When you use Babyndex, you’re trusting us with intimate personal information. We understand this is a big responsibility – from the moment we began developing our product to each time we process Personal data – and work hard to protect your information and put you in control.
We are committed to keeping your trust, which is why our policy as a company is to take every step to ensure that individual user’s data and privacy rights are protected and to provide transparency about our data practices.
- Data serves you – When you use Babyndex, we may collect your Personal data and use it for the purpose of the user experience improvement, like increasing the accuracy of predictions, personalizing the insights you get, etc.. For research activities we use only anonymised or aggregated data, which cannot be associated with you.
You are in control – You may access your Personal data, modify, correct, erase, and update it by writing to us at [email protected] You may also download the information Babyndex collected about you by contacting us. Please be aware that erasing or modifying some Personal data inserted by you may affect your possibility to use Babyndex in the future.
Your data is safe with Babyndex
Your employer, your insurance company, even your relatives – none of them will ever know about the information and symptoms you log or the information you get in Babyndex until you tell them. We take all reasonable and appropriate measures to protect your Personal data from loss, theft, misuse or unauthorized access.
- We protect the privacy of children – That is why you should be at least 18 to use Babyndex. We do not intentionally collect information about children, and we don’t allow people to use the App if they are younger than 18.
Data transfers are under legal control – Babyndex complies with the GDPR and we endeavour to comply with IVDR as set forth by the EU and we adhere to the Privacy Principles.
- You can freely talk to us – We believe in transparent and open dialogue, so we strongly encourage you to contact our Support Team at [email protected], our Data Protection Officer at [email protected] or send a message via our dedicated email [email protected] if you have questions about this policy, how we collect or process your personal data, or anything else related to our privacy practices.
- Babyndex ® mobile application,
- babyndex.eu website,
all collectively, the “App”.
Personal data and information that you provide us directly
General Information. When you sign up to use the App, you provide us with your Personal data about you such as:
- Full name;
- Email address;
- Date of birth;
- Password or passcode;
- Place of residence and associated location information;
ID (to prove your identity in certain cases).
Health. When you use the App, you may choose to provide personal information about your health such as:
- Fotos / Medien / Dateien for monitoring your fertile window dates;
- Menstrual cycle dates;
(collectively, “Personal data”).
In order for us to process any Personal data under this category we will explicitly ask your consent at the registration screen.
Personal data we may collect automatically
When you access or use the App, we may automatically collect the following information.
- Hardware model;
- Information about operating system and its version;
- Unique device identifiers (e.g. IDFA);
- Mobile network information.
- IP address;
- Time zone;
- Information about your mobile service provider.
App usage data, including, among others:
- Frequency of use;
- Areas and features of our
- App you visit;
- Your use patterns generally;
- Engagement with particular features.
By creating a profile or signing up to use the App, you explicitly consent that:
PLEASE NOTE THAT WE WILL NEVER SHARE YOUR EXACT AGE OR ANY DATA RELATED TO YOUR HEALTH WITH ANY THIRD PARTIES.
What will Babyndex be able to do with the help of your Personal data?
We may use your Personal data, foremost for performing actions to visualise your fertile days and to improve the performance of the App including the purposes without limitation as follows:
- to analyze, operate, maintain and improve the App, to add new features and services to the App;
- to customize content and materials you see when you use the App;
- to provide and deliver the products and services you request, process transactions and send you related information, including confirmations and reminders;
- to verify your identity;
- to send you technical notices, updates, security alerts and support and administrative messages;
- if you subscribe to an email newsletter or request information from Babyndex, we may send you information and/or offers about our products and/or services that we believe may be of interest to you, or to invite you to participate in research, promotional or other activities;
- for billing (invoicing), account management and other administrative purposes, if applies;
- to respond to your comments, questions and requests and provide customer service;
- if you request a product or service from Babyndex, we may use your Personal data and share it with our trusted partners to complete your request;
- except to complete your request, we do not authorise these trusted partners to use your Personal data in any other way;
- to monitor and analyze trends, usage and activities in connection with our App;
- to link or combine with information we get from others or (and) from you to help understand your needs and provide you with better service (to use in training of neural networks, artificial intelligence);
- for scientific and academic research purposes; and
We will not use the information gained through your use for advertising or similar services, or sell it to advertising platforms, data brokers, or information resellers. We will also never sell your Personal data as may be defined by applicable laws.
