, pseudonymised data, which still allows for indirect identification, is treated as personal data and protected under this Privacy Policy.
We rely on several legal grounds to process your data:
We may share your data with third-party service providers to provide and enhance the Sugar.no Services. These third parties include payment processors, cloud storage providers, and analytics platforms. We always ensure that appropriate data processing agreements are in place with these third parties to safeguard your data.
We take steps to minimise the amount of personal data shared and ensure that these providers process your data in compliance with applicable data protection laws.
Sugar.no’s servers are located within the EU. However, some of our third-party providers may process your personal data outside of the EU/EEA. When personal data is transferred outside of the EU/EEA, we ensure an adequate level of data protection by relying on mechanisms such as the EU-U.S. Data Privacy Framework, Standard Contractual Clauses, or other legal frameworks recognised by the European Commission.
For more information on the safeguards we implement for international transfers, or to obtain a copy of these arrangements, please contact our DPO.
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected. Default personal data is stored for up to five years after you stop using the Sugar.no Services. In some cases, we may need to retain data for longer to comply with legal obligations, such as tax or accounting requirements.
Personal data processed on the basis of consent will be retained until you withdraw your consent. You can request the deletion or de-identification of your personal data at any time. However, please note that certain data, such as payment and order information, may be retained for fraud prevention and compliance purposes.
As a data subject, you have the following rights under the GDPR:
To exercise any of these rights, please contact our DPO at [email protected]. We will respond to your request in line with GDPR requirements.
If you are dissatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
We are committed to securing your personal data. All personal information collected through the Sugar.no App is stored in secure, encrypted databases. We use AES-256 encryption to protect your data at rest, and access is restricted to authorised personnel only.
Our employees undergo annual GDPR and HIPAA training to ensure they handle personal data responsibly. Any personal health information (PHI) processed in connection with telemedicine services is handled in compliance with HIPAA, where applicable.
You can export your glucose, meal, and exercise data directly from the Sugar.no App’s settings. You can also request a full export of your account information, including past invoices, through our membership management portal.
To delete your account, you can do so via the Sugar.no App. However, deletion of your account does not automatically remove all data (e.g., payment records retained for compliance). You may contact us to de-identify or further erase any specific data by reaching out to [email protected].
We may update this Privacy Policy from time to time. Any changes will be communicated to you via the Sugar.no App or our website. Continued use of the Sugar.no Services after such updates constitutes your acceptance of the revised policy.
If you have any questions or concerns regarding this Privacy Policy, please contact our Data Protection Officer at [email protected].