Last updated on 18.04.2022
Reflectly ApS ("Reflectly", "Memorado", "we", "our" or "us") are committed to respecting your privacy and processing personal data in accordance with the EU GDPR.
|Personal Data Descripion||Processing Purpose||Lawful Basis|
|Name, nickname, email and subscription status||
*By ticking the box you consent to Newsletters from both the Reflectly app and/or Glass Half Full (a news platform controlled by us).
To revoke your consent click 'Unsubscribe' at the bottom of one of our emails.
|Profile photo||To provide you with a more personalised service.||We require your consent.|
|Moods, associated activities, feelings and additional photos, notes, text and voice notes detailing mental health, moods or related thoughts (the "Mental Health Data”)||To provide a mood journal that contains relevant content, stores entries, compiles data and presents statistics||We require your explicit consent to process the health data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by marking a tick in the requisite box at sign up or the update notice.|
|Fingerprint or facial authentication (the "Biometric Data”)||To provide security and privacy.||We require your explicit consent to process the biometric data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by affirmatively clicking that you allow us to access the data when prompted.|
|Geo-location data||We may ask to access your geo-location data and with your help, attribute data to key locations. This will allow us to automate features such as journaling, habit tracking and health data aggregation or monitoring.||We require your consent.|
|Data relating to exercise, mindfulness, sexual activity, sleep, physique, nutrition, heart rate, blood pressure and other data supported by Apple Health (the "Apple Health Data”)||
||We require your explicit consent to process the Apple Health Data. It constitutes a special category of personal data under the GDPR, which by default is prohibited save for certain exceptions including explicit consent. Explicit consent is given by affirmatively clicking that you allow us to read and write data when prompted.|
|Calendar data from the terminal device||To automatically integrate Calendar events.||
We require either your consent, or explicit consent depending on the calendar event. If the event relates to a special category of personal data such as health or religious belief (i.e. medical appointments or church service) explicit consent is required.
Explicit Consent is one of the limited exceptions to the prohibition of processing special category personal data under the GDPR.
Both consent and explicit consent, whichever is required, can be given by affirmatively clicking that you allow us to access the data when prompted.
Some of the Apps may not collect every category of personal data listed above. This will be clear if and when it applies (e.g. if not asked for your email address, it is not being collected).
We process some of your personal data because it is necessary for the performance of a contract we have with you or it is necessary prior to entering into such a contract. If you do not wish to provide a nickname or email for example, we cannot create your account and you will be unable to avail of certain features. It should be noted, however, that not every app will process this data.
It is important that the personal data we have in relation to you is current and accurate. If your personal data (e.g. email address) changes during our relationship please inform us promptly. If, for whatever reason, your personal data is inaccurate or incomplete you have the right for this to be corrected or completed.
Although some of our Apps do not directly prompt or encourage you to input health data, you may wish to still provide such data. Often this data is not collected for storage or any other purposes, but instead, stored locally on your device terminal. The same applies to our expenditure and budgeting apps, despite the fact health spending may exist as a default spending category.
We are committed to the principle of storage limitation and will retain your personal data for no longer than is necessary to fulfil our processing purposes. Following account deletion, revocation of consent or a written deletion request, your personal data will be retained for no longer than 30 days, save for certain instances where legal obligations require longer retention periods.
We will also anonymise some personal data so it will no longer be associated with you. In this event we are entitled to retain and use the information freely.
In order to provide you with our services, carry out our activities and to comply with legal obligations, we share your personal data with certain third parties such as:
To provide storage and email newsletters we transfer your data to our partners outside the EU. We are committed to ensuring your personal data is protected when transferring to third countries without an adequate level of protection, namely the U.S.
In light of the EU-US Privacy Shield being invalidated, Standard Contractual Clauses are now relied on. Reflectly acknowledges the comments in Schrems II that additional safeguards may be needed to supplement such clauses. We are currently assessing our transfers and working with our partners to implement safeguards, along with the updated Standard Contractual Clauses.
We have implemented appropriate technical and organisational security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to. These measures include encryption and pseudonymisation. Access to your personal data is granted strictly on a need to know basis and we have carefully selected our service providers with security considerations in mind.
You have several rights in relation to your personal data, these include the right to:
If you wish to exercise any of these rights, please contact us. We may request proof of identification to verify your request.
If you think we have infringed your rights under data protection legislation, you have the right to lodge a complaint. When making your complaint, the relevant supervisory authority is the one in the country:
The right to lodge a complaint is without prejudice to any other administrative or judicial remedy you may have. The contact information for the Danish Data Protection Agency is provided below.
Carl Jacobsens Vej 35
+45 33 19 32 00
You must be at least 13 years of age to use any of the Apps.
If you wish to get in contact with us please email firstname.lastname@example.org or write to us at Balticagade 14B, 8000 Aarhus C, Denmark.
DPO email: email@example.com