Dated 9th November 2022
This policy is outlined in the following sections:
- Important Information and Who We Are
- The Data We Collect About You
- How Is Your Personal Data Collected?
- How We Use Your Personal Data
- Disclosures Of Your Personal Data
- International Transfers
- Data Security
- Data Retention
- Your Legal Rights
Important information and who we are
CupArise is a CIO registered with the UK Charities Commission with charity number 1200402 and is the controller and is responsible for your personal data (collectively referred to as “we”, “us” or “our” in this policy).
What is Mami?
Mami is a mobile app and SMS service that helps women living in Nigeria identify breast cancer symptoms and then connect with care. It is developed by CupArise CIO, a registered charity in England and Wales (Registration number 1200402).
Who can use Mami?
Adults aged 18 years old and above.
Mami is a software developed by CupArise CIO. CupArise CIO is an organisation focused on improving the breast health awareness of the public. We are not a healthcare or medical device provider, nor should CupArise CIO, our programmes and information provided on our website or platform such as Mami, or social media handles, podcasts be deemed as medical advice.
This is not a medical or diagnostic test. Any medical information referred to in or through either our mobile application, page or website is given as information only and is NOT intended:
- As medical diagnosis or treatment.
- To replace consultation with a qualified medical practitioner.
- To advocate or recommend purchasing any product or to endorse or guarantee the credentials or appropriateness of any health care provider.
We strongly recommend that you consult a healthcare professional for specific advice about your situation.
The content, resources, and recommendations on our websites, Mami app and social media platforms, are meant for information purposes only and are not a substitute for professional medical advice. We make no representations and claims that our services and website provide a therapeutic or health-related benefit, and we make no representations or warranties about the suitability, accuracy and completeness of the services and website. You agree to assume full responsibility for your actions and decisions, and we are neither responsible nor liable for any consequences having read this. Before going forward, make sure to read the rest of our Terms and Conditions.
Our full details are:
- Full name of legal entity: CUPARISE CIO
- Email address: email@example.com
Postal address: CUPARISE 4th Floor, 18 St. Cross Street, London, EC1N 8UN.
This version was last updated on the date at the top of this policy. It may change and if it does, these changes will be posted on this page and, where appropriate, notified to you. The new policy may be displayed on-screen, and you may be required to read and accept the changes to continue your use of the App or the Services.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
Third party links
Our App may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services.
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you as follows:
How is your personal data collected?
We will collect and process the following data about you:
- Information you give us. This is information you give us about you by filling in forms on the App or using the App, or by corresponding with us (for example, by email or chat). It includes information you provide when you register to download or register an App, share data via the App’s social media functions, details of your marketing and communications preferences, information provided when you enter a competition, promotion or survey, data when you use the messaging function of the App and when you report a problem or request support for our App, our Services, other users of the App. If you contact us, we will keep a record of that correspondence. This may also include telephone calls, emails and post. We may monitor (which may include recording) certain interactions between us in order to comply with any legal obligations, to detect fraud or criminal activity as well as for training purposes.
- Information we collect about you and your device. Each time you use our App we will automatically collect personal data including Device, Content and Usage Data.
- Location Data. We plan to use GPS technology to determine your current location. Some of our location-enabled Services require your personal data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.
- Information we receive from other sources including third parties and publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Device Data from the following parties:
analytics providers such as Google and Apple based outside the EU;
search information providers such as Google based inside and outside the EU.
- Identity and Contact Data from social media services as part of our customer verification and anti-fraud measures
- Log in authentication for assisting in authenticating you such as Twilio, or Google login .
Unique application and device numbers. When you want to install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates or when you agree to receive push notifications, that number and information about your installation, for example, the type of operating system, may be sent to us and used to send push notifications to your device.
How we use your personal data
We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:
- Where you have consented before the processing. We will usually only ask for your consent to process data or when we would like to provide marketing information to you (including information about other products and services). Without your consent, in some circumstances, we may not be able to provide you with and you may not be able to benefit from some of our services.
- We will also ask for your consent when collecting and using information you allow us to receive through your device (such as Content Data, GPS location), so we can provide the features and services described when you enable the settings.
