PRIVACY POLICY
Madit Story
1. Introduction
Madit Story is respecting your privacy. The Privacy Policy set out in this document relates to all websites and mobile applications owned or controlled by Madit Story at any given time. The applications are subject to change but set out in the developer pages on the Apple Store and on the Google Play Store. Collectively they will be referred to as "the Apps" and will include any alternative means of offering or delivering our software and services provided in the future. Certain parts of the Privacy Policy will only relate to some of the websites, the Apps or app categories. The Privacy Policy should be read carefully to discover how we obtain, process, store and disclose your personal data. The policy also sets out your rights as a data subject.
2. Personal data
Purpose and Lawful BasisPersonal Data:
Account Information (e.g. nickname, email and subscription status)
Processing Operation and Purpose:
Processing Operation and Purpose:
To allow you to upload a profile photo, creating a more personalised service.
Personal Data:
Moods, associated activities, feelings and additional photos, notes, text and voice notes detailing mental health, moods or related thoughts (the "Mental Health Data")
Processing Operation and Purpose:
To provide a mood journal that contains relevant content, stores entries, compiles data and presents statistics.
Lawful Basis:
We require your explicit consent to process the health data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by marking a tick in the requisite box at sign up or the update notice.
---
Personal Data:
Fingerprint or facial data (the "Biometric Data")
Processing Operation and Purpose:
If enabled, your fingerprint or facial data will be used to confirm your identity for the sole purpose of protecting in-app data against unauthorised access. The Apps simply avail of the authentication system provided by your mobile phone. You may have provided your Biometric Data upon setting up your mobile phone, we have no access to this.
When a user attempts to access the Apps, the authentication system will collect fresh Biometric Data to cross authenticate against the Biometric Data stored on your mobile phone. We do not store this fresh Biometric Data, it is processed by your mobile phone operator for the sole purpose of authentication.
Lawful Basis:
We require your explicit consent to process the Biometric Data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by affirmatively clicking that you allow the App to process the data when prompted.
---
Personal Data:
Data relating to exercise, mindfulness, sexual activity, sleep, physique, nutrition, heart rate, blood pressure and other data supported by Apple Health (the "Apple Health Data")
Processing Operation and Purpose:
To monitor your health more effectively by allowing us to write data.
To provide your health data in an easy to read graphical format, and to track your progress.
Lawful Basis:
We require your explicit consent to process the Apple Health Data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by affirmatively clicking that you allow us to read and write data when prompted.
---
Personal Data:
Calendar data from the terminal device
Processing Operation and Purpose:
To automatically integrate Calendar events.
Lawful Basis:
We require either your consent, or explicit consent depending on the calendar event. If the event relates to a special category of personal data such as health or religious belief (i.e. medical appointments or church service) explicit consent is required.
Explicit Consent is one of the limited exceptions to the prohibition of processing special category personal data under the GDPR.
Both consent and explicit consent, whichever is required, can be given by affirmatively clicking that you allow us to access the data when prompted.
---
Personal Data:
Processing Operation and Purpose:
To provide Newsletters with exclusive content and inform you of offers, depending on whether you are a Subscriber or Non-subscriber.
To create an account, allowing you to back up content and for the Madit Story to manage your subscription.
To provide access to Premium features if a subscription is purchased.
To notify you about material changes to the Terms of Service and Privacy Policy.
Lawful Basis:
We require your consent*.
Necessary for the performance of a contract we have with you.
Necessary for the performance of a contract we have with you.
Necessary to comply with legal obligations.
*By ticking the box you consent to Newsletters from Madit Story.
To revoke your consent click 'Unsubscribe' at the bottom of one of our emails.
To create an account, allowing you to back up content and for the Madit Story to manage your subscription.
To provide access to Premium features if a subscription is purchased.
To notify you about material changes to the Terms of Service and Privacy Policy.
Lawful Basis:
We require your consent*.
Necessary for the performance of a contract we have with you.
Necessary for the performance of a contract we have with you.
