OvuFriend Privacy Policy

• Effective as of 28.11.2022

  Your data and privacy are very important to us! We are very happy that you are reading this. We created this document to describe the process of collecting and processing your personal data through https://ovufriend.com services, owned by OvuFriend sp. z o.o. and we hope that we did it in an understandable way. Here you will learn the rules and purposes of data processing and we will explain to you how we respect your rights and how you can claim them.

  If you want to know more or need more information, please contact us, we are here for you - contact@ovufriend.com

Introduction

• This Privacy Policy explains how OvuFriend Sp. z o.o. ("OvuFriend" or "we") collects, stores, uses, transfers and shares personal information of our users ("you", “the user”) in connection with the OvuFriend mobile application (the "App") and the website https://ovufriend.com (the "Website") owned by OvuFriend sp. z o.o., including any products and services related to it (the "Services").

  If you want to know more or need additional information, please contact us, we are here for you - contact@ovufriend.com

• We reserve the right to make changes to the content of this Privacy Policy from time to time. If we make key changes, we will notify you by email (sent to the address you provided at registration), through the App, or by displaying the new version of this Privacy Policy to you. Your continued use of the App after the effective date of the updated version of the Privacy Policy constitutes your acceptance of the changes to the Privacy Policy. In some cases, we will ask you to agree to changes in the Privacy Policy. If you do not agree to the terms set forth in this Privacy Policy, please do not use our Services.

• Please refer to the Privacy Policy published on our Website and App for the latest updates regarding our data protection practices.

• How to contact us?
• For all matters relating to the processing of your personal data, you can contact us:
  • by sending an email to: dpo@ovufriend.com or contact@ovufriend.com
  • by writing to the address: Złota 61/100, 00-819 Warszawa.

  We suggest you contact us by email. This will help you get an answer to your question faster.

I. Personal Data we receive from you

• We collect your Personal Data in a variety of ways. We collect some Personal Data automatically when you interact with the Services, and sometimes directly from you (the user). In some cases, we may receive Personal Data about you (the user) from other sources and third parties.

1. Personal Data received directly

• When you register to use the App / Website or fill in your information in the App Profile, we may collect following Personal Data:
  • First Name;
  • Email Address;
  • Year of birth;
  • Password;
  • Location Data, such as time zone and language;
  • Phone number.
  
  When registering to use the Services, you (the user) may choose to provide Personal Data about your health, fertility and well-being, such as:
  • Weight;
  • Body temperature;
  • Dates of menstrual cycles;
  • Various symptoms related to your menstrual cycle and health;
  • Other information related to your health (including sexual activity), physical and mental well-being and related issues, including those related to your private life.

  You, as a user, may also allow us to connect with third-party services such as Apple HealthKit and Google Fit to allow us to import Personal Data about your health and activities. Imported Personal Data includes, but is not limited to, sports activities, weight, calories burned, heart rate, number of steps/distance traveled and other health data. We will process this data to provide you with the functionality of the App as described below. By choosing to import this data, you are subject to the privacy policies and practices of Google Fit and Apple HealthKit

2. Personal Data received automatically

• When you access or use the Services, we may automatically collect the following information:

  Information about your device:
  • Device model;
  • Information about the operating system and its version;
  • Unique device identifiers (e.g., IDFA);
  • Enabled accessibility features of the device (e.g., display features, listening features, physical and motor functions);
  • Network information;
  • System version of the device.
  
  Location information:
  • IP address;
  • Time zone;
  • Information about your mobile service provider.
  
  Data about your use of the Services, including but not limited to:
  • Frequency of use;
  • Areas and features of the Services you access, visit or use;
  • Engagement with certain features.

  We may use cookies and other tracking technologies to collect the above information. Please see our Cookie Policy for more details.

II. For what purpose and on what legal basis we process certain categories of your personal data

• Never will we collect and use your Personal Data without informing you. Depending on which functionalities you use, we will process your Personal Data based on one or more of the following legal bases:
  • Your consent. For example, upon registration, when you give us permission to process your Personal Data;
  • In order to fulfill our contractual obligation, the processing of your selected data is necessary for the performance of the agreement between you and OvuFriend (the "Agreement"), which is concluded by your acceptance of the Terms and Conditions of the App or the Website
  • Legitimate interest. We may process your Personal Data with respect to our interests in providing the Services to you, our commercial interests, including our interests in protecting the security and integrity of the Services, and broader social benefits;
  • Legal Obligation. We may be required to process some of your Personal Data to ensure compliance with applicable laws.

