Effective as of August 28, 2021
- the Your Cycle mobile application,
- the Your Cycle website including any products and services related to it ("Website"),
(all collectively, the “App”).
Personal data and information we collect from you
Personal data you provide us directly
General Information. When you sign up to use the App, we may collect personal data about you such as:
- Email address;
- Date of birth;
- Password or passcode;
- Place of residence and associated location information;
- ID (for limited purposes).
Health and Well-being. When you use the App, you may choose to provide personal information about your health and well-being such as:
- Body temperature;
- Menstrual cycle dates;
- Various symptoms related to your menstrual cycle and health;
- Other information about your health (including sexual activities), well-being, and related activities, including personal life (collectively, “personal data”).
You also may give us the ability to import into the App personal data about your health and activities from third-party services. Such imported personal data may include sports activities, weight, calories burnt, heartbeat rate, number of steps/distance travelled, and other data related to your health. In order for us to process any personal data under this category we will explicitly ask your consent on the registration screen.
Personal data we may collect automatically
When you access or use the App, we may automatically collect the following information:
- Hardware model;
- Information about the operating system and its version;
- Unique device identifiers (e.g. IDFA);
- Mobile network information;
- Device storage information.
- IP address;
- Time zone;
- Information about your mobile service provider.
App usage data, including, among others:
- Frequency of use;
- Areas and features of our App you visit;
- Your use patterns generally;
- Engagement with particular features.
To collect this information, we may also send cookies to your mobile device or computer or engage other tracking technologies.
Data from external sources. We may use third-party tools that provide us some of your attribution data that we further utilise to customise and personalise your App experience. We may also use such data for statistical purposes and analytics.
How we use your personal data
We will process your personal data for the following legal reasons:
- Consent. We will require your permission to process the personal data that you provide on the registration screen or at any other appropriate moment if necessary;
- Contractual relations. We may need to process some personal data for making the App and its services available for access, installation and further use;
- Legitimate interest. Some of your personal data may be used to pursue commercial interests and wider societal benefits;
- Legal obligation. We may be obligated to process some of your personal data to comply with applicable laws and regulations.
Principles of processing
Data minimisation and purpose limitation. We will not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorised by you or collect any personal data that is not needed for the mentioned purposes. For any new purpose of processing we will ask your separate consent.
Your privacy rights
We are committed to ensuring that your personal data is accurate.
Correction of personal data
Please let us know if your personal data has been inaccurately recorded.
Restriction of Processing
You may request that the processing of your personal data be restricted, if you contest the accuracy of the personal data. The processing of your personal data will be restricted while we verify its accuracy.
Information rights and access to your personal data (including in portable form)
You have the right to access your personal data within the App.
Erasure of your personal data
You may request that your personal data be erased. However erasing personal data may affect your App experience.
Objection to the processing of your personal data and exercising your privacy rights
You may object to the processing of your personal data or exercise your privacy rights by contacting us at email@example.com. We will endeavour to adhere to your request within 30 days but it may take up to 90 days for full erasure.
Subject to applicable laws, you may have a right to lodge a complaint with your local data protection authority about any of our activities (related to your privacy rights, among others) that you think are not compliant with applicable law. However, if you think that we do something incorrectly, let us know first at firstname.lastname@example.org. We care about your privacy and want to make sure that we did everything to address any of your concerns.
Third parties processing your personal data
We will not share your personal data with any third parties except as specified below.
Processing to find new Flo users and stay in touch with you
We may share some of your non-health related personal data with a marketing platform, that handles the data found on our App, in accordance with our instructions. By using a marketing platform and its integrated partners we are able to reach you and people like you on various platforms and spread the word about the App to help more women to stay in control with their health and well-being. If we need to share your personal data with other platforms for purposes other than defined here, we will ask for your consent. If this is required by law, we will secure your consent to share your non-health related data with our marketing platform and its integrated partners.
To illustrate how we work with a marketing platform, below is a description of what is done:
- When you register your details on our App or website, we share the following personal data:
a) Technical identifiers: IP address (which may also provide general location information), User agent, IDFA (Identifier for advertisers), Android ID (in Android devices), Google Advertiser ID, Customer-issued user ID and other similar unique technical identifiers.
b) Your age group;
c) Your subscription status;
d) The fact of application launch.
