Privacy policy of the apps “DaysyDay” and "DaysyDay Partner"
Last updated 8 August 2022
Valley Electronics AG, the creator of DaysyDay and DaysyDay Partner, takes the protection of your data very seriously and wants you to be familiar with how we collect, use and disclose information and data.
This Privacy Policy explains our practices in connection with the data we collect through DaysyDay, DaysyDay Partner (the “App” or “Apps”), or through our customer service practices (“Services”), and informs you of your rights.
As an internationally operating company, the EU General Data Protection Regulation (“GDPR”) is important to us in addition to the Swiss data protection regulations. This Privacy Policy is in compliance with the stricter standard of the GDPR.
Data Controller
As defined by the GDPR and other national privacy protection laws of the member states of the European Union and Switzerland, in regard to data collected by the Apps, the "Controller" is Valley Electronics AG, Maneggstrasse 45, 8041 Zurich, Switzerland. Represented by the Director, Natalie Rechberg-Egly.
Contact by telephone +41 44577 6869 or email info@ch.daysy.me
Data Protection Officer
If you have any questions about data protection in connection with the use of our Apps, you can contact our data protection officer at any time. Christian Baumeister, Am Schachen 1, 83646 Wackersberg, Germany.
Contact by telephone +49-8041-4488770 or e-mail datenschutzanfrage@christianbaumeister.de
Contract
In order to fulfill the obligations arising from a contractual relationship with you, we process your personal data to the extent necessary for the performance of the subject matter of the contract.
Within this framework of the contractual relationship between you and us, health data such as your body temperature, menstruation, etc. may also be processed. For such processing, we need your explicit consent. By submitting this data, you are granting us that consent.
The data will be deleted at the latest after the termination of the contractual relationship or at any time at your request, provided that we do not have any retention obligations for that data (ie in the case of complaint or feedback).
You may opt out of the privacy policy at any time by deleting your account or deleting the App.
The basis for the data processing is the performance of a contract or of pre-contractual measures in connection with the processing of health data (Article 6(1)(b) GDPR in conjunction with Article 9 GDPR).
What kind of information we collect
"DaysyDay” and “DaysyDay Partner” are mobile apps that, alongside our physical device, can be downloaded to the customer’s (the “user” or “you”) mobile device to track their menstrual cycle and fertility. To use the apps, both personal and non-personal data may be collected. Personal data is any piece of information that relates to an identifiable person.
- When you create an account
During account activation, you will be asked to create a profile that consists of your email address and registration ID in combination with the device serial number. Data exchange with the server takes place only in encrypted form (by using a SHA256 hash function). Thus, during registration, only an e-mail token, the user's public key, a unique registration ID of the user and a SHA256 hash of the e-mail address are stored on the server.
The basis for the data processing is the performance of a contract or of pre-contractual measures in connection with the processing of health data (Article 6(1)(b) GDPR in conjunction with Article 9 GDPR).
- When you sync Daysy or manually add information to the App
Synchronizing your Daysy with the App will automatically transfer your temperature, measurement time, menstruation, ovulation, and calculated fertility statuses. You also have the option to manually input additional data such as coitus, cervical mucus, notes, etc.
The basis for the data processing is the performance of a contract or of pre-contractual measures in connection with the processing of health data (Article 6(1)(b) GDPR in conjunction with Article 9 GDPR).
- When the App syncs to the server
We use ‘log files’ to collect and store information that is automatically transmitted with each synchronization. This data includes the date and time, app version, the operating system used, internet protocol (IP) address and other platform data.
If technical problems arise, e.g. relating to security, these logs are evaluated. This data will be deleted as soon as possible, and at the latest after 30 days.
The basis for the data processing is the fulfillment of a contract or pre-contractual measures and also the legitimate interest of you and us to protect our online services in the best possible way (Article 6(1)(b) and (f) GDPR).
- When you contact us for support
If you send us personal data by contact form, e-mail, telephone, fax or other means, your data will be stored for the purpose of processing the enquiry and for the event of follow-up questions. We do not share this data with third parties without your consent.
