Privacy Policy

Protecting your privacy is important to us. We hope the following privacy policy ("Privacy Policy") will help you understand how we collect, use and safeguard the personal information you provide to us through the our StepsLife App and the Service, as defined in our Terms of Use (“StepsLife App").

Steps Life S.L., the owner of the StepsLife App, is committed to making your use of the App as easy and enjoyable as possible. Please take a moment to read the following Privacy Policy to determine how your personal information will be treated as you make full use of our Service.

By using the StepsLife App, or providing the information requested by the App, or by continuing to use the App after having an opportunity to review this Privacy Policy, you agree to accept the terms of our Privacy Policy and our use of the information we collect. If you do not agree to the terms of this Privacy Policy, please do not use the App.

You as User are solely responsible for use of the StepsLife App and the StepsLife service and the processing of personal data associated with your account, which includes, among others, collecting, storing and sharing personal data uploaded by you and your Invited Users. StepsLife automatically implements the instructions given by you and you are solely responsible for those instructions (such as recording or sharing images).

You warrant that (a) you have informed any third party whose image or voice or other personally identifiable data is recorded through the StepsLife App who is 14 years old or more that the StepsLife App and Service processes his/her data and that you have obtained authorisation from such persons for this kind of activity, as provided herein or (b) there are mandatory rules in your country would exempt you from the aforementioned obligations. You agree to fully comply with this Privacy Policy.

StepsLife SL reserves the right to modify this Privacy Policy at any time and we shall give notice to registered users. Your use of the StepsLife App following any such modification, as a registered user or new visitor to the App, constitutes your agreement to be bound by this Privacy Policy as modified.

1. Our Relationship with you

From a data protection perspective:

2. StepsLife SL as Data Controller

The entity responsible for registration and account management data is StepsLife SL, whose registered office is C/. Bobines 48, 08190 Sant Cugat Del Vallès, Barcelona, Spain; Company Tax number B-66902487.

All communications regarding the processing of your personal data shall be directed to our Privacy Manager at the email address:

Address: Carrer Vallespir 19, 4-1, 08173 Sant Cugat del Valles

3. Personal information we collect about you and how we use it

3.1 The data we collect. We collect the data set out in Annex 2A (voluntary data) and Annex 2B (Automatic data), for the purposes, period and recipients set out therein. You may access or modify information provided during registration on the App. To access or modify such information, please configure your account. If you have any problems, please contact us at

Note on Payment data. (When applicable) We do not have access to any payment card data, only the price and conformation of payment provided by our partner payment gateways (Stripe, Paypal), whose terms are indicated on the payment page and apply to that data specifically.

Email communications: if you expressly accept, through ticking the corresponding box/accept button, we may send you electronic commercial communications about our Website, our App and in general about our Service, including alerts, notices, newsletters, offers and promotions. You may withdraw this consent at any time by clicking on the unsubscribe link in each email, or notifying us at the address above.

3.2 Characteristics of the processing:

3.3. Information Choices and Changes.

3.4. StepsLife Partner Users

For StepsLife Users who register under a shared project with StepsLife Partners, we share the following data with our Partners as Joint controllers (i.e. they use this data as Data Controller, under the terms of their own privacy policy also):

We may also share anonymized usage data with other business partners. In the event of sharing any other data, we will obtain your prior consent.

4. StepsLife SL as Data Processor for you

User Data. Once you have created an Account, you and your invited Users may start to upload content to the Services, which may include personal data relating to you, or to third parties (User Data, as set out in Annex 2C). In accordance with applicable privacy law, to the extent that it applies to the Services, you are the Data Controller of this User Data and you appoint us as a Data Processor of such data for the purpose of providing the Services

Your commitment. You will not submit to the Services any personal data relating to any individual that has not authorized such processing, when such authorization is required.

