Privacy policy

August 4, 2019

Thank you for visiting the Happy Bob website, https://happybob.app, which is hosted and operated by Harald AI Oy.

This Privacy policy describes how we collect, use and handle information and personally identifiable data about our users when they access and use our website and Happy Bob App.

Harald AI 

Privacy policy

  1. INTRODUCTION

1.1 Responsible entity

1.1.1 Harald AI Oy, address Luonnottarenpolku 8, 02100 Espoo, Finland, Business ID 2913702-7 (“Harald AI”), is the stated responsible entity under the data protection regulations. In other words we are the company that decides on the purpose and means of processing the personal data of our users (“User Data”) and is therefore responsible for its security and compliance with the applicable laws.

1.1.2 As the responsible entity we are subject, for example, to information requirements that we wish to fulfill in connection with this Privacy policy. We also provide additional information within our products, e.g. we may ask you for a new consent or explain the consequences of revocation. The information in our products does not contradict this Privacy policy, but rather supplements it with brief and easily readable information so that you can make decisions more easily. This Privacy policy and the additional information are easily accessible at any time from within our products.

1.2 Structure and consent concept

1.2.1 This Privacy policy informs you about the purposes and scope of processing your User Data, as well as data transfers, and your extensive rights. As our offer is exclusively aimed at persons with diabetes, your use typically already provides information on your health condition. We therefore only process User Data as health data with your consent. We differentiate as follows:

1.2.1.1 “Necessary Processing” describes how we process the User Data required to fulfill the contract. Without this consent the use of our products is not possible from a legal and a factual point of view because our services depend on this processing.

1.2.1.2 “Processing for Product Improvement” explains how you can help us and other users, with your consent, by allowing us to use your data in particular to develop algorithms for blood sugar prediction, improve the product and so forth without us contacting you for advertising purposes etc. 

1.2.1.3 “Processing for Marketing Purposes” describes how we contact you for marketing purposes, with your consent, e.g. by email, notifications etc. 

1.2.1.4 In “General Information” we have assembled the information that applies to all of the above consents to avoid repetition.

The relevant categories are described in more detail below. You may provide the relevant consents upon registration or later via the account settings. You may revoke any consents at any time via the account settings or by sending an email to hello@happybob.app. In such an instance we will inform you about the consequences of the revocation. The lawfulness of the processing prior to revocation remains unaffected.

1.2.2 In some cases, the processing may take place independently of consent on the basis of statutory principles (e.g. medical device regulations). We will inform you accordingly in appropriate cases.

  1. NECESSARY PROCESSING

If you grant your consent, we process the User Data listed below in order to be able to provide our services. If you do not consent to this necessary processing, you cannot use the services of Harald AI. You may provide your consents during the registration process and manage them in the account settings.

2.1 Necessary User Data

2.1.1 In order to protect your User Data, our services can only be used in connection with a user account. To create a user account and to use Happy Bob App we require and process the following User Data:

  • First name
  • Last name
  • Email address
  • Password 
  • Registration date
  • Continuous Glucose Monitor you use 
  • Status of consents
  • Device ID, manufacturer, device type, operating system version
  • Language, country, time zone
  • IP address.

We also collect

Commercial and Usage Data

App store download, IP address, device ID, operating system, browser type and version, token, activity events for customization, support queries.

Medical Data

Blood glucose reading and sensor data such as sensor value, time and time zone

2.1.3 If you wish, you can operate the user account under an assumed name (pseudonym), i.e. you do not have to state your real name. You can also enter any email address that you set up especially for us – however it must work so that we can send you important warnings.

The scope of the data recorded by Harald AI depends on your registration and use of our products. We only process the User Data that you actively and voluntarily provide to Harald AI. The entry of requested User Data is however a requirement for the comprehensive use of our products. 

2.2 Necessary purposes

2.2.1 All the necessary purposes of our processing are associated with providing our services:

Installation of our Happy Bob app leads to technical and device-related data recordings such as the device ID.

Registration leads to the creation of your user account using the email address and password.

The provision of our services requires you to voluntarily provide CGM data.

Communication from Harald AI with you within our Happy Bob app or via other electronic messaging services (e.g. email) where this is required to support or troubleshoot our products. This is how we process any comments and queries that you may have via various communication channels when using Happy Bob App. The most important example is our support service, which you can access at hello@happybob.app. Please therefore think about which information and data you want to give in your active communication with us – this is solely your decision. For our part, communication with users may be necessary either by email or push notification. This is how we inform you about updates to our product and provide important security advice as well as assistance associated with your usage. This support communication – as an essential part of our products – is sent to users notwithstanding whether they have subscribed to our Newsletter or not.

Continuous glucose monitor (CGM) must be paired with Happy Bob app before it can be used

2.2.2 Use of our Happy Bob app requires you to voluntarily enter your CGM data. To resolve an error in the app we require crash reports that we can use for troubleshooting purposes to determine the circumstances of the problem. In addition, the key data of your device and your usage behavior are recorded as our contractual fulfillment, meaning customizing our products i.e. processing individual user information, for example, depending on your location, which is for instance relevant for configuring the user interface. An automated analysis of user behavior is performed exclusively for the purpose of customizing your use when fulfilling the contract and has no legal effect for you.

