SLEEP HAPPIER

Emma Up by Emma

Privacy Policy


We are committed to continuously improve the sleep experience of individuals across the globe in a manner that respects, perseveres, and protects privacy and personal data. The protection of your personal data is important to us, and we want you to feel safe when using our app.

This Privacy Policy (“Policy”) shall inform you about the collection, processing, and utilization of your personal data when you use the Emma Up (“app”) and services provided by Emma Sleep GmbH (“Emma Sleep”, “we” or “us”).

Should you have any concerns or inquiries about how we are handling your personal data, you may reach out to our data protection officer by contacting us through [email protected] or by sending us a letter addressed to “Data Protection Officer”.

1. Identity and contact details of the controller
Controller as per the EU and UK General Data Protection Regulation (GDPR) is:
Emma Sleep GmbH
Wilhelm-Leuschner-Str. 78
60329 Frankfurt am Main, Germany

2. Collection and processing of personal data

We collect and process your personal data to provide our app services to you. When visiting and using the app, your personal data which your device transmits to our server is automatically saved. In order to fulfill technical requirements for you to use the app and provide for security purposes, the following data may be saved: IP address, date and time of your visit, time zone different to Greenwich Mean Time (GMT), content of the query (specific site visited), access status / HTTP status code, amount of transferred data, operating system, device and its user interface.

The types of data mentioned above gets processed for our legitimate interests and to ensure you a smooth and comfortable use of the app and to evaluate system security and stability, as well as for other administrative purposes. We will process these data for security reasons and for protection against intrusions under the legal basis of Art. 6(1)(f) GDPR.

When you visit and use the app, the data mentioned above is automatically recorded without your intervention and stored until it is manually deleted. If you don’t want the above data to be collected, we will be unable to allow you access to the app without such data.

When you download and use the app and engage in certain functions, such as registering for an account or responding to surveys and questionnaires, we may ask you to provide certain personal data, such as your username or email address, and health data (concerning your sleep habits, etc.). Please note that health data fall within the special categories of data pursuant to Article 9 of the GDPR, and that these data will only be processed on the basis of your express consent (Art. 6(1)(a) GDPR).

Technologies such as pixels and cookies are used by us and our service providers to make the app experience as user-friendly as possible and to allow you to make use of certain functions. Depending on the kind of tool or service, we use these on the legal basis of our legitimate interests (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR).

These technologies are used in analyzing app trends, usage, and demographics among others. Further information about the personal data we may collect from you varies depending on the service provider we use. The details for each service provider are listed below in section 5.

3. Data storage and retention

We retain your personal data for no longer than is necessary for the purposes stated in this Policy. In the event we do not need your information in order to provide the service to you, we will retain it only for so long as we have a legitimate business purpose in keeping such data under applicable laws and regulations.

We may collect, store, process, disseminate or use your personal data in a manner that causes it to be transferred to accessed from computer systems owned or operated by or on behalf of us. Your personal data may be transferred and stored in the United States of America through our service providers.

Your personal data will be retained in accordance with local legal and regulatory requirements applicable to the country you are using the website from, and subject to our data retention obligations. We keep your personal data for the period of the user relationship with you or for the legally required period after termination of such relationship in order to defend our legal claims, to protect and enforce our rights, or to comply with laws and regulations.

4. Your rights as a data subject

You have the following rights under the GDPR with respect to the personal data concerning you:

  • Right to access by the data subject
    You have the right to request information on the data we hold about you from us at any time. This information includes, but is not limited to, the categories of data we process, the purposes for which it is processed, the source of the data if not collected directly from you, and, if applicable, the recipients with whom we have shared your data.
  • Right to erasure
    You have the right to demand the deletion of your personal data stored with us, unless the processing is necessary to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • Right to object
    You have the right to object to the processing of your data at any time for reasons that arise from your particular situation, as long as data processing is based on your consent, on our legitimate interests or those of a third party. In this case, we will cease to process your data. This does not apply if we can show that there are compelling legitimate grounds for processing that outweigh your interests, or if we need your data for the establishment, exercise, or defense of legal claims.
  • Right to withdraw consent
    In accordance with Art. 7(3) GDPR, you have the right to revoke your consent from us at any time. As a result, we are not allowed to continue the data processing that was based on this consent in the future.

If you feel that we have not responded in an appropriate manner to your complaints or you have further concerns, you have the right to complain to the relevant data protection authority.

The responsible authority for us in Austria is the Österreichische Datenschutzbehörde.

The responsible authority for us in Germany is the Hessische Beauftragte fĂŒr Datenschutz und Informationsfreiheit.

The responsible authority for us in the Netherlands is the Autoriteit Persoonsgegevens .

The responsible authority for us in the United Kingdom is the Information Commissioner's Office (“ICO”).

For inquiries regarding your rights as a data subject, you can direct to us through [email protected] or by post to the Controller’s postal address.

5. Transfers and categories of recipients of personal data

We share your personal data to our service providers to help us ensure the functionality of the app. We may also share information with our analytics service providers to help us for the optimization of the app. Within the scope of our activities and services, it may become necessary for us to disclose the personal data stored about you to natural persons, legal entities, or public authorities. We may share your personal data as described in this Policy to comply with our legal obligations and to protect and defend our rights.

To provide a smooth experience for you, we may disclose your personal data from time to time with our contracted service providers (“processor” or “processors”). We execute contracts with our service providers, to ensure that they may only process your personal data in a way that we have explicitly instructed them to do so. Furthermore, we ensure that our service providers take the necessary technical and organizational measures to process your data securely and store your personal data only for as long as necessary.