Principles of processing
Lawfulness, fairness and transparency. We process Personal data lawfully, fairly and in a transparent manner.
Purpose limitation and data minimization. We collect Personal data for specified, explicit and legitimate purposes. We will not process Personal data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Personal data that is not needed for the mentioned purposes. For any new purpose of processing (e.g. further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes) we will ask your separate explicit consent. To the extent necessary for those purposes, we take all reasonable steps to ensure that Personal data is reliable for its intended use, accurate, complete, and current. We also undertake to minimise Personal data and to collect only such amounts and type of data that is strictly adequate, relevant and limited for the mentioned purposes.
Accuracy and storage limitation. We undertake every reasonable step to collect Personal data accurately and, where necessary, to keep data up to date, in order to ensure that Personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. We keep Personal data in a form, which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed. We store personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by law.
Your privacy rights
Notwithstanding the country or region you are coming from we are committed to grant you the vast privacy rights in respect to your Personal data.
- Correction or update of Personal data. If you believe that your Personal data is inaccurate, you have a right to contact us and ask us to correct or update inaccurate or incomplete Personal data.
- Restriction of Processing. You also have a right to ask to stop, to object or to request restriction of processing of your Personal data, if you contest the accuracy of the Personal data and we need some time to verify its accuracy.
- Information rights and access to your Personal data (including in portable form). The App gives you the ability to access Personal data within the App. You have a right to request and receive all the information about what Personal data we have about you, to access your Personal data and receive a copy of it (including in a structured and easily portable form) either by you or by a third party you designate.
- Erasure of your Personal data. You have a right to contact us and request to have your Personal data deleted if you withdraw your consent to processing, you believe such processing is not compliant with applicable law and in some other cases. Please be aware that erasing some Personal data may affect your possibility to use the App and its features.
- Right to object processing of your Personal data. In some cases you can object processing your Personal data and stop us from processing your Personal data (for example, if we process it under legitimate interest basis).
- Right to object (opt-out) automated decision-making:
Personalisation of content. We personalise content you see in the App (e.g. articles) based on Personal data that you insert into the App. You have a right to opt-out from such automated decision-making. Please note that this may affect your possibility to use the App.
How to exercise your privacy rights
Simply write us at [email protected] to exercise any of your privacy rights.
We commit to grant them within 30 days after receipt. It may take us up to 90 days in some cases, for example for full erasure of your Personal data stored in our backup systems. This is due to the size and complexity of the systems we use to store Personal data.
Formalities to exercise your privacy rights
Please keep in mind that in case of a vague request we may engage the individual in a dialogue so as to better understand the motivation and content of the request. We may also refuse manifestly unfounded and excessive (repetitive) requests.
We might also require you to prove your identity in some cases. This is made to ensure that no rights of third parties are violated by your request.
Notification requirements. We commit to notify you, when it is needed under the law, within a reasonable period of time and your data protection authority within the timeframe specified in applicable law about Personal data breaches related to your Personal data.
Data Protection Authorities. Subject to applicable laws, you may have the right to lodge a complaint with your local data protection authority about any of our activities that you deem are not compliant with applicable law.
Third parties processing your Personal data
- You become a Babyndex user and opt-in for sharing Personal data, strictly limited to the following set:
- a) Technical identifiers: IP address (which may also provide general location information), User agent, IDFA (Identifier for advertisers), Android ID (in Android devices), Customer issued user ID and other similar unique technical identifiers.
b) Your age group;
c) Your subscription status;
d) The fact of application launch.