  Below you will find specific examples of personal data and the purposes for which we process it, along with the legal basis:

  1. Personal Data you provide as a Registered User, including during Registration, as well as the completion of your Profile.

     The processing of your selected data is necessary for the performance of the agreement between you and OvuFriend (the "Agreement"), which is concluded by your acceptance of the Terms and Conditions.

     In order to register with the App and the Website, you must provide the data necessary to create an account and operate your Profile (eg. email address and password). These serve exclusively to provide you with access to your account in the App and the Website.

     In addition to the above, in order to fully perform the Agreement, during Registration we will ask you to provide initial data that will facilitate us to start keeping a calendar for you and allow us to start tracking your menstrual cycles. These are such data as for example: your age, the number of months you have been trying to get pregnant, the start date of your last period, your weight & height.

     Your provision of the above-mentioned data is always voluntary, but necessary to register on the App or the Website. The processing of the above-mentioned data is carried out on the basis of your express consent, given during registration on the App or the Website.

     Important - at no stage of your use of the App or the Website will we ask you, and we do not want you, to enter such information as your name or your home address. We do not need this information to provide you with access to our Services. In addition, content posted in the App or the Website by you and made available to other users, or to the public should not contain any information of a personal nature, and should be posted anonymously, that is, without you providing any information that would allow you to be identified.

  2. The data you provide in the App or on the Website as a Registered User is processed:

     • for the purpose of providing you with quality Services related to the maintenance and operation of the Cycle Calendar;
     • for analytical and statistical purposes – we would like the Services provided by the App and the Website to be as tailored to your needs as possible, so we analyze your activity in order to introduce new solutions that meet your expectations;
     • for research & development purposes - your anonymized health data about your cycle and fertility may be used during research & development projects or OvuFriend's collaboration with clinical or academic researchers. In line with the vision of the founders of the App and Website, OvuFriend uses science and advanced algorithmics to support women in learning about their cycles and taking care of their fertility and hormonal health. Our goal is to improve the detection of intimate and hormonal health conditions that are the cause of TTC problems. To improve our solutions used in the OvuFriend app, we need data for our algorithms. Therefore, we can process your health data to analyze whether you might be in a group of women with a high probability of having one of the conditions studied in the project. If our analysis indicates that you may be in this group, we will use the data you provide in the App to ask you to complete a survey that might provide additional information. You can read more about OvuFriend's current and completed EU scientific research projects here: https://ovufriend.com/article/research-development,49.html. Before OvuFriend uses any data for scientific research, it is transformed into anonymized data by removing all information that could be used to identify specific individuals;
     • for marketing purposes of the App and Website and other entities;

  3. Personal Data provided via contact forms.

     If you notice an issue with our service and send a request to the support team or through any other means of communication with the Administrator, we will keep a history of the communication and the information you provided during the communication (e.g., your email address). We do this to answer questions and provide assistance.

     The data you provide in the contact forms is processed:

     • for the purpose of handling the inquiry sent through the form provided;
     • for analytical and statistical purposes;

     The legal basis for the above is an agreement between us and the user in order to fulfill our contractual obligation.

  4. Data provided for the purpose of payments for the use of Premium Services.

     The processing of the data you provide when paying for the use of Premium Services is necessary for the performance of the Agreement and to enable you to use the additional services offered by the App and the Website, and for the archiving of documents confirming our performance of our obligations under the Agreement.

  5. Data stored automatically when using the App and the Website.

     When you use the App and the Website as a registered user, the following data will be remembered in our system logs: Your IP address, the address of the page that redirected you to our services (e.g., when you clicked on a link referring you to us), the addresses of the subpages you view during your visit to our site, the type of browser you use and its display settings, the type of operating system you use, the date and duration of your visit.

     The information collected in the logs is processed primarily for statistical purposes and to improve the Services provided by the App and the Website, to improve their functionality and to adapt its functionality to your needs. The legal basis for this is our legitimate interest.

  Processing principles

  
  
  • We will not process your Personal Data in a way that is incompatible with the purposes for which it was collected or subsequently authorized by you, or collect any Personal Data that is not needed for the purposes listed. We will ask for your separate consent for each new processing purpose.
  • We do not sell Personal Data. We do not disclose your Personal Data except as otherwise described in this Privacy Policy. We may share your Personal Data with our service providers only as described in this Privacy Policy. We will also not use the information you receive as a result of your use of HealthKit and Google Fit for advertising or similar services, or sell it to advertising platforms or data brokers.

III. What are your rights?

• 1. Right to correct your Personal Data

     You may request that we promptly correct your Personal Data if you believe it is inaccurate or outdated. You can also ask us to complete it if you believe that your data is, due to the purpose for which we process the data, incomplete.

