HiMommy - Privacy policy

Privacy policy

for the mobile application

HiMommy and HiDaddy (HiFamilyApps)

and connected services (website, funpage, etc.)

The Data Controller for data processed for purposes specified herein (section 2 and 3 below) shall be IDEA ACCELERATOR SP Z O. O., Main Square 28, 31-010 Cracow, Poland, Tax number: 6762528642, KRS: 0000676503, REGON: 367240642

(Hereinafter the “Data Controller” / ”Application Supplier”).

The Data Controller can be quickly and effectively contacted in the data controller’s registered office, i.e., at the address specified above, as well as by telephone, or by e-mail at the following address:

support@himommyapp.com

If you contact the Data Controller, they may ask for additional information to verify the identity of the contacting person.

This Privacy Policy concerns processing of data (including personal data) in relation to using the HiMommy / HiDaddy Application (hereinafter “The Application”), as well as for additional (but related) purposes specified in sections 2.2 and 2.3 below.

This Privacy Policy applies to the mobile application HiMommy / HiDaddy (HiFamilly apps) available at https://himommy.app/en/pages/himommy-privacy-policy / in Google Play / Apple Appstore (hereinafter “the Application”).

All terms should be interpreted in accordance with the Application Terms and Conditions available at:https://himommy.app/en/pages/terms-and-conditions

Table of contents

1. General information 3

1.1. What are personal data? 3

1.2. What are your rights related to processing of your personal data? 3

1.3. How can you notify us about your wish to exercise your rights? 3

1.4. What does consent-based data processing mean? 4

1.5. How does the Data Controller obtain data? 4

1.5. Who has access to personal data? 5

1.7. Is providing of the data voluntary? 6

1.8. What data categories do we process? 6

1.9. Changes to this Privacy Policy 7

1.10. External links 7

2. Individual purposes, bases and duration of data processing 7

3. Obtaining data (including personal data) through cookies or similar technologies, including personal data processing 12

3.1. General information 12

3.2. Why does the Data Controller use cookies? 12

3.3. Controlling and deleting cookies 13

3.4. Operational data 13

3.5. Access to information saved on the device other than cookies 14

3.6. Personal data protection 14

3.7. Deleting data obtained by the cookies mechanism and operational data 15

General information

1.1. What are personal data?

Personal data mean all information concerning an identified or possible to identify natural person (“data subject”). Therefore, they include, but are not limited to details such as name, surname, address, date of birth, telephone number, or e-mail address.

Personal data are processed under GDPR, i.e., REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - hereinafter “GDPR”).

1.2. What are your rights related to processing of your personal data?

You have a right:

to access your data, including obtaining copies of them;

to transfer your data;

to rectify and delete your data;

to restrict data processing;

if fully automated decisions are made (on a basis of your data), you have a right obtain human intervention by the data controller, as well as to express your opinion and question such decision; in that case, the data controller will provide relevant information on principles of making them, as well as about importance and foreseen consequences of such processing for the data subject;

not to be subjected to a decision based solely on automated processing, including profiling, that has legal consequences or other similar significant influence on it, unless assumptions provided for in GDPR are met;

to complain to the supervisory authority.

Note!

Right to object

Each time that your personal data are processed under Article 6.1 (f) or 6.1 (e) of GDPR (see section 2 below), i.e., in the case of legitimate interest or acting in the public interest, you have a right to object at any time. You can notify your objection using the contact data provided in the introduction to the Privacy Policy.

1.3. How can you notify us about your wish to exercise your rights?

You can exercise your rights in person at the Data Controller’s registered office, by post or by e-mail (contact details of the Data Controller are provided above).

