privacy policy

STAIRS Physiotherapy and Fitness ensures the confidentiality of its clients’ personal data with utmost care. We may use certain statistics from your data for internal research purposes without disclosing the identity of the client, in any manner. For all other purposes, we seek our client’s permission to use their name and personal data.

We made sure that this Policy is as transparent, clear and concise as possible. It is important that you read it carefully and calmly since the privacy we guarantee is only as complete as your knowledge of it.

We also recommend the full reading of the Regulation 2016/679 of the European Parliament and of the Council, also known as the General Data Protection Regulation (hereinafter GDPR), where you can learn more on privacy and protection of personal data.

Scope of this Privacy Policy

This Privacy Policy applies to all users of the website Stairsphysiotherapy.in and its subdomains, whether or not they register, to all users of the mobile application, from the moment they install it on their device mobile, to all users of the platform who register for the trial period as well as for all those who actually contract our services after the trial period ends.

The application of this Privacy Policy is irrelevant to the territorial scope, applying to all users from the moment they open our website or our mobile application, no matter where they are located.

The use of the services provided by STAIRS is conditioned by the acceptance of the Terms and Conditions of Use and the reading of this Policy. In the event that you do not agree to these stipulations, please do not use our services.

What data do we collect?

The collection and processing of data is fundamental to the operation of STAIRS. It's based on that data that our project is built and it's that informational core that allows us to provide you with a service in the area of wellness and client management that is known for its excellence. We have reviewed and limited the data collection and the period of retention of the data to the minimum necessary.

There are various sets of information and data that we collect and process. To simplify, we’ll be dividing those sets of information in three large groups: Professionals, Clients and Secretaries.

Professionals’ data
  • Data required from the Professional upon registration: all data entered by the Professional when registering on the platform is stored and processed. It is this registry that allows us to identify the Professional and give him/her access to the reserved area of query management as well as correctly connect him/her to the clients that he/she inserts. In addition, this is the data we deem indispensable, together with the billing data, so that the contractual relationship between STAIRS and the Professional is carried out regularly. The data we require when registering is: the full name, the name of the primary place of work, the gender, country of residence, email and, of course, a password. In addition to these, all data voluntarily inserted by the Professionals during their use of the software is processed.

  • Payment data: the payment data of your monthly payment are also processed by STAIRS, although for this purpose a processor is used. Only then can we debit the amounts associated with the monthly payment you have chosen. The data required for this purpose is: a credit or debit card number, an expiration date and a security code.

  • Billing data: in order to comply with our tax obligations, we must ask you for some billing information such as: name, tax number, address, city, postal code and country.

  • Automatically collected data: in addition to the data mentioned above, we also automatically collect, through cookies and other methods and services, a set of data that allows us to know precisely how you use the platform, the country, the date and time of the login, among other information. In addition to this information we also collected other data such as the I.P. address, the browser you use to access and its version, the language, your device operating system, among others. We would like to emphasise that this type of data collection is mainly intended to facilitate the work of our team whenever you need our support. It’s the collection of these groups of information that allows the quick resolution of problems on our platforms, without it we wouldn’t be able to guarantee the normal operation of our service and its maintenance. For more information please check our section on how we disclose and share data with third parties (subprocessors) and our cookie policy.

 
Clients’ data

Clients’ data is directly collected, for the most part, by the Professional. He/She is the controller and the main responsible for the processing of the clients’ personal data. Having said that, besides a minimum set of legally required measures, STAIRS is not responsible for providing the information and guarantees imposed by the GDPR on the Professionals in regard to their relationship with the Client.

A series of personal data might be requested by the Professional to the Client, or recorded by observation, which may range from “simple” personal data categories (such as: billing data, user identification number, among others, such as name complete, address, cell phone, and many more) to data considered as “special” (examples of this type of data include race, personal and social history, clinical history, food history, body measurements, among other information).

STAIRS only treats Client data as it is entered by the Professional, or directly through the mobile application. The use of the mobile application is intended for use by clients and is, of course, optional and, in cases where it is used, we collect the following data:

  • Data entered by the client: all data entered by the client, be it when logging in into the mobile application or posteriorly, is stored and processed. It’s this set of data that allows us to identify the client, to give him/her access to their reserved area, to associate them correctly with the Professional who advised them and to give them access to their plans. Examples of such data include login credentials, but also other data such as the amount of water ingested, weight, and other information.

  • Location data: with the use of the mobile application we may access information contained in the GPS of your mobile device. However, this operation is optional and must always be previously consented by the user.

  • Local files, notifications and other data: on certain occasions the mobile application may access, with the Client prior consent and by their order, to local files or information stored in other applications. All these operations are optional, serving only as a way of complimenting and enhancing the usefulness of the service we provide. 

  • Notifications: for the convenience of the Client, the STAIRS application will send notifications about their food plans, workout plans, payment information, amounts of water, messages and appointments. These notifications are updated daily, automatically. This feature can be disabled at any time in the application settings.

  • Health Apps: at the Client's request the STAIRS application may connect to other health applications such as Apple Health, Fitbit etc. In these cases, data on physical activity, namely, steps, distance and active calories will be collected.

  • Camera and Gallery: at the Client’s request, the application can access the camera and the image gallery of the mobile device, allowing the Client to take pictures and send them through message to their Professional or send images already stored in the gallery.

