SLEEP HAPPIER
We are committed to continuously improve the sleep experience of individuals across the globe in a manner that respects, perseveres, and protects privacy and personal data. The protection of your personal data is important to us, and we want you to feel safe when using our app.
This Privacy Policy (“Policy”) shall inform you about the collection, processing, and utilization of your personal data when you use the Emma Up (“app”) and services provided by Emma Sleep GmbH (“Emma Sleep”, “we” or “us”).
Should you have any concerns or inquiries about how we are handling your personal data, you may reach out to our data protection officer by contacting us through [email protected] or by sending us a letter addressed to “Data Protection Officer”.
1. Identity and contact details of the controller
Controller as per the EU and UK General Data Protection Regulation (GDPR) is:
Emma Sleep GmbH
Wilhelm-Leuschner-Str. 78
60329 Frankfurt am Main, Germany
2. Collection and processing of personal data
We collect and process your personal data to provide our app services to you. When visiting and using the app, your personal data which your device transmits to our server is automatically saved. In order to fulfill technical requirements for you to use the app and provide for security purposes, the following data may be saved: IP address, date and time of your visit, time zone different to Greenwich Mean Time (GMT), content of the query (specific site visited), access status / HTTP status code, amount of transferred data, operating system, device and its user interface.
The types of data mentioned above gets processed for our legitimate interests and to ensure you a smooth and comfortable use of the app and to evaluate system security and stability, as well as for other administrative purposes. We will process these data for security reasons and for protection against intrusions under the legal basis of Art. 6(1)(f) GDPR.
When you visit and use the app, the data mentioned above is automatically recorded without your intervention and stored until it is manually deleted. If you don’t want the above data to be collected, we will be unable to allow you access to the app without such data.
When you download and use the app and engage in certain functions, such as registering for an account or responding to surveys and questionnaires, we may ask you to provide certain personal data, such as your username or email address, and health data (concerning your sleep habits, etc.). Please note that health data fall within the special categories of data pursuant to Article 9 of the GDPR, and that these data will only be processed on the basis of your express consent (Art. 6(1)(a) GDPR).
Technologies such as pixels and cookies are used by us and our service providers to make the app experience as user-friendly as possible and to allow you to make use of certain functions. Depending on the kind of tool or service, we use these on the legal basis of our legitimate interests (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR).
These technologies are used in analyzing app trends, usage, and demographics among others. Further information about the personal data we may collect from you varies depending on the service provider we use. The details for each service provider are listed below in section 5.
3. Data storage and retention
We retain your personal data for no longer than is necessary for the purposes stated in this Policy. In the event we do not need your information in order to provide the service to you, we will retain it only for so long as we have a legitimate business purpose in keeping such data under applicable laws and regulations.
We may collect, store, process, disseminate or use your personal data in a manner that causes it to be transferred to accessed from computer systems owned or operated by or on behalf of us. Your personal data may be transferred and stored in the United States of America through our service providers.
Your personal data will be retained in accordance with local legal and regulatory requirements applicable to the country you are using the website from, and subject to our data retention obligations. We keep your personal data for the period of the user relationship with you or for the legally required period after termination of such relationship in order to defend our legal claims, to protect and enforce our rights, or to comply with laws and regulations.
4. Your rights as a data subject
You have the following rights under the GDPR with respect to the personal data concerning you:
If you feel that we have not responded in an appropriate manner to your complaints or you have further concerns, you have the right to complain to the relevant data protection authority.
The responsible authority for us in Austria is the Österreichische Datenschutzbehörde.
The responsible authority for us in Germany is the Hessische Beauftragte für Datenschutz und Informationsfreiheit.
The responsible authority for us in the Netherlands is the Autoriteit Persoonsgegevens .
The responsible authority for us in the United Kingdom is the Information Commissioner's Office (“ICO”).
For inquiries regarding your rights as a data subject, you can direct to us through [email protected] or by post to the Controller’s postal address.
5. Transfers and categories of recipients of personal data
We share your personal data to our service providers to help us ensure the functionality of the app. We may also share information with our analytics service providers to help us for the optimization of the app. Within the scope of our activities and services, it may become necessary for us to disclose the personal data stored about you to natural persons, legal entities, or public authorities. We may share your personal data as described in this Policy to comply with our legal obligations and to protect and defend our rights.
To provide a smooth experience for you, we may disclose your personal data from time to time with our contracted service providers (“processor” or “processors”). We execute contracts with our service providers, to ensure that they may only process your personal data in a way that we have explicitly instructed them to do so. Furthermore, we ensure that our service providers take the necessary technical and organizational measures to process your data securely and store your personal data only for as long as necessary.
External service providers who may receive personal data generally fall into the following categories of recipients:
· Emma Sleep GmbH’s subsidiaries and affiliates
· IT service providers to maintain our IT infrastructure
· Service providers for the optimization of the app services and functions
If your personal data is processed and transferred to third countries outside the European Economic Area (“EEA”) and United Kingdom, we will ensure that your personal data is processed in accordance with your country’s data protection level. In the absence of an adequacy decision, we only transfer data to service providers from third countries that offer suitable guarantees and put the appropriate data processing agreements and standard contractual clauses in place.
To be able to run the app and provide you a seamless experience, we engaged the following service providers listed below. When you choose to use the app, we may transfer your personal data to our service providers in the United States of America, where these services are hosted.
(1) Amazon Web Services RDS
We use Amazon Web Services – Redshift, as our backend database and is provided by Amazon Web Services Inc., which is based in 410 Terry Ave N Seattle, WA, 98109-5210 United States, to enable services related to setup, manage and manipulate databases in cloud.
You can reach out to the data protection officer of the processing company through https://console.aws.amazon.com/support/home .
(2) Amazon Web Services Cognito
We use Amazon Web Services – Cognito, as our user data database and is provided by Amazon Web Services Inc., which is based in 410 Terry Ave N Seattle, WA, 98109-5210 United States, to enable services related to user identification and data synchronization in app.
You can reach out to the data protection officer of the processing company through https://console.aws.amazon.com/support/home.
(3) Mixpanel
We use Mixpanel, an online analytics service provided by Mixpanel, Inc. which is based in 405 Howard Street San Francisco, CA 94105 United States, to enable services related to the operation and internal analytics and reporting of the App.
You can reach out to the data protection officer of the processing company through [email protected].
(4) RevenueCat
We use RevenueCat which is operated by RevenueCat, Inc., which is based in 1032 E Brandon Blvd #3003 Brandon, FL 33511 United States, to enable services related to in-app subscription management.
You can reach out to the data protection officer of the processing company through [email protected].
(5) Typeform
We use Typeform, an online form and questionnaire service provided by TYPEFORM SL which is based in Bac de Roda, 163 Barcelona 08019, to enable services related to the sleep feature of the app.
You can reach out to the data protection officer of the processing company through [email protected].
(6) Mailchimp
We use Mailchimp, a customer relationship management tool provided by The Rocket Science Group, LLC which is based in 675 Ponce de Leon Ave NUE Suit 5000 Atlanta, GA 30308, for email marketing purposes such as product feedback and newsletters.
You can reach out to the data protection officer of the processing company through [email protected].
6. Third Party Terms and Conditions
Our Privacy Policy does not apply to products and services offered by a third party. Our products and services may include third parties’ products, services, and links to third parties’ websites. When you use such services, they may collect your personal data. As such, we recommend reading the processors’ privacy policies linked above.
7. Updates to this Privacy Policy
We keep this Privacy Policy under regular review and may update this Privacy Policy from time to time to reflect the changes in our services. We encourage you to read and/or review this Privacy Policy periodically for the latest updates on our privacy practices.