  1. PROCESSING FOR PRODUCT IMPROVEMENT

We also process your User Data to improve our products and services as described in more detail below.

3.1 Usage Data

Activity events that allow us to understand how you use our products. This enables us to see how our products are used and for example where menu designs can be optimized.

3.2 Purpose of product improvement 

As a result of fast-moving technological progress, we have to continually analyze, develop, test, and improve our products and their interactions, in order to ensure that our content benefits users in the most effective way. To achieve this, we conduct usage and security tests and the knowledge gained is incorporated into improved new versions of our products such as the app. These improvements are also provided to you via regular updates.

  1. PROCESSING FOR MARKETING PURPOSES

4.1 Newsletter

4.1.1 We would like to send you interesting information on products and services in addition to the contractual scope (including information from carefully selected partners) and invitations to participate in surveys or other sales promotions and marketing activities (“Newsletter”).

4.1.2 You can select whether you want to subscribe to our Newsletter (opt in). You can revoke your consent at any time via the link in the Newsletter or the account settings.

4.2 Other types of marketing

4.2.1 Other consents, e.g. for surveys or notifications  are obtained as required when you are logged in. We always explain to you why we need certain data and also how you can revoke the consent.

  1. USAGE FOR STATUTORY PURPOSES

5.1 Scientific research and statistics

Harald AI is committed to the science of all aspects of diabetes. Therefore, anonymous User Data may also be used for the purposes of research and statistics (always whilst complying with the recognized ethical scientific standards) and internal analyses. This is used mainly to determine and improve the effectiveness of techniques for controlling and treating diabetes. The legal basis for this is Article 9 (2) j) GDPR.

5.2 Enforcement of rights

The use of personal data may also be necessary to prevent abuse by users or to assert, exercise, or defend legal claims. We may be forced into disclosure due to binding laws, court or official decisions and instructions, criminal investigation, or in the public interest. In such cases, the storage and processing of your data are permitted by law without your consent. The legal basis for this is Article 9 (2) f) GDPR.

  1. GENERAL INFORMATION

6.1 Purpose limitation and security

6.1.1 Harald AI uses your personal data exclusively for the purposes determined in this Privacy policy and the relevant consents. We ensure that each processing is restricted to the extent necessary for its purpose.

6.1.2 Each processing always guarantees adequate security and confidentiality of your personal data. This covers protection from unauthorized and illegal processing, unintentional loss, unintentional destruction or damage using appropriate technical and organizational measures. We use strict internal processes, security features, and encryption methods.

6.2 Processors

 

6.2.1 Our products are subject to complex processes that we have to manage and keep up-to-date. For technical support we may use affiliated companies and third-party suppliers (“Processors”) in order to offer you a comprehensive and optimal use of our product.

6.2.2 Harald AI transfers User Data to Processors exclusively within the framework of this Privacy policy and only to fulfill the purposes stated in it. Processors work according to our specifications and instructions; they are not permitted to use the personal data of our users for their own or other purposes.

6.2.3 We use Processors offering sufficient guarantees that suitable technical and organizational measures are undertaken in a way that the processing of personal data complies with the statutory requirements and our Privacy policy. The protection of the rights of our users is ensured by concluding binding contracts that meet the strict requirements of GDPR.

6.2.4 The third-party suppliers appointed by Harald AI may only use other processors (subcontractors) with our prior consent. If a subcontractor does not comply with the same data protection obligations and all of the appropriate security measures that we impose on our Processors, then we will prohibit the hiring of such a subcontractor.

6.3 Encryption, pseudonymization, and anonymization

6.3.1 Each data transfer, without exception and by default, is encrypted during transfer. Using HTTPS (hypertext transfer protocol secure) we ensure that your data is not intercepted by unauthorized third parties.

In addition, for the purposes of data security and minimization, we also use other processes for the encryption and pseudonymization of User Data. Of course this depends on the type, scope, and purpose of the relevant data processing. For example, we only disclose User Data that a Processor requires to carry out his tasks.

6.3.2 When a contractual relationship with a Processor is terminated, such Processor must, at Harald AI’s discretion, either return all our User’s Data or delete it if there are no statutory storage obligations.

6.3.3 Data that requires no personal reference for processing (e.g. for research and analysis) is subject to anonymization. This prevents a connection to a specific user being made in all cases.

6.4 EU and other countries

6.4.1 We primarily select cooperation partners who are based in or whose servers are located in the European Union (EU) or European Economic Area (EEA). Data transmission within the EU and EEA is unobjectionable because the GDPR applies in all member states.

6.4.2 We may appoint third-party suppliers who are located in or who have servers outside the EU. In these cases your personal data is subject to a high protection level in line with the GDPR – either through an EU adequacy decision or through certain standard contractual clauses approved by the EU, which the contractual relationships with our contracted data processors are based on, or through comparable legal instruments permitted under the GDPR. In any case, all Processors are subject to the obligations in this Privacy policy.

