Last update: 3rd jan 2020
Epic Development considers the protection of personal data of its users a serious matter. The management and protection of the personal data of the users of the website at www.dailystate.me (the “Site”) and/or app and/or the services accessible through the Site or the App (the “Services”) is subject to the terms of this policy and also to the provisions of Dutch and EU law with regards to the protection of persons from the processing of their personal data as in force. In any case DailyState reserves the right to adjust the terms of this policy to each time applicable legal framework. Therefore, these terms may be modified and updated at any time. Users of DailyState will be notified prior to these changes of such updates.
Categories of personal data and purpose of processing
DailyState collects personal data of its users which are provided by the latter to the extent that this is absolutely necessary and proportional for the purposes of processing for which these data have been collected and which is the provision of the Services of the Site and the App. In our effort to always improve our services, we may process part or all users’ data for statistical purposes. Those data help us to better understand the users and the manner with which we can improve our website.
Personal data is any information relating to an identified or identifiable natural person.
The personal data we are collecting are:
- Submitted information: This is information users give us by filling out forms on the App and/or the Site, or by corresponding with. Such information may include users’ full name, address, phone number, email address.
- Journal entries: Journal entries are client-side encrypted and stored in our database. Only users can decrypt and read those entries on their client using their master key.
- Journal entries meta-data: Meta data is stored hashed in our database.
- Goals: Goals are stored unencrypted in our database.
- Passwords, master key: passwords are stored hashed in our database, using industry recommended standards. The encryption master key is client-side encrypted with the password and stored encrypted on our servers.
- Information we collect about users and their device. Each time users visit the App or our Site we will automatically collect the following information:
- Technical information, including the internet protocol (IP) address used by users to connect their computer to the Internet, their login information, browser type and version, time zone setting, operating system and platform, device information and the type of mobile device they use, their mobile operating system, the type of mobile browser they use;
- Information about the users’ visit, including the full uniform resource locators (URL), clickstream to, through and from our Site (including date and time), services the users viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), the methods used to browse away from the page, device information;
- Details of users’ use of our App or their visits to our Site including transaction details relating to their use of our services.
- Information to help us deliver our service to users. We work closely with third parties in order to help us deliver our Services to users. These third parties are business partners.
Recipients of the data
DailyState will make best efforts to ensure the integrity and confidentiality of the personal data of its users. To this end, it will not disclose or otherwise transfer or dispose of for sale or for other commercial purposes or publish the personal data of the users/visitors to any third parties with the exception of i) cases where this is required by law and only to the competent authorities ii) for the exercise and defense of DailyState’s own lawful interests and rights iii) cases where the explicit consent by DailyState users has been given.
We may use users’ personal data to form a view on what we think they may want or need, or what may be of interest to them. This is how we decide which products, services and offers may be relevant for them.
Users will receive marketing communications from us if they have signed up to and/or utilise the DailyState Services and, in each case, they have not opted out of receiving marketing notifications.
We will obtain users’ express opt-in consent before we share their personal data with any company outside DailyState for marketing or promotional purposes.
Users can ask us or third parties to stop sending them marketing messages at any time by adjusting their marketing preferences via their profile in the App, contacting us via firstname.lastname@example.org, or by following the unsubscribe links on any marketing message sent to them.
DailyState will store and retain the personal data of users for as long as it is necessary for the provision of the services to the users and for the time period that is required for the fulfilment of its lawful obligations and the exercise of its rights.
Exercise of the rights of the users
Users have rights under the data protection laws in relation to their personal data. Please see below to find out more about these rights:
Users have the right to:
- Request access to their personal data (commonly known as a "data subject access request"). This enables them to receive a copy of the personal data we hold about them.
- Request correction of the personal data that we hold about them. This enables them to have any incomplete or inaccurate data we hold about them corrected, though we may need to verify the accuracy of the new data they provide to us.
- Request erasure of their personal data. This enables them to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Ask us to delete or remove their personal data where they have successfully exercised their right to object to processing (see below), where we may have processed their information unlawfully or where we are required to erase their personal data to comply with local law. Users should note, however, that we may not always be able to comply with their request of erasure for specific legal reasons which will be notified to them, if applicable, at the time of their request.
- Object to processing of their personal data. This is in situations where we are relying on a legitimate interest (or those of a third party) and there is something about their particular situation which makes them want to object to processing on this ground as they feel it impacts on their fundamental rights and freedoms.
- Object where we are processing their personal data for direct marketing purposes. If they object to the processing of certain data then we may not be able to provide the DailyState Services and it is likely we will have to terminate their account.
- Request restriction of processing of their personal data. It should be noted that any requests in relation to the restriction of the processing of their data means that we may not be able to perform the contract we have or are trying to enter into with them (including DailyState Services). In this case, we may have to cancel their use of DailyState Services but we will notify them if this is the case at the time.
- Request the transfer of their personal data to them or to a third party. We will provide to them, their personal data in a structured, commonly used, machine-readable format, which they can then transfer to an applicable third party.
Users should note that this right only applies to automated information which they initially provided consent for us to use or where we used the information to perform a contract with them. If they require this then they should reach out to our support team in email@example.com .
Withdraw consent at any time where we are relying on consent to process their personal data. However, this will not affect the lawfulness of any processing carried out before they withdraw their consent. If they withdraw their consent, we may not be able to provide the DailyState Services to them. We will advise them if this is the case at the time they withdraw their consent.
Cookies are small text files which comprise letters and figures which are stored by the central server of the webpage in the hard disk of the computer of the user when the user gains access to certain websites and do not become in knowledge of any document or file from the computer of the user. Cookies allow the website to recognize the device of the user.
Necessary cookies are cookies for the proper function of the website and allow the proper browsing and the use of the possibilities provided by the website.
Session cookies are cookies that expire upon the expiry of a browsing session
Persistent cookies are cookies which remain stored in the device of the user for more than one browsing sessions and allow the recordation of the preferences or the actions of the user throughout the website (and in some cases in other websites as well). Persistent cookies may be used for other purposes such as the recording of preferences or for targeted advertisements.
Third party Cookies /Google Analytics are stored for all visitors of a website. They collect information on the manner that users use the website and the term of their storage is set forth by Google. These cookies collect information on a no name basis including information on the number of visitors of a webpage, the origins of the visitors and the pages visited within the website. We use this information in order to draft reports that could help us improve our webpage.
For more information about cookies, including the way you can find out which cookies have been set and how to manage, exclude or delete them, you can visit the website www.allaboutcookies.org.
If anything in this document is unclear please email your questions or concerns to firstname.lastname@example.org.