StepSense Gold

GDPR

GDPR Notice

This notice is for users in the EEA, UK, and Switzerland. It explains the legal bases used by StepSense Gold, how health and activity data are handled, and how to exercise data subject rights.

Effective date: March 12, 2026 Scope: EEA, UK, and Swiss users

Add the correct legal entity name and representative details if applicable before publication.

Controller roles

StepSense Gold may act as a controller for account, product, device-sync, and service operation data. The employer or program sponsor may also act as a controller for participation rules, organizational visibility, or company wellness program settings.

Special category data

Activity, health, and Health Assessment data may be treated as special category data under GDPR where applicable. That data should be handled only for defined wellness functionality and with appropriate safeguards.

Lawful bases

  • Contract: to provide the app, sign-in, challenge participation, and core account features.
  • Consent: for specific permissions, push notifications, and linked device or health data where consent is required.
  • Legitimate interests: to secure the service, prevent abuse, diagnose failures, and improve reliability.
  • Legal obligations: where processing is required by applicable law, regulation, or lawful request.
  • Explicit consent or another valid Article 9 condition for health-related data where required.

How rights can be exercised

  • Access: request a copy of the personal data held about you.
  • Rectification: request correction of inaccurate or incomplete information.
  • Erasure: request deletion where the legal basis permits it.
  • Restriction: ask for processing to be limited in certain circumstances.
  • Portability: request export of data provided by you where applicable.
  • Objection: object to processing based on legitimate interests.
  • Withdraw consent: revoke health permissions, device sync, or other consent-based processing at any time.

International transfers

Where data is processed outside the country in which it was collected, StepSense Gold should rely on an appropriate transfer mechanism such as adequacy decisions, standard contractual clauses, or another lawful safeguard.

Retention and minimization

Personal data should be limited to what is necessary for the stated wellness, participation, learning, and service operation purposes. Data should be retained only as long as needed for active programs, legal obligations, support, security, or dispute resolution.

Complaints and supervisory authorities

Users may contact StepSense Gold at contact@stepsensegold.com, by phone at 072 513 9042, or by post to 305 Headingley, 1 Jacobs Avenue, Fairway, Johannesburg. Users in the EEA, UK, or Switzerland may also lodge a complaint with the supervisory authority in their place of residence or work.