Your control: Through the Service, you may delete all User Data that is stored there. This data will no longer be accessible and will be fully removed from our systems on the next back-up, except as indicated below. If you wish to remove all the User Data in your Account, please, uninstall the App from your devices, and send us an email (as set out below), with a digital copy of your ID or other identification document to prove your identity. Once your identity confirmed, we will immediately remove all Data from our active systems and back-ups within fifteen (15) days from confirmation of identity (except as indicated below

4.2. How we use this data: StepsLife SL processes this data to provide the StepsLife App Service to you, on instruction of you, in accordance with the detailed provisions set out in Annex 1 hereto. However, we also do statistical analysis and other analytics on anonymous data.

4.3 Characteristics of the processing:

5. General provisions

The following provisions apply to all data processing by StepsLife.

6. Data subject rights

Data subjects (You, the subjects of your image collection, your invited users - collectively “You” in this section) have rights under data protection laws in relation to their personal data. These rights are the right to:

The aforementioned rights may be effective by contacting us at We may take steps to verify your identity prior to acting on your request.

Data subjects for whom StepsLife SL is Data Contoller also have the right to make any complaint to the competent authority, in this case the Spanish Data Protection Agency - Agencia Española de Protección de Datos, C /. Jorge Juan, 6, 28001 Madrid, España. Online contact details at

7. Questions concerning personal data and revoking approval

In order to be able to offer the best possible user experience on StepsLife, we need to be able to store personal information about you (so-called personal data) and to be able to communicate with you as a member. Therefore, if you do not allow us to process personal data about you, we cannot handle your membership. If you do not wish to allow us to process your personal data, then you will have to cancel your membership. This can be done by emailing us at

If you want to know what information StepsLife SL has about you or have other questions about your personal data or that of your students, you can email us at

8. Security

The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Account information for StepsLife subscribers are password-protected so that you and only you have access to this personal information. You may edit your account information on the user panel on the App.

We recommend that you do not divulge your password to anyone. It is your responsibility to ensure that students at your establishment keep their passwords secure. StepsLife SL will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also remember (and remind your students) to sign out of your StepsLife account and close your browser window when you have finished your activities when using a public computer. This is to ensure that others cannot access your personal information and correspondence if you share a computer with someone else or are using a computer in a public place such as a library.

9. Contact

If for some reason you believe that StepsLife SL has not adhered to this Privacy Policy, please email and we will endeavour to respond to your concerns and, when appropriate, take steps to correct a problem.

Annex 1

Data Processing Conditions (StepsLife SL as Data Processor for you)

1. Definitions

For the purpose of this Addendum, the following terms shall take the meaning set out herein:

2. Object and Term

The subject matter, and the nature and purpose, of processing under this Addendum is the provision of StepsLife services to you. The duration of such processing shall be for the period during which the Parties perform their applicable obligations under the Agreement. The data categories are as described in the table Annex 2C. below.

3. Data Protection Laws Compliance

Each of StepsLife SL and you shall comply with all applicable laws relating to privacy and data protection, including (without limitation) the EU Data Protection Directive (95/46/EC) up until 25 May 2018 as implemented in each jurisdiction, the EU General Data Protection Regulation (2016/679) on and from 25 May 2018, the EU Privacy and Electronic Communications Directive (2002/58/EC) as implemented in each jurisdiction, and any amending or replacement legislation from time to time (collectively and individually, “Data Protection Laws”).

4. Rights and responsibilities of the Data Controller

As established in the GDPR, you as Data Controller shall:

  1. Implement appropriate technical and organizational measures to ensure and be able to demonstrate that the processing is carried out in accordance with applicable legislation.
  2. Adopt data protection policies.
  3. Ensure that the Data Protection Officer or, in his / her absence, the Privacy Officer is involved in an adequate and timely manner in all matters relating to the protection of Personal Data.
  4. Adhere to a code of conduct that can be approved by the Commission or other competent authority.
  5. Keep a record of processing activities in the case of processing Personal Data that may pose a risk to the rights and freedoms of the data subject and / or in a non-occasional manner, or which involves the processing of special categories of data and / or data relating to convictions and infractions.
  6. Make available to the interested parties the essential aspects of this agreement, at the request of the Data Processor.
  7. Respond to the legal rights established by applicable law on the protection of Personal Data and comply with the stipulations indicated in clause 5 even if these were originally addressed to the Data Processor.