  • Automatically collected data: in addition to the data mentioned above, we also automatically collect, through cookies and other methods and services, a set of data that allows us to know precisely how you use the platform, the country, the date and time of the login, among other information. In addition to this information we also collected other data such as the I.P. address, the browser you use to access and its version, the language, your device operating system, among others. We would like to emphasise that this type of data collection is mainly intended to facilitate the work of our team whenever you need our support. It’s the collection of these groups of information that allows the quick resolution of problems on our platforms, without it we wouldn’t be able to guarantee the normal operation of our service and its maintenance. For more information please check our section on how we disclose and share data with third parties (subprocessors) and our cookie policy.

 
Secretaries’ data

Like the Clients’ data, Secretaries’ data is also directly collected, for the most part, by the Professional. He/She is the controller and the main responsible for the processing of the Secretaries' personal data, and may lack consent in the context of their contractual relations to which STAIRS is unrelated.

However, when using the platform, and in addition to the treatment performed on the data entered directly by the Professional, STAIRS also collects some data which was already listed in relation to the Professional as "Automatically collected data", and so, we ask you to check this section.

Purposes of the processing

We use the data we collect for a series of purposes that we want to make known. Those purposes may be based on a legal obligation, the legitimate interests of STAIRS, the performance of the contract or consent, depending on the case.

  • Provision of our service: we use the vast majority of the data entered, either by Professionals or Clients, so that we can provide our service as efficiently as possible within the contractual relationship established between STAIRS and the Professional.

  • Maintenance and improvement of services: we conduct behavioural analysis of the use made by the Professionals and by the Clients of the website and the mobile application. It is fundamentally this type of analysis that allows us to determine the usefulness of certain functionalities and change or correct them depending on the result. In addition, we may use your non-anonymized data in the context of the communication of a bug or error in the software by the user and always with the purpose of solving it. We can also, for example, at the request of the user, copy data between accounts.

  • Customer support: it is essential for the quality of our service that we can answer efficiently to all the questions you ask us, using for that purpose any personal data that we deem necessary for the contact and resolution of the question that may arise, which may be, depending on the case, your full name, your email, your mobile phone number or your address, among other information. In addition to this data and with the same purpose, we may collect usage statistics of our platforms.

  • Billing: it would be impossible for us to comply with our legal and tax obligations if we did not address the processing of some billing information. It is only for this purpose that we collect, at the time of payment, personal data such as the tax identification number, among others already listed above.

  • Legal matters: we may use your personal data to comply with court orders and tax and administrative inspections, among other legal requirements. In the eventuality of a court order, all personal data, be it from a simple or special category, of the Professionals’ or Clients’, may be, if our legal team agrees with the legal basis of the warrant, made available in full to the administrative or judicial authority in question.

  • Marketing: we may use your data to send you emails, notifications, text messages and postal mail. We will never do it, however, without your express authorisation and you can freely choose not to subscribe and continue enjoying the rest of our services. In order to provide you with a tailor-made experience, the processing of such communications may be subject to automated individual decision-making, including profiling.

  • Security and contractual purposes: we use your data to perform behaviour analysis in order to prevent or address suspicious or fraudulent conducts and to ensure that the contractual relationship between STAIRS and the Professional is timely met.

Data retention period

Personal data may be retained for different periods of time depending on its legal relevance or the duration of the contractual relationship.

Professionals’ rights

We want to ensure that your rights are fully respected. In those situations where the automatic mechanisms already implemented do not allow us to fully guarantee these rights you can contact us through stairsphysiotherapy@gmail.com

  • Right of access: the data subject has the right to access the information concerning him/her, namely the purposes of the processing, the categories of personal data processed, and other information. You are already able to instantly access most of this information in your profile area.

  • Right to rectification: the data subject has the right to obtain correction of inaccurate or incomplete personal data, and where it is compatible with the purposes of processing, the right to rectify it. You are already able to correct and rectify most of your personal data in your profile area.

  • Right to erasure (“right to be forgotten”): the data subject has the right to obtain the erasure of personal data concerning him/her without undue delay. Starting from this request the countdown for the total and definitive deletion of the data of all the servers begins.

  • Right to restriction of processing and right to object: these rights may be exercised, if applicable, by reaching us through the contacts provided above.

  • Right to data portability: the data subject has the right to receive, in a reusable digital format, all information concerning him/her, which he/she has provided to STAIRS.

Security

The security of your data and the services we provide are one of our highest priorities. As such, we regularly review our platforms and servers to ensure that all measures are being taken to mitigate security risks, using the most current encryption, surveillance and auditing techniques. These measures may only reflect on our servers or, otherwise, have immediate impact on our platforms, such as increased password complexity, new SSL certificates, two-step verification, and more.

Changes and amendments to this Privacy Policy

STAIRS' Privacy Policy is subject to constant and periodic review. As a result of legal developments, recommendations issued by the control authorities, or changes to our business model, among others, we may have to amend this Policy. We recommend that you visit this page regularly and keep up with the latest updates. We will notify you whenever we make substantial changes to this Policy that might jeopardise your rights.

Contacts

If at the end of this reading you still have doubts or to exercise your rights, please contact us at:

STAIRS Physiotherapy and Fitness

stairsphysiotherapy@gmail.com

or

Salma Business House,

34/1, Kensington Road,

Pulikeshi Nagar, Ulsoor,

Bengaluru - 560005

+91 98865 55563