Kunto Solutions

Privacy Policy

Kunto Solutions Oy (later Kunto) is a privately held, specialty healthtech company headquartered in Finland. Kunto and its software products focus on supporting users’ recovery by tracking health and fitness indicators such as activity, experienced health and pain. When processing personal data, Kunto complies with data protection laws and ensures an appropriate level of information security. 

The purpose of our Privacy Policy is to explain what information we collect, how it is used and shared, and how you can control it, when you use Kunto digital platform, applications and related services, or our web site (collectively, “Services”).

1. Kunto Platform, Applications and Corporate Customer Data

As part of Kunto digital platform, applications and related services, employees and authorized users of our corporate or public customers (collectively, “Corporate Customers” or “Corporate Customer”) may enter information from or about their authorized users, employees, and patients (collectively, “Corporate Customer Data”), into their instances on our servers.

This Privacy Policy does not apply to such Corporate Customer Data, and we are not responsible for our Corporate Customers’ handling of Corporate Customer Data. Our Corporate Customers have their own policies regarding the collection, use and disclosure of your personal information.

Our use of such Corporate Customer Data is subject to the written Data Processing Agreement between Kunto and the Corporate Customer. Kunto acts as a Data Processor of Corporate Customer Data, and its responsibility under that agreement is the obligation to keep Corporate Customer Data safe and secure.

Please direct any questions regarding Corporate Customer Data to our Corporate Customer for which you work, or who collected your information in a Kunto platform or application.

2. Data Controller

In the case where your personal information is processed in Kunto digital platform, applications, and related services provided you by a Kunto’s Corporate Customer, the Controller of your personal data is the Kunto’s Corporate Customer. For example, if you are a patient of clinic using our mobile app provided by the clinic, or a doctor of the clinic who logs into our back-end application, your Data Controller is the clinic.

The Controller for processing of personal information, which is not Corporate Customer Data such as, (a) when Individual Users are using Kunto digital platform, applications, and related services, (b) the technical data we collect when operating these services, or (c) on the website kuntosolutions.com, is:

Kunto Solutions Oy
Töölönkatu 19 A 1
00260, Helsinki

The email address of Kuntoʼs data protection officer is compliance@kuntosolutions.com.

3. Personal information we collect

We collect personal information about you in the following ways:


When you are accessing our web-site, we collect personal data such as contact information you give us, feedback information you provide us, profile information, usage information, and marketing information e.g., your preferences for receiving marketing communications.

Kunto platform, applications and related services

When you as an Individual User start using Kunto applications and when you report your recovery information, we may collect personal information you give us such as name, email address, gender, weight, height, details of your symptoms, operations or incidents, pain level, medication, and your answers to standard questionnaires. 

You may also allow us to connect to third-party services, such as Apple HealthKit and Google Fit, to enable us to import personal data regularly about your health and activities into the application. This imported data may include number of steps, distance, and other data about your health and activity. When you choose to have the activity data imported from your mobile device or wearables, you are subject to the privacy policies and practices of the third party service used such as Google Fit or Apple HealthKit.

Technical data

When you access or use the Services, we may automatically collect and log technical information such as device information, IP address, operating system and its version, language, and usage data.

4. Purpose of processing personal data

We use your personal information:

To provide our Services

We process personal data for the technical and functional management of our Services and for continuous improvement of the Services. By using your data, we can check how our Services are used and we can improve their usability and user experience. This data also allows us to adequately secure our Services.

To comply with law

We use your personal information as we believe necessary or appropriate to comply with applicable laws and regulatory requirements.

With your consent

We may use your personal information with your consent, such as when you consent to let us test and pilot our Services, get your feedback to maintain and further develop our Services, post your testimonials on our web-site, you instruct us to take a specific action with respect to your personal information, or you opt into marketing communications.

To create anonymous data for analytics

We may create anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information that makes the data personally identifiable to you, so that it is no longer reasonably possible to ever use the data to identify you. We use this anonymized data for lawful business purposes, such as improving our Services.

For compliance, fraud prevention and safety

We use your personal information as we believe necessary or appropriate to (a) enforce the terms and conditions that govern our Services; (b) protect our rights, privacy, safety, or property, and/or that of you or others; and (c) protect, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity.

5. Legal basis for processing personal data

We only use your personal information as permitted by law. Depending on which features of the Services you use, we will process your Personal Data based on one or more of the following legal bases:

Your consent

For example, on the app activation screen when you give us permission to process your personal data.

To provide the Services

Processing is necessary to perform the agreement governing our provision of the Services or to take steps that you request prior to signing up for the Services.

To communicate with you, to create anonymous data for analytics, or for compliance, fraud prevention and safety

These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We may process your personal data in relation to our interests in providing the Services to you, our commercial interests, including our interest in protecting the security and integrity of the Services, and wider societal benefits.

To comply with law and regulations

Processing is necessary to comply with our legal obligations and regulations.

6. Transfer or disclosure of personal data

Your personal data is not transferred to parties outside of Kunto without your explicit consent.

Kunto uses sub-processors such as established cloud services providers to enable the provision of Services.  Sub-processors are bound by the requirements of data protection legislation insofar as they are involved in processing personal data.

7. Transfer of personal data to non-EU/EEA countries

Personal data is not transferred to non-EU/EEA countries.

8. Principles of processing

We will not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Personal Data that is not needed for the mentioned purposes. For any new purpose of processing, we will ask your separate consent.

Specifically, the data is not used for automated decision-making, including the profiling of individuals.

9. Retention of personal data

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.

10. What are your rights?

Data protection legislation guarantees you certain rights which ensure that the protection of your privacy, which is a fundamental right, is respected.

You may ask us to take the following actions in relation to your personal information that we hold:

Opt-out: Stop sending you direct marketing communications. You may continue to receive service-related and other non-marketing emails. Note that to stop collecting personal data by Kunto mobile app is easily done by stopping the use of the app and by removing the app from your mobile phone.

Access: Provide you with information about our processing of your personal information and give you access to your personal information.

Correct: Update or correct inaccuracies in your personal information.

Delete: Delete your personal information.

Transfer: Transfer a machine-readable copy of your personal information to you or a third party of your choice.

Restrict: Restrict the processing of your personal information.

Object: Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

You can submit these requests by email to compliance@kuntosolutions.com or our postal address provided above. We may request specific information from you to help us confirm your identity and process your request.

If we are unable to identify you from the data stored on our servers, then the right of access, right to correct, delete, transfer and restriction of processing shall not apply. In practice, rights can be implemented only in those cases where the user of the Service has given Kunto such personally identifiable information, which enables identification of your data.

Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us as described above or submit a complaint to the data protection regulator in your jurisdiction.

© 2022 · Kunto Solutions Oy. All rights reserved┃Privacy PolicyTerms and Conditions