The basis for data processing is your consent and the fulfillment of a contract or pre-contractual measures (Article 6(1)(a) or (b) GDPR).
This also applies analogously to enquiries sent to our external data protection officer.
- When you invite a Partner
When you add a Partner, the hashed and encrypted email address is stored for the purpose of matching the DaysyDay Partner account with your sharing permission. Only the data you select to share from the DaysyDay app is viewable on the DaysyDay Partner app.
The basis for the data processing is the performance of a contract or of pre-contractual measures in connection with the processing of health data (Article 6(1)(b) GDPR in conjunction with Article 9 GDPR).
- When you use the App
Separately from personal data, we collect statistical data documenting the use of our Apps. This data includes information such as synchronization success, if the widget is enabled, and user settings so that we may continually improve the app. These procedures help us determine, for example, which parts of our offering are used most. At no time do we monitor you specifically as an identifiable individual.
The basis for data processing is a legitimate interest in improving our online services (Article 6(1)(f) GDPR).
How we use your personal data
- Research and product improvement
We would like to process your data for scientific research and product improvement. Your personal data becomes anonymized information for this purpose. “Anonymized Information” is information which does not relate to an identified or identifiable natural person or to Personal Data rendered anonymous in such a manner that the data subject is no longer identifiable. You can opt out at any time by going into “Control Center” and adjusting the “Research & product improvement” button.
The basis for data processing is your consent. (Article 6(1)(a) GDPR).
- Disclosure
As a matter of principle, Valley Electronics never sells your personal data. In the event that we outsource certain parts of data processing (‘commissioned processing’), we perform extensive assessments to ensure Commissioned processors have appropriate measures in place to provide adequate protection of your personal data and use it only for the purposes instructed by us.
Valley Electronics may share your personal data:
- with third-party service providers, such as our technical service or operation providers, to the extent needed to provide the Services to you (ie Google Play Store, Apple App Store),
The basis for the data processing is a legitimate interest and the performance of a contract or pre-contractual measures (Article 6(1)(b) and (f) GDPR).
- with our successors, if we are involved in e.g. a merger, acquisition or asset sale, giving you notice of this,
- when the processing of your personal data is necessary to comply with our legal obligations (such as in respect of tax levies or criminal investigations). This may also include the disclosure of data to third parties (e.g. public prosecutors, courts, or tax authorities) within the framework of the GDPR.
The basis for data processing is the fulfillment of a legal obligation. (Article 6(1)(c) GDPR).
How we store your personal data
Valley Electronics AG’s security practices and policies ensure that only those authorized and with a business need have access to your personal data. We use generally accepted industry standards, technologies, procedures and methods, such as firewalls, encrypted storage, pseudonymization, regular software updates, security scans, access control, audit logging and review of admin actions to safeguard your personal data and protect against unauthorized access.
Your Rights
Certain data processing operations can only be performed with your explicit consent. You can revoke consent previously granted at any time. An informal message to us by e-mail is sufficient for this purpose. The lawfulness of the data processing carried out prior to the revocation remains unaffected.
You have the right to information about your stored personal data, its origin and recipients, and the reason for data processing, free of charge and at any time, and also the right to the correction, blocking or deletion of this data where applicable. For this purpose, or if you have other questions concerning personal data, you can contact us at any time.
You have the right to have data that we process automatically on the basis of your consent or in the performance of a contract passed to you or a third party in a current, machine-readable format. If you request the direct transfer of the data to another data controller, this will only be done to the extent that it is technically feasible.
You have the right to complain to the competent supervisory authority.
California Residents
If you are a California resident, the California Business and Professions Code 22575-22579 and the California Consumer Privacy Act of 2018 (“CCPA”) allows you to request certain information regarding our disclosure of Personal Information to any third parties. You may contact us either at info@ch.daysy.me with any questions or to exercise your rights as a California Resident.
HIPAA
Our online services are not subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). While we maintain and use personal data, we are not a “Covered Entity” or “Business Associate” as defined by HIPAA.
Changes
We reserve the right to change our privacy policy at any time if this becomes necessary as a result of new technologies, legal regulations or restructuring measures. You can always find the current version in our App or on our Website.