Necessary to comply with legal obligations.
*By ticking the box you consent to Newsletters from Madit Story.
To revoke your consent click 'Unsubscribe' at the bottom of one of our emails.
---
Personal Data:
Personal Data:
Photo
Processing Operation and Purpose:
To allow you to upload a profile photo, creating a more personalised service.
Lawful Basis:
We require your consent.
---
---
Personal Data:
Moods, associated activities, feelings and additional photos, notes, text and voice notes detailing mental health, moods or related thoughts (the "Mental Health Data")
Processing Operation and Purpose:
To provide a mood journal that contains relevant content, stores entries, compiles data and presents statistics.
Lawful Basis:
We require your explicit consent to process the health data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by marking a tick in the requisite box at sign up or the update notice.
---
Personal Data:
Fingerprint or facial data (the "Biometric Data")
Processing Operation and Purpose:
If enabled, your fingerprint or facial data will be used to confirm your identity for the sole purpose of protecting in-app data against unauthorised access. The Apps simply avail of the authentication system provided by your mobile phone. You may have provided your Biometric Data upon setting up your mobile phone, we have no access to this.
When a user attempts to access the Apps, the authentication system will collect fresh Biometric Data to cross authenticate against the Biometric Data stored on your mobile phone. We do not store this fresh Biometric Data, it is processed by your mobile phone operator for the sole purpose of authentication.
Lawful Basis:
We require your explicit consent to process the Biometric Data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by affirmatively clicking that you allow the App to process the data when prompted.
---
Personal Data:
Data relating to exercise, mindfulness, sexual activity, sleep, physique, nutrition, heart rate, blood pressure and other data supported by Apple Health (the "Apple Health Data")
Processing Operation and Purpose:
To monitor your health more effectively by allowing us to write data.
To provide your health data in an easy to read graphical format, and to track your progress.
Lawful Basis:
We require your explicit consent to process the Apple Health Data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by affirmatively clicking that you allow us to read and write data when prompted.
---
Personal Data:
Calendar data from the terminal device
Processing Operation and Purpose:
To automatically integrate Calendar events.
Lawful Basis:
We require either your consent, or explicit consent depending on the calendar event. If the event relates to a special category of personal data such as health or religious belief (i.e. medical appointments or church service) explicit consent is required.
Explicit Consent is one of the limited exceptions to the prohibition of processing special category personal data under the GDPR.
Both consent and explicit consent, whichever is required, can be given by affirmatively clicking that you allow us to access the data when prompted.
---
Personal Data:
Demographic group and general goals
Processing Operation and Purpose;
To automatically generate App recommendations associated with the selected demographic or goal when a User signs up via the Madit Story website.
Lawful Basis:
Processing is necessary for the mutual legitimate interest for Apps to be suggested to you.
Processing Operation and Purpose;
To automatically generate App recommendations associated with the selected demographic or goal when a User signs up via the Madit Story website.
Lawful Basis:
Processing is necessary for the mutual legitimate interest for Apps to be suggested to you.
---
Personal Data:
Payment details
Processing Operation and Purpose:
To allow purchases to be made through the Madit Story website using card payment, and services that are provided directly in any our app.
Lawful Basis:
Necessary for the performance of a contract we have with you.
Personal Data:
Payment details
Processing Operation and Purpose:
To allow purchases to be made through the Madit Story website using card payment, and services that are provided directly in any our app.
Lawful Basis:
Necessary for the performance of a contract we have with you.
---
Some of the Apps or websites may not process every category of personal data listed above. This will be clear if and when it applies (e.g. if not asked for your email address, it is not being processed).
Necessary for performance of contract
We process some of your personal data because it is necessary for the performance of a contract we have with you or it is necessary prior to entering into such a contract. If you do not wish to provide a nickname or email for example, we cannot create your account and you will be unable to avail of certain features. It should be noted, however, that not every app will process this data.
