1. INTRODUCTION
1.1. Thank you for downloading the Lucy Menstrual Period & Ovulation Calendar (hereinafter: "Lucy")! The security of your personal data is important to us. Please note that Lucy is no substitute for professional medical advice. It is your responsibility as a user to interpret and use what you read. This information should not be used as a basis for professional medical advice. Contact your doctor if you have any complaints or questions.
1.2. You can use the Lucy app, also known as a mobile app, with or without registration.
1.3. In case of registration, you can use the application on several mobile devices by entering the username and password, which the application converts into a code immediately that cannot be decoded. By pairing your username and password, you can delete your uploaded data at any time by registering in the "Profile" menu by clicking on the "Account / Delete Data" link.
1.4. Please be advised that, even with or without registration, the user is not an identified or identifiable natural person, and that personal data is anonymous information and stored in a manner that renders the data subject unidentifiable. The regulations of data protection do not therefore concern the processing of such anonymous information.
1.5. Please save your username-password pair to a safe place, as the application is unable to send a password reminder.
1.6. If you forget your password, please delete the Lucy application from your phone and enter the new username and password after downloading the application again. If you delete and reload the application, you will not be able to re-import your data.
1.7. The data provided for the use of the application or at your own discretion may describe gynecological symptoms. Please be advised that the data controller cannot associate the personal data you provide, including health data, with any identifiable natural person.
1.8. The data controller only stores aggregated, anonymous data from the data provided in the application and the use of the application, which is used to generate statistics, research or monitor the popularity of each function and to determine future directions for development. Lucy only generates statistics using such non-identifiable data and algorithms, using analysis, do not make decisions that would have a significant impact on you as a user.
1.9. Please note that if you repeatedly report severe symptoms, the Lucy App may send an automatically generated recommendation from the data stored on your device that you should visit a gynecologist. This feature can be turned off under notification settings.
1.10. The application also contains text windows which, when typed into a free word field, save the words and data as text clouds (keywords) to the server via the App and the data stored in this way cannot be identified with a natural person.
2. BASIC INFORMATION ABOUT THE LUCY APPLICATION
2.1. If you provide any voluntary information other than as set forth in Section 1, which includes identifiable personal data, such as email address for initiating contact, data processing is governed by the provisions of this Privacy Policy. This data is separate from the personal data and special data recorded and encrypted to be anonym by the controller, and cannot be identified with it.
2.2. In this case, the legal basis for data management is the performance of the service based on the data provided by you voluntarily. You accept the Privacy Policy by ticking the appropriate box / checkbox. The data controller reserves the right to unilaterally amend these data Privacy Policy regulations. By using the application after the change takes effect, you agree to the amended Privacy Policy. A notification of the change will appear in the application in the form of a pop-up window.
2.3. Unless otherwise provided by law, the controller shall process personal data provided to it only to the extent and for the time necessary to achieve the purpose described in this Policy.
2.4. Disclaimer of Liability
The Controller is not responsible for the authenticity and accuracy of the information you provide and does not verify it. The data controller is not responsible for the management of any false or inaccurate information you have provided, nor for any loss or damage caused to you, as a user, or to any third party as a result of any false or inaccurate data communication.
The controller is not responsible for any loss of data stored on your mobile phone or modified phone software. The developer / data controller disclaims all direct and indirect liability for any damages or disadvantages resulting from the use of the application (except Hungarian civil Code 6: 526), including information generated from the comparison of the encrypted anonymous data and obtained through the application. If you have any health concerns or complaints, please consult your doctor.
3. DATA CONTROLLER
3.1. Data
Name: Yourcode Lab Kft.
E-mail: info@yourcode.hu
Telephon: +36-20-934-7512
Seat: 1065 Budapest, Bajcsy-Zsilinszky köz 2. 6. em. 5.