6.5. Categories of recipients

6.5.1 Our cooperation partners are bound by the agreements signed with Harald AI as well as by the GDPR and only process data according to our instructions. We provide our users’ Data only to fulfill the contract:

Customer support services and their tools help our customer support to quickly and efficiently handle our users’ inquiries. Here, for example, queries are recorded from various communication channels and grouped according to topics using ticket systems.

Analysis service providers and their tools help us to understand how users use our products in order for us to provide customized communication and product improvements in the future. 

Marketing service providers support us in creating, sorting, customizing, and sending newsletters, emails, and other messages about our products to our users.

Hosting and cloud services and their tools are used to store data and to produce anonymized analyses (see section 2.4 above).

 

6.6 Cookies

Harald AI stores so-called “cookies” to make the use of our website more convenient. Cookies are small text files that are stored on your device by your browser. Except for the cookies for usage data mentioned in section 6.7, our cookies are used to operate the website. If you do not want to use cookies you can prevent them from being stored using the relevant settings in the browser. Most of our cookies are either deleted at the end of your visit or when the browser is closed (session cookies). If this is not the case, you can check the deletion period in your browser or delete the cookies manually. Please note that this may restrict the functionality or scope of our offer.

6.7 Usage data

We only use Google Universal Analytics in the publicly accessible part of our website (no login required), a web analysis service by Google Inc. (“Google”). 

Google Universal Analytics uses cookies (see above) to enable analysis of your website use and these may be stored for up to 2 years if you do not delete them before that time. The information generated by the cookie on your use of our website is generally transferred to and stored on a Google server in the USA. We have extended Google Analytics on our website to include the “gat.anonymizeIp();” code in order for IP addresses to be recorded anonymously. At our request, Google only records your IP address in abbreviated form thus ensuring anonymization that does not permit any conclusions to be made about your identity or device. Google abbreviates IP addresses within the EU or other members states which are parties to the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the USA and reduced there. At our request Google will use this information to analyze your use of the website in order to provide us with aggregated reports and provide other services associated with Internet usage. The IP address provided by your browser as part of Google Analytics is not merged with other Google data.

You can prevent the storage of cookies using the appropriate setting in your browser, as described in section 6.6 above. 

 

6.8. Storage and deletion

6.8.1 Your User Data is stored on your device. This data is also stored on our servers. We only use systems that meet GDPR requirements.

6.8.2 Your data is stored on servers in the European Union (EU). We ensure that the high protection level pursuant to the GDPR is guaranteed.

6.8.3 As a rule, Harald AI only stores your personal data for the duration of the contract. In exceptional cases, longer storage may be required in order to fulfill post-contractual obligations or to comply with statutory storage obligations or disclosure duties, or to assert, exercise, or defend legal claims (limitation periods).

6.9. Minors

Minors, below the age of sixteen are only permitted to use our products with the consent of a parent/guardian. This also applies to processing their personal data, which is only legal if and to the extent to which the consent has been obtained by and through the parent/guardian. Otherwise use of our products is prohibited.

6.10. Data protection officer

6.10.1 Our data protection officer is available to answer all data protection questions at privacy@happybob.app . The data protection officer monitors ‒ independently and not bound by instructions ‒ compliance with all data protection regulations and is subject to strict statutory secrecy and confidentiality obligations.

6.10.2 The data protection officer is widely involved in all questions associated with protecting the personal data of our users. As a trained expert, he monitors our processing on an ongoing basis, informs and regularly advises the entire Harald AI team in order to ensure the best possible protection of your User Data.

6.11. Changes

6.11.1 As technology and processes in the Internet as well as data protection legislation are constantly being developed, we have to undertake changes from time to time. We will inform you of changes by appropriate means whilst granting an appropriate advance notice period and if necessary obtaining new consents.

6.11.2 Unless otherwise provided by this Privacy policy, the same definitions apply in our General Terms and Conditions – T&Cs.

  1. YOUR RIGHTS

7.1. Revocation of consents

If we process your User Data based on your consent, you may revoke the consent at any time. However, this will not affect the lawfulness of the processing before the revocation. We will continue to provide our services if they do not depend on the consent that has been revoked.

7.2. Information, correction, and restriction

7.2.1 Each user has the right to request information on the processing of their personal data. To do so, please contact us at any time at privacy@happybob.app .

7.2.2 Your right to information covers information on the processing purposes, data and recipient categories, storage time, origin of your data, and your rights under the data protection regulations. You can find all of this information in this Privacy policy.

7.2.3 Should some of your personal data be incorrect, you can request that your data is corrected or completed at any time. You can correct most data yourself in our apps. You have the right to restrict data processing for the duration of any investigation review that you have requested.

7.3 Deletion (“right to be forgotten”)

Each user has the right to request the deletion of their personal data. To do so, please contact us at any time at hello@happybob.app.

7.4 Ability to transfer data

Finally each user has the right to request that we provide an overview of their personal data to another responsible party, if this is technically feasible.

7.5 Complaints

7.5.1 If you feel we are not protecting your data protection rights adequately, please contact us at any time at support@happybob.app or contact our data protection officer directly at privacy@happybob.app. We will handle your request as soon as possible.

THANK YOU FOR YOUR CONFIDENCE IN US!