Changes to Personal Data
It is important that the personal data we have in relation to you is current and accurate. If your personal data (e.g. email address) changes during our relationship please inform us promptly. If, for whatever reason, your personal data is inaccurate or incomplete you have the right for this to be corrected or completed.
Unprompted Health Data
Although some of our Apps do not directly prompt or encourage you to input health data, you may wish to still provide such data. Often this data is not collected for storage or any other purposes, but instead, stored locally on your device terminal. The same applies to our expenditure and budgeting apps, despite the fact health spending may exist as a default spending category.
Some of the Apps provide the option to back up your data with iCloud, for more information on how Apple processes your personal data see Apple's Privacy Policy. The option to synchronise data across devices using Google Drive or Dropbox may also be provided, please refer to their privacy policies:
https://www.apple.com/legal/privacy/en-ww/
https://policies.google.com/privacy#whycollect
https://www.dropbox.com/en/privacy
3. Automatic Collection, Retention and Sharing
Automatic Collection, Retention and Sharing
Device and Usage information automatically collected
In conjunction with our partners we automatically collect and log certain information stored on your terminal device ("Device Data") including device type, operating system specification, network settings, unique device identifier and IP address. “Usage Data” is collected and logged to discover how the Apps are used and which features are popular, it includes data relating to the time you are active, purchases and the features, buttons or screens you interact with. This helps to inform and improve our direction and development. We rely on our legitimate interest of measuring and analysing app usage to further inform development and improve the overall user experience.
Our Analytics providers may by default use IP addresses to determine your general non-specific location. Among other things, this allows geographic sorting and protects us and our apps against misuse and nefarious activity.
Retention of Personal Data
We are committed to the principle of storage limitation and will retain your personal data for no longer than is necessary to fulfil our processing purposes. Following account deletion, revocation of consent or a written deletion request, your personal data will be retained for no longer than 30 days, save for certain instances where legal obligations require longer retention periods.
We will also anonymise some personal data so it will no longer be associated with you. In this event we are entitled to retain and use the information freely.
Sharing with Third Parties
In order to provide you with our services, carry out our activities and to comply with legal obligations, we share your personal data with certain third parties such as:
cloud storage providers, to help us securely store and back-up your data. To be able to provide these services, the providers receive your Account Information; Photo (if provided); and the Mental Health Data. The providers we currently use are located in different countries
analytics providers, who assist us in the improvement and optimisation of the App. To be able to provide these services, the providers receive Device Data and Usage Data. We currently use a provider located indifferent countries.
newsletter and mailing providers, to enable us to generate and send newsletters to you if you have subscribed. To be able to provide this service, the providers receive your Account Information. The providers we use could be located at any country.
payment providers, who execute card payments for purchases made on the Madit Story website. To do this, the providers receive your payment details and Account Information. The provider we currently use is located in different countries.
subscription infrastructure platforms, who facilitate the offering of in-app subscriptions. In doing so they receive your Account Information. The platform we are currently using is located in different countries.
cookie consent management platforms, who assist us in managing and implementing your preferences when you visit our websites. The platforms receive automatically collected device information to provide this service. The platform we are currently using is located in different countries.
law enforcement authorities, government authorities, government bodies and the courts where they request it and disclosure is lawful. (e.g. prevention and detection of crime). The meaning of "different countries" is that for particular app or website could be used by different providers due to different reasons including geopolitical.
4. International Data Transfers
To provide storage and email newsletters we transfer your data to our partners worldwide.
In light of the EU-US Privacy Shield being invalidated, Standard Contractual Clauses are now relied on. Madit Story acknowledges the comments in the Schrems II decision that additional safeguards may be needed to supplement such clauses. We are currently assessing our transfers and working with our partners to implement safeguards, along with the updated Standard Contractual Clauses.
5. Security
We have implemented appropriate technical and organisational security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to. Access to your personal data is granted strictly on a need to know basis and we have carefully selected our service providers with security considerations in mind.