In response to the notified request, you may be asked to provide data necessary to identify (e.g., find) your personal data or to verify your identity (confirm that you are a person you claim to be). In such case, the personal data will only be processed to the extent necessary to document correct performance of obligations related to the notified request (e.g., correct documenting of the withdrawal of consent) for the needs of defending against claims (article 6.1 (f) of GDPR, a legitimate interest of the Data Controller) and to perform obligations resulting from GDPR (including ensuring accountability, Article 16.1. (c) of GDPR). For these purposes, the data will be processed no longer than to the expiry of the time bar of potential associated claims.

As required by GDPR, the information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

1.4. What does consent-based data processing mean?

If your personal data are processed on a basis of your consent (e.g., the use of your image for promotional purposes - see section 2 for more information), you should remember that:

your consent is always voluntary;

you can always withdraw your consent in person at the Data Controller’s registered office, by post or by e-mail (contact details are provided above);

the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal;

after you withdraw your consent, the data will no longer be used, they will be deleted or anonymised; though this does not exclude data processing to the extent necessary to demonstrate that the notification of the consent withdrawal was registered and implemented, representing the legitimate interest of the data controller related to defence against claims and demonstrating conformance to personal data protection regulations (Article 6.1 (f) GDPR, so-called legitimate interest of the data controller) - no longer than the expiry of the time bar of those claims.

1.5. How does the Data Controller obtain data?

In general, the Data Controller obtains data directly from you.

When registration through external Google / Facebook services is selected, data are obtained from those entities according to the following rules. in the case of Apple, data is also obtained to settle the purchase of the paid version of the application.

Google

The scope of obtained data email

Terms and conditions https://firebase.google.com/support/privacy

Facebook

The scope of obtained data email, basic details such as name and surname, and profile image

Terms and conditions https://developers.facebook.com/terms/dfc_platform_terms/#privacypolicy

Apple

The scope of obtained data email (that can be hidden), name and surname

Terms and conditions https://www.apple.com/legal/privacy/en-ww/

1.6. Who has access to personal data?

The following recipients will have access to your personal data:

authorised employees/partners acting under the Data Controller order;

suppliers of IT services supporting implementation of the Data Controller’s purpose listed below (after concluding relevant engagement agreements), i.e.:

Firebase,

https://firebase.google.com/terms/data-processing-terms

Amplitude,

https://amplitude.com/terms/dpa

Appsflyer

https://www.appsflyer.com/gdpr/dpa.pdf

Revenuecat

https://www.revenuecat.com/dpa/

Branch.io

https://www2.branch.io/rs/315-FTT-121/images/PDF-Branch-AppDPA.pdf

Apple (in the context of payment processing)

Terms and Conditions https://www.apple.com/legal/privacy/en-ww/

Data can also be made available to recipients being separate data controllers, e.g., public administration bodies on their request.

When you want to share specific information with other users – “Partners” (using the functionality “share with your partner”), the Application Supplier will provide your data to them, within the following scope:

Functionality - Scope of data sharing

Sharing your mood - Mood expressed as emojis + possible note

Checklist - Sharing checklists for a hospital bag, layette. An option for adding own lists

Baby’s names - A possibility to share which names for a baby you like

List of baby’s activities - Sharing information about your baby’s behaviour: poo, sleep, changing the diaper, feeding, etc.

The detailed purposes of data disclosure are provided below, when individual purposes of data processing are discussed (see sections 2 and 3).

1.7. Is providing of the data voluntary?

In general, the provision of personal data is voluntary. Wherever the provision of data is:

voluntary, but necessary to fulfil specific purposes (e.g., e-mail contact through an online form); or

obligatory (e.g., results from relevant legislation)

you will be informed about that separately and clearly (e.g., in a form used to collect personal data).

1.8. What data categories do we process?

Data scope; Objective ; Are data retained locally in the Application? Are data send to the Application supplier?; from which moment the data are sent outside the user’s device

Data scope

Objective

Are data retained locally in the Application?