  2. Right to restrict processing of personal data

     In certain situations, you have the right to request that we restrict the processing of your Personal Data. For example, you have the right to request restriction of your Personal Data if you question the accuracy of your Personal Data and we reserve time to verify it.

  3. Right of access to your Personal Data

     You have the right to request information about what Personal Data we process about you, to access all of your Personal Data, and to receive a copy of your Personal Data in a structured, commonly used machine-readable computer format.

  4. Right to request deletion of your Personal Data ("right to be forgotten")

     You have the right to request the deletion of your Personal Data after you have withdrawn your consent to the processing of such Data if you believe that the processing does not comply with applicable law.

  5. Right to object to the processing of your Data

     Due to your particular situation, you may object to the processing of your Personal Data, in cases where we process your data on the basis of our legitimate interest.

IV. Exercising your rights

• To exercise your rights above, please contact us at contact@ovufriend.com. We will respond to your request within 30 days of receiving it. In some cases, we may need up to 90 days, for example, to fully delete Personal Data stored in our system. We will notify you if we need more time and provide reasons for the delay.

  You have the right to complain about our actions or omissions to your national data protection authority regarding our activities (including, but not limited to, your right to confidentiality of your data) that you believe violate applicable laws. If you have any concerns about our privacy practices, please let us know at contact@ovufriend.com.

  If we receive a vague request from you, we may contact you to better understand it. We may also deny requests that are clearly unreasonable and excessive (repetitive) requests.

  In some cases, we will ask you to confirm your identity. We usually verify that the request was sent using the email address you provided when you registered in the App or the Website. If you have not registered for an account, we may ask you to submit additional verification measures to ensure that we are properly responding to requests.

V. Third Parties Processing Your Personal Data

• We do not and will not share your Personal Data with any third parties, except as described below.

  In some situations, we engage other companies to process your Personal Data on our behalf. We refer to these as "data processors."

  These are companies we work with that help us provide the highest quality Services, including, in particular, entities responsible for operating the information systems of the App and the Website, entities that provide marketing services and prepare analyses and statistics. If you choose to use a paid subscription, your data can be accessed, in particular, by the payment processor Stripe and other processors under contracts with us, such as accounting firms.

  These companies may process certain Personal Data to achieve the purposes of the App and Website functions and related activities. We are fully responsible for any acts or omissions of these processors and enter into formal data processing agreements with them, to the extent required by applicable law.

  Here is a list of our main data processors:

  1. AWS (Amazon Web Services, Inc.) - the entity we work with in the area of infrastructure and security. It stores all your Personal Data when you use the App and/or Website. You can read the AWS Privacy Policy at this link https://aws.amazon.com/privacy/

  2. Cloudflare (Cloudflare, Inc.) - the entity we work with in the area of infrastructure and security. It stores all Personal Data. The purpose of processing is App security and content delivery. You can read Cloudflare's Privacy Policy at this link https://www.cloudflare.com/privacypolicy/.

  3. If you choose to use the premium version of OvuFriend your personal data is processed by payment intermediary Stripe (Stripe, Inc., USA). Payment information and bank details are collected, plus Personal Identifiers. Stripe's Privacy Policies can be found here: https://stripe.com/privacy.

  4. Freshmail - the entity with which we cooperate in the area of sending electronic messages. The goal is to securely and effectively communicate with you about newsletters, surveys and notifications.

  We ensure that all entities to which we entrust the processing of Personal Data apply appropriate measures for the protection and security of Personal Data.

  Personal Data in the European Union (EU), the EEA and the United Kingdom (UK) is protected by the General Data Protection Regulation (GDPR) and Data Protection Act 2018.

  Since some of the IT solutions we use are offered by entities outside the European Economic Area (EEA), mainly by companies in the US, in certain cases we transfer your personal data outside the EEA ensuring, however, an adequate level of protection, i.e. standard contractual clauses and data anonymization. We also comply with certain legal provisions regarding data transfer, including the procedures set forth in the EU-U.S. and Swiss-U.S. Privacy Shield programs, despite the cancellation of the Privacy Shield as of July 16, 2020.

  Anonymized / aggregated data

  In certain situations, we may anonymize your Personal Data or strip it of identifiable elements in such a way that it cannot be used to establish your identity. Such data ceases to be Personal Data. We may share such data with research institutions, our partners, or use such data for statistical purposes, for example, we may share or use general age information, demographic information and aggregate statistics on specific activities or symptoms from the collected data to help identify trends among users in scientific publications, articles, etc. Sharing such data contributes to the advancement of scientific research on women's health. Our legal basis for processing your data for this purpose is legitimate interest.