- Babyndex App analyzes your data to optimize our promotional campaigns.
- At the same time, Babyndex App sends your data to some of its integrated partners (e.g. Facebook-Pixel). These integrated partners analyze your data (so-called “custom audience”) and show relevant information about the App to people who might be potentially interested in it (so-called “lookalike audience”).
- This is how new users find out about Babyndex, get accurate cycle predictions, learn about the meaning of their bodies’ signals and receive credible information about their health. You contribute to the growth of Babyndex community providing your consent to use Babyndex app.
Opt-out options. You can withdraw your consent to sharing of your Personal data in accordance with this subsection anytime by using one of the following options:
- By contacting us at [email protected];
PLEASE NOTE THAT WE WILL NEVER SHARE YOUR EXACT AGE OR ANY DATA RELATED TO YOUR HEALTH WITH THIRD PARTIES. We only choose third parties that are reliable, spell out the rights and obligations of each party and can make sufficient data protection guarantees. Third-party services that handle Personal Data of our customers, including analytics software, email services, cloud servers, etc. have a standard data processing agreement available on their websites for you to review.
Third parties processing your Personal data
We engage processors that perform particular operations with your Personal data for us.
Processors are companies that help us run the App, support our communication with you or perform other App-related activities. They may process certain Personal data on our behalf to accomplish the goals related to the App functions and associated activities. Processors act only in accordance with our instructions and process only the amount of Personal data as we instruct them to process. We remain fully liable for any acts or omissions of our processors and undertake to execute formal data processing agreements with them to the extent required by applicable law.
We acknowledge the following personal data stored in the user account of Babyndex, Sinfonic Innovation Management Bt., Isaszegi út 55, Gödöllő 2100, Hungary, in the user database of Babyndex website, online store and app will be handed over to the following trusted data processors. The data transferred by the data controller, the nature and purpose of the data processing activity performed are the followings:
Infrastructure and security necessary for the operation of the app, the online store and the website
- SiteGround collects anonymous user data for running the host server according to its Terms and Policies: https://www.siteground.com/terms.htm
- Ximilar collects image data for analysis according to its ToU and Privacy Policies: https://www.ximilar.com/terms-of-use-privacy/
- MailChimp collects email data for communicating with users according to its Legal Policies: https://mailchimp.com/legal/
Payments and invoices necessary for the operation of the online store
Therefore, the SimplePay user accepts the followings:
Website, web services and courses trackers necessary for marketing, reaching out to users who need our services
Privacy Shield notice.
In the context of an onward transfers we have responsibility for the processing of Personal data we receive under the Privacy Shield. We remain liable under the Principles (as defined below) if our processor processes such Personal data in a manner inconsistent with the Principles and GDPR, unless we prove that we are not responsible for the event giving rise to the damage. For any onward transfer we commit to execute a formal agreement with any receiving party or processor acting on our behalf.
If we receive Personal data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the Personal data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
We may share aggregated, anonymized or de-identified information, which cannot reasonably be used to identify you, with our partners or research institutions. For example, we may share, including, without limitation, in articles, blog posts and scientific publications, general age demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users. Sharing such data contributes to the advancement of scientific research on women’s health.
We may also share some of your Personal data in the following special circumstances:
- in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements);
- when disclosure is required to maintain the security and integrity of the App, or to protect any user’s security or the security of other persons, consistent with applicable laws. In such cases we may also delete some of your Personal data (e.g. resetting your password to avoid unauthorized access);
- when disclosure is directed or consented to by the user who has input the Personal data;
- in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.
Retention of your Personal data when you use the App
Retention of your Personal data after stop using the app
If you choose to delete the App, deactivate your account, we retain your Personal data for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services.
You should be aware that we may retain certain Personal data and other information after your account has been terminated or deleted in an aggregated, anonymized form. Any posts or comments you submit may remain visible if and after you delete your account. We are not obligated to remove your posts or comments. We reserve the right to use your information in any aggregated data collection after you have terminated your account, however we will ensure that the use of such information will not identify you personally. We will also retain your Personal data as necessary to comply with legal obligations, resolve disputes and enforce our agreements.