Are data send to the Application supplier?

from which moment the data are sent outside the user’s device

A unique user’s ID and data indicating how the Application is used, and information about errors

Service provision;

Error analysis;

Ensuring safety;

Analysis of the use of the Service

Locally:

User ID;

Sent

From the moment of accepting the Privacy Policy

registration data (when you register your account in our service);

Service provision;

Error analysis;

Ensuring safety

Sent

From the moment of registration

health data (after giving the consent), e.g.,

- pregnancy stage;

- notes;

- pregnancy photos;

- checklists;

- contractions counter;

- kicks counter;

- weight during pregnancy;

Service provision;

Sent

From the moment of saving them

User’s mood

Service provision;

Sent

From the moment of saving them

When the User’s account is not registered in the Application, uninstalling the Application will lead to losing access to data and their removal by the Supplier.

1.9. Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy that may result from development of the internet technologies and possible changes of the personal data protection legislation. We will inform about all changes in a visible and clear way on our website.

1.10. External links

Our website may contain links to other websites. These website are independent of the Data Controller and are not controlled by the Data Controller in any way. These websites may have their own privacy policies and terms and conditions, and we advise you to read them.

If you have any doubts concerning any provision of this Privacy Policy, please do not hesitate to contact us - you can find our data in the “Contact” tab.

Individual purposes, bases and duration of data processing

Note!

If any dates for data processing are provided below, they should be understood as the longest periods possible. If the purpose of data processing ceases to be valid earlier, then the data controller is obliged to and will remove that data earlier.

2.1. The pursued purposes for data processing through the Application and a basis for data processing and other relevant information:

Installation of the Application without registering the User’s Account

The Agreement is concluded in a fully automated way, as understood by Article 22.2 (a) of GDPR. Therefore, the User is entitled to obtain human intervention by the Data Controller, to express their opinion, and to question that decision. The indicated automated decision to conclude the Agreement is made solely on a basis of data provided by the User, who is obliged to provide their true data.

Providing data (marked as obligatory) to conclude the Agreement is voluntary, but necessary to conclude the Agreement. Providing additional data is voluntary and they can be changed at the level of the User’s Account.

Period of data processing:

period of using the Application. After the end of use - the limitation period for civil law claims related to the use of the Application by the user.

Registration of the User’s Account and concluding the Application Use Agreement in accordance with the Application terms and conditions (background: Article 6.1 (b) of GDPR)

Data of the Users who did not complete registration of the Application will be processed for a period of 30 days

Providing your data is voluntary, but it is necessary for performance of the Agreement in accordance with the Terms and Conditions of Use of the Application.

Period of data processing: users who registered an Account:

period of using the Application. After the end of use - the limitation period for civil law claims related to the use of the Application by the user.

Enabling the User to use the Application (background: Article 6.1 (b) of GDPR, i.e., performance of the agreement concluded with the data subject), consisting of:

User’s authentication (confirming their identity) and authorisation of payment with Apple;

Viewing the Account by the User;

Managing (including changing) data provided in the User’s Account;

Settlement of a commission with the Partner;

Blocking access to the account/terminating the Agreement;

Sending changes in the Terms and Conditions;

Notification of technical problems through the User’s Account, as well as executing rights resulting from GDPR;

Sending notifications concerning the Account;

Providing your data is voluntary, but it is necessary for performance of the Agreement in accordance with the Terms and Conditions of Use of the Application.

Period of data processing:

period of using the Application. After the end of use - the limitation period for civil law claims related to the use of the Application by the user.

Ensuring the Application security and elimination of errors (Article 6.1 (f) of GDPR) i.e., a legitimate interest of the data controller;

Period of data processing:

period of using the Application. After the end of use - the limitation period for civil law claims related to the use of the Application by the user.

Sending “push” messages by the browser (background: the User’s consent - Article 6.1. (a) of the GDPR), see section III below concerning cookies and similar technologies for more information;

The access to the specified data depends on settings of the device used by the User.

The data will be processed until you withdraw your consent - the option at the browser settings level is disabled.