5. Rights and responsibilities of the Data Processor

As established in the GDPR, StepsLife SL as Data Processor shall:

  1. Process Personal Data only on the basis of documented instructions from the Data Controller, including transfers of Personal Data to a third country or international organization, unless otherwise required to do so under Union law or applicable Member State law; In such case, the Data Processor will inform the Data Controller of that legal requirement prior to the processing, unless otherwise prohibited by such law or in the public interest.
  2. Ensure that the persons authorised to process Personal Data have undertaken to respect confidentiality or are subject to an obligation of confidentiality of a statutory nature.
  3. Take all appropriate technical and organisational measures to ensure a level of safety appropriate to the risk of processing.
  4. Respect the conditions for having recourse to another Data Processor, as established in the current legislation on protection of Personal Data.
  5. Assist the Data Controller, taking into account the nature of the processing, through appropriate technical and organisational measures, whenever possible, so that it can comply with its obligation to respond to requests for the exercise of the rights of the data subjects.
  6. Assist the Data Controller in ensuring that they comply with their obligations, taking into account the nature of the processing and the information that is available to the Data Processor.
  7. At the choice of the Data Controller, either destroy or return all Personal Data once the processing services have been completed and destroy any existing copies unless the retention of Personal Data is required under Union or applicable Member State law.
  8. Make available to the Data Controller all information necessary to demonstrate compliance with the obligations established in herein, as well as to allow and contribute to the performance of audits, including inspections, by the controller or other authorised auditors for the Data Controller.
  9. Process the Personal Data placed at the disposal of the Data Processor in a way that ensures that the personnel in charge follow the instructions of the Data Controller.
  10. Ensure that the Data Protection Officer or, in his / her absence, the Privacy Officer is involved in an adequate and timely manner in all matters relating to the protection of Personal Data.
  11. Adhere to a Code of Conduct that is approved by the Commission or other competent authority.
  12. keep a record of processing activities in the case of processing Personal Data that may pose a risk to the rights and freedoms of the data subject and / or in a non-occasional manner, or which involves the processing of special categories of data and / or data relating to convictions and infractions.
  13. Respond to the legal rights established by the GDPR and comply with the stipulations indicated in clause 5 even if these were originally addressed to the Data Processor.

6. Data subjects’ exercise of their rights

If the Data Subjects addresses a request or exercises any of the rights established in the General Data Protection Regulation, the Controller and / or the Processor must provide the information requested and perform any required actions, without delay and, at the latest, within one month from receiving the request, which may be extended for a further two months if necessary, taking into account the complexity of the application and the number of applications.

Similarly, but in the event that the Data Controller and / or the Processor do/es not proceed with the request of the Data Subject, he/she shall inform the latter without delay, and no later than one month after receipt of the request, shall provide the Data Subject with the reasons why he/she/they has/ve not acted and inform the Data Subject of his right to file a complaint before a competent authority and to file a judicial appeal. The response to the Data Subject’s request shall be made in the same format as that used by the person concerned, unless he/she requests that it be done otherwise.

7. International transfer of data

International transfers of Personal Data may only be performed if the requirements of the Spanish Data Protection Agency, or any other national or Community laws and regulations that regulate them, are met. Any planned or actual international transfer of data shall be regulated separately and attached as an annex to this service Agreement. The annex shall become enforceable upon its signature by both parties. If a party carries out an international transfer of data without the other party’s consent, the latter shall be exempted from any liability that may arise as a result of or in connection with such transfer.

8. Security breach of the Personal Data

Insofar as there exists an instruction from a competent supervisory authority, a development of a national legislation or a delegated act, in the event of a security breach of the Personal Data, the Data Controller and/or Data Processor shall notify the competent supervisory authority of such breach without undue delay, and if possible, no later than 72 hours after it happened.

