Mami® Privacy Policy
Introduction
At CupArise CIO (“we”) are committed to protecting your personal data and respecting your privacy. We strive to respect your privacy as well as the privacy of all users of our iOS and Android mobile application, Mami app (the “App”). This Privacy Policy describes how we collect, use, or disclose personal information we receive through our App (either by you or from third parties on your behalf). This policy also describes your choices about the collection and use of your information.
Please read this Privacy Policy carefully before you start to use our App.
Important information and who we are
CupArise is a CIO registered with the UK Charities Commission with charity number 1200402 and is the controller and is responsible for your personal data (“we”, “us” or “our”).
What is Mami?
Mami is a mobile app and SMS service that helps women identify breast cancer symptoms and then connect with care.
The App can be downloaded from the “Google Play Store” a service offered by Google LLC, or the Apple “App Store” a service of Apple Inc. Downloading it may require prior registration with the respective App store and/or installation of the respective App store software.
Third party links
Our App may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services.
The data we collect about you
We may collect, use, store and transfer different kinds of personal data about you as follows:
● Identity Data.
o Name
● Contact Data.
o Email
o Phone number
● Device Data
● Symptom Log Data
● Content Data
● Profile Data
● Usage Data
● Location Data
● Data contained in messages you send or receive via the app, email, SMS and bulk message service.
We also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data typically derives from personal data but is not considered personal data, as this data does not directly or indirectly reveal your Personal Data. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific App feature. However, if we combine or connect aggregated data with personal data it may be possible to directly or indirectly identify you. If we do, we treat the combined data as personal data in accordance with this privacy policy. Some of the Personal Data you provide may be considered Special Category Data. This includes data concerning your health, and in particular for the monthly reminders for breast self-exam, your start date of menstrual cycle, the duration of cycle, the duration of period and a log of breast cancer symptoms check. By choosing to provide this data, you consent to our processing of that data. It’s your choice whether to include Special Category Data and to make that Special Category Data public. Please do not upload or add data that you would not want to be available. The legal basis for the processing of your Special Category Data is your consent. You may withdraw your consent and request us to stop using and/or disclosing your Special Category Data by submitting your request to us.
How is your personal data collected?
We will collect and process the following data about you:
● Information you give us. This is information you give us about you by filling in forms on the App or using the App, or by corresponding with us (for example, by email or chat). It includes information you provide when you register to download or register our App, share data via the App’s social media functions, details of your marketing and communications preferences, information provided when you enter a competition, promotion or survey, data when you use the messaging function of the App and when you report a problem or request support for our App, our Services, other users of the App. If you contact us, we will keep a record of that correspondence. This may also include telephone calls, emails, and post. We may monitor (which may include recording) certain interactions between us to comply with any legal obligations, to detect fraud or criminal activity as well as for training purposes.
● Information we collect about you and your device. Each time you use our App we will automatically collect personal data including Device, Content and Usage Data.
● Location Data. We plan to use GPS technology to determine your current coarse location. Some of our location-enabled Services require your personal data for the feature to work. If you wish to use the particular feature, you will be asked to consent to your data being used for this purpose. You can withdraw your consent at any time by disabling Location Data in your settings.
● Information we receive from other sources including third parties and publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
● Device Data from the following parties:
analytics providers such as Google and Apple based outside the EU;
search information providers such as Google based inside and outside the EU.
● Identity and Contact Data from social media services as part of our customer verification and anti-fraud measures
● Log in authentication for assisting in authenticating you such as Twilio, or Google login.
● Unique application and Device ID. When you want to install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates or when you agree to receive push notifications, that number and information about your installation, for example, the type of operating system, may be sent to us and used to send push notifications to your device.
How we use your personal data
We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:
● Where you have consented before the processing. We will usually only ask for your consent to process data or when we would like to provide marketing information to you (including information about other products and services). Without your consent, in some circumstances, we may not be able to provide you with and you may not be able to benefit from some of our services.
● We will also ask for your consent when collecting and using information you allow us to receive through your device (such as Content Data, GPS location), so we can provide the features and services described when you enable the settings.
● When we process data, you provide to us based on your consent, you have the right to withdraw your consent at any time and to port that data you provide to us. To exercise your rights, see the How You Exercise Your Rights section of the Privacy Policy
● Where we need to perform a contract, we are about to enter or have entered with you.
● Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
● Where we need to comply with a legal or regulatory obligation.
● Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with any legal claim or where we want to pursue any legal claims ourselves.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Purposes for which we will use your personal data
● To install the App and register you as a new App user and to help verify your identity. We process your Identity Data, Contact Data, Device Data, Location Data. The data is processed on the basis of fulfilling our contractual obligations as well as your consent.
● To manage our relationship with you including your use of the App, notifying you of changes to the App or any Services and to enable us to send you push notifications, and location services. We process your Identity Data, Contact Data, Device Data, Location Data, Log Data, Profile Data, Marketing and Communications Data, Content Data, Usage Data, and your Messages. The data is processed on the basis of fulfilling our contractual and legal obligations as well as your consent.
● To enable you to participate in a prize draw, competition or complete a survey. We process your Identity Data, Contact Data, Device Data, Profile Data and your Marketing and Communications. The data is processed on the basis of fulfilling our contractual obligations, our legitimate interests as well as your consent.
● We will use survey information for the purposes described when we collect the data (although we may use anonymised data from the survey to undertake research and trends)
If you have consented to us contacting you in relation to a survey, we may do so.
For prizes and competitions, we may contact you in connection with the administration of those competitions.
● To administer and protect our organisation and this App including troubleshooting, data analysis and system testing. We process all categories of data as necessary. The data is processed on the basis of fulfilling our contractual obligations as well as our legitimate interests.
● To carry out marketing activities including to deliver content and advertisements to you, to make recommendations to you about goods or services which may interest you, to measure and analyse the effectiveness of the advertising we serve you. We process your Identity Data, Contact Data, Device Data, Location Data. The data is processed on the basis of our legitimate interests as well as your consent for marketing activities.
● To provide customer services, helpline services and other support. We process your Identity Data, Contact Data, Device Data, Location Data. The data is processed on the basis of fulfilling our contractual obligations as well as your consent.
● For research and analytical purposes to help improve our App and Services. We process all categories of data as necessary. The data is processed on the basis of fulfilling our contractual obligations, our legitimate interests as well as your consent.
● Fundraising and Donations and to transact with you whether paid or unpaid. We process Identity Data, Contact Data, Transaction Data, Donation Data. The data is processed on the basis of fulfilling our contractual obligations, our legitimate interests as well as your consent.
Disclosures of your personal data
We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request, if you have consented to this, to protect our rights and property and the rights, safety and property of others (provided we comply with data protection law).
We may also transfer your personal data to a third party we have appointed to provide services to us on our instructions which we refer to as External Third Parties . including Azure for sending emails and Twilio for SMS.
We may transfer your data in connection with a potential transfer of part or all of our organisation. In such circumstances we may share information with prospective purchasers (for example as part of a controlled due diligence exercise). Alternatively, we may seek to acquire another organisation or merge with them. If a change happens to our organisation, then the new owners may use your personal data in the same way as set out in this privacy policy.
If we reorganise our business, we may need to transfer information about you to another member of our group so that we can continue to provide the Service to you.
Data security
All information you provide to us is stored on secure cloud servers provided by [Insert]. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
We will collect and store personal data on your Device using application data caches and browser web storage (including HTML5) and other technology.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, or other requirements.
In addition, we are subject to various storage and documentation obligations, which result from the minimum statutory retention periods in accordance with Companies House and HMRC among others. The retention and documentation periods specified there are two to six years.
Third party links
Our App may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as Contact and Location Data. Please check these policies before you submit any personal data to these websites or use these services.
Your legal rights
Under the UK`s Data Protection Act and the EU`s counterpart the General Data Protection Regulation, you can exercise the following rights:
● Right to information
● Right to rectification
● Right to deletion
● Right to data portability
● Right of objection
● Right to withdraw consent
● Right to complain to a supervisory authority
● Right not to be subject to a decision based solely on automated processing
If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.
Updating your information
If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
Withdrawing your consent
You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Access Request
In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.
Complaint to a supervisory authority
You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The supervisory authority in relation to our services is The Information Commissioner’s Office (ICO), Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK, www.ico.org.uk. However, we would appreciate the opportunity to address your concerns before you contact the ICO.
Changes
We may update this Privacy Policy from time to time. If we make changes to this Privacy Policy or materially change our use of your Personal Data, we will revise the Privacy Policy accordingly, and change the effective date at the end of this section. We encourage you to periodically review this Privacy Policy to be informed of how we use and protect your Personal Data.
Queries and Complaints
If you have any questions about this policy or our data protection practices, please feel free to contact us using hellomami@cuparise.org.
Effective Date
Monday, 25th of September, 2023