Direct marketing of the data controller on a basis of the consent granted during registration and later in the Account;

The consent can be withdrawn by sending a request to support@himommyapp.com or in the User’s Account in their Profile.

The provision of personal data is voluntary.

The data will be processed until you withdraw your consent.

2.2. Contact form on website https://himommyapp.com or in the mobile apps HIMommy & HiDaddy

Purposes:

replying to inquiries sent and maintaining further correspondence (background: Article 6.1 (f) of GDPR, i.e., a legitimate interest of the data controller);

concluding and performance of the agreement - when the correspondence concerns this (background: Article 6.1 (b) of GDPR);

defence or pursuing claims (background: Article 6.1 (f) of GDPR).

2.3. Purposes implemented at fanpages(company accounts on social media sites):

Principles of personal data protection within social media accounts (management of a fanpage on Facebook and Instagram)

Purposes of using personal data:

managing social media accounts;

technical administration of accounts (creating, publication);

interactions (public or private messages) with subscribers of Facebook (or other site) and other users;

statistics of use.

Data processing background:

(concerning obtaining information about other users) - Article 6.1 (f) of GDPR) i.e., a legitimate interest of the data controller.

Categories of obtained data:

Data visible on Facebook (or other relevant website) by default:

In particular:

Name and surname or alias;

Profile picture or avatar;

Presentation of information;

Publications;

Exchanged messages;

Data provided publicly by the user according to general Facebook settings;

Data concerning the use of the Platform to create anonymous statistics.

Data source

Users of Facebook (or other social media site)

Facebook (or other social media site)

The Data Controller does not configure or have any data concerning you from cookie files retained by Facebook (or other social media site). Statistical data resulting from these cookies are made available to the data controller only in an aggregate (anonymous), and not individualised form. Therefore, only services (like Facebook) can reply technically to your requests concerning cookies used.

Voluntary data provision

The provision of personal data is voluntary. The User makes decisions in this regard themselves. To use personalised information, social functions, or internet reaction services, the user must be a member of a social network.

Recipients

The access to data between users is governed by terms and conditions of a given social media site.

Data transfer outside the EU

Due to their presence on Facebook, publications will be available outside the European Union. Data required for statistical purposes may be processed outside the European Union in accordance with the data management policy implemented by Facebook (or other social media site).

Data processing duration

Data are retained as long as a given account is available in a given social media, excluding execution of the right to delete or to object to the data processing by the data subject.

3. Obtaining data (including personal data) through cookies or similar technologies, including personal data processing

3.1. General information

Cookies are small text files placed on a computer by visited sites. They are generally used to improve functioning or increase capacity of websites, and to provide information to site owners. The table below explains which cookies we use and why.

We use the following categories of cookies: session and persistent.

Session cookies - they remain on the user’s device until they log out of the website or close the application (internet browser);

Persistent cookies - are stored on the device for the time specified in cookie file parameters or until they are manually deleted by the user.

3.2. Why does the Data Controller use cookies?

Taking the purpose of using the cookies into account, the Data Controller uses two categories of cookies; “strictly necessary” and “optional” for the following purposes:

1. “Strictly necessary” cookies - for a purpose and to the extent necessary to correctly display a website. It is used to ensure basic functions such as security, network management, and accessibility. You can disable them by changing the browser settings, but this may affect the browser functioning.

For this purpose, our website may use session cookies.

2. “Optional” cookies:

a) analytical -> to analyse preferences of people using our website, the results of these studies are used to improve display of this site;

For this purpose, persistent and session cookies can be used.

The use of this category of cookies is based on your consent.

The indicated data are not combined with details such as name and surname, e-mail address, and other data enabling easy identification of a person visiting the website.

Analytical cookies (third party):

Cookie designation; File name; target

Google Analytics / Supplier: Google Inc.

These cookies are used to collect information how users use our website. We use this information to create reports and assist us in improving our website. Cookies collect information in a way that does not directly identify any person, including a number of visitors to the website and to the blog, from which the visitors accessed the website, as well as sites visited.