External service providers who may receive personal data generally fall into the following categories of recipients:

· Emma Sleep GmbH’s subsidiaries and affiliates

· IT service providers to maintain our IT infrastructure

  • Cloud providers

· Service providers for the optimization of the app services and functions

If your personal data is processed and transferred to third countries outside the European Economic Area (“EEA”) and United Kingdom, we will ensure that your personal data is processed in accordance with your country’s data protection level. In the absence of an adequacy decision, we only transfer data to service providers from third countries that offer suitable guarantees and put the appropriate data processing agreements and standard contractual clauses in place.

To be able to run the app and provide you a seamless experience, we engaged the following service providers listed below. When you choose to use the app, we may transfer your personal data to our service providers in the United States of America, where these services are hosted.

(1) Amazon Web Services RDS

We use Amazon Web Services – Redshift, as our backend database and is provided by Amazon Web Services Inc., which is based in 410 Terry Ave N Seattle, WA, 98109-5210 United States, to enable services related to setup, manage and manipulate databases in cloud.

  • Location of the data processing: United States of America
  • Data collected: email, full name, profile picture, age, gender, sleep score (sleep quality index)
  • Legal basis: Article 6(1)(f) GDPR, legitimate interest
  • Retention period: Emma would keep the data from the user until the user deletes the account and reclaims to delete every data related to the profile
  • Processor’s privacy policy: AWS Privacy (amazon.com)

You can reach out to the data protection officer of the processing company through https://console.aws.amazon.com/support/home .

(2) Amazon Web Services Cognito

We use Amazon Web Services – Cognito, as our user data database and is provided by Amazon Web Services Inc., which is based in 410 Terry Ave N Seattle, WA, 98109-5210 United States, to enable services related to user identification and data synchronization in app.

  • Location of the data processing: United States of America
  • Data collected: email, full name, profile picture
  • Technologies used: cookies
  • Legal basis: Article 6(1)(f) GDPR, legitimate interest
  • Retention period: Emma would keep the data from the user until the user deletes the account and reclaims to delete every data related to the profile
  • Processor’s privacy policy: AWS Privacy (amazon.com)

You can reach out to the data protection officer of the processing company through https://console.aws.amazon.com/support/home.

(3) Mixpanel

We use Mixpanel, an online analytics service provided by Mixpanel, Inc. which is based in 405 Howard Street San Francisco, CA 94105 United States, to enable services related to the operation and internal analytics and reporting of the App.

  • Location of the data processing: EU
  • Data collected: The type of information collected but not limited to includes personal information such as email address, location and tracking behaviors within the app such as open app, screen views and clicks.
  • Technologies used : SDK, pixels, cookies
  • Legal basis: Article 6(1)(f) GDPR
  • Retention period : We retain personal data for as long as necessary to provide the service and fulfill the transaction you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Accordingly, Mixpanel’s retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the information, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.
  • Processor’s privacy policy: https://www.mixpanelcom/legal/privacy-policy

You can reach out to the data protection officer of the processing company through [email protected].

(4) RevenueCat

We use RevenueCat which is operated by RevenueCat, Inc., which is based in 1032 E Brandon Blvd #3003 Brandon, FL 33511 United States, to enable services related to in-app subscription management.

  • Location of the data processing: United States of America
  • Data collected: Identifiable contact information including a unique identifier, and purchase history which includes first purchase, re-occurring purchase.
  • Technologies used: SDK
  • Legal basis: Article 6(1)(a) GDPR, consent
  • Retention period: Personal data will be retained until termination of the agreement or until requested.
  • Processor’s privacy policy: https://www.revenuecat.com/privacy/

You can reach out to the data protection officer of the processing company through [email protected].

(5) Typeform

We use Typeform, an online form and questionnaire service provided by TYPEFORM SL which is based in Bac de Roda, 163 Barcelona 08019, to enable services related to the sleep feature of the app.

  • Location of the data processing: United States of America, European Union
  • Data collected: User demographics, username, email address, sleep pain, frequency of pain, sleep data, sleep environment
  • Technologies used: Cookies
  • Legal basis: Article 6(1)(a) GDPR, consent
  • Retention period: The data will be deleted as soon as it is no longer needed for the stated processing purposes.
  • Processor’s recipients of the data collected: Amazon Web Services
  • Processor’s privacy policy: https://www.admin.typeform.com/to/dwk6gt?typeform-source=www.google.com

You can reach out to the data protection officer of the processing company through [email protected].

(6) Mailchimp

We use Mailchimp, a customer relationship management tool provided by The Rocket Science Group, LLC which is based in 675 Ponce de Leon Ave NUE Suit 5000 Atlanta, GA 30308, for email marketing purposes such as product feedback and newsletters.

  • Location of the data processing: United States of America
  • Data collected: Name, email address, open rates on email, email clicks
  • Technologies used: Cookies
  • Legal basis: Article 6(1)(a) GDPR, consent
  • Retention period: The data will be deleted as soon as it is no longer needed for the stated processing purposes. Processor’s recipients of the data collected: Akamai, Amazon, CodeScience, E-Hawk, El Camino, Finc3, FiveTran, Google, Looker, Percona, R.R. Donnelley, SC Wedis Company SRL, Slack, TaskUs, TaxJar, Two Bulls, Tyrannosaurus Tech, Vextras LLC, Zendesk
  • Processor’s privacy policy: https://www.intuit.com/privacy/statement/

You can reach out to the data protection officer of the processing company through [email protected].

6. Third Party Terms and Conditions

Our Privacy Policy does not apply to products and services offered by a third party. Our products and services may include third parties’ products, services, and links to third parties’ websites. When you use such services, they may collect your personal data. As such, we recommend reading the processors’ privacy policies linked above.

7. Updates to this Privacy Policy

We keep this Privacy Policy under regular review and may update this Privacy Policy from time to time to reflect the changes in our services. We encourage you to read and/or review this Privacy Policy periodically for the latest updates on our privacy practices.