- The Your Cycle App sends your data to the marketing platform which analyses this data and provides us reports and insights on how to optimise our promotional campaigns.
- The marketing platform sends your data to some of its integrated partners (e.g. Pinterest, Google Ads, Apple Search Ads, FB marketing network, and a couple of others) to find you or people like you on different platforms, including social media websites. These integrated partners analyse your data and show relevant information about the App to people who might be potentially interested in it or remind you about revisiting the App, if you stopped using it a while ago.
- This is how you and new users find out more about the Your Cycle App, get accurate cycle predictions, learn more about what to expect during their menstrual cycle and receive credible information about their health. You contribute to the growth of the Your Cycle community by providing your consent to use the app.
- You can withdraw your consent or opt-out, whatever applies in your case, from sharing of your personal data in accordance with this subsection anytime by using one of the following options:
- By contacting us at email@example.com;
- By adjusting your device settings in iOS or Android in order to stop sharing your IDFA or Android Advertising ID.
Processing to make the App run
We engage processors that perform particular operations with your personal data for us.
Processors are companies that help us run the App, support our communication with you or perform other App-related activities. They may process certain personal data on our behalf to accomplish the goals related to the App functions and associated activities. Processors act only in accordance with our instructions and process only such amount of personal data as we instruct them to process. We remain fully liable for any acts or omissions of our processors and undertake to execute formal data processing agreements with them to the extent required by applicable law.
Sometimes we may aggregate, anonymise or de-identify your personal data in such a way so that it cannot reasonably be used to identify you. Such data is no longer personal. We may share such data with our partners or research institutions. For example, we may share, including, without limitation, in articles, blog posts and scientific publications, general age demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users. Sharing such data contributes to the advancement of scientific research on women’s health.
Information posted by you
The App features community areas like Chat Rooms where users with similar interests can share information and support one another.
Any information (including personal data) you share in any online community area or online discussion is by design open to the App community. You should think carefully before posting any personal data in any public forum. What you post can be seen, disclosed to, or collected by third parties and may be used by others in ways we cannot control or predict, including to contact you for unauthorised purposes. Posting your personal data in Chat Rooms may violate the Chat Room Rules. If you mistakenly post personal data in our community areas and would like it removed, you can send us an email to request that we remove it.
We may also share some of your personal data in the following special circumstances:
- in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements);
- when disclosure is required to maintain the security and integrity of the App, or to protect any user’s security or the security of other persons, consistent with applicable laws. In such cases we may also delete some of your personal data (e.g. resetting your password to avoid unauthorised access);
- when disclosure is directed or consented to by the user who has input the personal data;
- in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.
Retention of your personal data
When you use the App
After you stop using the App
If you choose to delete the App or deactivate your account, or your account becomes inactive for a while, we will retain your personal data for a reasonable period in case you decide to re-activate the services. The App covers different periods of users’ lifecycle; therefore retention of your data is needed in some cases to secure your smooth experience with other App functions (e.g., switching to pregnancy mode after cycle tracking).
You should be aware that we may retain certain personal data and other information after your account has been terminated or deleted as necessary to comply with legal obligations, resolve disputes and enforce our agreements.
Security of your personal data
General security measures
We take all reasonable and appropriate measures to protect all personal data collected from loss, theft, misuse and unauthorised access, disclosure, alteration and destruction, taking into account the nature of the personal data that we process and risks associated with special categories of personal data we collect (information about health). Among others, we utilise the following information security measures to protect your personal data:
- Pseudonymisation and tokenisation of certain categories of your personal data;
- Encryption of your personal data in transit and in rest;
- Systematic vulnerability scanning and penetration testing;
- Protection of data integrity;
- Organisational and legal measures. For example, our employees have different levels of access to your personal data and only those in charge of data management get access to your personal data and only for limited purposes required for the operation of the App. We impose strict liability on our employees for any disclosures, unauthorised accesses, alterations, destructions, misuses of your personal data.
- Conducting periodical data protection impact assessments in order to ensure that the App fully adheres to the principles of ‘privacy by design’, ‘privacy by default’ and others. We also commit to undertake a privacy audit in the event of the Company’s merger or takeover.