  Exceptional situations

  We may also be required to provide your data to competent authorities or third parties if they request for such information on a legal basis or legitimate interest. We may share your Personal Data in the following special circumstances:

  • in response to subpoenas, warrants or legal process, to the extent required and limited by law (including when required by national security or law enforcement);
  • when disclosure helps ensure the security and integrity of the Services or enables us to provide security to users or others, as required by applicable law. In such cases, we may delete some of your Personal Data (e.g. by resetting your password to prevent unauthorized access);
  • when disclosure is made at the request or with the consent of the user who entered the data in the App;
  • during business transitions where data transfers occur.

VI. For how long do we process your personal data?

• Your data that you provided when registering in the App / Website or that you subsequently completed in your Profile is processed for as long as we are bound by the Agreement entered into by your acceptance of the Terms and Conditions. After the termination of the Agreement, we keep your data for the period during which you could assert claims against us related to our non-performance or improper performance of the Agreement, and for the period during which we could assert such claims against you.

  If we process your other data with your consent, we will process your data until you withdraw your consent or prohibit us from processing them. At the same time, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal.

  As for data that are in payment transaction records, we process them for a period of five years from the end of the fiscal year to which the document relates.

  Although we anonymize or otherwise de-identify your data where possible, we may retain certain Personal Data and other information after closing or deleting your account if necessary to comply with legal obligations, resolve disputes and enforce our agreements.

VII. Security of your Personal Data and how we store them

• We take all adequate security measures (e.g. pseudonymization and tokenization of selected categories of Personal Data) to protect the Personal Data we collect from loss, theft, misuse, unauthorized access, disclosure, alteration and destruction, while being mindful of the nature of the data we store and the risks associated with the special category of Personal Data we collect (health information).

  If you have an account in the App / Website, your personal profile data is stored separately from the data obtained during the Cycle Calendar and service settings, so we can guarantee a very high degree of privacy of your cycle information. The password is stored using one-way encryption and cannot be read by us.

  Data is transferred between your device and OvuFriend's servers using encrypted HTTPS. HTTPS is the technology used to create secure connections for the Web browser, and the fact that it is used to secure the current connection is indicated by the appearance of a padlock icon in the browser. We systematically scan and test security vulnerabilities. OvuFriend employees have different levels of access to your Personal Data.

  Remember that you also have a role in protecting your Personal Data by properly choosing and securing your password, not sharing your password with others and not allowing them to use your mobile phone. Remember also that no security system is perfect, so we cannot guarantee absolute protection when using OvuFriend or that your data will not be intercepted during transmission.

  If we become aware of a security breach of OvuFriend's systems, we will immediately publish an adequate notice or inform you by email, and in addition, we will take the necessary corrective measures provided by law and this Privacy Policy. If we become aware of a potential breach of Personal Data, along with the other actions referred to in the Privacy Policy (such as notifying you in certain cases), we will also take certain actions to remedy the breach, as appropriate, which may include, logging you out of all devices, resetting your password (sending you a temporary password for you to use), and taking other necessary steps.

  If you wish to inform us of a security breach of the OvuFriend system, please contact us at contact@ovufriend.com.

VIII. Age restrictions and children's privacy

• The OvuFriend App and Website are intended for people over the age of 13.

  We intentionally do not collect personal information about children under the age of 13. If you know of a person under the age of 13 using OvuFriend, please contact us at contact@ovufriend.com so that we can take the necessary steps to delete such person's data and/or account.

  Age restriction for residents of the European Economic Area and the United Kingdom. Due to legal requirements, we do not allow EEA or UK residents under the age of 16 to use the Services. If you know of a person under the age of 16 using OvuFriend, please contact us at contact@ovufriend.com so that we can take the necessary steps to delete such person's data and/or account.

  Your Data that you provided when registering in the App / Website or that you subsequently completed in your Profile is processed for as long as we are bound by the Agreement entered into by your acceptance of the Terms and Conditions. After the termination of the Agreement, we keep your data for the period during which you could assert claims against us related to our non-performance or improper performance of the Agreement, and for the period during which we could assert such claims against you.

  If we process your other data with your consent, we will process your data until you withdraw your consent or prohibit us from processing them. At the same time, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal

  As for data that are in payment transaction records, we process them for a period of five years from the end of the fiscal year to which the document relates.

  Limitations. Although we anonymize or otherwise de-identify your data where possible, we may retain certain Personal Data and other information after closing or deleting your account if necessary to comply with legal obligations, resolve disputes and enforce our agreements.