- Where we need to perform a contract we are about to enter or have entered with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with any legal claim or where we want to pursue any legal claims ourselves
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Purposes for which we will use your personal data
|Purpose/activity||Type of data||Lawful basis for processing|
|To install the App and register you as a new App user and to help verify your identity||Identity Contact Device Location Data||Your consent Performance of a contract with you|
|To manage our relationship with you including your use of the App, notifying you of changes to the App or any Services and to enable us to send you push notifications, and location services.||Identity Contact Profile Marketing and Communications Log Data Device Data Content Data Usage Data Location Data Messages||Your consent Performance of a contract with you Necessary for our legitimate interests (to keep records updated and to analyse how stakeholders use our products/ Services, to manage the Services and App, to notify you of security concerns and issues and deal with complaints from others) Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions)|
|To enable you to participate in a prize draw, competition or complete a survey||Identity Contact Device Profile Marketing and Communications||Your consent Performance of a contract with you Necessary for our legitimate interests (to analyse how customers use our Services and to develop and improve them and the App) We will use survey information for the purposes described when we collect the data (although we may use anonymised data from the survey in order to undertake research and trends) If you have consented to us contacting you in relation to a survey, we may do so. For prizes and competitions, we may contact you in connection with the administration of those competitions.|
|To administer and protect our organisation and this App including troubleshooting, data analysis and system testing||All categories of data||Necessary for our legitimate interests (for running our organisation, provision of administration and IT services, network and app security) and to safeguard our users, to test and upgrade our App, Services and processes Your consent where this is required by law|
|To deliver content and advertisements to you To make recommendations to you about goods or services which may interest you To measure and analyse the effectiveness of the advertising we serve you||Identity Contact Device Content Profile Usage Marketing and Communications Location||Your consent for marketing activities|
|To enable our staff to provide helpline services and other support To provide customer services||Identity Contact Device Content Profile Usage Marketing and Communications Location Messages||Your consent Necessary for our legitimate interests (to develop our Services and App and grow our organisation)|
|For research and analytical purposes to help improve our App and Services||All categories of data||Necessary for our legitimate interests (to develop our Services and App and grow our organisation) Consent for Location Data and other data where your consent is required to process this data for this purpose.|
|Fundraising and Donations and to transact with you whether paid or unpaid||Identity Contact Transaction Financial||Consent Our legitimate interest (in raising funds for our organisation) Contract|
Disclosures of your personal data
We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request, if you have consented to this, to protect our rights and property and the rights, safety and property of others (provided we comply with data protection law).
We may also transfer your personal data to a third party we have appointed to provide services to us on our instructions which we refer to as External Third Parties as set out in the [Glossary].
If we reorganise our business as we may need to transfer information about you to another member of our group so that we can continue to provide the Service to you.
All information you provide to us is stored on secure cloud servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We will collect and store personal data on your Device using application data caches and browser web storage (including HTML5) and other technology.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us. In most cases, we will keep your information for three years after our relationship with you ends but where we have a contract with you, we will keep it for at least 6 years. It will vary depending on what data we hold, why we hold it and what we are obliged to do by law. Further details of our data retention policies can be obtained by writing to the address above.
In most cases, we will keep your information for three years after our relationship with you ends but where we have a contract with you, we will keep it for at least 6 years. It will vary depending on what data we hold, why we hold it and what we are obliged to do by law. Further details of our data retention policies can be obtained by writing to the address above. We are implementing end to end encryption for our messaging service and once this is enabled we will delete any of your user to user messages that we process so as to improve privacy of your messages.
In some cases, such as if there is a dispute or a legal action affecting the information we may need or be required to keep personal information for longer.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data for at least 6 years.
In some circumstances you can ask us to delete your data: see [Your legal rights] below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
In the event that you do not use the App for a period of time then we may treat the account as expired and your personal data may be deleted.
Your legal rights
Under certain circumstances you have the following rights under GDPR (prior to 31 December 2020 and the Data Protection Act 2018 from 1 January 2021) in relation to your personal data.
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer or your personal data.
- Right to withdraw consent.
You also have the right to ask us not to continue to process your personal data for marketing purposes.
You can exercise any of these rights at any time by contacting us at firstname.lastname@example.org.
Postal address: CUPARISE, 4th Floor 18 St. Cross Street, London, EC1N 8UN.
©CupArise 2022. All rights reserved. Registered Charity in England and Wales (1200402).