If you remove data from your account, you will no longer see it in the App, but some backups of the data may remain in our archive servers for a reasonable period of time due to technical solutions we use. However, we undertake to delete any such backups within a reasonable period of time.
Personal data you elect to share with third parties
We take reasonable steps in order to ensure compliance of such third parties with any applicable laws that might govern processing of your Personal Data.
Security of your Personal data
We take all reasonable and appropriate measures to encrypt, pseudonymize, or anonymize personal data wherever possible. This way we protect all collected Personal data from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal data that we process and risks associated with special categories of Personal data we collect (information about health). Among others, we utilize the following information security measures to protect your Personal data:
- Pseudonymization and tokenization of certain categories of your Personal data;
- Encryption and anonymization of your Personal data in transit and in rest;
- Systematic vulnerability scanning and penetration testing;
- Protection of data integrity;
Organizational and legal measures. We have an internal security policy to ensure that team members are knowledgeable about data security. We build awareness about data protection to strengthen operational security, including guidance about email security, passwords, two-factor authentication, device encryption, and VPNs. Our employees who have access to personal data and non-technical employees receive extra training. Also, employees have different levels of access to your Personal data and only those in charge of data management get access to your Personal data and only for limited purposes required for the operation of the App. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal data.
Conducting periodical data protection impact assessments in order to ensure that the App fully adheres to the principles of ‘privacy by design’, ‘privacy by default’ and others. We also commit to conduct an information audit when required by law to undertake a privacy audit in case of Company’s merger or takeover and .
General age limitation. We are committed to protecting the privacy of children. The App is not intended for children and we do not intentionally collect information about children under 13 years old. The App does not collect Personal data from any person the Company actually knows is under the age of 13. If you are aware of anyone under 13 using the App, please contact us at [email protected] and we will take required steps to delete such information and (or) delete her account.
Age limitation for EU residents. Due to requirements of the GDPR you shall be at least 16 years old in order to use the App. To the extent prohibited by applicable law, we do not allow use of the App by the EU residents younger than 16 years old. If you are aware of anyone younger than 16 using the App, please contact us at [email protected] and we will take steps to delete such information and (or) delete her account.
Courses. You must be at least 18 years old to use the Courses. We do not process any Personal data of anyone below 18 in the Courses.
We may contact you from time to time via email or through other means to communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information that we think will be of interest to you. You can always opt out of receiving emails by unsubscribing via the “Unsubscribe” link contained in the email. Opting-out of these emails will not end transmission of important service-related emails that are necessary to your use of the App. If applicable laws prescribe so, certain exclusions may apply to the residents of some countries regarding an active opt-in for any email communications from us. We may ask such users to provide their consent for any such communications at the registration screen or separately.
Links to Other Sites
Babyndex may provide links to other sites as a courtesy to our users. Babyndex is not responsible for the content or operation of these other sites. Babyndex cannot guarantee the privacy policies of these other sites and we recommend you consult the privacy policies of such sites directly before use.
Links to Other Sites
The Company is based in the European Union and Personal data we collect is governed by EU law. Please be advised that EU law and laws of other countries may not offer the same protections as the law of your jurisdiction.
In addition, you agree that Personal data collected may be stored and processed in the United States, where the Company purchases services from, or in any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the App, you consent to any such transfer of Personal data outside of your country.
European Union and Swiss residents
Please bear in mind that we may transfer your Personal data to the United States which data protection is not deemed adequate under applicable data protection law.
Complaints and Dispute Resolution. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at [email protected] or mailing address:
Babyndex, Sinfonic Innovation Management Bt.
Isaszegi út 55., Gödöllő 2100, Hungary
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the following link for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Arbitration. You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country (including Switzerland) participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident. The arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.
U.S. Federal Trade Commission Enforcement. Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).