Tax nr.: 26210522-2-42
Reg. nr.: 01-09-307982
Registrar: Fővárosi Törvényszék Cégbírósága
3.2. The following laws apply to data protection:
Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation; GDPR)
The text of the Regulation can be found here:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
Act CXII of 2011 on Freedom of Information (hereinafter: Info Act)
You can read the text here:
https://net.jogtar.hu/jogztraly?docid=A1100112.TV
4. DATA MANAGEMENT: QUESTIONS, OTHER CONTACTS
4.1. Users: Users of the application who use its services.
4.2. Purpose of Data Management: After registration / logging in, usage the application and Lucy's services, answering questions and handling complaints
4.3. Scope of managed data: Name - Identification, Email Address - Contact, Subject of Contact / Response - Response, Other Personal Information Provided
4.4. Legal basis: providing services (GDPR Article 6 1. (b))
4.5. Duration of data management: until the aim is achieved. If the request for information and / or the providing information have legal effect or the user / data subject / controller is similarly affected, the controller shall process the data until the limitation of claim.
5. DATA PROCESSING
5.1. Other data processors and their policies:
https://firebase.google.com/support/privacy
https://www.google.com/policies/privacy
https://firebase.google.com/policies/analytics
5.2. The data storage is provided by tarhely.eu. The provider considers as a data processor.
Provides: Tárhely.Eu Szolgáltató Kft.
Reg.nr.: 01-09-909968
Terms of use: https://tarhely.eu/dokumentumok/aszf.pdf
Privacy Policy: https://tarhely.eu/dokumentumok/adatvedelmi_szabalyzat.pdf
6. TRANSMISSION
6.1 The Controller will not transfer personal data to third parties
save as Clause 5.2.
7. DATA STORAGE, DATA SECURITY
7.1. The data controller stores the data on its own secure server.
7.2. The data controller shall ensure the security of the data in accordance with the applicable regulations. It shall, in particular, take the technical and organizational measures necessary to ensure that the data processed are protected against unauthorized access, alteration, transmission, disclosure, deletion, destruction, accidental destruction or damage, as regards data security measures, and against inaccessibility due to changes in the technology used. Determining and applying data security measures, the controller shall take into account the state of the technology. It chooses from a number of possible data management solutions that provide a higher level of protection for your personal data, unless it would be a disproportionate difficulty. All the employees or other contracted person of the data controller shall be bound by the above principles regarding data management and data.
8. USER’S RIGHTS REGARDING THE MANAGEMENT OF PERSONAL DATA
8.1. You may, at any time, contact us for information regarding the data processing that concerns you, request the rectification, erasure or restriction of your personal data, and object to the processing of such personal data. You also have the right to data portability.
8.2. The controller will inform you, as the User, of the action taken in response to your request without undue delay, within 30 days of receipt of the request. If the request has been received by electronic means, information shall also be provided by electronic means, where possible.
8.3. The execution of requests shall be free of charge, but where the request is unfounded or, in particular because it is repetitive, the controller may charge a reasonable fee, taking into account the administrative costs of the request.
8.4. If there is a reasonable doubt as to the identity of the User submitting the request, additional information may be requested to confirm your identity.
8.5. Upon the User's request, the data controller shall provide information on whether the processing of personal data is ongoing and, if so, the User shall be entitled to know the personal data processed by the data controller, the purposes of data processing, or the categories of recipients to whom the personal data have been transferred, the intended duration of the processing or the criteria for determining the duration and the source of the data.
8.6. Upon request, the data controller shall provide the User with a copy of the personal data subject to the data processing. Additional copies requested by the User may be charged a reasonable fee based on administrative costs. Unless otherwise requested by the User, information must be provided in a widely used electronic format if the User has submitted the request electronically.
8.7. The User may request the correction of inaccurate data and has the right to request the correction of incomplete data.
8.8. The User may request that the controller delete personal data if
a) they are no longer necessary for the purpose for which the data were processed;
b) if the User withdraws his / her consent and there is no other legal basis for data processing;
c) if conditions as set out in point 8.13. c) apply.
d) the processing is unlawful;
e) the deletion is the legal obligation to which the controller is subject,
f) the User is a minor under 16 years of age.
8.9. The controller will delete the data for the above request, unless further processing is required
a) to exercise of the right to freedom of expression and information,
b) to comply with the legal obligation to which the controller is subject,
c) regarding the bringing, pursuing or defending legal claims necessary.