You can help keep your information secure by choosing and protecting your password appropriately, not sharing your password and preventing others from using your mobile device. No security system is perfect and, as such, we cannot guarantee the absolute security of the App, or that your information will not be intercepted while being transmitted to us.
If you want to report a security incident related to the App please contact us at firstname.lastname@example.org.
General age limitation. We are committed to protecting the privacy of children. The App is not intended for children and we do not intentionally collect information about children under 16 years old. The App does not collect personal data from any person the Company actually knows is under the age of 16. If you are aware of anyone under 16 using the App, please contact us at email@example.com and we will take the required steps to delete such information and (or) delete the account.
Communication with you
We may contact you from time to time via email or through other means (like popups or push notifications) to communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information that we think will be of interest to you.
Opt-out options. You can always opt out of receiving emails by unsubscribing via the “Unsubscribe” link contained in the email. Opting-out of these emails or notifications will not end the transmission of important service-related emails that are necessary to your use of the App. If applicable laws prescribe so, we may ask some users to provide their consent for such communications.
Please note that we may contact you with our information about products, services, offers, promotions, rewards, and events offered by us and others via third-party platforms (like social media). You may also opt-out of communications.
Storage and international personal data transfers
The Company is based in New Zealand. The personal data we collect is governed by laws in either of these jurisdictions. The laws governing New Zealand may differ from the laws of other jurisdictions.
In these policy statements, “company”, "we", "us" and "our" means Freya Ltd, t/a Your Cycle Pty Ltd. We are the controller of personal information collected on our website.
Cookies are small text files that websites place on your computer or other device. They enable the website to recognise your device the next time you visit. Web beacons, pixels and other similar files can do the same thing. In this policy, “cookie” means all files that operate in this way.
When you browse our website, cookies are placed on your device by us and by other companies contracted by us. They collect aggregate information on how visitors arrive at and use our site, the devices they are using, their IP addresses, what pages they are viewing and their approximate locations (e.g. Sydney, Auckland etc). They also serve the more specific purposes stated below.
- Your Cycle Cookies
(a) Recognition: Cookies identify visitors who have already established an account with us.
(b) Website performance: Cookies are essential for the cart function on our site. Without them it would not be possible to place a product in your cart and proceed to checkout. Cookies also help us map pathways our visitors use to navigate our site, enabling us to improve those journeys and identify site malfunctions.
(d) Fraud prevention: Cookies can help us monitor suspicious activity on our site and prevent fraud.
(e) Personalisation: Cookies enable us to understand which products may be of interest to a visitor and provide a more personalised browsing experience on future visits. This information also enables us to make our direct marketing communications and our advertising on other websites more relevant to the recipient.
- Third Party Cookies
- Use of pixels in emails
Our emails often contain a single, campaign-unique “web beacon pixel” to tell us whether, and how many times, our messages are opened and to verify any clicks through to links or advertisements. We use this information to generate aggregate statistics on which of our emails are more interesting to recipients and their degree of engagement with our website.
The pixel will be deleted when you delete the email. If you do not wish the pixel to be downloaded to your device, you should select to receive emails from us in plain text rather than HTML. Depending on which email software you are using, this option may be available in your settings.
- How to manage cookies on your device
Web browsers offer ways to configure your cookie settings - see allaboutcookies.org. Your browser may also enable you to open a browsing window that isolates your browsing history and limits or blocks the way cookies operate on your device. Different browsers have different names and variations of this function – e.g. “Private Window” in Apple Safari and Firefox, “Incognito Window” in Google Chrome, and “InPrivate” in Microsoft’s Internet Explorer.
As noted in 2(b) above, you will need to accept our cookies in order to be able to use the cart function on our website and proceed to checkout.
- Your consent to our cookies
When you visit our website, a banner will display at the bottom of the page stating “Accept our cookies”.
This policy is effective from 1 September 2021. Any changes will be posted on this page. If changes are significant, we may choose to notify you by email or to clearly indicate on our home page that the policy has been updated.
If you have any questions or concerns about your privacy, you may contact us at:
Freya Ltd t/a Your Cycle Pty Ltd
Australia: Unit A2/35 39 Bourke Rd Alexandria 2015 Australia NSW;
New Zealand: PO Box 21080 , Rototuna , Hamilton , 3256Email: firstname.lastname@example.org