6. Your Rights
General Rights
You have several rights in relation to your personal data, these include the right to:
Access a copy of the personal data we hold about you;
Correction or completion of any inaccurate or incomplete personal data;
Erasure (save for personal data necessary to comply with legal obligations or for the establishment, exercise or defence of legal claims);
Obtain a copy of your personal data in a portable format;
Restrict the processing of your personal data, in the following instances:-
You are contesting the accuracy of your personal data and we need time to verify it.
Processing has been found unlawful, but you oppose erasure.
You require the personal data for the establishment, exercise or defence of legal claims, but we no longer need it for our processing purposes.
You have objected to processing based on our legitimate interests and a final decision is pending.
Withdraw consent or explicit consent for specific processing;
Object to the processing of personal data based on our legitimate interests on the grounds that they are overridden by your interests or fundamental rights and freedoms;
Object to the processing of personal data for direct marketing purposes.
If you wish to exercise any of these rights, please contact us. We may request proof of identification to verify your request.
Complaint: Supervisory authority
If you think we have infringed your rights under data protection legislation, you have the right to lodge a complaint. When making your complaint, the relevant supervisory authority is the one in the country:
where you are habitually resident;
where you work; or
where the alleged infringement took place.
The right to lodge a complaint is without prejudice to any other administrative or judicial remedy you may have.
7. Age Requirements
You must be at least 13 years of age to use any of the Apps.
8. Cookies
We use cookies and other such tracking technologies ("Cookies") to remember certain details when a "User" visits some of the websites.
Cookies are small data files that transfer to the User's computer, phone, or other such device ( "Terminal Device") upon visiting some of the websites. Information is then obtained on the return visit. Cookies are stored locally on a Terminal Device for different periods, determined by their expiry date. Session Cookies are deleted once the browser is closed, while Persistent Cookies may remain on the Terminal Device until a given date.
Cookies can be categorised in two further ways: by the party that placed them ("Source"); and what they are used for ("Function").
1. Source
1st Party Cookies (placed by Madit Story)
3rd Party Cookies (placed by Third Party Vendors)
2. Function
Necessary Cookies
Preference Cookies
Statistics Cookies
Marketing Cookies
We require your consent to place Preference, Statistics and Marketing Cookies. When you visit some of our websites you will be asked for your cookie preferences by a Cookie Banner. These preferences can be changed at any time through the Cookie Settings window, accessed by clicking the black circular button at the bottom left corner of your display. For further information on the specific cookies used on a website please see the relevant Cookie Banner or Cookie Settings window.
Necessary Cookies
Necessary Cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
There is no option to use the site without Necessary Cookies and unlike the latter three categories, we do not need User consent. The Cookie Banner and Cookie Settings window will by default permanently enable these cookies.
Preference Cookies
Preference Cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistic Cookies
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing Cookies
Marketing cookies are used to track visitors across websites. The intention is to display advertisements that are relevant and engaging for the individual User and thereby more valuable for publishers and third party advertisers.
Disabling and Deleting Cookies
The current versions of Safari and Mozilla Firefox, by default, block third-party Cookies. For more information please refer to the following blog posts regarding Safari and Mozilla Firefox. If other Browsers, such as Google Chrome or Microsoft Edge are used, third-party Cookies can be blocked manually through the Browser settings.
The option may also exist in the Browser settings to block all Cookies, including strictly necessary ones. However, the websites may not work as intended, or at all. Most Browsers will allow the User to delete all Cookies or to delete them on an individual basis. The User should be aware that by doing so, their preferences for the websites may be lost. For instructions specific to a particular Browser, please refer to the online support pages provided by the Browser.
9. Contact
If you wish to get in contact with us please email stafua007+moneyPlanner@gmail.com
10. Changes to this Privacy Policy
We are constantly reviewing our Privacy Policy to ensure compliance with data protection legislation. Our apps are also constantly evolving and new features and services may change how we process your personal data. We may update this privacy policy as necessary. Changes take effect immediately after updates.
Last updated on November 30, 2023.
Коментарі
Дописати коментар