9. Termination, resolution and expiration

In the event of termination, resolution or expiration of the contractual relationship for the provision of services hereunder between the Data Controller and the Data Processor, the latter shall not keep the Personal Data unless otherwise legally required to do so. Otherwise, upon termination, resolution or expiration, or when no longer legally required to keep the data, the Data Processor shall destroy or return to the Data Controller all Personal Data and any copies of it, as well as any support or other document containing any Personal Data.

Annex 21


2A: Data provided by you

Category of Data Data Purpose Sharing Retention

Registration and account

Email address;

Other information you identify on our App:
Relationship with child
User name
Billing data, Billing contact data

To provide, maintain, and improve our Service, including, for example, to facilitate payments, send receipts, provide products and services you request (and send related information),

To develop new features,

To provide customer support to users, authenticate users, and

To send product updates and administrative messages;

To perform internal operations, including, for example, to prevent fraud and abuse of our Services; to troubleshoot software bugs and operational problems;

to test, analyze, conduct data analysis, and to monitor and analyze usage and activity trends;

To enforce our agreements, policies, and terms of use

With public authorities, to comply with laws, to respond to lawful requests and legal processes, and also for emergency purposes and we will notify you unless otherwise prevented by law.

When necessary protect the rights and property of the Company, with our agents, customers, and others. We will previously notify you of this (including the recipient) unless otherwise prevented by law.

Third party service providers for the provision of service to us

The term of your account and the period required for tax and legal purposes (usually 6 years thereafter)

Payment data

(when activated)

App Stores: payment data collected through in-app purchase are collected by the applicable app store (iTunes Store or Google Play) and according to its applicable terms of use.

iTunes Store:

Google Play:

To process payment for subscriptions

Your payment data will not collected by us but processed by our payment provider, and this data is processed according to their terms of use.

The term the payment providers determine in their policies

Contact data

Email address

Send you commercial communications we think will be of interest to you – you may opt out of these by sending us an email to with heading “newsletter opt out” or the unsubscribe feature on each communication;

Third party mail service providers for the provision of service to us (Mailchimp)

Until you withdraw your consent

2B Data that is automatically collected

Category of Data Data Purpose Sharing Retention

Traffic data

When you visit our App, we automatically track and collect the following categories of information: (1) your Internet protocol address and domain server address; (2) the date and time of your visit our App; (3) the type of system you used to access the App; and (4) the pages that you accessed during your use of the App.

To evaluate and improve the content of the App and Service and to make the App and Service more useful to users.

To diagnose problems with our server, to keep our server running smoothly,

To monitor the number of users and visitors to the App / Service and the type of technology they use

Third party service providers for the provision of service to us

The term of your account and the period required for tax and legal purposes (usually 6 years thereafter)

Usage data

Data on how you interact with the services and other users, which videos you watch, or which comments you submit; how you communicate with other users, such as their usernames, the time and date of your communications, the number of comments you post, which videos are being answered, your interactions with messages (such as when you open a message or capture a screenshot).


Third party service providers for the provision of service to us

StepsLife Partners, as indicated above.

The term of your account and the period required for tax and legal purposes (usually 6 years thereafter)

Cookie data

Like most online services and mobile applications, we may use cookies and other technologies, such as web beacons, web storage, and unique advertising identifiers, to collect information about your activity, browser, and device.

We may also use these technologies to collect information when you interact with services we offer through one of our partners.


Most web browsers are set to accept cookies by default. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Keep in mind, though, that removing or rejecting cookies could affect the availability and functionality of our services. For more details on our cookie usage, please see our cookie policy at

We use cookie data to as set out in our cookie policy []

Third party service providers for the provision of service to us

As indicated in the cookie policy

2C. Data for which you are data controller

Category of data subjects Data types

User children and other persons related to the StepsLife user

Images, photographs, videos, identification (name, surname), age / data of birth

StepsLife Users and related persons (on their account)

Comments and other interactions between users on your account, Likes, etc.