8.10. At the User's request, the Data Controller shall limit the data management if
a) the User disputes the accuracy of the personal data, in which case the limitation is for a period of time until the accuracy of the data is verified,
b) although the processing of data is unlawful, the User objects to the deletion and instead requests a restriction,
c) the data controller no longer needs to manage the data, but the User requires it for the purpose of submitting, asserting or protecting legal claims,
d) the User objected under clause 8.13. of this Agreement, in which case the restriction shall apply for a period until it is ascertained whether the data controller's legitimate reasons take precedence over the User's legitimate reasons.
8.11. If the data management is under restrictions according to the above, such personal data may be processed only with the consent of the User, or for the purpose of submitting, asserting or defending legal claims, or protecting another person's rights, or for important public interest of the Union or Member State. The controller shall inform the requesting User in advance of the lifting of the restriction.
8.12. The data controller shall notify the User of any rectification, erasure or restriction, as well as anyone to whom the data have previously been transmitted. Notification can be ignored by the controller when this is impossible or requires a great deal of effort.
8.13. The User may object to the management of his / her personal data,
a) in case of legitimate interest; in this case, the processing of the data may not be continued, unless it is justified by overriding legitimate reasons relating to the interests, rights and freedoms of the User, or reasons related to the filing, enforcement or defense of legal claims,
b) in the case of or for the purpose of obtaining direct business; in this casethe data management can no longer be continued. Clauses 8.2-8.4. also apply in case of protest.
8.14. Under the data portability right, the User may, on the one hand, request the controller, if technically feasible, to receive his personal data in a well-structured, widely used, machine-readable format.
8.15. If the data controller does not comply with the User's request as described above, it shall inform the User of its reason within 30 days after receipt of the request.
8.16. If the User considers that his / her personal data rights have been violated, please report the complaint to the controller according to contacts Clause 3.
8.17. Irrespective of the notification of the controller, the User may also contact the Authority. If you decide to do so, you can notify the Authority at the following contact details:
National Data Protection and Freedom of Information Authority
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
Mailing address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400
Fax: + 36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
8.18. If you experience unauthorized data processing, you may also initiate a civil lawsuit. The metropolitan court shall have jurisdiction over the case. The lawsuit can also be initiated before the court in your country of residence (see contact details: http://birosag.hu/torvenyszekek).
9. DEFINITIONS
9.1. Data management: Any operation or combination of operations on personal data, irrespective of the procedure used, including in particular the collection, recording, filing, filing, storage, transformation, alteration, use, retrieval, access, use, communication, transfer, dissemination or otherwise making available, publishing, coordinating or linking, limiting, deleting and destroying.
9.2. Data controller: who defines the purposes and means of data management - individually or together with others.
9.3. Personal data: any information relating to an identified or identifiable natural person (data subject). An individual may be identified, directly or indirectly, in particular by reference to one or more factors relating to his physical, physiological, genetic, intellectual, economic, cultural or social identity, such as name, number, positioning data, online identification.
9.4. Profiling: any form of automated processing of personal data is used for analysis or forecasting that involves the evaluation of certain personal attributes of a natural person, in particular those related to work performance, financial status, health, personal preference, interest, reliability, behavior, location or movement.
9.5. Consent of the User: a voluntary, explicit and unambiguous expression of the will of the data subject, stating, by means of a statement or by an act unambiguously confirming the data subject's consent to the processing of personal data.
9.6. Privacy incident: A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access of personal data transmitted, stored or otherwise processed.
9.7. Processor: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
10. AMENDMENT OF THE PRIVACY POLICY will be published in the Lucy application. The current Privacy Policy shall always apply to the management of the Users’ personal data, even if a previous Privacy Policy was in effect at the time of Users’ registration or otherwise providing personal data.
11. CONTACT
If you have a question, comment or request regarding this Privacy Policy, you would like to complain or wish to exercise your rights as set out in Clause 8, please contact us at the contact details provided in Clause 3.
12. Effect
Effective from 16/04/2020