Read Google information concerning privacy and data protection https://support.google.com/analytics/answer/6004245

Data is entrusted. The engagement agreement is available at: https://privacy.google.com/businesses/processorterms/

As a part of the provided service, the data can be transferred outside the territory of EEA and Switzerland, mainly to the United States. Read more: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

Facebook

You can withdraw your consent and stop installation of and obtaining data by the cookies. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

3.3. Controlling and deleting cookies

The majority of browsers offers an option to accept or reject all cookies. The user can also easily change settings for files of this type in their browser settings. Remember that blocking all cookies from the Service website may cause problems with functioning or completely prevent using of certain functionalities of our website.

Managing and deleting cookies differs depending on the browser used. Detailed information on this subject is available by using the Help function of your browser or visiting http://www.allaboutcookies.org, explaining step by step how to control and delete cookies in the majority of browsers.

You may view information concerning individual websites at:

Google Chrome

Microsoft Edge

Mozilla Firefox

Microsoft Internet Explorer

Opera

Apple Safari

To disable the Google Analytics mechanisms at all websites, visit: http://tools.google.com/dlpage/gaoptout

3.4. Operational data

Even without installing cookies, the website administrator may obtain access to the following data characterising a way in which the website is used (hereinafter: other operational data):

an ID number assigned to a device of the website visitor;

identifications of the telecommunication network terminal;

an IT system (a device type, an operating system, an internet browser) used by the Internet user;

information on starting, ending and a scope of each visit to the website.

To ensure the highest quality of our website, we occasionally analyse logging files to verify which websites are visited most often, which Internet browsers are used, whether the website structure is free of errors, etc.

The operational data are not combined with details such as name and surname, e-mail address, and other data enabling easy identification of a person visiting the website.

3.5. Access to information saved on the device other than cookies

On a basis of your consent (expressed on the device) and solely to perform the service electronically through the Application, we gain access to the following functionalities of your terminal device (e.g., your mobile phone)

Push - a consent at the system level.

3.6. Personal data protection

Information obtained by the cookies mechanism and operational data may represent personal data as understood by GDPR in certain exceptional situations. When the information specified above are qualified as personal data, then the Data Controller is their data controller. Even if there are any doubts whether a given information category belongs to personal data, the Data Controller implements mechanism protecting such information as if it was a personal detail.

Processing of data categories specified above to the extent necessary for a correct display of the website (“strictly necessary” cookies) is based on a so-called legitimated interest of the website administrator (Article 6(1)(f) of the GDPR). For this purpose, the following may occur:

occasional analysis of logging files to determine which browsers are used by people visiting our website; which tabs, pages or subpages are visited or viewed most and least frequently; or to check our website structure for possible errors.

preventing unauthorised access to the website and malicious code distribution and stopping “denial of service” attacks and damage to computer and electronic communication systems.

In the above cases, you have a right to object to data processing (when processing is performed under Article 6.1 (f) of GDPR).

If you give your consent to installation of “optional” (analytical, e.g., delivered by Google Analytics / marketing) cookies, then information collected this way will be used to analyse preferences of people using our website, and the results of this study will be used to improve the quality of the displayed website. In that case, the data are processed under Article 173.2 of the Telecommunication Law (Journal of Laws of 2004, No. 171, item 1800) in relation to Article 6.1 (a) of GDPR. As Article 174 of the Telecommunication Law specifies, personal data protection regulations apply to obtaining a consent of a subscriber or an end user.

You can withdraw your consent at any time and delete cookies from your device. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Data recipients: an IT entity providing services to the Data Controller.

3.7. Deleting data obtained by the cookies mechanism and operational data

Personal data will be removed or anonymised by the expiry of the time bar of potential associated claims associated with the use of the website at the latest (no later than within 30 of a day of their recording), or earlier, if you notify your objection. Providing these details is voluntary, but necessary to implement the said purposes.